Slashcode Login Vulnerability (Patch Available)
Source: Secutity Protocols
Kk ok call me stupid if you have seen this somewhere else or its been reported earlier (not that I remember, but hey!) The point is, if its been reported earlier why is it still an issue?
Source: LinuxMag.com
Like most Internet protocols, the Domain Name System (DNS) began its life without many built-in security mechanisms. DNS is, after all, a global, public naming service, so you don't normally care who queries your name server for data in the zones that you are responsible for maintaining.
DeveloperWorks posted this article as a compare and contrast of various programming language and distributed object platform. Specifically it discusses the most common choices that technologists and security personel must make, and how those choices impact security.
Source: Xatrix
If the affected webserver has not enabled php's magic_quotes_gpc in the php.ini, it is possible to login as any user, admin or moderator. So you can eg. delete even complete boards. Because the admin of the board may have no access to php.ini of the webserver, he maybe cannot fix the bug easily on his own. Not only the login page is affected, the changepassword form (and maybe some other forms) are suffering the same sql-injection bug, too.
The Open Source Security Testing Methodology Manual 2.0 will be released on February 26th.
The Open Source Security Testing Methodology Manual (OSSTMM) is unique in that it is the first and most widely available standard in development for the comprehensive security testing of Internet systems and networks. Created by the Ideahamster organisation, the OSSTMM is a continuously evolving document with over 150 collaborators – ensuring that as IT focus changes and new developments in Internet security occur, the OSSTMM remains current and up to date.
Source: NewsNow
Security researchers have identified a way to smuggle virus laden emails past AV checkers and into the in-boxes of Outlook Express users.
A demo suggests it's possible to send attachments to Outlook Express users using non-standard attachment techniques, by encapsulating the data in Carriage Return () specifiers in the subject line of an email.
Source: SecurityFocus
It’s nine in the evening in your office building. Most people have gone home long ago, many of the office lights are off, and the janitors are quietly making their rounds. From a single, solitary cubicle comes the familiar blue glow of a computer screen along with the rhythmic tippy-tap of a keyboard. This could be the sound of a dedicated employee working late into the night. But it’s not. Quite the opposite, it is a trusted worker stealing valuable propriety information off the company’s network.
Foundstone Inc., the premier provider of security assessments and vulnerability protection, today announced SNScan, a freeware tool to quickly and accurately detect SNMP (Simple Network Management Protocol) enabled devices on a network.
Recent high-risk advisories have outlined the potential for widespread vulnerabilities across SNMP. SNScan can effectively determine the level of exposure to SNMP-related vulnerabilities across any network.
Source: SecurityFocus
The creator of the popular open source intrusion detection system gets megabucks in venture capital for a
Snort start-up.
The commercial potential of open source security products won a financial vote of confidence last week when the
author of the hacker-busting freeware program Snort pulled in $2 million in venture capital, and moved his year-old
start-up company out of his suburban Maryland living room.