My fave RSS aggregator has been updated!

RSSBandit (news aggregator) v1.3.0.38 is ready for download in Sourceforge.  New features are cool: NNTP Newsgroups support Item Manipulation from Newspaper Views Subscription Wizard Synchronization with Newsgator Online Using back and forward arrows to view last post seen in reading pane Atom 1.0 support Threaded Posts Now Optional Launching Browsers in the Background UI Improvements The above version got bug fixes too. Details in Calendar of Updates

MSN Messenger Authentication DoS

Summary: MSN Messenger does not validate user authentication when account logon fails, allowing attackers to cause the account of the victims to become temporarily suspended. Details: Any person can try to brute force a victim’s MSN messenger password, until MSN temporarily suspends the account. While the account is temporarily suspended, not even the real owner of the MSN Messenger Passport account can login (even if the correct password is used). http://www.securiteam.com/windowsntfocus/6B00M20EKE.html

Internet Storm Center E-Mail Notification

Intenet Storm Center (ISC) provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. The ISC relies on an all-volunteer effort to detect problems, analyze the threat, and disseminate both technical as well as procedural information to the general public. If you want to receive email notification on their ISC news (highly recommended!), you can subcribe to receive the ISC E-Mail Notification. It’s BETA service. You can also subscribe to their feeds (XML)

GFI LANguard N.S.S. 7 offers integrated anti-virus/anti-spyware checks and mixed environment support

GFI today announced the release of GFI LANguard Network Security Scanner (N.S.S.) 7.0, the latest version of its popular security scanning and patch management product. Version 7 builds on the product’s extensive network scanning abilities to include scanning of anti-virus and anti-spyware deployments; ensuring the most recent definition files are installed on user machines. It also provides multinational and hybrid environment support through multilingual patch management and enhanced Linux checks, allowing IT admins to scan and secure their entire network environment.  Details here

Sony still keen on copy-control software

Sony BMG Australia has announced plans to introduce copy-control software on its CDs from next year.The news comes as a surprise to many following Sony’s recent troubles with such software in other countries, particularly the US. Sony BMG Australia general manager for business and HR, Emmanuel Candi, told the Age that some copying will be allowed when the new CDs are produced. “One for your computer, one for your player and one for your car,” he said. “But no more.”  — AVinfo

Symantec refuses to sell audit tool outside the US

Symantec has stopped selling a password auditing tool to customers outside the US and Canada, citing US Government export regulations. A Reg reader who works for a large UK supermarket was this month unable to buy a copy of LC 5, a tool developed by @stake prior to its recent acquisition by Symantec. LC 5 is the commercial version of a password auditing / breaking tool better known as L0phtCrack. — The Register

CA’s New Security Product Is Suite

As a result of Internet connectivity growing in leaps and bounds in the SMB market, solution providers are discovering more opportunities to sell security solutions to those businesses. Unfortunately, since many security products on the market are lacking in certain key areas, these integrators are forced to combine security tools from various vendors to build a blanket of protection for their customers. Doing its part to solve multivendor security integration problems, Islandia, N.Y.-based CA has come up with a new offering called the CA Business Protection Suite. CA Business Protection Suite proves to be the glue that holds all of … Continue reading CA’s New Security Product Is Suite

Manufacturer loads Trojans onto HDDs

I-O Data apologises over ‘Troy wooden horse type’ virus kerfuffle Japanese peripherals manufacturer I-O Data Device has offered product exchanges after it discovered it had shipped out a batch of hard discs contaminated with viral code. Portable hard disk drives in I-O Data’s HDP-U series might be infected with the Tompai-A, a worm that gives hackers backdoor access to compromised machines. Affected products are in the following range of serial numbers: 4957180059693 HDP-U40 YBS0000001xx – YBS0005520xx; 4957180059709 HDP-U60 YBT0000001xx – YBT0001000xx; and 4957180059716 HDP-U80 YBV0000001xx – YBV0002480xx. I-O Data offers its sincere apologies for distributing HDDs contaminated with “Troy wooden … Continue reading Manufacturer loads Trojans onto HDDs

Summary of Security Items from November 17 through November 23, 2005

Windows Operating Systems Winmail Server Multiple Vulnerabilities Cerberus FTP Server Denial of Service e-Quick Cart Multiple Vulnerabilities Eudora WorldMail Server Information Disclosure Cosminexus Collaboration and Groupmax Collaboration Cross-Site Scripting or Denial of Service MailEnable Arbitrary Code Execution or Denial of Service Microsoft Internet Explorer Unauthorized Access VP-ASP Shopping Cart Cross-Site Scripting UNIX / Linux Operating Systems Common-lisp-controller Elevated Privileges (Updated) Eric Raymond Fetchmail ‘fetchmailconf’ Information Disclosure (Updated) GpsDrive Remote Format String (Updated) HP-UX IPSec Remote Denial of Service IBM WebSphere Application Server for z/OS Remote Denial of Service Info-ZIP UnZip File Permission Modification (Updated) IPsec-Tools ISAKMP IKE Remote Denial of … Continue reading Summary of Security Items from November 17 through November 23, 2005