headers
rkeith | 7 Jun 2007 14:15
Picon
Favicon

SecurityFocus Microsoft Newsletter #345


SecurityFocus Microsoft Newsletter #345
----------------------------------------

This Issue is Sponsored by: Norwich University

Norwich University's Master of Science in Information Assurance Program compliments the skills of
information security professionals while preparing them to take on management roles in an
organization-wide information security program, such as Chief Security Officers, Security
Administrators and Chief Information Security Officers. This 18 month program is conveniently
delivered online and is accredited by The National Security Agency and Department of Homeland Security
as a "Center for Academic Excellence in Information Assurance Education"

For more information, visit http://www.msia.norwich.edu/msec

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our
community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
        1. Security Analogies
        2. Your Space, My Space, Everybody's Space
II.  MICROSOFT VULNERABILITY SUMMARY
        1. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities
        2. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
        3. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
        4. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
        5. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
(Continue reading)

Permalink | Reply | 0 comments |
headers
rkeith | 15 Jun 2007 14:18
Picon
Favicon

SecurityFocus Microsoft Newsletter #346


SecurityFocus Microsoft Newsletter #346
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential
information, steal cookies and create requests that can be mistaken for those of a valid user!! Download
this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our
community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
        1. Embedded Problems
        2. Security Analogies
II.  MICROSOFT VULNERABILITY SUMMARY
        1. Microsoft Office MSODataSourceControl ActiveX Control Buffer Overflow Vulnerability
        2. OpenOffice RTF File Parser Buffer Overflow Vulnerability
        3. RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability
        4. Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities
        5. Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities
        6. TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability
        7. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
(Continue reading)

Permalink | Reply | 0 comments |
headers
Nagareshwar Talekar | 19 Jun 2007 06:40
Picon
Gravatar

Interesting stuffs <at> SecurityXploded.com

Hi all,

  I have been writing couple of security tools and also working on
some of the interesting security stuffs. To share my work with the
community, I have started my personal security website
http://SecurityXploded.com

Here are some of the security tools that you may find useful

*) NetShareMonitor : It is the application to watch your shared files
from the intruders and thereby protect your shares from unauthorized
access.

        http://securityxploded.com/netsharemonitor.php

*) ProcHeapViewer : This is a fast heap enumeration tool which uses
much better technique than normal Windows heap API functions. Its very
useful tool for anyone involved in analyzing process heaps.

        http://securityxploded.com/ProcHeapViewer.php

I have written an article which uncovers the reason behind the slower
functionality of Windows heap functions. It also describes new
efficient way of enumerating process heaps based on reverse
engineering of Windows heap API functions. You can find the article
here.

         http://securityxploded.com/enumheaps.php

*) FireMaster :  This is the tool to recover Firefox master password.
(Continue reading)

Permalink | Reply | 0 comments |
headers
rkeith | 20 Jun 2007 14:19
Picon
Favicon

SecurityFocus Microsoft Newsletter #347


SecurityFocus Microsoft Newsletter #347
----------------------------------------

This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough in online security -
Extended Validation SSL from VeriSign. Extended Validation triggers a green address bar in Microsoft
IE7, which proves site identity.  Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000047sfi/direct/01/

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our
community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
        1. Embedded Problems
        2. Security Analogies
II.  MICROSOFT VULNERABILITY SUMMARY
        1. Avaya 4602SW SIP Phone Security Bypass Vulnerability
        2. Avaya One-X Desktop Edition SIP Header Denial Of Service Vulnerability
        3. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing Vulnerability
        4. Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service Vulnerability
        5. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
        6. AOL Instant Messenger SIP Invite Message Denial of Service Vulnerability
        7. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow Vulnerability
        8. Avaya One-X Desktop Edition Phone SIP Remote  Buffer Overflow Vulnerability
(Continue reading)

Permalink | Reply | 0 comments |
headers
rkeith | 28 Jun 2007 14:20
Picon
Favicon

SecurityFocus Microsoft Newsletter #348


SecurityFocus Microsoft Newsletter #348
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential
information, steal cookies and create requests that can be mistaken for those of a valid user!! Download
this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our
community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
        1. Don't Be Evil
        2. Persistence of data on storage media
II.  MICROSOFT VULNERABILITY SUMMARY
        1. CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution Vulnerability
        2. Conti FTP Server Large String Denial of Service Vulnerability
        3. Wireshark Multiple Protocol Denial of Service Vulnerabilities
        4. Avax Vector AvaxSWF.DLL ActiveX Control Arbitrary File Overwrite Vulnerability
        5. GD Graphics Library Multiple Vulnerabilities
        6. LiteWEB Web Server Invalid Page Remote Denial of Service Vulnerability
        7. Key Focus Web Server Index.WKF Cross-Site Scripting Vulnerability
(Continue reading)

Permalink | Reply | 0 comments |

Gmane