I recently put together a guide for tackling and analyzing malware, click read more below to check it out.

According to various sources, ebay was compromised at 6am PDT. The attacker or attackers began posting user information directly to eBay forums including users name, address, phone, and complete credit card info. For more information see: PLMK.COM. To check and see if your information was disclosed see shenemanfamily.com which has posted a list of all the ID's of the accounts that were listed.

---

As PLMK authors note It beggars belief that eBay took over an hour and a half to close down the board completely!

A recent article posted by Steve Scherf on bugtraq illistrates an interesting problem with the linksys WRT54GS.

From the article:
It appears that firmware version 4.50.6 for the Linksys WRT54GS (hardware version 1) wireless router allows wireless clients to connect and use the network without actually authenticating. With WPA Personal/TKIP authentication enabled, the unit allows both clients using encryption with the correct settings and key, and clients not using any encryption. It disallows clients attempting to use encryption with the wrong settings and/or key.

read more at http://www.securityfocus.com/archive/1/408161

It's the year 2004, and windows xp service pack 2 still stores its hashes using lm. Lm being origianlly developed by ibm over twenty yeas ago relies on DES encryption (insecure) and to make matters worst, in windows lm hashes are broken into two parts eaching being seven charecters or less. This means that with a fast machine, one person with one computer can brute force this hash in under one day. The only reason any one would still use this insecure hash is to maintain backward compatibility with windows 95. Follow this link to micsofts website for instructions on how to disable LM hashes on your xp machine.

New mass mailing worm is very much like the previous mydoom.X worms. See details @ symantec

According to Symantec a new variant of the beagle mass mailing worm was released. The new worm (B) spreads via email as an EXE file named at random. Once executed the worm listens on port 8866 for uploads of code to be executed on your system.

See Symantec's report for more information

Greetings, The topsight security matrix today revealed that the W32.Swen.A@mm is still running rampant at least on our little section of the net. Also today W32.Novarg.A@mm began it's mass mailing and distribution. To read more click the read more link below