The SANS Institute reports that 422 new vulnerabilities were discovered
in the second quarter of 2005. This is an 11 percent increase over the 
previous quarter. The increase in the number of security vulnerabilities 
stems from malicious crackers changing focus from attacking operating 
systems to webbrowser and other connected applications, such as digital 
music applications.

In addition to the online applications, backup software systems received 
much attention from crackers seeking to access corporate and personal data, 
possibly for resale. Detailed warnings were published in SANS Top 20 Q2 
2005 Critical Vulnerability Update.

SANS Top 20 Q2 2005 - Click Here

Hi Guys !

Here is an interesting article of a Skype "hack" , making your own Skype phone using cheap parts !

Check this out, very interesting, and let me know if anyone of you tried it out !



"You have a computer, your friend has a
computer, you both have a broadband connection, and you make use of Skype or
like the voice chat in MSN or something like this - And - you’re sick and tired
to sit by the computer all the time when you talk. And you might even sit with
one of these ridiculous headset (hmm, yes I also have one) on your head just
because the echo cancellation feature isn’t that great in reality."



Wireless Skype phone

Micro$oft IE bloopers again ! A javaprxy.dll COM Remote Vulnerability was identified in Micro$oft IE, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to an error in the 'javaprxy.dll' COM Object when instantiated in Internet Explorer via a specially crafted HTML tag, which could be exploited via a malicious Web page to compromise and take complete control of a vulnerable system.

A recent surge in port 445 scanning activity could herald impending hack attacks, and industry experts have warned firms to take 'immediate steps' to ensure that the affected Windows ports are secure.

Gartner pointed to recent reports that security vulnerability sensors have noted an increase in activity on TCP port 445, which is associated with Microsoft's Windows Server Message Block (SMB) protocol.

Microsoft Security Post - MS-05-027

Sorry for the "MIA" for 10 days, long trip..

Im here with my thoughts on Micro$oft and its Longhorn again...

Last week, as Micro$oft released its statement, about integrating RSS into its Longhorn OS and IE, it raised many security professional's eyebrows , on its strength and hardness against combatting against hackers. With the current available "oh-so-many" ways of exploiting 'Windoze' OS, what would the scene be, with RSS integrated right into its Operating System ?

Krishna starts wondering... What a wonderful world it would be....

"When Microsoft laid out its plans last week for building RSS -- Real
Simple Syndication -- into Longhorn, it didn't say anything about how it might
secure the automated feeds.Nor has really anyone, said Gartner research director
John Pescatore, the research firm's resident security analyst.'What inevitably
happens with any new protocol, especially the ones with the word "simple" in
them, is that developers try to come up with a way to easily communicate data,'
said Pescatore. 'Only at the end do they say, 'let's sprinkle some security on
it.' RSS is like that.

RSS security
-- or insecurity -- is hardly new. A possible way to deliver malicious code and
spam via the protocol was highlighted two years ago by Mark Pilgrim, a writer of
several technical and programming books, such as "Diving Into Python."

With all this, the chances of hackers and spammers turning to Windows mainstream , to look for weaknesses , seems to bring up more light.

Krishna turns back to his dark world of security, "Life's good."

RSS: Safe At Any Feed?