WS_FTP server buffer overflow
There is a new buffer overflow vulnerability discovered WS_FTP version 5.03 and prior. The vulnerability is caused by boundary errors within the handling of the "SITE", "XMKD", "MKD", and "RNFR" commands. Successful exploitation can lead to command execution. Obviously the attacker will to first authenticate with the FTP server first before the exploitation can happen.
Reference:

http://secunia.com/advisories/13334/
DomainKeys effective?

DomainKeys is thought to be the solution the spam by many experts. Security professionals know by now that nothing is ever perfect. It turns out that the spammers are using providers that support DomainKeys to broadcast their spam, this indirectly makes the spam look more legitimate. Is there ever a perfect solution for spam?
Reference:

http://www.eweek.com/article2/0,1759,1732576,00.asp

Phishing explained
Knowing that phishing attack is constantly on the rise, it is essential that security professional understand the mechanism of how the phishing attack works. Websense has published a paper detailing the anatomy of a specific phishing attack on MSN and Earthlink customers.
Reference:

http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=85
----------

Jason Lam

jason /at/ networksec.org