SECURITY WARNINGS & Notices - Please post them here

[Asyn]

Government Uses Social Networking Sites for More than Investigations
http://www.eff.org/deeplinks/2010/08/government-monitors-much-more-social-networks
asyn

[Hermite15]

Government Uses Social Networking Sites for More than Investigations
http://www.eff.org/deeplinks/2010/08/government-monitors-much-more-social-networks
asyn

yeah so what...there's nothing surprising, when people agree to disclose aspects of their private life on the net, without restricting access anyway, it is also expected that the cops etc...might get interested

[Asyn]

Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn

[13thSlayer]

Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn

The kernel-level "patch" has been implemented last week by Linus Torvalds, and pushed upstream into recent stable kernels.

[Lisandro]

Due to fake digital signatures (stolen), other antivirus/suites are removing this option from their products.
For instance Comodo (for registered users: https://forums.comodo.com/beta-corner-cis/no-option-for-not-trusting-digitally-signed-applications-t60658.0.html;msg425806#msg425806).

[polonus]

Hi malware fighters,

A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207
The cat is out of the b*g, whether this is read like bug or bag!
For the time being one should block TCP ports 139 and 445 and en disable the WebDAV client.
To close the ports use WWDC = Windows Worms Doors Cleaner 1.4 from here:
http://www.dobreprogramy.pl/Windows-Worms-Doors-Cleaner,Program,Windows,11744.html
Windows-Worms-Doors-Cleaner is a very good small program to do this,

polonus

[Asyn]

Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn

Update #1 - In an email, Joanna Rutowska clarifies that Spengler's exploit targets "some unrelated vulnerability" and her reference to it was in relation to guesses made by Spengler noted in the source code comments.

Update #2 - As Marcus Meissner from the SUSE security team explained to heise Security, SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability.

[Asyn]

Hi malware fighters,
A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207

Hi polonus,
more info here...
http://www.h-online.com/security/news/item/New-Windows-vulnerability-Applications-download-malicious-code-from-the-net-1062153.html
related info...
http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
asyn

[polonus]

Hi Asyn,

The Metasploit exploit is ready made and waiting on desk, but has not been issued yet, because the exploit has not been revealed so far.
There are many more skeletons around in the MS cupboard. Mind you what vulnerabilities we will see because of the memory adjustments that were applied long way back as the NT 4.0 days,

polonus

[Asyn]

Hi Asyn,
The Metasploit exploit is ready made and waiting on desk, but has not been issued yet, because the exploit has not been revealed so far.

I'll post any news on that when available, asap.
asyn

[YoKenny]

Hi malware fighters,

A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207
The cat is out of the b*g, whether this is read like bug or bag!
For the time being one should block TCP ports 139 and 445 and en disable the WebDAV client.
To close the ports use WWDC = Windows Worms Doors Cleaner 1.4 from here:
http://www.dobreprogramy.pl/Windows-Worms-Doors-Cleaner,Program,Windows,11744.html
Windows-Worms-Doors-Cleaner is a very good small program to do this,

polonus

Does not work on Windows 7!

[iRonzel]

Adobe releases emergency patches

http://www.theinquirer.net/inquirer/news/1728971/adobe-releases-emergency-patches

[polonus]

Hi forum friends,

The newly detected remote binary planting hole in Windows is much more severe than first thought, nearly all applications (220 were tested) are affected: http://news.idg.no/cw/art.cfm?id=8C1F74F0-1A64-67EA-E49A617FAC05584F
Moreover the hole can be exploited quite easily. Most Windows applications use the exploitable functionality so an MS patch will not be a very easy task, moreover patching or changing how the functionality works could break quite some applications. The exploit could have been around for 10 years, and was re-detected: http://www.securityfocus.com/bid/1699/discuss
At the time it was called: Microsoft Windows DLL Search Path Weakness.
http://msdn2.microsoft.com/en-us/library/ms972822.aspx.
The scope of the hole and abusing the exploit: https://deepsec.net/docs/speaker.html#PSLOT33

http://www.juniper.net/security/auto/vulnerabilities/vuln1699.html

A firewall blocking outbound WebDAV traffic (in addition to blocking all
Windows Networking protocols) could stop an Internet-based attack.

How many of these holes are still around in the dark corners of Microsoft's code?,

polonus

[Pondus]

Scareware tries to trick marks into dropping defences
http://www.theregister.co.uk/2010/08/20/social_engineering_scareware/

and this is the bug

Rogue Turning Retrovirus
http://www.symantec.com/connect/blogs/rogue-turning-retrovirus

[Asyn]

phpMyAdmin updates close vulnerabilities
http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
http://www.phpmyadmin.net/home_page/downloads.php
asyn