Drupalit weekly

If your one of those administrators who hardly try to keep their networks clean and prevent the next malware from infecting their systems, this is definitely for you…

Spending thousands of dollars on security solutions to protect the enterprise from the outside alone is an outdated concept. If you want to ask anyone works in the security arena? What are the main sources of malwares today? He’ll probably answer this: e-mail spam, websites, and removable drives.

Continue Reading ...

http://extremesecurity.blogspot.com/2008/06/stop-malwares-using-device-control-real.html

I just come to know about a new service which supports the blogging by email.you only needs to send a mail containing a blog post and then this service will create a blog for you.No doubt it makes life much simple but then it can be misused easily.consider a case when someone want to spam the site as there are no login required some one can easily sent tons of spam from different ips,emails and the result will be dangerous.  read more »

As the title says, use default password on your wireless/wired routers and wait for the new variant of the "Zlob" trojan to infect some machines, then try every default router username/password combinations from www.routerpassword.com. Or even check this text file, search for your current user/pass to make sure they are not in the list. http://blog.washingtonpost.com/securityfix/zlobpass.txt

Zlob (or as known DNSChanger) will modify the DNS settings to use other rogue DNS servers.

Continue reading ...

http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html

 read more »

i am quite busy these days and not getting time to manage secgeeks from last few months.things are changing now and hopefully i can get some free time to work on secgeeks now :)

It is better to have less thunder in the mouth and more lightning in the hand. -- Apache proverb.  read more »

A team of security resarchers warn that a patch-based exploit generation technique could be easily carried out by an attacker.

Symantec integrated its acquisition of Altiris with the release of Endpoint Management Suite 1.0.

Julius von Bismarck invented a very interesting hacking technique to manipulate images taken by people. His Image Fulgurator can project text or other images on an object that is being photographed, but only becomes visible on the photograph itself. People's great trust in their photographic reproductions of reality was what motivated Julius to develop the Image Fulgurator.  read more »

Plus ca change, plus c'est la meme chose.  read more »

Second Life users need to be cautious with Quicktime embedded videos in the game as it may be used to pick your pocket of Linden Dollars.

Charles Miller and Dino Dai Zovi, of Independent Security Evaluators, have found that by using a flaw in Quicktime, they can not only pick the pocket of any user within 100 virtual feet of the player, they can take complete control of the avatar. Once the account has been taken over, the hackers can then use that avatar to go to other lands, embed their virus loaded video, and it will continue to spread from land to land.  read more »

Skype users will want to upgrade to version 3.6.0.216 for Windows to close a security hole attackers could exploit to run malicious code on vulnerable machines.According to Danish vulnerability clearinghouse Secunia, the problem is an error in the “skype4com” URI handler when processing short string values and can be exploited to corrupt memory. Successful exploitation [...]  read more »