Drupalit weekly

A Microsoft security official dismissed any suggestion that the company would start buying rights to security flaws, arguing that its current system of crediting hackers in security bulletins is working very well.  read more »

A Microsoft security official dismissed any suggestion that the company would start buying rights to security flaws, arguing that its current system of crediting hackers in security bulletins is working very well.  read more »

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.  read more »

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.  read more »

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.  read more »

By using multiple SQL injections, Argentinian group of security researchers managed to obtain access to the Pirate Bay’s administration panel, leading to the exposure of sensitive data belonging to the 4+ million users of the tracker.  read more »

Researchers from M86 Security Labs are reporting on a currently active malware campaign, using for the first time a working exploit targeting the (fixed) EasyBits Extras Manager Unspecified Vulnerability, reported in October, 2009.  read more »

Continue reading here....

Lurene Grenier: Tavis Ormandy has protected high-value targets by refusing to allow Microsoft an unreasonable timeline for patching.  read more »

The folks over at Trend Micro and Symantec have learned of a second software program dubbed scareware targeting Mac users with a system scan. The program called iMunizator finds potential problems and goads Mac users to buy a full license of the product to fully remove the issues. Symantec pointed out that the program’s coding [...]  read more »

Researchers from WebSense are reporting on three currently active malware campaigns, attempting to trick end users into opening malicious HTML files, or automatically exploiting vulnerable PCs relying on the recent Adobe zero day flaw (CVE-2010-1297).

Lurene Grenier: Tavis Ormandy has protected high-value targets by refusing to allow Microsoft an unreasonable timeline for patching.  read more »

By using multiple SQL injections, Argentinian group of security researchers managed to obtain access to the Pirate Bay’s administration panel, leading to the exposure of sensitive data belonging to the 4+ million users of the tracker.  read more »

Michal Zalewski: Security researchers don’t have to give any information away for free; but if you need to resort to arm-twisting tactics to sell a service, you have some serious soul searching to do.  read more »

Nemessis found another XSS in PayPal, and I must say this is a very clever one! Take a peek with Firefox and see what I mean. Good stuff, because it shows how hard it really is to protect yourself from. Logically this is a spot they forgot.http://rstzone.org/forum/

As everyone probably knows, Facebooks sourcecode has leaked. Facebook is sending out letters to everyone to stop publishing it's source code. I guess it's a little late for that. Everyone who knows Google can find it back. But I guess the problems doesn't stop there. It seems that they run a very old thttpd server, namely version 1.0. While it is a cool and tiny server, I would not run it. Just ask Google. Now, there is a tiny unnoticed lesson in this because the same happened to del.icio.us once. Imagine your server spits out PHP files as plain text.  read more »

Black Hat: Building on previous research against IOS, Core Security researchers have theoretically shown the plausibility of an IOS rootkit attack.

In penetration testing often we need a tool which can scan the network and identify the vulnerability,here is one of them called metascanner.you can download it from here.

I was reading this story
from the article:
"The BBC has deliberately hacked into 22,000 PCs to prove the power of botnets, and the damage that can be done with a network of compromised computers.

Click – BBC News’ technology programme – with the help of anti-virus company Prevx, took over thousands of computers in order to demonstrate a growing problem in the modern world.  read more »

According to Apple's advisory accompanying the patch, the actual vulnerability was not in the Safari browser but in the way ATS (Apple Type Services) handles certain fonts.