InfoSec News

Windows Live Writer 11 (free) fills a product niche I didn't know existed: Offline blog post production tool. The program is, in essence, a light word processor and design app you can use to write the contents of blog posts and make them pretty. Live Writer 11 comes bundled with the free Windows Live Essentials suite (though you can install Live Writer 11 by itself, skipping the seven other bundled apps and browser toolbar, if this is the only thing you want).
Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
Linux Kernel FBIOGET_VBLANK 'drivers/video/sis/sis_main.c' Information Disclosure Vulnerability
Oracle E-Business Suite 'OA.jsp' Oracle iRecruitment URL Redirection Vulnerability
Malware writers see Java as a soft target because enterprises are not keeping it patched.

Add to digg Add to Add to Google
[Suspected Spam]Vulnerabilities in Register Plus for WordPress
YOPS (Your Own Personal [WEB] Server) Remote Buffer Overflow Vulnerability
Ghostscript TrueType Bytecode Interpreter Heap-Based Memory Corruption Vulnerability
CVE-2010-2408 | Persistent Log Out Redirection Vulnerability in Oracle I-Recruitment OA.jsp
Prof-UIS DLL Loading Arbitrary Code Execution Vulnerability
Re: [DCA-00015] YOPS Web Server Remote Command Execution
NoScript ( < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)
JE Ajax Event Calendar 'event_id' Parameter SQL Injection Vulnerability
TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption
[USN-1022-1] APR-util vulnerability
[USN-1021-1] Apache vulnerabilities
[] SQL injections in FreeTicket
Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
xine-lib 'asfheader.c' Remote Memory Corruption Vulnerability
We received quite a bit of reports of people saying that Secunias web site has been defaced. And indeed, when I visit Secunias web site from my machine (located in Europe), I see a defaced web site as below:

However, after double checking it appears that their DNS records have been modified. The defaced web site is located (for me) at the following IP address:
$ host is an alias for has address mail is handled by 0
Checking my passive DNS system, I can see that previously was at

And, as suspected, after checking manually we can see that the original Secunias web site is still there:
$ telnet 80


Connected to (

Escape character is '^]'.

GET / HTTP/1.0


HTTP/1.1 200 OK

Date: Thu, 25 Nov 2010 08:46:29 GMT

Server: Apache


meta name=Title

link rel=stylesheet type=text/css href=/css/secunia.css
Checking WHOISentries will show more, but this defacement again shows how DNS is a critical resource.


INFIGO IS (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
The price of DRAM, the main memory inside personal computers, will likely keep falling throughout the first half of next year before a recovery takes hold, analysts and market researchers say.

Internet Storm Center Infocon Status