Welcome to the Hostsplus Security Information Center

Welcome to the Hostsplus Security Information Center Vulnerability Info http://www.securityfocus.com Security Focus http://www.osvdb.org OSVDB http://nvd.nist.gov Nist NVD http://cve.mitre.org Mitre http://ciac.llnl.gov CIAC http://www.cert.org CERT http://iase.disa.mil ISAE Exploit Info http://www.milw0rm.com Milw0rm http://www.packetstormsecurity.nl Packet Storm http://www.elsenot.com Else Not Active Research Groups http://www.shmoo.com The Shmoo Group http://www.thc.org THC http://www.phenoelit.de Phenoelit Commercial Groups http://www.ngssoftware.com NGS http://www.immunitysec.com Immunitysec http://www.secunia.com Secunia http://www.securiteam.com Securiteam http://xforce.iss.net Xforce http://www.idefense.com Idefense http://www.eeye.com Eeye http://www.2600.com 2600 Security Organizations http://www.owasp.org OWASP http://www.isc2.org ISC2 http://www.isecom.org ISECOM http://www.sans.org SANS http://www.infragard.com Infragard Methodologies http://www.osissg.org OISSG http://www.isecom.org/ ISECOM http://www.osstmm.org OSSTMM Free "Auditing" Tools http://www.nessus.org Nessus http://www.insecure.org Nmap http://www.cqure.net Cqure Tools http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=26 MS SQL Utilities http://www.cirt.net Nikto http://www.sysinternals.com Sysinternals Tools http://www.bindview.com/services/razor/utilities/ Bindview Tools http://thc.org/releases.php THC Tools http://www.metasploit.org Metasploit http://www.parosproxy.org/ Paros Proxy http://www.portswigger.net/proxy/ Burp Proxy http://www.securityforest.com Exploit Tree http://www.tank.net Spork http://ettercap.sourceforge.net/ Ettercap http://www.cirt.net/code/nikto.shtml nikto http://www.sensepost.com/research/wikto/ wikto http://www.nstalker.com/eng/products/nstealth/ nStealth http://www.foofus.net/fizzgig/fgdump/ fgdump (Obtain MS Hashes) http://www.off-by-one.net/misc/cachedump.html Cachedump (Obtain MS Hashes) http://studenti.unina.it/~ncuomo/syskey/ samdump2 http://www.ethereal.com/ Ethereal http://www.immunitysec.com/resources-freesoftware.shtml Free Immunitysec Tools http://www.foundstone.com/resources/freetools.htm Free Foundstone Tools http://www.eeye.com/html/Research/Tools/index.html Free Eeye Tools http://sectools.org/ Sectools.org Free Virtualization Tools http://www.vmware.com/products/server/ VMWare Server http://bochs.sourceforge.net/ Bochs http://pearpc.sourceforge.net/ PearPC http://www.microsoft.com/windows/virtualpc/default.mspx MS Virtual PC Free Reverse Engineering/Debugging Tools http://directory.fsf.org/GNU/binutils.html binutils http://www.gnu.org/software/gdb/ GDB http://directory.fsf.org/GNU/GUSS.html Guss http://www.gnu.org/software/ddd/ DDD http://www.ollydbg.de/ Ollydbg http://labs.idefense.com/labs-software.php iDefense Labs Tools http://oss.coresecurity.com/projects/uhooker.htm CORE Tools Defaced Websites http://www.zone-h.org/component/option,com_attacks/Itemid,43/ Zone H Default Password Lists http://www.cirt.net/cgi-bin/passwd.pl Cirt's Passwords http://www.phenoelit.de/dpl/dpl.html Phenoelit's Passwords http://www.petefinnigan.com/default/default_password_list.htm Pete Finnigan's Default Oracle Passwords http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php GovernmentSecurity.org http://defaultpassword.com/ defaultpassword.com http://www.cyxla.com/passwords/passwords.html Cyxla's Password Database http://www.e-tech.ca/017-Default_Passwords_ad.asp e-tech Default Passwords http://www.uktsupport.co.uk/reference/biosp.htm Bios Passwords Technical Conferences http://www.defcon.org DefCon http://www.blackhat.com Blackhat http://www.cansecwest.com CanSecWest http://toorcon.com Toorcon http://www.shmoocon.org/ ShmooCon http://www.hopenumbersix.net/ H.O.P.E. http://www.ccc.de/calendar/2006/23c3?language=en Chaos Computer Congress http://conference.hackinthebox.org/ Hack in the Box CD Distros http://www.remote-exploit.org/index.php/Auditor_main Auditor http://www.knoppix.org Knoppix http://www.whoppix.net/index.php/Tools Whoppix / Whax http://www.remote-exploit.org/index.php/Main_Page BackTrack Wireless Tools http://www.netstumbler.com Netstumbler http://prismstumbler.sourceforge.net Prismstubler http://www.kismetwireless.net Kismet http://kismac.de/ Kismac (For Macs) http://airsnort.shmoo.com Airsnort http://wepcrack.sourceforge.net WEPCrack http://www.aircrack-ng.org/doku.php Aircrack-ng http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP-48.pdf Wireless SP http://www.blackalchemy.to/project/fakeap/ FakeAP http://www.802.11mercenary.net/lorcon/ Lorcon http://theta44.org/karma/index.html Karma Checklists / Hardening Guides http://csrc.nist.gov NIST CSRC http://checklists.nist.gov NIST Checklists http://www.cisecurity.org Center for Internet Security http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1 NSA Security Configuration Guides http://otn.oracle.com/deploy/security/oracle9i/pdf/9i_checklist.pdf Oracle's 9i Checklist http://www.petefinnigan.com/orasec.htm PF's Checklists http://www.microsoft.com/technet/archive/security/chklist/default.mspx Microsoft Checklists http://www.openna.com/pdfs/Securing-Optimizing-Linux-The-Ultimate-Solution-v2.0.pdf Securing and Optimizing Linux OS and Service Hardening Tools http://www.sun.com/software/security/jass/ Solaris - JASS http://www.sun.com/service/serviceplans/software/patchmanagement/patchmanager.html Solaris - Patch Manager http://www.bastille-linux.org/ Linux - Bastille http://www.microsoft.com/technet/security/tools/default.mspx#EZE Microsoft Security Tools Defunct Research Groups ? http://www.attrition.org Attrition http://www.w00w00.org w00w00 http://adm.freelsd.net/ADM/ ADM http://www.cultdeadcow.com CDC http://en.wikipedia.org/wiki/TESO TESO http://en.wikipedia.org/wiki/Gobbles Gobbles Professional Security Programs http://corporate.visa.com/st/programs.jsp Visa Security Programs https://sdp.mastercardintl.com/ MasterCard Site Data Protection Program Password Crackers/Auditors http://www.insecure.org/stf/lc5-setup.exe LC5 http://www.insecure.org/stf/lc5-crack.zip LC5 Keygen http://www.oxid.it/cain.html Cain and Abel http://www.openwall.com/john/ John the Ripper http://www.banquise.net/misc/patch-john.html John Bigpatch (For more hash types) http://en.wikipedia.org/wiki/RainbowCrack RainbowCrack http://rainbowtables.shmoo.com/ Rainbow Tables Open Source Intelligence http://johnny.ihackstuff.com/ Google Hacking http://news.netcraft.com/ NetCraft http://www.archive.org/ Way Back Machine http://www.domaintools.com DomainTools http://whois.webhosting.info Web Hosting dot info Compliance Resources http://www.hhs.gov/ocr/hipaa/ HIPAA http://www.aicpa.org/info/sarbanes_oxley_summary.htm SOX http://banking.senate.gov/conf/ FMA (GLBA) http://csrc.nist.gov/sec-cert/ FISMA http://www.iso.org/iso/en/prods-services/popstds/informationsecurity.html ISO 17799 http://csrc.nist.gov/fasp/ NIST FASP Resources http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html Visa PCI http://www.sans.org/resources/policies/ SANS Security Policies Email Lists http://www.securityfocus.com/archive Security Focus E-mail Lists http://lists.grok.org.uk/mailman/listinfo/full-disclosure Full Disclosure (Unmoderated) http://www.immunitysec.com/mailman/listinfo/dailydave Daily Dave http://www.seclists.org Security List Archives Defense / IDS http://www.snort.org Snort http://www.bleedingsnort.com "Bleeding Edge" Snort http://acidlab.sourceforge.net/ ACID Snort Interface Load Testing / Denial of Service Info http://staff.washington.edu/dittrich/misc/ddos/ DDOS Info IDS Testing/Tuning Tools ftp://ftp.st.ryuAkoku.ac.jp/pub/security/tool/snot/ Snot http://securityfocus.com/data/tools/stick.tgz Stick Firewall Ruleset Testing Tools http://www.packetfactory.net/projects/firewalk/ Firewalk http://dev.inversepath.com/trac/ftester FTester Welcome to the HostsPlus Security Information Center. This is a portal site created by HostsPlus to enable our clients and other interested parties to learn more about Information Security. >rss version="2.0"> >channel> >title>Bugtraq>/title> >link>http://seclists.org/#bugtraq>/link> >description>The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!>/description> >item> >title>AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS>/title> >link>http://seclists.org/bugtraq/2012/Jan/168>/link> >description>Posted by Thomas Quinot on Jan 27AdaCore Security Advisory Impact:... >/description> >/item> >item> >title>[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon>/title> >link>http://seclists.org/bugtraq/2012/Jan/167>/link> >description>Posted by Hafez Kamal on Jan 27This is a gentle reminder that the Call for Papers for the third annual featuring keynote speakers Andy Ellis (Chief... >/description> >/item> >item> >title>[ GLSA 201201-15 ] ktsuss: Privilege escalation>/title> >link>http://seclists.org/bugtraq/2012/Jan/166>/link> >description>Posted by Sean Amoss on Jan 27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Date: January 27, 2012... >/description> >/item> >item> >title>[SECURITY] [DSA 2394-1] libxml2 security update>/title> >link>http://seclists.org/bugtraq/2012/Jan/165>/link> >description>Posted by Luciano Bello on Jan 27------------------------------------------------------------------------- Problem type : remote... >/description> >/item> >item> >title>ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision>/title> >link>http://seclists.org/bugtraq/2012/Jan/164>/link> >description>Posted by Security_Alert on Jan 26ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision This release addresses an environmental variable disclosure vulnerability. The... >/description> >/item> >item> >title>ESA-2012-005: EMC NetWorker buffer overflow vulnerability>/title> >link>http://seclists.org/bugtraq/2012/Jan/163>/link> >description>Posted by Security_Alert on Jan 26ESA-2012-005: EMC NetWorker buffer overflow vulnerability. denial... >/description> >/item> >item> >title>Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability>/title> >link>http://seclists.org/bugtraq/2012/Jan/162>/link> >description>Posted by Cisco Systems Product Security Incident Response Team on Jan 26Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code allow a remote,... >/description> >/item> >item> >title>ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability>/title> >link>http://seclists.org/bugtraq/2012/Jan/161>/link> >description>Posted by ZDI Disclosures on Jan 25ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution vulnerable installations of Symantec PCAnywhere.... >/description> >/item> >item> >title>NX Web Companion Spoofing Arbitrary Code Execution Vulnerability>/title> >link>http://seclists.org/bugtraq/2012/Jan/160>/link> >description>Posted by otr on Jan 25# Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution Machine software... >/description> >/item> >item> >title>[SECURITY] [DSA-2393-1] bip security update>/title> >link>http://seclists.org/bugtraq/2012/Jan/159>/link> >description>Posted by dann frazier on Jan 25------------------------------------------------------------------------- Problem type :... >/description> >/item> >item> >title>D-Link DIR-601 TFTP Directory Traversal Vulnerability>/title> >link>http://seclists.org/bugtraq/2012/Jan/158>/link> >description>Posted by robkraus on Jan 25Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability Solutionary public disclosure URL:... >/description> >/item> >item> >title>CSRF (Cross-Site Request Forgery) in DClassifieds>/title> >link>http://seclists.org/bugtraq/2012/Jan/157>/link> >description>Posted by advisory on Jan 25Advisory ID: HTB23067 Credit: High-Tech Bridge SA Security Research Lab (... >/description> >/item> >item> >title>Multiple vulnerabilities in OSclass>/title> >link>http://seclists.org/bugtraq/2012/Jan/156>/link> >description>Posted by advisory on Jan 25Advisory ID: HTB23068 Credit: High-Tech Bridge SA Security... >/description> >/item> >item> >title>NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation>/title> >link>http://seclists.org/bugtraq/2012/Jan/155>/link> >description>Posted by Research () NGSSecure on Jan 25High Risk Vulnerability in Symantec PCAnywhere An updated version of the software has been released to address these vulnerabilities:... >/description> >/item> >item> >title>NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM>/title> >link>http://seclists.org/bugtraq/2012/Jan/154>/link> >description>Posted by Research () NGSSecure on Jan 25Critical Vulnerability in Symantec PCAnywhere An updated version of the software has been released to address these vulnerabilities:... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Daily Dave>/title> >link>http://seclists.org/#dailydave>/link> >description>This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by <a href="http://www.immunitysec.com/">ImmunitySec</a> founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.>/description> >item> >title>Cyber Politics By Other Means>/title> >link>http://seclists.org/dailydave/2012/q1/14>/link> >description>Posted by Dave Aitel on Jan 27Dear DD - attached is some red meat. :> <... >/description> >/item> >item> >title>Alligators>/title> >link>http://seclists.org/dailydave/2012/q1/13>/link> >description>Posted by Dave Aitel on Jan 19INFILTRATE 2012 is over (as of an hour from now). I will say that all And here is Mark's Prezi:... >/description> >/item> >item> >title>Open Bars>/title> >link>http://seclists.org/dailydave/2012/q1/12>/link> >description>Posted by Dave Aitel on Jan 09So we ordered quite a few open bars for INFILTRATE people - one of which <... >/description> >/item> >item> >title>Security Event Horizons>/title> >link>http://seclists.org/dailydave/2012/q1/11>/link> >description>Posted by Dave Aitel on Jan 09Every so often you see a ton of effort from a security person go into a own... >/description> >/item> >item> >title>New Paper - Acquisition and Analysis of Volatile Memory from Android Devices>/title> >link>http://seclists.org/dailydave/2012/q1/10>/link> >description>Posted by Andrew Case on Jan 09We are writing to announce that our paper on Android memory forensics has Andrew >/description> >/item> >item> >title>Re: Symantec AV source compromised and the questions it raises>/title> >link>http://seclists.org/dailydave/2012/q1/9>/link> >description>Posted by Michal Zalewski on Jan 06This reminds me of the wise words of the chairman of Trend Micro: now looks like Symantec will,... >/description> >/item> >item> >title>Symantec AV source compromised and the questions it raises>/title> >link>http://seclists.org/dailydave/2012/q1/8>/link> >description>Posted by Mohammad Hosein on Jan 06"Sadly, we'll likely never know the answer." forums and tweets are... >/description> >/item> >item> >title>Symantec AV source compromised and the questions it raises>/title> >link>http://seclists.org/dailydave/2012/q1/7>/link> >description>Posted by William Arbaugh on Jan 06Security Week ran a story that Symantec's AV source was obtained (and soon to be released) via a compromise of an since the source is 4+ years old.... >/description> >/item> >item> >title>Apache Struts>/title> >link>http://seclists.org/dailydave/2012/q1/6>/link> >description>Posted by Dave Aitel on Jan 06Just how bad is that Sec-Consult Apache Struts vulnerability... <param... >/description> >/item> >item> >title>Re: INFILTRATE Book Club Part 2>/title> >link>http://seclists.org/dailydave/2012/q1/5>/link> >description>Posted by h1kari on Jan 05Hey guys, have a... >/description> >/item> >item> >title>INFILTRATE Book Club Part 2>/title> >link>http://seclists.org/dailydave/2012/q1/4>/link> >description>Posted by Dave Aitel on Jan 04So I personally wasn't a huge fan, but more than one person has At this year's INFILTRATE, due to a few factors, we have... >/description> >/item> >item> >title>InfoSec Southwest 2012 CFP First-round Speaker Selections>/title> >link>http://seclists.org/dailydave/2012/q1/3>/link> >description>Posted by I)ruid on Jan 04Hello, Keynote... >/description> >/item> >item> >title>Re: WebHacking and lcamtuf>/title> >link>http://seclists.org/dailydave/2012/q1/2>/link> >description>Posted by Michal Zalewski on Jan 03Okay! PS. And yeah, thanks for the review :-) >/description> >/item> >item> >title>WebHacking and lcamtuf>/title> >link>http://seclists.org/dailydave/2012/q1/1>/link> >description>Posted by Dave Aitel on Jan 02So this is my review of lcamtuf's book, which is this: It's the best only... >/description> >/item> >item> >title>INFILTRATE book club part 1>/title> >link>http://seclists.org/dailydave/2012/q1/0>/link> >description>Posted by Dave Aitel on Jan 02For those of you traveling to INFILTRATE (in just a few short days!) I (Syriana) that were based on his books, just... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Firewall Wizards>/title> >link>http://seclists.org/#firewall-wizards>/link> >description>Tips and tricks for firewall administrators>/description> >/channel> >/rss> >rss version="2.0"> >channel> >title>IDS Focus>/title> >link>http://seclists.org/#focus-ids>/link> >description>Technical discussion about Intrusion Detection Systems. You can also read the archives of a <A HREF="http://seclists.org/ids/">previous IDS list</A>>/description> >/channel> >/rss> >rss version="2.0"> >channel> >title>Full Disclosure>/title> >link>http://seclists.org/#fulldisclosure>/link> >description>A <a href="http://seclists.org/fulldisclosure/2010/Mar/459">lightly moderated</a> high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.>/description> >item> >title>Re: when did piracy/theft become expression of freedom>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/530>/link> >description>Posted by Valdis . Kletnieks on Jan 27On Fri, 27 Jan 2012 18:06:28 GMT, Michael Schmidt said: 2) Who gets those... >/description> >/item> >item> >title>[ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/529>/link> >description>Posted by Alex Legler on Jan 27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Title: X.Org X Server/X Keyboard Configuration Database: Screen... >/description> >/item> >item> >title>[SECURITY] [DSA 2396-1] qemu-kvm security update>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/528>/link> >description>Posted by Moritz Muehlenhoff on Jan 27------------------------------------------------------------------------- Problem type :... >/description> >/item> >item> >title>Re: when did piracy/theft become expression of freedom>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/527>/link> >description>Posted by Laurelai on Jan 27Yeah and the US is becoming a police state, so using US law as examples of morality is pretty shaky ground. >/description> >/item> >item> >title>[SECURITY] [DSA 2395-1] wireshark security update>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/526>/link> >description>Posted by Moritz Muehlenhoff on Jan 27------------------------------------------------------------------------- Problem type... >/description> >/item> >item> >title>Re: when did piracy/theft become expression of freedom>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/525>/link> >description>Posted by Michael Schmidt on Jan 27You want to be very careful with that line of thought. You are taking the creator the rightful owners profits, which When you make a copy, you are performing a step that the manufacturer takes with physical products. Just because... >/description> >/item> >item> >title>Advisory: Remote Command Execution in Gitorious>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/524>/link> >description>Posted by joernchen of Phenoelit on Jan 27Hi, joernchen >/description> >/item> >item> >title>Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/523>/link> >description>Posted by research () vulnerability-lab com on Jan 27Title: and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time... >/description> >/item> >item> >title>[ GLSA 201201-15 ] ktsuss: Privilege escalation>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/522>/link> >description>Posted by Sean Amoss on Jan 27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Date: January 27, 2012... >/description> >/item> >item> >title>Re: when did piracy/theft become expression of freedom>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/521>/link> >description>Posted by Valdis . Kletnieks on Jan 27On Fri, 27 Jan 2012 18:01:31 +0900, Robert Kim App and Facebook Marketing said: *their* sense of entitlement. >/description> >/item> >item> >title>Re: VNC viewers: Clipboard of host automatically sent to remote machine>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/520>/link> >description>Posted by Alyx on Jan 27Why yes, yes there is. :) More of a distinction, in fact, than there is in Linux world! >/description> >/item> >item> >title>[SECURITY] [DSA 2394-1] libxml2 security update>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/519>/link> >description>Posted by Luciano Bello on Jan 27------------------------------------------------------------------------- Problem type : remote... >/description> >/item> >item> >title>Re: Fw: when did piracy/theft become expression of freedom>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/518>/link> >description>Posted by Laurelai on Jan 27Except that you just posted about it in public on the internet... >/description> >/item> >item> >title>Fw: when did piracy/theft become expression of freedom>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/517>/link> >description>Posted by Jerry dePriest on Jan 27software "piracy" has been around for ever. I remember copying punch cards. It took forever and if you made one mistake as many copies as you deemed fit. I must of made $100 from Dig Dug... >/description> >/item> >item> >title>Re: when did piracy/theft become expression of freedom>/title> >link>http://seclists.org/fulldisclosure/2012/Jan/516>/link> >description>Posted by Laurelai on Jan 27Posting to /r/netsec now... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Honeypots>/title> >link>http://seclists.org/#honeypots>/link> >description>Discussions about tracking attackers by setting up decoy honeypots or entire <A HREF="http://www.honeynet.org">honeynet</A> networks.>/description> >item> >title>[HONEYPOTS] Cyber Warfare / Network Defense Simulation>/title> >link>http://seclists.org/honeypots/2012/q1/1>/link> >description>Posted by TeÃ³philo Athos Brauns on Jan 24Hi, managed to create a whole... >/description> >/item> >item> >title>Cyber Warfare / Network Defense Simulation>/title> >link>http://seclists.org/honeypots/2012/q1/0>/link> >description>Posted by TeÃ³philo Athos Brauns on Jan 24Hi, managed to create a... >/description> >/item> >item> >title>CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday. Dec 5 2011>/title> >link>http://seclists.org/honeypots/2011/q4/0>/link> >description>Posted by Dragos Ruiu on Dec 01So after a dozen years or so organizing conferences, you submissions and missing Â the CFP. So for my control set,... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Incidents>/title> >link>http://seclists.org/#incidents>/link> >description>Lightly moderated list for dicussing actual security incidents (unexplained probes, breakins, etc). Topics include information about new rootkits, backdoors, trojans, virii, and worms.>/description> >/channel> >/rss> >rss version="2.0"> >channel> >title>Top News>/title> >link href="http://services.digg.com/2.0/story.getTopNews?type=rss" rel="self"/> >link href="http://pubsubhubbub.appspot.com/" rel="hub"/> >title>Rick Santorum Says College is 'Indoctrination'; We Say It's Necessary>/title> >link href="http://digg.com/news/politics/rick_santorum_says_college_is_indoctrination_we_say_it_s_necessary?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Intrepid Blogger Determines Ice Cube's 'Good Day': January 20, 1992>/title> >link href="http://digg.com/news/entertainment/intrepid_blogger_determines_ice_cube_s_good_day_january_20_1992?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Has the 'Era of Easy Oil' Ended?>/title> >link href="http://digg.com/news/science/has_the_era_of_easy_oil_ended?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Ron Paul signed off on racist newsletters in the 1990s, associates say>/title> >link href="http://digg.com/news/story/ron_paul_signed_off_on_racist_newsletters_in_the_1990s_associates_say?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>5 Reasons Why SOPA, PROTECT-IP & Other Legislative Idiocy Will Never Die>/title> >link href="http://digg.com/news/politics/5_reasons_why_sopa_protect_ip_other_legislative_idiocy_will_never_die?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>The 10 Most Unintentionally Hilarious Toys Exported by China>/title> >link href="http://digg.com/news/offbeat/the_10_most_unintentionally_hilarious_toys_exported_by_china?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>'Sh*t Politicians Say' Video Arrives Ahead of Republican Debate>/title> >link href="http://digg.com/news/story/sh_t_politicians_say_video_arrives_ahead_of_republican_debate?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Obama to Link Aid for Colleges to Affordability>/title> >link href="http://digg.com/news/story/obama_to_link_aid_for_colleges_to_affordability?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Nintendo expects first annual loss in at least three decades>/title> >link href="http://digg.com/news/technology/nintendo_expects_first_annual_loss_in_at_least_three_decades?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Apple, Google, and Others Denied Dismissal of Anti-Poaching Lawsuit>/title> >link href="http://digg.com/news/business/apple_google_and_others_denied_dismissal_of_anti_poaching_lawsuit?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>BREAKING: Facebook to File for IPO Next Week [REPORT]>/title> >link href="http://digg.com/news/technology/breaking_facebook_to_file_for_ipo_next_week_report_1?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Opponents protest signing of ACTA without adequate debate>/title> >link href="http://digg.com/news/worldnews/opponents_protest_signing_of_acta_without_adequate_debate?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Has Petroleum Production Peaked, Ending the Era of Easy Oil?: Scientific American>/title> >link href="http://digg.com/news/story/has_petroleum_production_peaked_ending_the_era_of_easy_oil_scientific_american?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>The FBI Is Already Getting Sued for Shutting Down MegaUpload>/title> >link href="http://digg.com/news/politics/the_fbi_is_already_getting_sued_for_shutting_down_megaupload?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Retrospective: Why Final Fantasy IV Remains a Masterpiece After All These Years>/title> >link href="http://digg.com/news/gaming/retrospective_why_final_fantasy_iv_remains_a_masterpiece_after_all_these_years?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Jumping Spiders Use Blurry Vision to Pounce : Discovery News>/title> >link href="http://digg.com/news/story/jumping_spiders_use_blurry_vision_to_pounce_discovery_news?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Bacon Nasal Tampon Stops Chronic Nose Bleeds>/title> >link href="http://digg.com/news/offbeat/bacon_nasal_tampon_stops_chronic_nose_bleeds?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>15 Best 'Sh*t People Say' Videos>/title> >link href="http://digg.com/news/entertainment/15_best_sh_t_people_say_videos?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>EXCLUSIVE: Ferris Bueller's Mysterious Super Bowl Ad Is For Honda>/title> >link href="http://digg.com/news/entertainment/exclusive_ferris_bueller_s_mysterious_super_bowl_ad_is_for_honda?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >title>Anonymous goes after UFC chief, posts personal details and hacks site [Updated]>/title> >link href="http://digg.com/news/story/anonymous_goes_after_ufc_chief_posts_personal_details_and_hacks_site_updated?utm_campaign=Feed%3A+http%3A%2F%2Fservices.digg.com%2F2.0%2Fstory.getTopNews%3Ftype%3Drss&utm_medium=feed&utm_source=diggapi"/> >/channel> >/rss> >rss version="2.0"> >channel> >title>[ISN] InfoSec News Mailing List>/title> >link>http://www.infosecnews.org/mailman/listinfo/isn>/link> >description>InfoSecNews>/description> >item> >title>Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020258.html>/link> >description>InfoSec News: Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !: Forwarded from: noreply (at) crypto.cs.stonybrook.edu CCSW is back! The past workshops were a tremendous success, with over [...]>/description> >/item> >item> >title>Unfollowed: How a (Possible) Social Network Spy Came Undone>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020257.html>/link> >description>InfoSec News: Unfollowed: How a (Possible) Social Network Spy Came Undone: http://www.wired.com/dangerroom/2011/04/unfollowed-how-a-possible-social-network-spy-came-undone/ KGB honey pot operation. [...]>/description> >/item> >item> >title>US-Russian dictionary defines cyber war, other concepts>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020256.html>/link> >description>InfoSec News: US-Russian dictionary defines cyber war, other concepts: http://gcn.com/articles/2011/04/28/us-russia-cyber-dictionary.aspx A U.S.-Russian effort is proposing common definitions. [...]>/description> >/item> >item> >title>ICANN taps DefCon founder for top security spot>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020255.html>/link> >description>InfoSec News: ICANN taps DefCon founder for top security spot: http://www.v3.co.uk/v3-uk/news/2046681/icann-taps-defcon-founder-security-spot >/description> >/item> >item> >title>Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020254.html>/link> >description>InfoSec News: Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools: http://www.kirotv.com/education/27708043/detail.html teachers obtained Thursday by KIRO 7 Eyewitness News. [...]>/description> >/item> >item> >title>[ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011)>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020253.html>/link> >description>InfoSec News: [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011): Forwarded from: ACM CCS 2011 <acmccs2011 (at) gmail.com> >/description> >/item> >item> >title>Cyberespionage: US finds FBI agents in elite unit lack necessary skills>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020252.html>/link> >description>InfoSec News: Cyberespionage: US finds FBI agents in elite unit lack necessary skills: Forwarded from: Justin Lundy <jbl (at) tegataiphoenix.com> >/description> >/item> >item> >title>Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020251.html>/link> >description>InfoSec News: Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College: http://www.herald-mail.com/news/local/hm-cyber-experts-dissect-hacker-attacks-during-cybersecurity-forum-at-hagerstown-community-college-20110427,0,2996601.story Experts Wednesday detailed simple and complex ways to protect computers [...]>/description> >/item> >item> >title>Are we talking "cyber war" like the Bush admin talked WMDs?>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020250.html>/link> >description>InfoSec News: Are we talking "cyber war" like the Bush admin talked WMDs?: http://arstechnica.com/security/news/2011/04/are-we-talking-cyber-war-like-the-bush-admin-talked-wmds.ars you'll hear about the "cybersecurity" crisis in two nanoseconds. [...]>/description> >/item> >item> >title>Oracle hedging its vulnerability reports?>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020249.html>/link> >description>InfoSec News: Oracle hedging its vulnerability reports?: http://www.computerworld.com/s/article/9216213/Oracle_hedging_its_vulnerability_reports_ the vulnerabilities found in its database software, according to [...]>/description> >/item> >item> >title>PlayStation credit card data was encrypted>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020248.html>/link> >description>InfoSec News: PlayStation credit card data was encrypted: http://www.zdnet.com.au/playstation-credit-card-data-was-encrypted-339314012.htm breach of its PlayStation Network (PSN) were encrypted. [...]>/description> >/item> >item> >title>Phone-hacking laws are 'very uneven and unclear'>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020247.html>/link> >description>InfoSec News: Phone-hacking laws are 'very uneven and unclear': http://www.guardian.co.uk/media/2011/apr/26/phone-hacking-laws-christopher-graham legislation outlawing phone hacking is "very uneven" and "very unclear" [...]>/description> >/item> >item> >title>USENIX WOOT '11 Submission Deadline Approaching>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020246.html>/link> >description>InfoSec News: USENIX WOOT '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> Please submit all work by May 2, 2011, at 11:59 p.m. PDT. [...]>/description> >/item> >item> >title>USENIX HotSec '11 Submission Deadline Extended>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020245.html>/link> >description>InfoSec News: USENIX HotSec '11 Submission Deadline Extended: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> >/description> >/item> >item> >title>Court order cripples Coreflood botnet, says FBI>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020244.html>/link> >description>InfoSec News: Court order cripples Coreflood botnet, says FBI: http://www.computerworld.com/s/article/9216190/Court_order_cripples_Coreflood_botnet_says_FBI U.S. [...]>/description> >/item> >item> >title>China Implicated In Hacking Of SMB Online Bank Accounts>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020243.html>/link> >description>InfoSec News: China Implicated In Hacking Of SMB Online Bank Accounts: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229402294/china-implicated-in-hacking-of-smb-online-bank-accounts.html This time it wasn't an "advanced persistent threat" associated with [...]>/description> >/item> >item> >title>Is Iran just seeing Stars?>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020242.html>/link> >description>InfoSec News: Is Iran just seeing Stars?: http://www.csoonline.com/article/680599/is-iran-just-seeing-stars- country's systems. [...]>/description> >/item> >item> >title>Police: Wireless network hacker targeted Seattle-area businesses>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020241.html>/link> >description>InfoSec News: Police: Wireless network hacker targeted Seattle-area businesses: http://www.seattlepi.com/local/article/Police-Wireless-network-hacker-targeted-1344185.php in a "wardriving" spree that saw Seattle-area wireless networks hacked [...]>/description> >/item> >item> >title>New Workshop: USENIX FOCI '11 Submission Deadline Approaching>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020240.html>/link> >description>InfoSec News: New Workshop: USENIX FOCI '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> http://www.usenix. [...]>/description> >/item> >item> >title>The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020239.html>/link> >description>InfoSec News: The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures: http://www.eweekeurope.co.uk/comment/the-rising-tide-of-cyber-threats-could-engulf-national-infrastructures-27457 ill-prepared to defend themselves. [...]>/description> >/item> >item> >title>DHS chief: What we learned from Stuxnet>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020238.html>/link> >description>InfoSec News: DHS chief: What we learned from Stuxnet: http://www.computerworld.com/s/article/9216166/DHS_chief_What_we_learned_from_Stuxnet that the private sector needs to be able to respond quickly to [...]>/description> >/item> >item> >title>[Dataloss Weekly Summary] Week of Sunday, April 17, 2011>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020237.html>/link> >description>InfoSec News: [Dataloss Weekly Summary] Week of Sunday, April 17, 2011: ======================================================================== [...]>/description> >/item> >item> >title>Phishing: Consumer Education Lacking>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020236.html>/link> >description>InfoSec News: Phishing: Consumer Education Lacking: http://www.bankinfosecurity.com/articles.php?art_id=3571 federal facility. [...]>/description> >/item> >item> >title>2nd CfP: CRiSIS 2011: Risks and Security of Internet and Systems>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020235.html>/link> >description>InfoSec News: 2nd CfP: CRiSIS 2011: Risks and Security of Internet and Systems: Forwarded from: Marius Minea <marius (at) cs.upt.ro> Timisoara, Romania, 26-28 September 2011 [...]>/description> >/item> >item> >title>Phishing Attack Hits Oak Ridge National Laboratory>/title> >link>http://www.infosecnews.org/pipermail/isn/2011-April/020234.html>/link> >description>InfoSec News: Phishing Attack Hits Oak Ridge National Laboratory: http://www.informationweek.com/news/government/security/229402048 down email and Internet access last week. [...]>/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Microsoft Sec Notification>/title> >link>http://seclists.org/#microsoft>/link> >description>Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.>/description> >item> >title>Microsoft Security Bulletin Minor Revisions>/title> >link>http://seclists.org/microsoft/2012/q1/10>/link> >description>Posted by Microsoft on Jan 27******************************************************************** * MS12-004 -... >/description> >/item> >item> >title>Microsoft Security Bulletin Minor Revisions>/title> >link>http://seclists.org/microsoft/2012/q1/9>/link> >description>Posted by Microsoft on Jan 24******************************************************************** =====================... >/description> >/item> >item> >title>Microsoft Security Bulletin Minor Revisions>/title> >link>http://seclists.org/microsoft/2012/q1/8>/link> >description>Posted by Microsoft on Jan 18******************************************************************** Bulletin Information:... >/description> >/item> >item> >title>Microsoft Security Bulletin Minor Revisions>/title> >link>http://seclists.org/microsoft/2012/q1/7>/link> >description>Posted by Microsoft on Jan 17******************************************************************** -... >/description> >/item> >item> >title>Microsoft Security Bulletin Minor Revisions>/title> >link>http://seclists.org/microsoft/2012/q1/6>/link> >description>Posted by Microsoft on Jan 16******************************************************************** * MS12-007 - Important... >/description> >/item> >item> >title>Microsoft Security Bulletin Re-Releases>/title> >link>http://seclists.org/microsoft/2012/q1/5>/link> >description>Posted by Microsoft on Jan 11******************************************************************** * MS12-007 -... >/description> >/item> >item> >title>Microsoft Security Bulletin Minor Revisions>/title> >link>http://seclists.org/microsoft/2012/q1/4>/link> >description>Posted by Microsoft on Jan 11******************************************************************** -... >/description> >/item> >item> >title>Microsoft Security Bulletin Summary for January 2012>/title> >link>http://seclists.org/microsoft/2012/q1/3>/link> >description>Posted by Microsoft on Jan 10******************************************************************** With... >/description> >/item> >item> >title>Microsoft Security Advisory Notification>/title> >link>http://seclists.org/microsoft/2012/q1/2>/link> >description>Posted by Microsoft on Jan 10******************************************************************** -... >/description> >/item> >item> >title>Microsoft Security Bulletin Minor Revisions>/title> >link>http://seclists.org/microsoft/2012/q1/1>/link> >description>Posted by Microsoft on Jan 10******************************************************************** * MS11-099 - Important... >/description> >/item> >item> >title>Microsoft Security Bulletin Advance Notification for January 2012>/title> >link>http://seclists.org/microsoft/2012/q1/0>/link> >description>Posted by Microsoft on Jan 08******************************************************************** Notification for January 2012 can be found at... >/description> >/item> >item> >title>Microsoft Security Bulletin Minor Revisions>/title> >link>http://seclists.org/microsoft/2011/q4/33>/link> >description>Posted by Microsoft on Dec 30******************************************************************** * MS11-100 - Critical... >/description> >/item> >item> >title>Microsoft Security Advisory Notification>/title> >link>http://seclists.org/microsoft/2011/q4/32>/link> >description>Posted by Microsoft on Dec 29******************************************************************** -... >/description> >/item> >item> >title>Microsoft Security Bulletin Summary for December 2011>/title> >link>http://seclists.org/microsoft/2011/q4/31>/link> >description>Posted by Microsoft on Dec 29******************************************************************** December 2011 can be found at... >/description> >/item> >item> >title>Microsoft Security Bulletin Advance Notification for December 2011>/title> >link>http://seclists.org/microsoft/2011/q4/30>/link> >description>Posted by Microsoft on Dec 28******************************************************************** Notification for December 2011 can be... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>NANOG@merit.edu>/title> >link>http://www.merit.edu/mail.archives/nanog/index.html>/link> >description>Latest posts to NANOG Mailing List>/description> >item> >title>Re: [arin-ppml] NAT444 rumors (was Re: L>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16942.html>/link> >description>Owen DeLong (02/18/11)>/description> >/item> >item> >title>The Cidr Report>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16941.html>/link> >description>cidr-report (02/18/11)>/description> >/item> >item> >title>BGP Update Report>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16940.html>/link> >description>cidr-report (02/18/11)>/description> >/item> >item> >title>Re: [arin-ppml] NAT444 rumors (was Re: L>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16939.html>/link> >description>Owen DeLong (02/18/11)>/description> >/item> >item> >title>Re: Internet Exchange Point(IXP) questio>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16938.html>/link> >description>Christopher Morrow (02/18/11)>/description> >/item> >item> >title>Re: Internet Exchange Point(IXP) questio>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16937.html>/link> >description>Leo Bicknell (02/18/11)>/description> >/item> >item> >title>Re: Internet Exchange Point(IXP) questio>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16936.html>/link> >description>Leo Bicknell (02/18/11)>/description> >/item> >item> >title>Re: [arin-ppml] NAT444 rumors (was Re: L>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16935.html>/link> >description>Owen DeLong (02/18/11)>/description> >/item> >item> >title>Re: Internet Exchange Point(IXP) questio>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16934.html>/link> >description>Christopher Morrow (02/18/11)>/description> >/item> >item> >title>Re: Internet Exchange Point(IXP) questio>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16933.html>/link> >description>Christopher Morrow (02/18/11)>/description> >/item> >item> >title>Re: Internet Exchange Point(IXP) questio>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16932.html>/link> >description>Leo Bicknell (02/18/11)>/description> >/item> >item> >title>Re: [arin-ppml] NAT444 rumors (was Re: L>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16931.html>/link> >description>Owen DeLong (02/18/11)>/description> >/item> >item> >title>Re: Internet Exchange Point(IXP) questio>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16930.html>/link> >description>Joe Abley (02/18/11)>/description> >/item> >item> >title>RE: Internet Exchange Point(IXP) questio>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16929.html>/link> >description>Michael K. Smith - Adhost (02/18/11)>/description> >/item> >item> >title>Re: Graph Utils (Open-Source)>/title> >link>http://www.merit.edu/mail.archives/nanog/msg16928.html>/link> >description>Paul Graydon (02/18/11)>/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>netsec@merit.edu>/title> >link>http://www.merit.edu/mail.archives/netsec/index.html>/link> >description>Latest posts to netsec mailing list>/description> >/channel> >/rss> >rss version="2.0"> >channel> >title> SANS ISC SecNewsFeed>/title> >link> http://isc.sans.org>/link> >description>>![CDATA[]]>>/description> >image> >title>SANS ISC SecNewsFeed>/title> >url>http://isc.sans.org/images/status.gif>/url> >link>http://isc.sans.org>/link> >/image> >item> >title>CVE-2011-4704 (voxofon) (Natl. Vulnerability Database)>/title> >link>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4704>/link> >/item> >item> >title>Accused Kelihos botnet maker worked for two security firms (NetworkWorld Security)>/title> >link>http://www.networkworld.com/news/2012/012412-accused-kelihos-botnet-maker-worked-255251.html?source=nww_rss>/link> >/item> >item> >title>O2 sends users' phone numbers to web sites - Update (Heise Security News)>/title> >link>http://rss.feedsportal.com/c/32569/f/491736/s/1c203022/l/0L0Sh0Eonline0N0Csecurity0Cnews0Citem0CO20Esends0Eusers0Ephone0Enumbers0Eto0Eweb0Esites0EUpdate0E14215530Bhtml0Cfrom0Crss/story01.htm>/link> >/item> >item> >title>Symantec's profits up in calm third quarter (The Register)>/title> >link>http://go.theregister.com/feed/www.theregister.co.uk/2012/01/26/symantec_q3_fy2012/>/link> >/item> >item> >title>(1) MEDIUM: Google Chrome Stable Channel Updates (SANS @Risk)>/title> >link>http://www.sans.org/newsletters/risk/display.php?v=11&i=4&rss=Y#widely1>/link> >/item> >item> >title>Facebook takes on 'clickjacking' spammers in court (Reuters) (Yahoo Security)>/title> >link>http://us.rd.yahoo.com/dailynews/rss/security/*http://news.yahoo.com/s/nm/20120127/wr_nm/us_facebook_spam_lawsuits>/link> >/item> >item> >title>Bugtraq: Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability (SecurityFocus Vulnerabilities)>/title> >link>http://www.securityfocus.com/archive/1/521373>/link> >/item> >item> >title>ISC Feature of the Week: ISC Link Back, (Wed, Jan 25th) (InternetStormCenter)>/title> >link>http://isc.sans.edu/diary.html?storyid=12460&rss>/link> >/item> >item> >title>&quot;Sanctions Available for Application to Violators of IETF IPR Policy&quot; - Adrian Farrel, Pete Resnick (Internet Drafts)>/title> >link>http://tools.ietf.org/html/farrresnickel-ipr-sanctions-00.txt>/link> >/item> >item> >title>Enterasys Addresses Wired-Wireless Pain (Network Computing Security)>/title> >link>http://www.networkcomputing.com/next-gen-network-tech-center/232500421>/link> >/item> >item> >title>Disaster Recovery for HIPAA Applications - It's All About Availability of PHI (IT Toolbox Blogs)>/title> >link>http://it.toolbox.com/blogs/managed-hosting-news/disaster-recovery-for-hipaa-applications-its-all-about-availability-of-phi-50181>/link> >/item> >item> >title>Accused Kelihos botmaster's former employer 'angered' at revelation (NetworkWorld Virus/Worms)>/title> >link>http://www.networkworld.com/news/2012/012512-accused-kelihos-botmasters-former-employer-255325.html?source=nww_rss>/link> >/item> >item> >title>Evidence on the Effectiveness of Terrorism (Schneier blog)>/title> >link>http://www.schneier.com/blog/archives/2012/01/evidence_on_the.html>/link> >/item> >item> >title>Verdasys Offers Enterprise Data Leak Protection as Managed Service (E-Week Security)>/title> >link>http://feeds.ziffdavisenterprise.com/~r/RSS/eweeksecurity/~3/ridT3JOE2vM/>/link> >/item> >item> >title>Software Security starts with Software Quality (Appsec Streetfighter Blog)>/title> >link>http://blogs.sans.org/appsecstreetfighter/2012/01/25/software-security-starts-with-software-quality/>/link> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>SecurityFocus News>/title> >link>http://www.securityfocus.com>/link> >description> >/description> >image> >title>SecurityFocus>/title> >url>http://www.securityfocus.com/rss/SFLogo_v1.gif>/url> >link>http://www.securityfocus.com>/link> >/image> >item> >title>News: Change in Focus>/title> >link>http://www.securityfocus.com/news/11582?ref=rss>/link> >description>Change in Focus>/description> >/item> >item> >title>News: Twitter attacker had proper credentials>/title> >link>http://www.securityfocus.com/news/11569?ref=rss>/link> >description>Twitter attacker had proper credentials>/description> >/item> >item> >title>News: PhotoDNA scans images for child abuse>/title> >link>http://www.securityfocus.com/news/11570?ref=rss>/link> >description>>![CDATA[ PhotoDNA scans images for child abuse>br/>>br/> ]]>>/description> >/item> >item> >title>News: Conficker data highlights infected networks>/title> >link>http://www.securityfocus.com/news/11568?ref=rss>/link> >description>Conficker data highlights infected networks>/description> >/item> >item> >title>Brief: Google offers bounty on browser bugs>/title> >link>http://www.securityfocus.com/brief/1067?ref=rss>/link> >description>Google offers bounty on browser bugs>/description> >/item> >item> >title>Brief: Cyberattacks from U.S. "greatest concern">/title> >link>http://www.securityfocus.com/brief/1066?ref=rss>/link> >description>>![CDATA[ Cyberattacks from U.S. "greatest concern">br/>>br/> ]]>>/description> >/item> >item> >title>Brief: Microsoft patches as fraudsters target IE flaw>/title> >link>http://www.securityfocus.com/brief/1065?ref=rss>/link> >description>Microsoft patches as fraudsters target IE flaw>/description> >/item> >item> >title>Brief: Attack on IE 0-day refined by researchers>/title> >link>http://www.securityfocus.com/brief/1064?ref=rss>/link> >description>Attack on IE 0-day refined by researchers>/description> >/item> >item> >title>News: Monster botnet held 800,000 people's details>/title> >link>http://www.securityfocus.com/news/11580?ref=rss>/link> >description>>![CDATA[ Monster botnet held 800,000 people's details>br/>>br/> ]]>>/description> >/item> >item> >title>News: Google: 'no timetable' on China talks>/title> >link>http://www.securityfocus.com/news/11581?ref=rss>/link> >description>Google: 'no timetable' on China talks>/description> >/item> >item> >title>News: Latvian hacker tweets hard on banking whistle>/title> >link>http://www.securityfocus.com/news/11577?ref=rss>/link> >description>Latvian hacker tweets hard on banking whistle>/description> >/item> >item> >title>News: MS uses court order to take out Waledac botnet>/title> >link>http://www.securityfocus.com/news/11578?ref=rss>/link> >description>>![CDATA[ MS uses court order to take out Waledac botnet>br/>>br/> ]]>>/description> >/item> >item> >title>Infocus: Enterprise Intrusion Analysis, Part One>/title> >link>http://www.securityfocus.com/infocus/1904?ref=rss>/link> >description>Enterprise Intrusion Analysis, Part One>/description> >/item> >item> >title>Infocus: Responding to a Brute Force SSH Attack>/title> >link>http://www.securityfocus.com/infocus/1903?ref=rss>/link> >description>Responding to a Brute Force SSH Attack>/description> >/item> >item> >title>Infocus: Data Recovery on Linux and ext3>/title> >link>http://www.securityfocus.com/infocus/1902?ref=rss>/link> >description>>![CDATA[ Data Recovery on Linux and ext3>br/>>br/> ]]>>/description> >/item> >item> >title>Infocus: WiMax: Just Another Security Challenge?>/title> >link>http://www.securityfocus.com/infocus/1901?ref=rss>/link> >description>WiMax: Just Another Security Challenge?>/description> >/item> >item> >title>Gunter Ollmann: Time to Squish SQL Injection>/title> >link>http://www.securityfocus.com/columnists/505?ref=rss>/link> >description>Time to Squish SQL Injection>/description> >/item> >item> >title>Mark Rasch: Lazy Workers May Be Deemed Hackers>/title> >link>http://www.securityfocus.com/columnists/504?ref=rss>/link> >description>>![CDATA[ Lazy Workers May Be Deemed Hackers>br/>>br/> ]]>>/description> >/item> >item> >title>Adam O'Donnell: The Scale of Security>/title> >link>http://www.securityfocus.com/columnists/503?ref=rss>/link> >description>The Scale of Security>/description> >/item> >item> >title>Mark Rasch: Hacker-Tool Law Still Does Little>/title> >link>http://www.securityfocus.com/columnists/502?ref=rss>/link> >description>Hacker-Tool Law Still Does Little>/description> >/item> >item> >title>More rss feeds from SecurityFocus>/title> >link>http://www.securityfocus.com/rss/index.shtml>/link> >description>News, Infocus, Columns, Vulnerabilities, Bugtraq ...>/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Nmap Development>/title> >link>http://seclists.org/#nmap-dev>/link> >description>Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to <A HREF="http://nmap.org">Nmap</A> and related projects. Subscribe <a href="http://cgi.insecure.org/mailman/listinfo/nmap-dev">here</a>.>/description> >item> >title>Re: Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/244>/link> >description>Posted by Henri Doreau on Jan 272012/1/27 Henri Doreau <henri.doreau () gmail com>: Regards. >/description> >/item> >item> >title>Re: Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/243>/link> >description>Posted by Henri Doreau on Jan 272012/1/27 David Fifield <david () bamsoftware com>: with the bitfields used by select(), but that's expensive... >/description> >/item> >item> >title>Re: Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/242>/link> >description>Posted by David Fifield on Jan 27Can you describe the bug and fix? David Fifield >/description> >/item> >item> >title>New VA Modules: NSE: 3, OpenVAS: 2, MSF: 3, Nessus: 10>/title> >link>http://seclists.org/nmap-dev/2012/q1/241>/link> >description>Posted by New VA Module Alert Service on Jan 27This report describes any new scripts/modules/exploits added to Nmap, allowing access are marked using the keyword Willing in... >/description> >/item> >item> >title>Re: Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/240>/link> >description>Posted by Henri Doreau on Jan 272012/1/27 Ron <ron () skullsecurity net>: Thanks for testing, I have committed it as r27935. >/description> >/item> >item> >title>Re: Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/239>/link> >description>Posted by Ron on Jan 27The patch fixed the issue. Thanks! Ron >/description> >/item> >item> >title>Re: Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/238>/link> >description>Posted by Henri Doreau on Jan 272012/1/27 Ron <ron () skullsecurity net>: Regards. >/description> >/item> >item> >title>Re: Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/237>/link> >description>Posted by Ron on Jan 27I got it loaded in gdb. I don't really know how to use gdb, though, so let me know if there are any commands you want ms=<optimized out>,... >/description> >/item> >item> >title>Re: Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/236>/link> >description>Posted by Henri Doreau on Jan 272012/1/27 Ron <ron () skullsecurity net>: Regards. >/description> >/item> >item> >title>Exception fail / crash>/title> >link>http://seclists.org/nmap-dev/2012/q1/235>/link> >description>Posted by Ron on Jan 27Hey, not *fuzz* and not *firewalk* and not... >/description> >/item> >item> >title>New VA Modules: OpenVAS: 2, MSF: 1, Nessus: 28>/title> >link>http://seclists.org/nmap-dev/2012/q1/234>/link> >description>Posted by New VA Module Alert Service on Jan 26This report describes any new scripts/modules/exploits added to Nmap, EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection... >/description> >/item> >item> >title>Re: Unused captures in nmap-service-probes>/title> >link>http://seclists.org/nmap-dev/2012/q1/233>/link> >description>Posted by David Fifield on Jan 26Thank you. This was very helpful. I committed your patch, some David Fifield >/description> >/item> >item> >title>New VA Modules: NSE: 2, OpenVAS: 25, Nessus: 26>/title> >link>http://seclists.org/nmap-dev/2012/q1/232>/link> >description>Posted by New VA Module Alert Service on Jan 25This report describes any new scripts/modules/exploits added to Nmap, r27899 iax2-brute... >/description> >/item> >item> >title>Problems downloading>/title> >link>http://seclists.org/nmap-dev/2012/q1/231>/link> >description>Posted by Brian Poppe on Jan 24Your servers are constantly timing out when trying to download the Windows installer. The speeds will be 140-150KB/s Just... >/description> >/item> >item> >title>[NSE] New script iax2-brute>/title> >link>http://seclists.org/nmap-dev/2012/q1/230>/link> >description>Posted by Patrik Karlsson on Jan 24Hi all, Patrik >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Nmap Hackers>/title> >link>http://seclists.org/#nmap-hackers>/link> >description>Moderated list for the most important new releases and announcements regarding the <A HREF="http://nmap.org">Nmap Security Scanner</A> and related projects. We recommend that all Nmap users <a href="http://cgi.insecure.org/mailman/listinfo/nmap-hackers">subscribe</a>.>/description> >item> >title>Updates on Download.Com caught adding malware to Nmap installer>/title> >link>http://seclists.org/nmap-hackers/2011/6>/link> >description>Posted by Fyodor on Dec 06Hi Folks. A lot has happened since yesterday's email about software as a gift to the community, only to have it used as bait by... >/description> >/item> >item> >title>C|Net Download.Com is now bundling Nmap with malware!>/title> >link>http://seclists.org/nmap-hackers/2011/5>/link> >description>Posted by Fyodor on Dec 05Hi Folks. I've just discovered that C|Net's Download.Com site has The way it works is that C|Net's download page (screenshot attached)... >/description> >/item> >item> >title>SecTools.Org relaunched based on your survey responses!>/title> >link>http://seclists.org/nmap-hackers/2011/4>/link> >description>Posted by Fyodor on Nov 04Hi folks! Remember the latest Nmap survey that almost 3,000 of you lets you nominate your... >/description> >/item> >item> >title>Nmap 5.59BETA1 Released!>/title> >link>http://seclists.org/nmap-hackers/2011/3>/link> >description>Posted by Fyodor on Jun 30Hi Folks. Other than the recent informal IPv6 commemorative edition, o 40 new... >/description> >/item> >item> >title>Happy World IPv6 Day From the Nmap Project!>/title> >link>http://seclists.org/nmap-hackers/2011/2>/link> >description>Posted by Fyodor on Jun 08Hi Folks. You have probably heard that today is World IPv6 Day, with That system now has native IPv6 support. So... >/description> >/item> >item> >title>Nmap 5.51 and SoC Opportunity>/title> >link>http://seclists.org/nmap-hackers/2011/1>/link> >description>Posted by Fyodor on Apr 05Hi Folks! I'm happy to report that the Nmap 5.50 release was a big threat to... >/description> >/item> >item> >title>Nmap 5.50: Now with Gopher protocol support!>/title> >link>http://seclists.org/nmap-hackers/2011/0>/link> >description>Posted by Fyodor on Jan 28Hi folks! It has been a year since the last Nmap stable release application protocols,... >/description> >/item> >item> >title>Nmap Defcon Release: Version 5.35DC1>/title> >link>http://seclists.org/nmap-hackers/2010/7>/link> >description>Posted by Fyodor on Jul 16Hi folks. It has been 3.5 months since the last Nmap release Hat in a couple weeks (see... >/description> >/item> >item> >title>Nmap News and Last Chance to Take the Survey>/title> >link>http://seclists.org/nmap-hackers/2010/6>/link> >description>Posted by Fyodor on Apr 30Hi Folks. I have some Nmap news to share with you: Drazen Popovic and Djalal Harouni will be... >/description> >/item> >item> >title>Survey Reminder>/title> >link>http://seclists.org/nmap-hackers/2010/5>/link> >description>Posted by Fyodor on Apr 14Hi folks, I have a quick question for you: survey up, tabulate and share results, choose the prize winners,... >/description> >/item> >item> >title>Nmap/SecTools Survey and GSoC Deadline>/title> >link>http://seclists.org/nmap-hackers/2010/4>/link> >description>Posted by Fyodor on Apr 07Hello everyone. I hope you're enjoying the 5.30BETA1 release. So far summer! SoC... >/description> >/item> >item> >title>Nmap 5.30BETA1 Released w/37 new scripts and new Apple vuln>/title> >link>http://seclists.org/nmap-hackers/2010/3>/link> >description>Posted by Fyodor on Mar 29Hi folks! It has been two months since the 5.21 release and we've ipidseq. Learn about them all at... >/description> >/item> >item> >title>Nmap 5.21 released>/title> >link>http://seclists.org/nmap-hackers/2010/2>/link> >description>Posted by Fyodor on Jan 27Hello everyone. I'm pleased to release Nmap 5.21, which contains zero development projects. If you want to... >/description> >/item> >item> >title>Lots of Nmap News>/title> >link>http://seclists.org/nmap-hackers/2010/1>/link> >description>Posted by Fyodor on Jan 22Hi folks. I'm happy to report that the 5.20 release went well. But If you're running from a build of the latest SVN... >/description> >/item> >item> >title>Nmap 5.20 Released>/title> >link>http://seclists.org/nmap-hackers/2010/0>/link> >description>Posted by Fyodor on Jan 20Happy new year, everyone. I'm happy to announce Nmap 5.20--our first o massive OS and version detection DB updates (10,000+ signatures)... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >/channel> >/rss> >rss version="2.0"> >channel> >title>Penetration Testing>/title> >link>http://seclists.org/#pen-test>/link> >description>While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.>/description> >item> >title>[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon>/title> >link>http://seclists.org/pen-test/2012/Jan/14>/link> >description>Posted by Hafez Kamal on Jan 27This is a gentle reminder that the Call for Papers for the third annual featuring keynote speakers Andy Ellis (Chief... >/description> >/item> >item> >title>DoS attacks using Exploit Pack>/title> >link>http://seclists.org/pen-test/2012/Jan/13>/link> >description>Posted by noreply on Jan 22DoS attacks by using Exploit Pack <a rel="nofollow" href="http://exploitpack.com">http://exploitpack.com</a>... >/description> >/item> >item> >title>Technology Neutral Healthcheck>/title> >link>http://seclists.org/pen-test/2012/Jan/12>/link> >description>Posted by cribbar on Jan 19Can I ask if any of you have roles as security admins or managers if you have 3rd party offering a solution/application for you that will give... >/description> >/item> >item> >title>Re: Goofile 1.0 - Command line google search for files by domain>/title> >link>http://seclists.org/pen-test/2012/Jan/11>/link> >description>Posted by James Condron on Jan 18Tom, then having this value set to... >/description> >/item> >item> >title>Exploit Pack - New release>/title> >link>http://seclists.org/pen-test/2012/Jan/10>/link> >description>Posted by noreply on Jan 18Exploit Pack is a Security Tool that will assist you while you test the Make your workstation safe by testing it... >/description> >/item> >item> >title>Goofile 1.0 - Command line google search for files by domain>/title> >link>http://seclists.org/pen-test/2012/Jan/9>/link> >description>Posted by tom on Jan 18Greetings! Prove to peers and potential employers without a doubt that you can actually do a proper penetration... >/description> >/item> >item> >title>Re: Best route to penetration testing learning>/title> >link>http://seclists.org/pen-test/2012/Jan/8>/link> >description>Posted by wlandymore on Jan 11Thanks for the tips guys. I've seen the offensive-security.com website and I Archangel Amael wrote: >/description> >/item> >item> >title>Re: Best route to penetration testing learning>/title> >link>http://seclists.org/pen-test/2012/Jan/7>/link> >description>Posted by robertwood50 on Jan 07The SANS courses are pretty good in that you will actually be learning useful information, not just information it is put into practice. For reading I would... >/description> >/item> >item> >title>Re: Best route to penetration testing learning>/title> >link>http://seclists.org/pen-test/2012/Jan/6>/link> >description>Posted by Archangel Amael on Jan 07Hello, metasploit and some other pentesting tools, check out... >/description> >/item> >item> >title>Best route to penetration testing learning>/title> >link>http://seclists.org/pen-test/2012/Jan/5>/link> >description>Posted by wlandymore on Jan 06I'm new to penetration testing and recently took the CEH. I found that it was Thanks. >/description> >/item> >item> >title>AppSec DC 2012 CFP EXTENDED!>/title> >link>http://seclists.org/pen-test/2012/Jan/4>/link> >description>Posted by AppSec DC on Jan 06All, move the platform we ask that... >/description> >/item> >item> >title>Arachni v0.4 has been released (Open Source Web Application Security Scanner Framework)>/title> >link>http://seclists.org/pen-test/2012/Jan/3>/link> >description>Posted by Tasos Laskos on Jan 06Hi guys, * Updated WebUI to provide access to HPG... >/description> >/item> >item> >title>RE: Nmap>/title> >link>http://seclists.org/pen-test/2012/Jan/2>/link> >description>Posted by S Walker on Jan 02Just an added note to the current replies (which are all great for hosts not in the local broadcast domain): It is ----------------------------------------... >/description> >/item> >item> >title>Re: Nmap>/title> >link>http://seclists.org/pen-test/2012/Jan/1>/link> >description>Posted by Juan Pablo on Jan 02Sorry for the late answer... Here... >/description> >/item> >item> >title>[TOOL RELEASE] Technitium MAC Address Changer v6 (FREEWARE)>/title> >link>http://seclists.org/pen-test/2012/Jan/0>/link> >description>Posted by Shreyas Zare on Jan 02Hi, windows drivers to access Ethernet Network (LAN).... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>The RISKS Forum>/title> >link>http://seclists.org/#risks>/link> >description>Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.>/description> >item> >title>Risks Digest 26.70>/title> >link>http://seclists.org/risks/2012/q1/0>/link> >description>Posted by RISKS List Owner on Jan 02RISKS-LIST: Risks-Forum Digest Monday 2 January 2012 Volume 26 : Issue 70 The current issue can be... >/description> >/item> >item> >title>Risks Digest 26.69>/title> >link>http://seclists.org/risks/2011/q4/10>/link> >description>Posted by RISKS List Owner on Dec 29RISKS-LIST: Risks-Forum Digest Thursday 29 December 2011 Volume 26 : Issue 69 The current issue can... >/description> >/item> >item> >title>Risks Digest 26.68>/title> >link>http://seclists.org/risks/2011/q4/9>/link> >description>Posted by RISKS List Owner on Dec 28RISKS-LIST: Risks-Forum Digest Weds 28 December 2011 Volume 26 : Issue 68 The current issue can be... >/description> >/item> >item> >title>Risks Digest 26.67>/title> >link>http://seclists.org/risks/2011/q4/8>/link> >description>Posted by RISKS List Owner on Dec 20RISKS-LIST: Risks-Forum Digest Tuesday 20 December 2011 Volume 26 : Issue 67 The current issue can... >/description> >/item> >item> >title>Risks Digest 26.66>/title> >link>http://seclists.org/risks/2011/q4/7>/link> >description>Posted by RISKS List Owner on Dec 06RISKS-LIST: Risks-Forum Digest Tuesday 6 December 2011 Volume 26 : Issue 66 The current issue can be... >/description> >/item> >item> >title>Risks Digest 26.65>/title> >link>http://seclists.org/risks/2011/q4/6>/link> >description>Posted by RISKS List Owner on Nov 29RISKS-LIST: Risks-Forum Digest Tuesday 29 November 2011 Volume 26 : Issue 65 The current issue can... >/description> >/item> >item> >title>Risks Digest 26.64>/title> >link>http://seclists.org/risks/2011/q4/5>/link> >description>Posted by RISKS List Owner on Nov 26RISKS-LIST: Risks-Forum Digest Saturday 26 November 2011 Volume 26 : Issue 64 The current issue can... >/description> >/item> >item> >title>Risks Digest 26.63>/title> >link>http://seclists.org/risks/2011/q4/4>/link> >description>Posted by RISKS List Owner on Nov 22RISKS-LIST: Risks-Forum Digest Tuesday 22 November 2011 Volume 26 : Issue 63 The current issue can... >/description> >/item> >item> >title>Risks Digest 26.62>/title> >link>http://seclists.org/risks/2011/q4/3>/link> >description>Posted by RISKS List Owner on Nov 18RISKS-LIST: Risks-Forum Digest Friday 18 November 2011 Volume 26 : Issue 62 The current issue can be... >/description> >/item> >item> >title>Risks Digest 26.61>/title> >link>http://seclists.org/risks/2011/q4/2>/link> >description>Posted by RISKS List Owner on Nov 13RISKS-LIST: Risks-Forum Digest Sunday 13 November 2011 Volume 26 : Issue 61 The current issue can be... >/description> >/item> >item> >title>Risks Digest 26.60>/title> >link>http://seclists.org/risks/2011/q4/1>/link> >description>Posted by RISKS List Owner on Nov 11RISKS-LIST: Risks-Forum Digest Friday 11 November 2011 Volume 26 : Issue 60 The current issue can be... >/description> >/item> >item> >title>Risks Digest 26.59>/title> >link>http://seclists.org/risks/2011/q4/0>/link> >description>Posted by RISKS List Owner on Oct 23RISKS-LIST: Risks-Forum Digest Sunday 23 October 2011 Volume 26 : Issue 59 The current issue can be... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title> SANS Internet Storm Center, InfoCON: green>/title> >link> http://isc.sans.edu>/link> >description>>![CDATA[]]>>/description> >image> >title>SANS Internet Storm Center, InfoCON: green>/title> >url>http://isc.sans.org/images/status.gif>/url> >link>http://isc.sans.org>/link> >/image> >item> >title>Infocon: green>/title> >link>http://isc.sans.edu/diary.html?rss>/link> >description>>![CDATA[SSH Password attacks using domain name elements as userid]]>>/description> >/item> >item> >title>SSH Password attacks using domain name elements as userid, (Fri, Jan 27th)>/title> >link>http://isc.sans.edu/diary.html?storyid=12475&rss>/link> >description>>![CDATA[A reader (Thanks Jim!) mentioned earlier today that his SSHlogs were showing access attempts u ...(more)... ]]>>/description> >/item> >item> >title> CISCO Ironport C & M Series telnet vulnerability, (Fri, Jan 27th)>/title> >link>http://isc.sans.edu/diary.html?storyid=12472&rss>/link> >description>>![CDATA[In case you missed it there is a vulnerability in the CISCOIronport telnet service. Details ca ...(more)... ]]>>/description> >/item> >item> >title> ISC StormCast for Friday, January 27th 2012 http://isc.sans.edu/podcastdetail.html?id=2287, (Fri, Jan 27th)>/title> >link>http://isc.sans.edu/podcastdetail.html?id=2287>/link> >description>>![CDATA[ ...(more)... ]]>>/description> >/item> >item> >title> ISC Feature of the Week: ISC Link Back, (Wed, Jan 25th)>/title> >link>http://isc.sans.edu/diary.html?storyid=12460&rss>/link> >description>>![CDATA[Overview Need to attribute information to ISC? Want to provide users with an avenue to visit the I ...(more)... ]]>>/description> >/item> >item> >title> pcAnywhere users – patch now!, (Wed, Jan 25th)>/title> >link>http://isc.sans.edu/diary.html?storyid=12463&rss>/link> >description>>![CDATA[Symantec released a patch for pcAnywhere products that fixes couple of vulnerabilities, among which ...(more)... ]]>>/description> >/item> >item> >title> ISC StormCast for Thursday, January 26th 2012 http://isc.sans.edu/podcastdetail.html?id=2284, (Thu, Jan 26th)>/title> >link>http://isc.sans.edu/podcastdetail.html?id=2284>/link> >description>>![CDATA[ ...(more)... ]]>>/description> >/item> >item> >title> ISC StormCast for Wednesday, January 25th 2012 http://isc.sans.edu/podcastdetail.html?id=2281, (Wed, Jan 25th)>/title> >link>http://isc.sans.edu/podcastdetail.html?id=2281>/link> >description>>![CDATA[ ...(more)... ]]>>/description> >/item> >item> >title> Is it time to get rid of NetBIOS?, (Tue, Jan 24th)>/title> >link>http://isc.sans.edu/diary.html?storyid=12454&rss>/link> >description>>![CDATA[NetBIOS, and its weaknesses that allow extremely easy spoofing have been well known all the way sinc ...(more)... ]]>>/description> >/item> >item> >title> ISC StormCast for Tuesday, January 24th 2012 http://isc.sans.edu/podcastdetail.html?id=2278, (Tue, Jan 24th)>/title> >link>http://isc.sans.edu/podcastdetail.html?id=2278>/link> >description>>![CDATA[ ...(more)... ]]>>/description> >/item> >item> >title> Javascript DDoS Tool Analysis, (Sun, Jan 22nd)>/title> >link>http://isc.sans.edu/diary.html?storyid=12442&rss>/link> >description>>![CDATA[ Last week's denial of service attack agains the Department of Justice (justice.gov), ...(more)... ]]>>/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Metasploit Framework: Activity>/title> >link href="http://dev.metasploit.com/redmine/projects/framework/activity" rel="alternate" /> >title>Revision 3d19d521: Merge branch 'stat-struct-fixes' (early part)>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/a21W7FBeOAQ/3d19d521bd88bb368ece850e9589e0525d1ad203" rel="alternate" /> >title>Revision 289dc81d: Add -m32 to all the Makefiles>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/N9bzaHE9n4M/289dc81d607e8aedba6414f816a27201431137dc" rel="alternate" /> >title>Revision e7b15180: Add clean targets for openssl and libpcap>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/TzoIVtz4Cao/e7b15180d1314e20cb500f61cc36ec1c29151a2d" rel="alternate" /> >title>Revision 5bc1701a: Ensure make.sh returns success>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/YqVwHQ-MIVo/5bc1701a5a784bca80b8872427850a787394109c" rel="alternate" /> >title>Revision 5be58513: Ensure make.sh returns success>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/blg8Jjwnzi8/5be58513f9cd32d15ab7ec945d79af05773b8956" rel="alternate" /> >title>Revision 8108bf88: Add clean targets for openssl and libpcap>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/25gw-LHhxMc/8108bf888e00288ffc974e06cee10e0366df3af8" rel="alternate" /> >title>Bug #4928: Reverse Https cannot load stdapi and cannot establish meterpreter session>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/Cftv7lyjHc4/4928" rel="alternate" /> >title>Revision 4cd38c55: Adds login scanner module for VMware Server and ESX>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/aVs4Plxm6dQ/4cd38c55552fc0132b59a2193ab2f54fe1b3751c" rel="alternate" /> >title>Revision abf031f2: Add -m32 to all the Makefiles>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/WippXDwUGSY/abf031f2246050cc7d313a52a79ae279bd22ed06" rel="alternate" /> >title>Revision 7b866eee: Use the proper function for verbose prints>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/IuottM4e2S4/7b866eee867667533f10eb772e7248c97f718997" rel="alternate" /> >title>Revision a2d20e25: Fix a regression in the workspace inclusion code (only affected>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/C15agprPPI4/a2d20e25d36bf2825ff878dc2c7e30dda5617af9" rel="alternate" /> >title>Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised)>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/Vlx-g3JTqVA/6268" rel="alternate" /> >title>Revision 64651e52: Credit Shane of X-Force for the discovery>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/GOEyFsZS82U/64651e52a8445201c43a5ad44ac8b7bb11c22889" rel="alternate" /> >title>Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised)>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/VhSTqmzzW20/6268" rel="alternate" /> >title>Revision c5e667a1: Post Module to enumerate VirtualBox VMs for the current user.>/title> >link href="http://feedproxy.google.com/~r/metasploit/development/~3/THv834ihiwo/c5e667a1dc0f91718e63752f7997f51088fe3606" rel="alternate" /> >/channel> >/rss> >rss version="2.0"> >channel> >title>Nessus.org Plugins>/title> >link>http://www.nessus.org/scripts.php>/link> >description>All the newest security checks for the Nessus scanner>/description> >image about="http://www.nessus.org/images/RssLogo.jpg"> >title>Nessus Plugins>/title> >url>http://www.nessus.org/images/RssLogo.jpg>/url> >link>http://www.nessus.org/>/link> >/image> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57712"> >title>OpenSSL 1.0.0f DTLS Denial of Service>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57712>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57711"> >title>OpenSSL 0.9.8s DTLS Denial of Service>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57711>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57710"> >title>WebSphere MQ Client < 6.0.2.7 / 7.0.1.0 Buffer Overflow>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57710>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57709"> >title>WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57709>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57708"> >title>WebSphere MQ Server and Client Detection>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57708>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57707"> >title>USN-1349-1 : xorg vulnerability>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57707>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57706"> >title>USN-1348-1 : icu vulnerability>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57706>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57705"> >title>FreeBSD : acroread9 -- Multiple Vulnerabilities (fa2f386f-4814-11e1-89b4-001ec9578670)>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57705>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57704"> >title>FreeBSD : mpack -- Information disclosure (e465159c-4817-11e1-89b4-001ec9578670)>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57704>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57703"> >title>Fedora 15 2012-0420>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57703>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57702"> >title>Debian DSA-2394-1 : libxml2 - several vulnerabilities>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57702>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57701"> >title>HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57701>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57700"> >title>HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57700>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57699"> >title>HP Managed Printing Administration Detection>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57699>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57698"> >title>USN-1347-1 : evince vulnerability>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57698>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57697"> >title>USN-1342-1 : linux-lts-backport-oneiric vulnerability>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57697>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57696"> >title>SuSE Security Update: gnutls (2012-01-23)>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57696>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57695"> >title>Fedora 16 2012-0643>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57695>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57694"> >title>Fedora 15 2012-0626>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57694>/link> >/item> >item about="http://www.nessus.org/plugins/index.php?view=single&id=57693"> >title>Debian DSA-2393-1 : bip - buffer overflow>/title> >description>>![CDATA[>br /> ]]>>/description> >link>http://www.nessus.org/plugins/index.php?view=single&id=57693>/link> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>SecuriTeam>/title> >link>http://www.securiteam.com>/link> >description>Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.>/description> >image> >title>SecuriTeam.com>/title> >url>http://www.securiteam.com/beyond-logo-small.png>/url> >link>http://www.securiteam.com>/link> >/image> >item> >title>HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty>/title> >link>http://www.securiteam.com/securitynews/5PP3I2060C.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.]]>>/description> >/item> >item> >title>HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty>/title> >link>http://www.securiteam.com/securitynews/5OP3H2060S.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.]]>>/description> >/item> >item> >title>HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty>/title> >link>http://www.securiteam.com/securitynews/5NP3G2060Q.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.]]>>/description> >/item> >item> >title>GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability>/title> >link>http://www.securiteam.com/securitynews/5LP3J1F60C.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Historian.]]>>/description> >/item> >item> >title>HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty>/title> >link>http://www.securiteam.com/securitynews/5KP3I1F60U.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension.]]>>/description> >/item> >item> >title>Apache mod_rewrite Vulnerability PoC>/title> >link>http://www.securiteam.com/tools/6N03G002UM.html>/link> >description>>![CDATA[]]>>/description> >/item> >item> >title>netsniff-ng - A Linux Network Analyzer and Networking Toolkit>/title> >link>http://www.securiteam.com/tools/5SP3D0U4KY.html>/link> >description>>![CDATA[]]>>/description> >/item> >item> >title>Simple Local File Inclusion Exploiter>/title> >link>http://www.securiteam.com/tools/6T03H0K0AQ.html>/link> >description>>![CDATA[]]>>/description> >/item> >item> >title>NiX A Linux Brute Forcer>/title> >link>http://www.securiteam.com/tools/6S03G0K0AW.html>/link> >description>>![CDATA[]]>>/description> >/item> >item> >title>Nchop - A TCP Session Splicing Tool Used to Rvade Intrusion Detection Systems>/title> >link>http://www.securiteam.com/tools/6D0362K0AI.html>/link> >description>>![CDATA[]]>>/description> >/item> >item> >title>Insight Control for Linux Multiple Vulnerabilities>/title> >link>http://www.securiteam.com/unixfocus/5WP3W0A55A.html>/link> >description>>![CDATA[Remote unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure and Denial of Service (DoS) vulnerabilities were identified in Insight Control for Linux.]]>>/description> >/item> >item> >title>HP-UX Running NFS/ONCplus Denial of Service Vulnerability>/title> >link>http://www.securiteam.com/unixfocus/5SP3S0A55O.html>/link> >description>>![CDATA[A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX.]]>>/description> >/item> >item> >title>HP-UX Running BIND Denial of Service Vulnerability 2011>/title> >link>http://www.securiteam.com/unixfocus/5XP3L2K55W.html>/link> >description>>![CDATA[A potential security vulnerability has been identified with HP-UX running BIND.]]>>/description> >/item> >item> >title>HP-UX Running XNTP Denial of Service Vulnerability>/title> >link>http://www.securiteam.com/unixfocus/5ZP311555Y.html>/link> >description>>![CDATA[A remote Denial of Service vulnerability was identified in HP-UX running XNTP.]]>>/description> >/item> >item> >title>HP-UX Denial of Service Vulnerability>/title> >link>http://www.securiteam.com/unixfocus/5YP301555Q.html>/link> >description>>![CDATA[A potential security vulnerability have been identified with HP-UX.]]>>/description> >/item> >item> >title>Novell Zenworks Software Packaging LaunchHelp.dll Code Execution Vulnerability>/title> >link>http://www.securiteam.com/windowsntfocus/5XP3H0U60U.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging.]]>>/description> >/item> >item> >title>Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability>/title> >link>http://www.securiteam.com/windowsntfocus/5WP3G0U60M.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks.]]>>/description> >/item> >item> >title>Microsoft Internet Explorer swapNode Handling Code Execution Vulnerability>/title> >link>http://www.securiteam.com/windowsntfocus/5RP302K60C.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.]]>>/description> >/item> >item> >title>Microsoft Internet Explorer Select Element Insufficient Type Checking Code Execution Vulnerability>/title> >link>http://www.securiteam.com/windowsntfocus/5FP2Y2K60M.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8.]]>>/description> >/item> >item> >title>Internet Explorer Select Element Cache Code Execution Vulnerability>/title> >link>http://www.securiteam.com/windowsntfocus/5EP2X2K60Q.html>/link> >description>>![CDATA[This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.]]>>/description> >/item> >item> >title>Microsoft Windows shmedia.dll Division By Zero, Explore.exe DOS Exploit>/title> >link>http://www.securiteam.com/exploits/5SP360040Q.html>/link> >description>>![CDATA[A Div by Zero bug exits when shmedia.dll handles a malformed AVI file, producing a crash.]]>>/description> >/item> >item> >title>IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS>/title> >link>http://www.securiteam.com/exploits/5VP3H153PA.html>/link> >description>>![CDATA[There are multiple remote uninitialized pointer free conditions in IGSS's ODBC server. By sending a specially crafted packet to listening port 20222, it is possible to crash the server. Execution of arbitrary code is unlikely.]]>>/description> >/item> >item> >title>Progea Movicon TCPUploadServer Remote Exploit>/title> >link>http://www.securiteam.com/exploits/5UP3G153PI.html>/link> >description>>![CDATA[TCPUploadServer allows remote users to execute functions on the server without any form of authentication. Impacts include deletion of arbitrary files, execution of a program with an arbitrary argument, crashing the server, information disclosure, and more. This design flaw puts the host running this server at risk of potentially unauthorized functions being executed on the system.]]>>/description> >/item> >item> >title>Trango Broadband Wireless Rogue SU Authentication Bug>/title> >link>http://www.securiteam.com/exploits/5LP2V0K0AG.html>/link> >description>>![CDATA[Currently there is a flaw in the authentication mechanism of these radios which, if an attacker knows some details, can allow interception of ethernet packets broadcast from the Access Point to the Subscriber Unit and potentially allows injection into the communication from the Subscriber Unit to the Access Point.]]>>/description> >/item> >item> >title>Exposing HMS HICP Protocol and Intellicom NetBiterConfig.exe Remote Buffer Overflow>/title> >link>http://www.securiteam.com/exploits/5CP2W0A0AU.html>/link> >description>>![CDATA[SCADA weaknesses created by HICP Protocol and NetBiter WebSCADA.]]>>/description> >/item> >item> >title>Bypassing Internet Explorer's XSS Filter>/title> >link>http://www.securiteam.com/securityreviews/5GP3G005FA.html>/link> >description>>![CDATA[Internet Explorer 9 has a security system with well known shortfalls, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks. This paper covers three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS.]]>>/description> >/item> >item> >title>Apple OfficeImport Framework Excel Memory Corruption Vulnerability>/title> >link>http://www.securiteam.com/securityreviews/5OP39204AM.html>/link> >description>>![CDATA[Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user.]]>>/description> >/item> >item> >title>LittleBlackBox Project: Default SSL Keys in Multiple Routers>/title> >link>http://www.securiteam.com/securityreviews/5YP2V1F35I.html>/link> >description>>![CDATA[Many routers that provide an HTTPS administrative interface use default or hard-coded SSL keys that can be recovered by extracting the file system from the device's firmware.]]>>/description> >/item> >item> >title>Why Silent Updates Boost Security>/title> >link>http://www.securiteam.com/securityreviews/5NP0E00R5A.html>/link> >description>>![CDATA[Thomas Duebendorfer Google Switzerland GmbH and Stefan Frei Communication Systems Group, ETH Zurich, Switzerland looked into the performance of Web browser update mechanisms. The analysis of anonymized Google Web server logs allowed us to compare and rank the update strategies deployed by Google Chrome, Mozilla Firefox, Apple Safari, and Opera.]]>>/description> >/item> >item> >title>PDF Silent HTTP Form Repurposing Attacks>/title> >link>http://www.securiteam.com/securityreviews/5MP0D00R5G.html>/link> >description>>![CDATA[This paper sheds light on a modified approach to triggering web attacks through JavaScript protocol handler in the context of opening a PDF in a browser.]]>>/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Security Basics>/title> >link>http://seclists.org/#basics>/link> >description>A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.>/description> >item> >title>Re: Building an Information Asset database>/title> >link>http://seclists.org/basics/2012/Jan/118>/link> >description>Posted by Bharat Gosalia on Jan 27I FOUND chapter 4 somewhat relevent. it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,... >/description> >/item> >item> >title>SOAP>/title> >link>http://seclists.org/basics/2012/Jan/117>/link> >description>Posted by Thugzclub on Jan 27All, In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look... >/description> >/item> >item> >title>RE: Regularly Vulnerability Assessment using QualysGuard - Pro/Cons?>/title> >link>http://seclists.org/basics/2012/Jan/116>/link> >description>Posted by Wright, Joe # ATLANTA on Jan 27Andre; are trying to achieve. Qualys however tends to be expensive on initial cost and recurring... >/description> >/item> >item> >title>[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon>/title> >link>http://seclists.org/basics/2012/Jan/115>/link> >description>Posted by Hafez Kamal on Jan 27This is a gentle reminder that the Call for Papers for the third annual featuring keynote speakers Andy Ellis (Chief... >/description> >/item> >item> >title>Re: [Full-disclosure] DNS bind attacks>/title> >link>http://seclists.org/basics/2012/Jan/114>/link> >description>Posted by Chris Granger on Jan 27Your theory's likely correct - do you allow external IPs to make recursive queries to your server? amplification factor is greatly increased. Can you check to see if +edns=0 was set in the... >/description> >/item> >item> >title>Re: [Full-disclosure] DNS bind attacks>/title> >link>http://seclists.org/basics/2012/Jan/113>/link> >description>Posted by Jeffrey Walton on Jan 27What's the query. Could it be related to it benefits your company and how your customers can tell if a site is secure. You will find... >/description> >/item> >item> >title>DNS bind attacks>/title> >link>http://seclists.org/basics/2012/Jan/112>/link> >description>Posted by J. von Balzac on Jan 27I'm seeing a lot of hosts in my named logs (I mean log files, it's not these queries and... >/description> >/item> >item> >title>Re: DoS attacks using Exploit Pack>/title> >link>http://seclists.org/basics/2012/Jan/111>/link> >description>Posted by Thugzclub on Jan 27Any proxy will do, as long as it has not been blocked by that site! install... >/description> >/item> >item> >title>Re: Cyber Warfare / Network Defense Simulation>/title> >link>http://seclists.org/basics/2012/Jan/110>/link> >description>Posted by Thugzclub on Jan 27Yup ! In this guide we examine... >/description> >/item> >item> >title>PPP / NCP Vulnerability Research>/title> >link>http://seclists.org/basics/2012/Jan/109>/link> >description>Posted by Miguel Regala on Jan 25Hi, it benefits your company and how your customers can tell if a site is... >/description> >/item> >item> >title>Re: Cyber Warfare / Network Defense Simulation>/title> >link>http://seclists.org/basics/2012/Jan/108>/link> >description>Posted by Jim Elkins on Jan 24Here are a couple of suggested books. articles, references, books, sites, ideas, anything) on... >/description> >/item> >item> >title>Re: Cyber Warfare / Network Defense Simulation>/title> >link>http://seclists.org/basics/2012/Jan/107>/link> >description>Posted by Henri Salo on Jan 24Key-point in my opinion is to have the setup up and running fast from scratch. it benefits your company and how your customers can tell if a site is secure. You will find out how to... >/description> >/item> >item> >title>Re: Cyber Warfare / Network Defense Simulation>/title> >link>http://seclists.org/basics/2012/Jan/106>/link> >description>Posted by Christopher Siedlecki on Jan 24That is very neat, but in my opinion little bit to broad idea. For E-mail:... >/description> >/item> >item> >title>Cyber Warfare / Network Defense Simulation>/title> >link>http://seclists.org/basics/2012/Jan/105>/link> >description>Posted by TeÃ³philo Athos Brauns on Jan 24Hi, managed to create a... >/description> >/item> >item> >title>Re: DoS attacks using Exploit Pack>/title> >link>http://seclists.org/basics/2012/Jan/104>/link> >description>Posted by Richard SteinbrÃ¼ck on Jan 24try this ... <a rel="nofollow" href="https://youtubeproxy.org/">https://youtubeproxy.org/</a> >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >link>http://seclists.org/#jobs>/link> >description>A popular list for advertising or finding jobs in the security field. Employers post openings and job seekers post resumes (run by SecurityFocus). For privacy reasons, only the current year is archived.>/description> >/channel> >/rss> >rss version="2.0"> >channel> >link>http://seclists.org/#vuln-dev>/link> >description>A moderated list for discussing possible security issues and devising exploits for them.>/description> >/channel> >/rss> >rss version="2.0"> >channel> >title>SecurityFocus Vulnerabilities>/title> >link>http://www.securityfocus.com>/link> >description> >/description> >image> >title>SecurityFocus>/title> >url>http://www.securityfocus.com/rss/SFLogo_v1.gif>/url> >link>http://www.securityfocus.com>/link> >/image> >item> >title>Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability>/title> >link>http://www.securityfocus.com/bid/51273>/link> >description>>![CDATA[ Pligg CMS 'status' Parameter SQL Injection Vulnerability ]]>>/description> >/item> >item> >title>Vuln: QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability>/title> >link>http://www.securityfocus.com/bid/51642>/link> >description>>![CDATA[ QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability ]]>>/description> >/item> >item> >title>Vuln: Apache Tomcat AJP Protocol Security Bypass Vulnerability>/title> >link>http://www.securityfocus.com/bid/49353>/link> >description>>![CDATA[ Apache Tomcat AJP Protocol Security Bypass Vulnerability ]]>>/description> >/item> >item> >title>Vuln: Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability>/title> >link>http://www.securityfocus.com/bid/48667>/link> >description>>![CDATA[ Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability ]]>>/description> >/item> >item> >title>Bugtraq: AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS>/title> >link>http://www.securityfocus.com/archive/1/521388>/link> >description>>![CDATA[ AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS ]]>>/description> >/item> >item> >title>Bugtraq: [ GLSA 201201-15 ] ktsuss: Privilege escalation>/title> >link>http://www.securityfocus.com/archive/1/521378>/link> >description>>![CDATA[ [ GLSA 201201-15 ] ktsuss: Privilege escalation ]]>>/description> >/item> >item> >title>Bugtraq: [SECURITY] [DSA 2394-1] libxml2 security update>/title> >link>http://www.securityfocus.com/archive/1/521377>/link> >description>>![CDATA[ [SECURITY] [DSA 2394-1] libxml2 security update ]]>>/description> >/item> >item> >title>Bugtraq: [HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon>/title> >link>http://www.securityfocus.com/archive/1/521379>/link> >description>>![CDATA[ [HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon ]]>>/description> >/item> >item> >title>More rss feeds from SecurityFocus>/title> >link>http://www.securityfocus.com/rss/index.shtml>/link> >description>News, Infocus, Columns, Vulnerabilities, Bugtraq ...>/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>VulnWatch>/title> >link>http://seclists.org/#vulnwatch>/link> >description>A non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.>/description> >/channel> >/rss> >rss version="2.0"> >channel> >title>Web App Security>/title> >link>http://seclists.org/#webappsec>/link> >description>Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.>/description> >item> >title>Re: Apache Killer - take 2?>/title> >link>http://seclists.org/webappsec/2012/q1/13>/link> >description>Posted by Anestis Bechtsoudis on Jan 23Apache byte-range killer use many small byte-range chunks in a single I attach a simple perl PoC to... >/description> >/item> >item> >title>Re: Apache Killer - take 2?>/title> >link>http://seclists.org/webappsec/2012/q1/12>/link> >description>Posted by Damiano Bolzoni on Jan 23You are right, I didn't write it down properly...what I meant is around but couldn't find any other example...... >/description> >/item> >item> >title>Apache Killer - take 2?>/title> >link>http://seclists.org/webappsec/2012/q1/11>/link> >description>Posted by Damiano Bolzoni on Jan 22Hi all, the version/patching level. The server went ahead... >/description> >/item> >item> >title>CarolinaCon-8/2012 - Final Announcement/Call for Papers/Presenters/Speakers>/title> >link>http://seclists.org/webappsec/2012/q1/10>/link> >description>Posted by Vic Vandal on Jan 12h4x0rs, InfoSec professionals, international spies, script kidz, and posers, thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-8, we cordially... >/description> >/item> >item> >title>OWASP AsiaPac 2012 - Sydney Australia CFP and CFT>/title> >link>http://seclists.org/webappsec/2012/q1/9>/link> >description>Posted by Andrew van der Stock on Jan 11Colleagues, been held on the Gold Coast Australia, in 2012 the event has been moved to Sydney, and... >/description> >/item> >item> >title>RE: Application Security>/title> >link>http://seclists.org/webappsec/2012/q1/8>/link> >description>Posted by Milind Nanal on Jan 11Reference on the subject. Members view on these points how they are managing similar Not sure... >/description> >/item> >item> >title>Re: Application Security>/title> >link>http://seclists.org/webappsec/2012/q1/7>/link> >description>Posted by Yiannis Koukouras on Jan 11Hi, It's Finally... >/description> >/item> >item> >title>Application Security>/title> >link>http://seclists.org/webappsec/2012/q1/6>/link> >description>Posted by Milind Nanal on Jan 08Hi Mailing list, 3) Plan for training developers, quality staff & apps testing team on various info sec aspect of application... >/description> >/item> >item> >title>Re: stacking proxies>/title> >link>http://seclists.org/webappsec/2012/q1/5>/link> >description>Posted by Robin Wood on Jan 08I know this is what he was talking about and I've got the chain that to improve the... >/description> >/item> >item> >title>AppSec DC 2012 CFP EXTENDED!>/title> >link>http://seclists.org/webappsec/2012/q1/4>/link> >description>Posted by AppSec DC on Jan 08All, move the platform we ask that... >/description> >/item> >item> >title>Arachni v0.4 has been released (Open Source Web Application Security Scanner Framework)>/title> >link>http://seclists.org/webappsec/2012/q1/3>/link> >description>Posted by Tasos Laskos on Jan 08Hi guys, * Updated WebUI to provide access to HPG... >/description> >/item> >item> >title>Re: stacking proxies>/title> >link>http://seclists.org/webappsec/2012/q1/2>/link> >description>Posted by Jamie Riden on Jan 03To be honest, I just use Burp (Pro). Jamie >/description> >/item> >item> >title>Re: stacking proxies>/title> >link>http://seclists.org/webappsec/2012/q1/1>/link> >description>Posted by Robert Hajime Lanning on Jan 03I am putting together: (in this order)Nginx (ssl)Varnish (caching)Haproxy (load balancing/fail over) >/description> >/item> >item> >title>Re: stacking proxies>/title> >link>http://seclists.org/webappsec/2012/q1/0>/link> >description>Posted by Robin Wood on Jan 03Most of my clients like to know where the attack will be coming from Request... >/description> >/item> >item> >title>stacking proxies>/title> >link>http://seclists.org/webappsec/2011/q4/27>/link> >description>Posted by Robin Wood on Dec 31I watched Jason Haddix talk at BruCon and he talked about stacking Request Yours... >/description> >/item> >/channel> >/rss> >rss version="2.0"> >channel> >title>Zone-H.org Defacements>/title> >description>Latest defacements published by Zone-H.org>/description> >link>http://www.zone-h.org/rss/defacements>/link> >item> >title>>![CDATA[http://www.louweretpartners.nl/templates/beez/index.php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788625]]>>/link> >description>>![CDATA[http://www.louweretpartners.nl/templates/beez/index.php defaced by Hmei7]]>>/description> >/item> >item> >title>>![CDATA[http://googleplusonesecrets.com/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788537]]>>/link> >description>>![CDATA[http://googleplusonesecrets.com/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://menb.mijnbedrijfmobiel.nl/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788541]]>>/link> >description>>![CDATA[http://menb.mijnbedrijfmobiel.nl/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://m.mijnbedrijfmobiel.nl/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788540]]>>/link> >description>>![CDATA[http://m.mijnbedrijfmobiel.nl/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://htmc.mijnbedrijfmobiel.nl/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788539]]>>/link> >description>>![CDATA[http://htmc.mijnbedrijfmobiel.nl/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://buyplusonestoday.com/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788545]]>>/link> >description>>![CDATA[http://buyplusonestoday.com/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://getplusonevotes.com/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788543]]>>/link> >description>>![CDATA[http://getplusonevotes.com/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://mgfsa.mijnbedrijfmobiel.nl/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788542]]>>/link> >description>>![CDATA[http://mgfsa.mijnbedrijfmobiel.nl/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://giz-o.com/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788538]]>>/link> >description>>![CDATA[http://giz-o.com/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://girlsandfootballsa.com/s3c.html]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788544]]>>/link> >description>>![CDATA[http://girlsandfootballsa.com/s3c.html defaced by Th3 M4RoC4in GhOsT]]>>/description> >/item> >item> >title>>![CDATA[http://wedo.net.au/kurd.php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788536]]>>/link> >description>>![CDATA[http://wedo.net.au/kurd.php defaced by SA3D HaCk3D]]>>/description> >/item> >item> >title>>![CDATA[http://kewbaptist.net.au/kurd.php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788473]]>>/link> >description>>![CDATA[http://kewbaptist.net.au/kurd.php defaced by SA3D HaCk3D]]>>/description> >/item> >item> >title>>![CDATA[http://onsomalis.net]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788533]]>>/link> >description>>![CDATA[http://onsomalis.net defaced by Margu]]>>/description> >/item> >item> >title>>![CDATA[http://entrepreneur.co.ke]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788528]]>>/link> >description>>![CDATA[http://entrepreneur.co.ke defaced by Margu]]>>/description> >/item> >item> >title>>![CDATA[http://mydealguide.com.au/Dz.php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788497]]>>/link> >description>>![CDATA[http://mydealguide.com.au/Dz.php defaced by sanfour25]]>>/description> >/item> >item> >title>>![CDATA[http://golfteetimes.co.nz/Dz.Php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16787554]]>>/link> >description>>![CDATA[http://golfteetimes.co.nz/Dz.Php defaced by sanfour25]]>>/description> >/item> >item> >title>>![CDATA[http://www.suzijewellery.com.au/Dz.php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788535]]>>/link> >description>>![CDATA[http://www.suzijewellery.com.au/Dz.php defaced by sanfour25]]>>/description> >/item> >item> >title>>![CDATA[http://xcessive.com.au/Dz.php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788500]]>>/link> >description>>![CDATA[http://xcessive.com.au/Dz.php defaced by sanfour25]]>>/description> >/item> >item> >title>>![CDATA[http://nowrait.com/Dz.php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788499]]>>/link> >description>>![CDATA[http://nowrait.com/Dz.php defaced by sanfour25]]>>/description> >/item> >item> >title>>![CDATA[http://helensburghphysio.com.au/Dz.php]]>>/title> >link>>![CDATA[http://www.zone-h.org/mirror/id/16788498]]>>/link> >description>>![CDATA[http://helensburghphysio.com.au/Dz.php defaced by sanfour25]]>>/description> >/item> >/channel> >/rss>