InfoSec News

Windows Live Writer 11 (free) fills a product niche I didn't know existed: Offline blog post production tool. The program is, in essence, a light word processor and design app you can use to write the contents of blog posts and make them pretty. Live Writer 11 comes bundled with the free Windows Live Essentials suite (though you can install Live Writer 11 by itself, skipping the seven other bundled apps and browser toolbar, if this is the only thing you want).
 
Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
 
Linux Kernel FBIOGET_VBLANK 'drivers/video/sis/sis_main.c' Information Disclosure Vulnerability
 
Oracle E-Business Suite 'OA.jsp' Oracle iRecruitment URL Redirection Vulnerability
 
Malware writers see Java as a soft target because enterprises are not keeping it patched.

Add to digg Add to del.icio.us Add to Google
 
[Suspected Spam]Vulnerabilities in Register Plus for WordPress
 
YOPS (Your Own Personal [WEB] Server) Remote Buffer Overflow Vulnerability
 
Ghostscript TrueType Bytecode Interpreter Heap-Based Memory Corruption Vulnerability
 
CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp
 
Prof-UIS DLL Loading Arbitrary Code Execution Vulnerability
 
Re: [DCA-00015] YOPS Web Server Remote Command Execution
 
NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)
 
JE Ajax Event Calendar 'event_id' Parameter SQL Injection Vulnerability
 
TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption
 
[USN-1022-1] APR-util vulnerability
 
[USN-1021-1] Apache vulnerabilities
 
[eVuln.com] SQL injections in FreeTicket
 
Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
 
xine-lib 'asfheader.c' Remote Memory Corruption Vulnerability
 
We received quite a bit of reports of people saying that Secunias web site has been defaced. And indeed, when I visit Secunias web site from my machine (located in Europe), I see a defaced web site as below:

However, after double checking it appears that their DNS records have been modified. The defaced web site is located (for me) at the following IP address:
$ host www.secunia.com

www.secunia.com is an alias for secunia.com.

secunia.com has address 81.95.49.32

secunia.com mail is handled by 0 secunia.com.
Checking my passive DNS system, I can see that previously www.secunia.com was at 213.150.41.226.

And, as suspected, after checking manually we can see that the original Secunias web site is still there:
$ telnet 213.150.41.226 80

Trying 213.150.41.226...

Connected to secunia.com (213.150.41.226).

Escape character is '^]'.

GET / HTTP/1.0

Host: secunia.com



HTTP/1.1 200 OK

Date: Thu, 25 Nov 2010 08:46:29 GMT

Server: Apache

...

meta name=Title content=Secunia.com

link rel=stylesheet type=text/css href=/css/secunia.css
Checking WHOISentries will show more, but this defacement again shows how DNS is a critical resource.
--

Bojan

INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The price of DRAM, the main memory inside personal computers, will likely keep falling throughout the first half of next year before a recovery takes hold, analysts and market researchers say.
 


Internet Storm Center Infocon Status