SecurePurdue - Handler's Log

SecurePurdue - Handler's Log http://www.purdue.edu/securePurdue/ Collaborating to create the university of the future through IT. Service quality, powerful partnerships, and a great place to work. en-us Copyright 2005 Purdue University http://www.purdue.edu/securePurdue/ Wed, 18 Nov 2009 15:25:59 PST SecurePurdue http://www.purdue.edu/securePurdue//images/loginBanner.gif http://www.purdue.edu/securePurdue/ Firefox Wiki Extension http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=301&tm=commons_news Handler's Log Wed, 18 Nov 2009 Windows SMB Remote Exploit http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=300&tm=commons_news Handler's Log Fri, 13 Nov 2009 Patches Galore http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=299&tm=commons_news Handler's Log Wed, 11 Nov 2009 Latest Firefox Release Fixes Stability Issues http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=298&tm=commons_news Handler's Log Mon, 09 Nov 2009 Java 6 Update 17 released, patches vulnerabilities http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=294&tm=commons_news Handler's Log Thu, 05 Nov 2009 Beware of Facebook scams, malware in apps Users of Facebook should be wary about the apps that they install and the ads and messages that they click. Two recent reports link popular apps to some rather dubious scams. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=296&tm=commons_news Handler's Log Thu, 05 Nov 2009 Cumulative security update for Internet Explorer Cumulative security update for Internet Explorer http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=290&tm=commons_news Handler's Log Tue, 20 Oct 2009 Goodbye to Thawte, Huge Patch Tuesday, and More Adobe Vulnerabilities http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=287&tm=commons_news Handler's Log Fri, 09 Oct 2009 Hotmail Passwords Posted, New OpenSSH Version Released & Samba Vulnerabilities Fixed http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=286&tm=commons_news Handler's Log Tue, 06 Oct 2009 Microsoft IIS FTP Vulnerability http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=282&tm=commons_news Handler's Log Tue, 01 Sep 2009 Linux 2.4 and 2.6 kernel vulnerability http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=277&tm=commons_news Handler's Log Mon, 17 Aug 2009 Mac and Windows Updates http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=276&tm=commons_news Handler's Log Fri, 14 Aug 2009 Vulnerabilities in Mozilla Products http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=274&tm=commons_news Handler's Log Wed, 05 Aug 2009 Squid 3.x Multiple Denial of Service Vulnerabilities http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=269&tm=commons_news Handler's Log Wed, 29 Jul 2009 July 14 Unpatched Firefox Vulnerability http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=267&tm=commons_news Handler's Log Tue, 14 Jul 2009 Vulnerability updates: MS Office, Tomcat, and Internet Explorer http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=265&tm=commons_news Handler's Log Mon, 13 Jul 2009 Shockwave Vulnerability and Tbird update http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=263&tm=commons_news Handler's Log Wed, 24 Jun 2009 Adobe Updates http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=260&tm=commons_news Handler's Log Thu, 11 Jun 2009 IIS 6.0, ntpd, and new netbooks coming preloaded with malware http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=256&tm=commons_news Handler's Log Thu, 21 May 2009 Firefox, Thunderbird, and Seamonkey Vulns http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=255&tm=commons_news Handler's Log Wed, 22 Apr 2009 MS and Oracle Patches http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=254&tm=commons_news Handler's Log Thu, 16 Apr 2009 SAP/Java/VMware http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=253&tm=commons_news Handler's Log Tue, 14 Apr 2009 Highly Critical Vulnerability in MS Powerpoint http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=251&tm=commons_news Handler's Log Fri, 03 Apr 2009 Import notice for Mac users connected to Active Directory External SSH scans are causing account lockouts when they hit an Active Directory synced Mac listening for SSH connections http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=249&tm=commons_news Handler's Log Mon, 30 Mar 2009 Critical Adobe Reader/Acrobat Vulnerability http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=245&tm=commons_news Handler's Log Tue, 24 Feb 2009 Firefox/Thunderbird/IE 7 issues http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=241&tm=commons_news Handler's Log Wed, 17 Dec 2008 Critical MS Word and Excel Patches released Tuesday http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=239&tm=commons_news Handler's Log Wed, 10 Dec 2008 Fraudulent CNN emails contain links to Trojan http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=222&tm=commons_news Handler's Log Fri, 08 Aug 2008 Java updates galore Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=218&tm=commons_news Handler's Log Wed, 09 Jul 2008 STEAM-CIRT Summary & Trends for April 2008 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=215&tm=commons_news Handler's Log Thu, 15 May 2008 STEAM-CIRT Summary & Trends for March 2008 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=213&tm=commons_news Handler's Log Wed, 30 Apr 2008 New Phishing Exploit Doesn't Ask for Credentials A new type of phishing e-mail no longer asks for credentials, instead it asks the end user to "renew" their digital certificate. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=212&tm=commons_news Handler's Log Tue, 29 Apr 2008 New Buffer Overflow Vulnerability in CUPS CGI A new vulnerability has been discovered in CUPS which can be exploited to cause a Denial of Service attack or possibly system compromise. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=208&tm=commons_news Handler's Log Thu, 20 Mar 2008 Archive Format Vulnerabilities Programs that handle certain archive formats could possibly be affected by recently discovered vulnerabilities. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=207&tm=commons_news Handler's Log Thu, 20 Mar 2008 STEAM-CIRT Summary & Trends for December 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=204&tm=commons_news Handler's Log Wed, 12 Mar 2008 STEAM-CIRT Summary & Trends for January 2008 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=205&tm=commons_news Handler's Log Wed, 12 Mar 2008 STEAM-CIRT Summary & Trends for February 2008 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=206&tm=commons_news Handler's Log Wed, 12 Mar 2008 New unpatched vulnerability in VMware products found http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=202&tm=commons_news Handler's Log Fri, 29 Feb 2008 Symantec Backup Exec calendar control vulnerabilities discovered. "Secunia Research has discovered some vulnerabilities in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to overwrite arbitrary files or compromise a vulnerable system." http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=203&tm=commons_news Handler's Log Fri, 29 Feb 2008 Beware Fraudulent Microsoft Security Updates From SecurePurdue News: http://www.purdue.edu/securePurdue/news/detail.cfm?NewsID=197 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=198&tm=commons_news Handler's Log Wed, 06 Feb 2008 Phishing reminder and a new UPnP attack vector http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=192&tm=commons_news Handler's Log Wed, 16 Jan 2008 More Phishing, Quicktime, and remote controlled Trains http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=190&tm=commons_news Handler's Log Mon, 14 Jan 2008 Storm Worm Changes Its Campaign In Time For The Holidays Storm Worm Changes Its Campaign In Time For The Holidays http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=188&tm=commons_news Handler's Log Thu, 03 Jan 2008 RealPlayer Unspecified Buffer Overflow Vulnerability A recently found unpatched flaw in RealPlayer 11 may lead to execution of arbitrary code. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=186&tm=commons_news Handler's Log Thu, 03 Jan 2008 Adobe Flash Player update fixes multiple vulnerabilities http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=185&tm=commons_news Handler's Log Thu, 20 Dec 2007 STEAM-CIRT Summary & Trends for November 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=184&tm=commons_news Handler's Log Thu, 20 Dec 2007 Samba send_mailslot() Buffer Overflow Vulnerability Details are emerging about a moderately critical vulnerability in Samba. A flaw in Samba may lead to a buffer overflow resulting in execution of arbitrary code. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=183&tm=commons_news Handler's Log Fri, 14 Dec 2007 WordPress Charset SQL Injection Vulnerability Details are emerging about a new vulnerability in WordPress. An unpatched flaw in WordPress may lead to SQL injection. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=182&tm=commons_news Handler's Log Fri, 14 Dec 2007 Apple Quicktime RTSP buffer overflow vulnerability http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=181&tm=commons_news Handler's Log Mon, 03 Dec 2007 STEAM-CIRT Summary & Trends for October 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=180&tm=commons_news Handler's Log Mon, 19 Nov 2007 STEAM-CIRT Summary & Trends for September 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=170&tm=commons_news Handler's Log Fri, 26 Oct 2007 Multiple Vulnerabilities in Firefox Prompts Mozilla to Provide Version Update Seven new vulnerabilities have been reported which impact Mozilla Firefox versions 2.0.0.7 and earlier. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=169&tm=commons_news Handler's Log Fri, 19 Oct 2007 STEAM-CIRT Summary & Trends for August 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=162&tm=commons_news Handler's Log Fri, 21 Sep 2007 Firefox "-chrome" Parameter Vulnerability A security issue in Firefox is caused by the "-chrome" parameter, allowing attackers to execute arbitrary code in the chrome context. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=158&tm=commons_news Handler's Log Wed, 19 Sep 2007 Subversion overwrites arbitrary files For our campus users of Subversion and TortoiseSVN version control systems it is time to update. Versions prior to the recently released 1.4.5 version have a bug that allows a directory-traversal attack on a windows system using the "..\" syntax. This would allow a client user with write access to overwrite arbitrary system files for which he has write access privileges. For more information see: http://www.securityfocus.com/bid/25468/info For the newest versions of Subversion: http://subversion.tigris.org/ http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=155&tm=commons_news Handler's Log Thu, 30 Aug 2007 Media Player Classic .FLI File Processing Buffer Overflow Vulnerability A highly critical vulnerability has been discovered in the open source media player Media Player Classic (MPC), which can be exploited by malicious people to compromise a vulnerable system. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=153&tm=commons_news Handler's Log Wed, 29 Aug 2007 New Storm Worm Variant A new variant of the storm worm is spread via e-mails providing users a user ID and password for a "club" website. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=152&tm=commons_news Handler's Log Thu, 23 Aug 2007 STEAM-CIRT Summary & Trends for June 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=151&tm=commons_news Handler's Log Wed, 22 Aug 2007 STEAM-CIRT Summary & Trends for May 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=150&tm=commons_news Handler's Log Wed, 22 Aug 2007 STEAM-CIRT Summary & Trends for April 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=149&tm=commons_news Handler's Log Wed, 22 Aug 2007 STEAM-CIRT Summary & Trends for March 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=148&tm=commons_news Handler's Log Wed, 22 Aug 2007 STEAM-CIRT Summary & Trends for February 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=147&tm=commons_news Handler's Log Wed, 22 Aug 2007 STEAM-CIRT Summary & Trends for July 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=146&tm=commons_news Handler's Log Wed, 22 Aug 2007 Highly critical vulnerability found in component of Microsoft’s DirectX Media SDK http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=143&tm=commons_news Handler's Log Wed, 15 Aug 2007 Firefox Used as an Attack Vector via URI Filtering Vulnerability Mozilla Firefox has a new vulnerability due to a lack of URI protocol handler filtering. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=140&tm=commons_news Handler's Log Mon, 30 Jul 2007 Java Runtime Environment Vulnerabilities Lead to Remote Compromise Two vulnerabilities exist in Sun Java Runtime Environment which allow the system to be compromised remotely. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=137&tm=commons_news Handler's Log Tue, 17 Jul 2007 Mozilla Firefox "OnKeyDown" Event Focus Vulnerability A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious individuals to divulge sensitive information. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=136&tm=commons_news Handler's Log Thu, 05 Jul 2007 Security Hole in Java Web Start Could Provide Privilege Escalation A vulnerability in Sun Java Web Start may allow the bypass of certain security restrictions. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=133&tm=commons_news Handler's Log Fri, 29 Jun 2007 Xvid Library version 1.1.2 Vulnerability A new vulnerability in the Xvid library version 1.1.2 gives an attacker the opportunity to execute arbitrary code on the victim's system. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=132&tm=commons_news Handler's Log Fri, 29 Jun 2007 'Zlob' Trojan Finds YouTube A new trojan variant of the Zlob adware has hit YouTube via fake video links. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=130&tm=commons_news Handler's Log Fri, 22 Jun 2007 PHP coders take a look at Pixy! The Secure Systems Lab at the Technical University of Vienna has release the newest version of their Open Source Java tool for scanning PHP code for vulnerabilities. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=129&tm=commons_news Handler's Log Fri, 22 Jun 2007 Mozilla Firefox File Type Check Vulnerability A new vulnerability in Mozilla Firefox allows a remote attacker to bypass file type checks. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=127&tm=commons_news Handler's Log Thu, 21 Jun 2007 Safari Beta Vulnerabilities for Windows Within hours of Apple’s Beta release of their web browser for Windows, Safari, multiple exploits were released. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=126&tm=commons_news Handler's Log Mon, 18 Jun 2007 Microsoft Out of Cycle Patch Coming Microsoft's Security Response Center has indicated that an out of cycle patch will be released for the Windows Animated Cursor vulnerability as soon as April 3rd due to increased attacks over the weekend and publicly available proof of concept code being circulated. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=123&tm=commons_news Handler's Log Mon, 02 Apr 2007 Detecting Windows Intruders http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=114&tm=commons_news Handler's Log Tue, 27 Feb 2007 STEAM-CIRT Summary & Trends for January 2007 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=113&tm=commons_news Handler's Log Thu, 22 Feb 2007 STEAM-CIRT Summary & Trends for December 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=109&tm=commons_news Handler's Log Wed, 17 Jan 2007 STEAM-CIRT Summary & Trends for November 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=105&tm=commons_news Handler's Log Fri, 15 Dec 2006 STEAM-CIRT Summary and Trends for October 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=102&tm=commons_news Handler's Log Wed, 15 Nov 2006 ADODB Vulnerability and MS Security Intelligence Report http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=99&tm=commons_news Handler's Log Mon, 30 Oct 2006 STEAM-CIRT Summary, Trends for September 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=97&tm=commons_news Handler's Log Fri, 20 Oct 2006 Newest Symantec Threat Report Published http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=93&tm=commons_news Handler's Log Tue, 26 Sep 2006 MS VML Exploits in the Wild http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=91&tm=commons_news Handler's Log Mon, 25 Sep 2006 STEAM-CIRT Summary, Trends for August 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=90&tm=commons_news Handler's Log Fri, 22 Sep 2006 STEAM-CIRT Summary, Trends for July 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=89&tm=commons_news Handler's Log Fri, 22 Sep 2006 STEAM-CIRT Summary, Trends for June 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=70&tm=commons_news Handler's Log Tue, 25 Jul 2006 Internet Explorer Twofer http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=66&tm=commons_news Handler's Log Thu, 29 Jun 2006 STEAM-CIRT Summary, Trends for May 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=65&tm=commons_news Handler's Log Wed, 28 Jun 2006 Top 100 Security Tools http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=63&tm=commons_news Handler's Log Thu, 22 Jun 2006 STEAM-CIRT Summary and Trends for April, 2006. http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=58&tm=commons_news Handler's Log Tue, 16 May 2006 SANS Spring 2006 Top 20 released http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=57&tm=commons_news Handler's Log Tue, 02 May 2006 Super Tuesday Updates, Hybrid Viruses, PeteAuth? http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=50&tm=commons_news Handler's Log Tue, 11 Apr 2006 STEAM-CIRT Observations and Trends Summary for March 2006 http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=49&tm=commons_news Handler's Log Thu, 06 Apr 2006 New vulnerabilities, new rootkit... http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=47&tm=commons_news Handler's Log Wed, 22 Mar 2006 IE zero-day, phpBB troubles looming? http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=45&tm=commons_news Handler's Log Sun, 19 Mar 2006 Want to know more about botnets? http://www.purdue.edu/securePurdue//news/detail.cfm?NewsID=42&tm=commons_news Handler's Log Thu, 16 Mar 2006