http://www.dsinet.org http://www.dsinet.org/?id=3985 The ISC writes: The Sleuth Kit (TSK) is a pretty famous forensic tools set. I've personally used this numerous times and I find it to be a great successor of the famous Coroner's Toolkit (TCT). The tools set consists of various command line applications that allow you to examine file systems. You ca http://www.dsinet.org/?id=3983 Being a system administrator and abuse officer for an in the Netherlands based international orientated (shared) web hosting provider, one of my responsibilities is keeping an eye on vulnerabilities in (by our clients) widely used applications. Clients can use scripts written in ASP.NET (1.1, 2.0 http://www.dsinet.org/?id=3982 What ever humans can conceive, humans can deceive. Read about the attacks that allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing and virtualization. An extremely strong type of attack http://www.dsinet.org/?id=3981 You know the story. Granny gets a computer for christmas as a present, clean installed. Goes on to the internet ... and -bang- there you have it. Infected with the latest and very old virusses, trojans and their system becomes a part of some zombie network. Ofcourse, the system will eventually ha http://www.dsinet.org/?id=3980 Protecting a telefone exchange or PBX is becoming a major issue, since the uprise of VoIP. Here you can find some products which can help you. Telephony Firewalls http://www.dsinet.org/?id=3979 The Complete, Unquestionable, And Total Failure of Information Security They say if you drop a frog in a pot of boiling water, it will, of course, frantically try to scramble out. But if you place it gently in a pot of tepid water and turn the heat on low, it will float there quite co http://www.dsinet.org/?id=3978 The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. The goal is to serve as a tool for raising awareness of the web application security problem and provide the information for stati http://www.dsinet.org/?id=3977 The Internet Storm Center reports: In case you've missed it, the Anti-Phishing Working Group have published their latest (December 05) trend report a couple of days ago. Interesting as always. See: http://www.dsinet.org/?id=3976 While email viruses and worms are a ubiquitous part of the online environment, Nyxem was relatively rare in that newly infected hosts connect once to a single website, providing a single source of information about the infected population.Of more critical interest to those infected, the http://www.dsinet.org/?id=3975 Earlier than initially announced Microsoft released a patch for the WMF-vulnerability in all major versions of the Windows operating system. DSINet no longer mirrors the unofficial patch by Ilfak Guilfanov. More information and links to the patch can be found in the updated http://www.dsinet.org/?id=3974 Dr. Andrew Blyth writes to the WepAppSec mailinglist: The 1st European Conference on Computer Network Defence will take place in December 2005 at the School of Computing, University of Glamorgan. The theme of the conference is the protection of computer networks. The conference will draw part http://www.dsinet.org/?id=3973 Next year Seagate will start shipping a security technology for some of its hard-disk drives that will make life more difficult for notebook PC thieves to read stolen data. The technology, called Hardware-Based Full Disc Encryption (FDE), automatically encrypts all the data written to the dri http://www.dsinet.org/?id=3972 Scientists have discovered a way to generate two e-mailmessages with the same MD5 hash. Another successful attack on the algorithm... time to switch to SHA? http://www.dsinet.org/?id=3971 A senior Microsoft executive has confirmed many of the security enhancements that have been rumoured for the next major update to Internet Explorer, including integrated anti-spyware features and restrictions on cross-domain scripting access. Microsoft has said IE 7 is to be above all http://www.dsinet.org/?id=3970 A seven-year-old flaw that could let an attacker place malicious content on trusted websites has resurfaced in the most recent Firefox browser, Secunia has warned. The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames, which http://www.dsinet.org/?id=3969 Just weeks after releasing its latest operating system for mobiles, Windows Mobile 5.0, Microsoft has unveiled a security and messaging features top-up. Among the changes the new feature pack will bring will be faster access to Outlook, remote device wiping abilities and certificate-based http://www.dsinet.org/?id=3968 Cryptographers from Israel have accomplished a relatively simple way to crack Bluetooth devices and/or their communication with others. Where earlier cracking methods worked only during the pairing-phase of two devices this new technique allows an attacker to pick any time of attack. Av http://www.dsinet.org/?id=3967 Another variant of the Mytob worm began wiggling its way into inboxes this week, enticing recipients to open an e-mail attachment that could allow a remote hacker to access and perform commands on an infected machine. The variant, dubbed "Mytob.bi" by some security researchers, scans http://www.dsinet.org/?id=3966 Microsoft acknowledged Thursday that hackers booby-trapped its popular MSN Web site in South Korea to try to steal passwords from visitors. The company said it was unclear how many Internet users might have been victimized. Microsoft said it cleaned the Web site, http://www.dsinet.org/?id=3965 Privacy tools can sometimes create strange bedfellows. That's what has happened with an anonymizer system that was originally developed and funded by the U.S. Naval Research Laboratory to help government employees shield their identity online. It is now being co-funded and promoted by