Security Alert: Another IE6 Vulnerability
Grok Headline matches for Security Alert: Another IE6 Vulnerability
US-CERT Technical Cyber Security Alert
TA04-099A -- Vulnerability in Internet
Explorer ITS Protocol Handler
US-CERT Technical Cyber Security Alert
TA04-099A -- Vulnerability in Internet
Explorer ITS Protocol Handler
04/10/2004 08:47 AMRead the full CERT advisory here .. vulnerability .. CERT ..
:
us-cert.gov/cas/techalerts/TA04-099A.html
track this
site | 5 links
Vulnerability Alert Services
Vulnerability Alert Services
06/25/2004 12:49 AMAndy Cuff (Jun 23 2004)
Community News: PHP Vulnerability Alert
- 4.3.9
Community News: PHP Vulnerability Alert
- 4.3.9
12/19/2004 03:19 PMFrom a note sent along by
grout, it seems that there is
a new alert for users of PHP 4.3.9:
MEDIA ALERT: Secure Elements Discusses
IT Security for Higher Education at
EDUCAUSE Security Professionals
Conference
MEDIA ALERT: Secure Elements Discusses
IT Security for Higher Education at
EDUCAUSE Security Professionals
Conference
03/31/2005 03:03 AMDaniel Bezilla, Secure Elements’ chief technology officer, will
explore how educational communities can benefit from implementing an
Enterprise Vulnerability Management solution. [PRWEB Mar 31, 2005]
Re: Netscape Navigator 7.2 failure to
isolate browser tabs (was Re: Computer
Network Defence Vulnerability Alert
State)
Re: Netscape Navigator 7.2 failure to
isolate browser tabs (was Re: Computer
Network Defence Vulnerability Alert
State)
08/27/2004 07:45 PMRishi Khan (Aug 27 2004)
Netscape Navigator 7.2 failure to
isolate browser tabs (was Re: Computer
Network Defence Vulnerability Alert
State)
Netscape Navigator 7.2 failure to
isolate browser tabs (was Re: Computer
Network Defence Vulnerability Alert
State)
08/27/2004 01:32 PMjohn.courcoul_at_mac.com (Aug 26 2004)
PHP Security Alert
PHP Security Alert
06/05/2005 11:38 PMPHP Advanced Transfer Manager Include File Error Lets Remote Users
Execute Arbitrary Commands
Mac Security Alert
Mac Security Alert
05/12/2004 09:43 AMA UK government organization responsible for gathering information on
IT security incidents has issued two security advisories regarding
recently identified vulnerabilities in Mac OS X. By Macworld UK (via
MyAppleMenu)
Security Alert
Security Alert
09/21/2004 04:41 PMYet another Windows security alert
Yet another Windows security alert
03/19/2003 10:25 PMMicrosoft has released
Security Bulletin MS03-007, which simply says:
An identified security vulnerability in Microsoft® Windows® 2000
could allow an attacker to take control of your computer. This issue
is most likely to affect computers used as Web servers. You can help
protect your computer from this vulnerability by installing this
update from Microsoft.
If you're using Windows 2000, make sure you
install it.
Security Alert: Voluntary XSS
Security Alert: Voluntary XSS
04/09/2004 05:30 PM
This is a personal security alert against a dangerous yet
increasingly popular
practice which I call Voluntary XSS.
Voluntary XSS involves
a website voluntarily embedding script fragments hosted by
another, typically
very popular, website. Here is an example:
Voluntary XSS is dangerous because the practice builds a
hub-and-spoke (or star) vulnerability
network which exposes all the spoke websites to weaknesses in
the hub website.
Since active contents of 'bar.js' from the hub website in the
example above is
typically injected into every page served by spoke websites,
penetration at the hub
website allows hackers to change contents of all pages served by
spoke websites instantly
by replacing the content of 'bar.js' with their own script.
As to how wide spread the use of Voluntary XSS is, Google uses
Voluntary XSS to
display ads at Google
AdSense sites
and Technorati uses
Voluntary XSS for blog claiming blogs. I haven't checked
Amazon and Yahoo yet,
but I intend to soon.
Since this is a personal security alert, allow me to be more blunt
than formal security
alerts: This is serious shit folks. By
inserting those HTML
fragments into your webpages, you are betting that websites hosting
those HTML fragments
are and will remain impenetrable.Voluntary XSS makes those key
websites
very attractive to hackers and I seriously doubt any website can
withstand constant
onslaughts by smart hackers.
My other posts on this topic:
Cross-Site
Scripting Network
APWG
Threat Advisory Alert on Visual Spoofing
Security alert at Bute House
Security alert at Bute House
06/12/2004 04:49 AMA security alert is sparked after a man is seen outside Jack
McConnell's official home carrying what looked like a bomb.
Security Alert: PHPNuke Strikes Again
Security Alert: PHPNuke Strikes Again
02/04/2003 08:40 AMGates sparks security alert
Gates sparks security alert
07/30/2004 06:26 AMFeds Alert to Web Security Threat
Feds Alert to Web Security Threat
03/21/2003 05:59 AMThe Department of Homeland Security advises Americans to brace
themselves for acts of cyberterror. But computer security experts say
Internet users probably aren't much more vulnerable than usual. By
Joanna Glasner.
Community News: PHP Security Alert
Community News: PHP Security Alert
02/13/2004 09:13 AMIn a posting from the fine folks at
PHP Magazine:
Single New Security Alert From Microsoft
For May
Single New Security Alert From Microsoft
For May
05/11/2004 01:44 PMWindows XP/2003 Help system could execute attack code. In contrast to
last month's flood of severe problems, a single "Important"
vulnerability in some Windows versions, and re-released of two
previous ones.
Greenspan sounds alert on Social
Security
Greenspan sounds alert on Social
Security
08/29/2004 01:41 AMSeattletimes.nwsource.com - Sun Aug 29, 02:57 am GMT
Greenspan Sounds Alert on Social
Security (AP)
Greenspan Sounds Alert on Social
Security (AP)
08/28/2004 04:27 AMAP - For at least the fourth time this year, Federal Reserve Chairman
Alan Greenspan has touched the electrified third rail of American
politics — Social Security.
Hoax alert prompts security call
Hoax alert prompts security call
09/05/2004 11:16 AMResidents of a County Antrim estate call for increased security
following a loyalist bomb threat.
Security at on-alert airports can take 5
hours to clear
Security at on-alert airports can take 5
hours to clear
01/08/2004 07:48 PMAndrew Leonard has an op-ed on Salon today describing the amazingly
baroque TSA-inspired "security" procedures in Mexico City last
weekend, which created a multiple-day delay for thousands of fliers.
I like to travel. But I'm not looking forward to a future in which I
need to get to the airport five hours ahead of departure to be sure I
won't miss a flight, one in which I'm patted down from head to toe
several times every time I try to board a plane, one in which I am
constantly explaining every item in my luggage and every twist in my
itinerary to hostile agents. I've had the chance to think about
airline security a great deal over the past few days, and I'll tell
you this: After being asked by one security guard to drink from a
water bottle in my carry-on to prove that it wasn't acid or poison;
after being interrogated by a U.S. customs agent who was suspicious at
the number of books I had in my luggage; after the long lines, the
hand inspections, the X-ray screenings, the near riots by enraged
passengers, the uncertainty and the anxiety -- after all that,
traveling to a foreign land, or even just across the state of
California, doesn't seem quite so exotic or alluring anymore.
Link
(
Thanks, Kevin!)
BA Cancels 2d Flight Amid Security Alert
BA Cancels 2d Flight Amid Security Alert
01/02/2004 02:28 PMReuters via Wired News Jan 2 2004 1:08PM ET
BA Cancels Second U.S. Flight Amid
Security Alert
BA Cancels Second U.S. Flight Amid
Security Alert
01/02/2004 02:28 PMReuters via Wired News Jan 2 2004 1:08PM ET
BA Cancels U.S. Flight Amid Security
Alert
BA Cancels U.S. Flight Amid Security
Alert
01/02/2004 07:22 PMReuters via Wired News Jan 2 2004 6:44PM ET
The MS 'friendly' security alert service
- just say d'oh
The MS 'friendly' security alert service
- just say d'oh
03/20/2003 11:55 AMA
Cisco issues wireless Lan security alert
Cisco issues wireless Lan security alert
12/04/2003 09:38 AMvnunet.com Dec 4 2003 8:48AM ET
Security alert identifies Oracle holes
Security alert identifies Oracle holes
09/03/2004 06:48 AMComputer Weekly Sep 3 2004 11:14AM GMT
Community News: Security Alert from
Netcraft
Community News: Security Alert from
Netcraft
06/14/2004 08:06 AMA security note issued from
Netcraft should be noted this
week:
Security Alert: New Bagle.X Worm Variant
Detected
Security Alert: New Bagle.X Worm Variant
Detected
04/09/2004 03:58 PMBagle.X appears to be progressing slowly, but its seeding rate is
consistent with previous Bagle versions that have witnessed great
success.
BA Cancels London-Riyadh Flight in
Security Alert
BA Cancels London-Riyadh Flight in
Security Alert
01/02/2004 04:59 PMReuters via Wired News Jan 2 2004 3:56PM ET
Microsoft Security Update Alert -
Reminder to Patch
Microsoft Security Update Alert -
Reminder to Patch
05/02/2004 04:33 AMRe: [Fwd: Security Alert; possible
buffer overflow in all Mathopd versions]
Re: [Fwd: Security Alert; possible
buffer overflow in all Mathopd versions]
12/08/2003 02:13 PMPeter Geissler (Dec 07 2003)
[Fwd: Security Alert; possible buffer
overflow in all Mathopd versions]
[Fwd: Security Alert; possible buffer
overflow in all Mathopd versions]
12/05/2003 01:53 PMGregor Lawatscheck (Dec 05 2003)
Security Alert: Bagle.X Worm Seeding in
Progress
Security Alert: Bagle.X Worm Seeding in
Progress
04/09/2004 03:58 PMThere is an apparent seeding of a new Bagle worm variant, Bagle.X,
currently in progress. While this seeding appears to be progressing at
a slow rate, previous versions of the Bagle worms have been seeded in
a similar manner and have witnessed great success.
Security Alert: Apache/Mod_ssl Worm in
the Wild
Security Alert: Apache/Mod_ssl Worm in
the Wild
09/17/2002 08:04 AMWindows gamers targeted by Microsoft
security alert
Windows gamers targeted by Microsoft
security alert
06/09/2004 07:42 AMPC Pro Jun 9 2004 12:23PM GMT
Homeland Security Launches Cyber Alert
System
Homeland Security Launches Cyber Alert
System
01/29/2004 02:48 AMMicrosoft security trouble: early alert
for exclusive group only
Microsoft security trouble: early alert
for exclusive group only
09/17/2004 01:00 AMStraits Times Sep 17 2004 5:41AM GMT
Security Alert Shuts Down NY's Times
Square (Reuters)
Security Alert Shuts Down NY's Times
Square (Reuters)
03/28/2005 12:37 PMReuters - Police cordoned off Times Square in
New York on Monday, closing off one of the busiest streets in
the city after a report of a suspicious package, a police
spokesman said.
Grok Description matches for Security Alert: Another IE6 Vulnerability
GrokA matches for Security Alert: Another IE6 Vulnerability
[Exploit]: Microsoft FPSE fp30reg.dll
Overflow Remote Exploit (MS03-051)
[Exploit]: Microsoft FPSE fp30reg.dll
Overflow Remote Exploit (MS03-051)
11/15/2003 02:20 PMAdik (Nov 14 2003)
International Federation of Robotics
Hosts Groundbreaking Advanced Robotics
E-Symposium
International Federation of Robotics
Hosts Groundbreaking Advanced Robotics
E-Symposium
06/05/2005 11:53 PMThe Advanced Robotics E-Symposium will be held online on July 6 2005.
Its international outreach, cutting edge topics and line-up of
world-renowned experts already makes it one of the 'must-attend'
fixtures of this year for organizations, academics, industries and
government representatives. [PRWEB May 10, 2005]
Industry Leading Robotics Vendors,
Associations and Media Firms Sponsor
Emerging Robotics Technologies &
Applications Conference
Industry Leading Robotics Vendors,
Associations and Media Firms Sponsor
Emerging Robotics Technologies &
Applications Conference
05/31/2004 02:13 PMiRobot, Evolution Robotics, VIA Technologies, Robotics Foundry and
Others Sponsor First Robotics Conference to Focus on Commercialization
of Emerging Robotics Markets [PRWEB Dec 12, 2003]
U.S. Robotics Broadband Router 8003
Password Disclosure Vulnerability
U.S. Robotics Broadband Router 8003
Password Disclosure Vulnerability
06/21/2004 10:37 AM“Fernando Sanchez has reported a vulnerability in U.S. Robotics
Broadband Router 8003, which can be exploited by malicious people to
gain knowledge of sensitive information.”
Vulns: U.S. Robotics USR808054 Wireless
Access Point Web Administration Denial
Of Service Vulnerability
Vulns: U.S. Robotics USR808054 Wireless
Access Point Web Administration Denial
Of Service Vulnerability
08/05/2004 10:46 PMSecurityFocus Aug 6 2004 2:58AM GMT
[Exploit]: DameWare Mini Remote Control
Server Overflow Exploit
[Exploit]: DameWare Mini Remote Control
Server Overflow Exploit
12/19/2003 06:25 PMAdik (Dec 19 2003)
Exploit: AIM Exploit (Ignore Previous
Post)
Exploit: AIM Exploit (Ignore Previous
Post)
09/02/2004 12:07 PMJohn Bissell (Sep 01 2004)
XFree86 vulnerability exploit
XFree86 vulnerability exploit
02/11/2004 05:45 PMBender (Feb 11 2004)
Re: XFree86 vulnerability exploit
Re: XFree86 vulnerability exploit
02/13/2004 07:47 PMAdam Langley (Feb 13 2004)
Exploit codes for CVS Vulnerability and
snort rules from ISC
Exploit codes for CVS Vulnerability and
snort rules from ISC
05/22/2004 06:46 PMK-OTiK Security (May 22 2004)
Exploit Circulating for Windows LSASS
Vulnerability
Exploit Circulating for Windows LSASS
Vulnerability
04/29/2004 04:09 PMSeparate vulnerability was patched with same cumulative patch as the
SSL vulnerability being exploited in recent days.
Quickfire hackers exploit Microsoft
vulnerability
Quickfire hackers exploit Microsoft
vulnerability
02/17/2004 10:26 PMComputer Weekly Feb 18 2004 2:09AM GMT
Exploit code for Microsoft vulnerability
circulating
Exploit code for Microsoft vulnerability
circulating
02/16/2004 02:43 PMSecurity researchers say code designed to exploit a recently announced
critical vulnerability in Microsoft operating systems now is
widespread on the Internet. The code crashes targeted computers by
exploiting a flaw in Microsoft’s Abstract Syntax Notation 1 Library
in Windows NT, 2000 and XP. The exploit code was discovered Saturday,
four days after the vulnerability and a patch to correct it was
announced by Microsoft.
Even More Ways To Exploit The URL
Handler Exploit
Even More Ways To Exploit The URL
Handler Exploit
05/21/2004 11:34 AMEXPLOIT for Re: [VSA0402] OpenFTPD
format string vulnerability
EXPLOIT for Re: [VSA0402] OpenFTPD
format string vulnerability
08/03/2004 01:01 PMinfamous41md_at_hotpop.com (Aug 03 2004)
[ GLSA 200402-04 ] Gallery <= 1.4.1 and
below remote exploit vulnerability
[ GLSA 200402-04 ] Gallery <= 1.4.1 and
below remote exploit vulnerability
02/12/2004 11:31 AMTim Yamin (Feb 11 2004)
RE: Wftpd stat Command Remote
Vulnerability Exploit
RE: Wftpd stat Command Remote
Vulnerability Exploit
03/06/2004 01:52 AMAlun Jones (Mar 03 2004)
Re: GoodTech Telnet Server Buffer
Overflow Vulnerability [EXPLOIT]
Re: GoodTech Telnet Server Buffer
Overflow Vulnerability [EXPLOIT]
03/17/2005 03:53 AMcybertronic_at_gmx.net (Mar 16 2005)
0day critical vulnerability/exploit
targets Winamp users in the wild
0day critical vulnerability/exploit
targets Winamp users in the wild
08/27/2004 01:32 PMK-OTiK Security (Aug 26 2004)
Re: 0day critical vulnerability/exploit
targets Winamp users in the wild
Re: 0day critical vulnerability/exploit
targets Winamp users in the wild
08/28/2004 02:56 PMK-OTiK Security (Aug 28 2004)
Robotics: Grow Up!
Robotics: Grow Up!
06/17/2005 07:12 PMLance Ulanoff of PC Magazine says, "Robotics:
Grow Up!" and then tells the robotics industry to gets its act
together. Lance does a great job in bringing to light what's wrong
with the robotics industry by recollecting his experiences with a
recent robotics trade show. Sadly, a lot of his points are completely
correct. The robotics industry appears to be mired in myopic, over-
schooled robotic geeks making piddly wall-detection robots that no one
wants nor can they sell. His solution? Simplify your robot and run a
cost-benefit analysis to see if it will sell. He says the Roomba
meets that cost-benefit criterion. Check out the article to find out
more about Lance's interesting observations.
A New Face For Robotics
A New Face For Robotics
02/10/2004 02:52 AMSlashdot Feb 10 2004 1:19AM GMT
Robotics + Car = Hallucigenia
Robotics + Car = Hallucigenia
12/02/2003 10:15 PMNews for nerds writes "I4U has news about a new transportation
concept, called The Hallucigenia 01, which is a working 1/5 scale
vehicle prototype, designed by ...
Mobile Robotics
Mobile Robotics
04/07/2005 05:18 AMNew website launched
IBM on Wireless Robotics
IBM on Wireless Robotics
12/31/2004 09:07 PMIBM has posted a new developerWorks
article on wireless robotics. The article explains some of the uses
of wireless robotics - either human control of non-autonomous robots
or
for inter-robot communication between cooperative autonomous robots.
It
further breaks cooperative robots in marsupial teams where there is a
mother-child relationship and competitive teams such as RoboCup soccer
robots. A list of pitfalls that may be encountered when using WiFi for
wireless robotics is also provided.
Aerial Robotics Competition
Aerial Robotics Competition
07/23/2004 04:51 PMRobotics and the Meaning of Life
Robotics and the Meaning of Life
07/20/2004 11:18 AMThe Open University in the UK, has
found a practical use for Asimov's robot stories. They're being used
as
part of a robotics class, called Robotics and the Meaning of Life:
a practical guide to things that think. The Laws of
Robotics are
considered in terms of real control architectures such as subsumption
and on the practicality of using them to design safe robots. Asimov's
Laws are just one part of a larger course that reviews the history and
state of the art in robotics from
R.U.R.
and the Turing
Test to Moore's
law. Students get hands-on experience using a Lego Mindstorms
compatible
robotics
simulator called OU-Robotlab.
Required reading for the course includes Asimov's I,
Robot, and Ruth Aylett's Robots:
Bringing Intelligent Machines to Life.
Migrating to PowerPC for Robotics
Migrating to PowerPC for Robotics
02/01/2005 10:05 PMIBM DeveloperWorks
recently posted an article titled, "Migrating
from x86 to PowerPC: Robots and networked applications". The article
compares the PowerPC (or "Power Architecture" as IBM prefers to call
it
these days) to traditional Intel x86 and ARM processors. Migrating
from
one of these architectures to another is actually not too difficult if
the software is based on Linux which runs well on all three platforms.
Ultra-cheap methods of getting started with PowerPCs are mentioned,
such
as cannibalizing a Nintendo GameCube
console or using a Kuro Box. The
author, Lewin A. R. W. Edwards, has
published a book with more
information on the topic, called A
Cookbook for Open-Source Robotics and Process Control.
Pyro, Python Robotics 3.1.2
Pyro, Python Robotics 3.1.2
09/02/2004 11:24 PMTools for programming mobile robots in Python.
New Robotics Group in Pittsburgh
New Robotics Group in Pittsburgh
04/09/2005 06:21 PMDan Roganti writes,
"I'd like to introduce our new Robotics club here in Pittsburgh,
the
The Pittsburgh Robotics
Society. We're simply a group of people, mostly with engineering
backgrounds, that find this hobby rewarding and fun to do. I've
been involved with this hobby ever since high school, about 30yrs now.
Since we are still rather new, we haven't a competition planned for
this
year. Although, we do have an exhibit planned for SciTech
(Sep.30-Oct.9,2005)
at the Carnegie Science Center
You can read more about us on our website. We have monthly meetings on
the first saturday of the month." The group also has a mailing
list
based on Yahoo!.
Security Alert: Another IE6 Vulnerability
