Automated Targeting System
Surveillance Cameras Catch a Cold-Blooded Killer
Crypto-Gram Reprints
Auditory Eavesdropping
Tracking Automobiles Through their Tires
Licensing Boaters
Wal-Mart Stays Open During Bomb Scare
News
NSA Helps Microsoft with Windows Vista
Microsoft Anti-Phishing and Small Businesses
Not Paying Attention at the Virginia DMV
More on the Unabomber’s Code
BT Counterpane News
Radio Transmitters in Canadian Coins
Choosing Secure Passwords
Comments from Readers

I didn’t have time to read it yet, but there’s no good reason to believe it’s not as interesting than the previous issues Here are the topics covered:

Revoting
Real-World Passwords
Crypto-Gram Reprints
Tracking People by their Sneakers
Notary Fraud
News
Separating Data Ownership and Device Ownership
BT Counterpane News
Fighting Fraudulent Transactions
Cybercrime Hype Alert
Comments from Readers

Happy reading!

Voting Technology and Security
More on Electronic Voting Machines
The Inherent Inaccuracy of Voting
The Need for Professional Election Officials
Perceived Risk vs. Actual Risk
Crypto-Gram Reprints
Total Information Awareness Is Back
Forge Your Own Boarding Pass
News
The Death of Ephemeral Conversation
Airline Passenger Profiling for Profit
Counterpane News
Architecture and Security
The Doghouse: Skylark Utilities
Heathrow Tests Biometric ID
Please Stop My Car
Air Cargo Security
Cheyenne Mountain Retired
Comments from Readers

The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website using Internet Explorer.

Microsoft Advisory & Suggested Workarounds: http://www.microsoft.com/technet/security/advisory/927892.mspx

According to Washingtonpost.com’s Security Fix blog, this is the most number of patches ever released by Redmond outside of a Windows service pack.
Also of note, six of today’s updates apply to fully patched Windows XP systems, and two of the flaws are actually present in Windows Vista.

Here’s the full newsletter summary:

What the Terrorists Want
Details on the British Terrorist Arrest
More Than 10 Ways to Avoid the Next 9/11
Fifth Anniversary of September 11, 2001
Crypto-Gram Reprints
Educating Users
Human/Bear Security Trade-Off
Land Title Fraud
News
Is There Strategic Software?
Media Sanitization and Encryption
What is a Hacker?
Counterpane News
TrackMeNot
USBDumper
Microsoft and FairUse4WM
Comments from Readers

Here’s the overview:

“eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.”

The actual problem lies in URLMON.DLL, here’s a link to the full advisory.

According to Sutton, it’s not the new ones that are scary, it’s the old ones that have long since been forgotten.

He illustrates his point by walking through an example where he uses Google and Yahoo! to identify 50 web servers that are wide open to attack. The list includes an ivy league school, various colleges and a company traded on the NYSE. Definately a must-read and very well documented article!