Drupalit weekly

Tools are available to automate VoIP attacks, but the threat remains low until VoIP communications is more pervasive in the workplace.

Do you like what you've seen of secgeeks.com so far? If you'd like to get involved, we're looking for new additions to our team!

we're looking for some talented and inspired writers with knowledge on security related topics to contribute content.

There are a number of areas where you may be able to help out.

* Articles - feature-length content including everything from editorials to tutorials
* News - medium-length content dealing with current events
* Tips - short computing tips  read more »

recently i was reading the shellcoder's handbook.its a nice book which contains the indepth chapters for buffer overflow,shell code,format string and other stuff.if you are starting to write your own exploits then this book is a must read.check it out.

Here's a new Zlob fake codec variant, which touts itself as DivX codec. The dropper is named as DivXCodecPKG.7.exe and is hosted at http://softawe-download-forpc.com (66.232.126.78). Whois information for this domain can be found here.  read more »

(from offensivecomputing)
The Mpack toolkit has been uploaded to rapidshare. get it here:-
Download Here....

IBM released updates for its DB2 database management system, fixing a variety of flaws that could be exploited by hackers to bypass security controls.

Cisco Systems warned customers Wednesday that its Adaptive Security and PIX Security appliances contained flaws affecting the security of VoIP and VPN connections.

so folks once agian i changed the theme as i think me and all other people who uses secgeeks got bored of the old theme?
post your comments do u like it or not?

I was reading about heap sprying techniques and i found one good presenatation which explains everything.it from determina and presented at blackhat.
you can download it's PDF here

A good friend of mine from enable security has written an nice article on "surf jacking". from the article:
"Say hello to a new security tool called “Surf Jack” which demonstrates a security flaw found in many public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag. I’ve been working with two banks and some of the vulnerable sites to get this fixed before publishing my research. Mike Perry gave a talk at Defcon involving the exact same vulnerability - so there is no point in keeping this from the public."
you can read his article here.
Here is the video:

Surf Jacking Gmail demonstration from Sandro Gauci on Vimeo.

Adobe issued Flash Player 10, blocking ongoing clickjacking attacks and also preventing attackers from manipulating a user's clipboard.

Microsoft said it plans to release a critical security update out of its normal patching cycle to plug a hole that affects Windows 2000, XP, and Windows Server 2003.

The new Laptop Guardian tracks the location of lost or stolen laptops and gives IT pros the ability to wipe the hard drive remotely.

Penetration tester Chris Nickerson talks about the fun of penetration tests, the risks of outsourcing and unveils how ethical hacking helps companies with risk assessments.

If you’re planning to bring a new smartphone to market anytime soon, you might want to check with the guys at Independent Security Evaluators first. For the second time in about 15 months, ISE researchers have discovered a security flaw in the operating system of a high-profile smartphone, this time it’s a vulnerability in the [...]  read more »

You probably noticed that in my last posts I went on writing about simple attack vectors and HTML features which aren't discussed very much. While it isn't high-tech material, it can be useful in any attackers toolbox for the reason that it can help in certain attacks that would not be possible otherwise. From experience, I learned that in any field you'll have to have a sense of improvisation. Forget theory, and improvise on the task at hand. One thing that caught my eye, are conditional comments that are designed for Microsoft IE[1].  read more »

The vulnerability that Microsoft patched today with an out-of-band patch is about as serious as they come, allowing remote code execution on every supported version of Windows. The rare emergency patch–which is the first Microsoft has issued since early 2007–was prompted by the fact that the company has been seeing targeted attacks against the vulnerability [...]  read more »

Layoffs, mergers and acquisitions are forcing some IT security pros to look closely at the internal threats posed by disgruntled employees and mishandled data.

Smaller banks place a priority on protecting customer data and plan to spend more on security technology, according to a new survey.

Chrome is crammed with security and privacy elements but it won't likely grab market share from IE or Firefox anytime soon.