Source: ZDNet
Security experts gave mixed reviews Thursday to the way in which a
software-reliability company disclosed a bug in Microsoft's newest tools for
building applications for its .Net framework and Windows operating system.
Source: SecurityFocus
First off, we received a bulletin from Counterpane, a company which monitors SNMP on its clients machines, saying that the vulnerability does not appear to have been exploited yet. So basically, you're playing 'beat the clock' with the black hat community, and chances are that if you act soon, you'll win.
Source: CERT.org
Numerous vulnerabilities have been reported in multiple vendors' SNMP implementations. These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
Source: NewsBytes
Security researchers have discovered a vulnerability in Microsoft Corp.'s [NASDAQ: MSFT] Hotmail service that allows hackers to bypass security questions that users must answer before resetting their passwords.
Normally, if Hotmail users forget their password they must fill out a Web form that requires their e-mail address, state, zip code and country. Users who enter the correct information are then prompted for the answer to the "secret question" they selected when signing up for the service.
I'd be psyched to see you guys look into the recent hack of Readyhosting's servers. Apparantly during the weekend of February 2nd/3rd someone got onto one of their machines, which allowed them to access several other servers... and they deleted many, many entire websites. Gigs and gigs of content. This has resulted in a severe decline in Readyhosting's uptime and stability over the past week, due to their 'tightening' security, and interfering with normal access. It hasn't been fun being one of their customers.
Source: SecurityFocus
Apache is a powerful, widely used web server available for most operating systems, including Linux, Windows and many other Unix like systems. PHP is a widely deployed scripting language, designed for web based development and CGI programming.
Indian software firms are looking at a $50 billion business opportunity to help global companies protect their data from terrorist or hacker attacks. "A companys computers and networks face the risk of disasters, ranging from terrorist attacks to hacking to accidents," Sunil Chandiramani, director of Ernst & Young in India, told India's leading software managers on Friday.
Source: AP
A programming mistake in a popular consumer Internet protection program can give hackers control over a user's computer, the publisher disclosed Friday.
All current versions of BlackICE Defender and BlackICE Agent, both made by Atlanta-based Internet Security Systems, running on Microsoft Windows 2000 and Windows XP are vulnerable to the attack.
The company released an update Friday evening that plugs the hole. It can be downloaded through the ISS Web site, or through the program itself.
Source: The Register
The recent privacy stuff-up in Messenger "pales in comparison to what can be done if you use MSN Messenger through unpatched IE vulnerabilities," security researchers Tom Gilder and Thor Larholm have discovered.
Among the fun and games one can have with a vulnerable Messenger user are such sports as impersonating the victim and sending spoof messages and spoof e-mail memos to his contacts, and scouring his local drive for interesting files to share around.
