A lot of times security exploits not only happen due to faulty scripts or web pages, but because of web hosting providers not keeping up to date with security patches related to the operating systems that your hosting is one. You need to be very aware of this when you are are choosing a hosting provider. Be sure to check how long the company has been in business and try to get some feedback from other users on how responsive they are when issues arise. You can often get this type of information by simply doing a google search using the hosting provider and see what comes up or even check out web hosting unleased. They have over 5000 user reviews of various hosting providers and the reviews keep on growing. If you see feedback from forums, go and join the forum and ask questions. You will often get the best feedback by talking to people who use the provider.

You need to not just look at the cost of the hosting but the support and backing they are going to give to you.

One of the biggest problems facing webmasters these days is the use of spam bots. A well known SEO Expert Jim Westergren talks about comment spam on his blog and what he has done to battle these issues.

Spam Bots are generally used to seek out blogs, forums and even guestbooks that are exploitable to comment spam attacks. For example, let’s say that a certain version of wordpress had a security issue where the captcha verification could be bypassed (a method used to help prevent comment spam because a user could have to enter in the security code from the image). The spam bot would go out and find blogs of this version and then insert spam comments into the comments section of the blog post.

One of the keys to preventing spam on your sites is to make sure you are running the latest version of your blog, forum and guestbook software. Try to keep away from companies who are unknown as they are usually the easiest to attack because they come out with a version of the software and then often fade away when expoits come out for it.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-318A

Microsoft Security Updates for Windows, Internet Explorer, and Adobe Flash

Original release date: November 14, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Internet Explorer
* Adobe Flash


Overview

Microsoft has released updates that address critical ...

Read more at checksum.org...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-312A


Mozilla Updates for Multiple Vulnerabilities

Original release date: November 08, 2006
Last revised: --
Source: US-CERT

Systems Affected

* Mozilla SeaMonkey
* Mozilla Firefox
* Mozilla Thunderbird
* Netscape web browser


Overview

The Mozilla web browser and derived products ...

Read more at checksum.org...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-291A


Oracle Updates for Multiple Vulnerabilities

Original release date: October 18, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Oracle10g Database
* Oracle9i Database
* Oracle8i Database
* Oracle Application Express (formerly known as Oracle HTML DB)
* Oracle Applicat...

Read more at checksum.org...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-283A


Microsoft Updates for Vulnerabilities in Windows, Office, and Internet
Explorer

Original release date: October 10, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer


Overview

Microsoft has released updat...

Read more at checksum.org...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-275A


Multiple Vulnerabilities in Apple and Adobe Products

Original release date: October 02, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Apple Mac OS X version 10.3.9 and earlier (Panther)
* Apple Mac OS X version 10.4.7 and earlier (Tiger)
* Apple Mac OS X Server version 10.3.9 ...

Read more at checksum.org...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA06-270A


Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability

Original release date: September 27, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Internet Explorer


Overview

The Microsoft Windows WebViewFolderIcon ActiveX control contains an
...

Read more at checksum.org...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA06-262A


Microsoft Internet Explorer VML Buffer Overflow

Original release date: September 19, 2006
Last revised: September 26, 2006
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Internet Explorer


Overview

Microsoft Internet Explorer (IE) fails to properly handle Vector
...

Read more at checksum.org...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA06-262A


Microsoft Internet Explorer VML Buffer Overflow

Original release date: September 19, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Internet Explorer


Overview

Microsoft Internet Explorer (IE) fails to properly handle Vector
Markup Language (VM...

Read more at checksum.org...

A software developer has recently discovered a vulnerability in the Google Public Service Search domain that could enable scammers to host phishing sites on Google’s domain.  Google Public Service Search is a free service that allows educational institutions and nonprofit organizations to offer Google’s site search for their domain only. Google allows the companies to customize the results page with logos, contact information and other formatting in the header and footer areas of Google’s search results page.  The vulnerability exists in the way Google supports its customization. It allows the publice service search customers the ability to run any javascript they want allowing some people to make phony websites used for phishing. The dangerous part about this whole thing is that the website is hosted on a Google domain so most PC users will trust it. Google has taken down the Google Public Service Search login so a fix is probably in the works.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-256A


Apple QuickTime Vulnerabilities

Original release date: September 13, 2006
Last revised: --
Source: US-CERT


Systems Affected

Apple QuickTime on systems running

* Apple Mac OS X
* Microsoft Windows


Overview

Apple QuickTime contains multiple vulnerabilities. Exploitation of
th...

Read more at checksum.org...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA06-255A


Microsoft Windows and Publisher Vulnerabilities

Original release date: September 12, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Publisher


Overview

Microsoft has released updates that address critical
vulnerabilities in Microsoft Windows an...

Read more at checksum.org...

Russ McKinney, a spokesman for the University of South Carolina, says an online security breach could affect as many as 6,000 current and former USC students. USC is reporting that someone accessed USC’s internal servers causing a security breach. USC officials are unaware if any data was actually taken but they released letters advising 6000 people of the breach and possible security concerns. Investigators say the breach occurred in September of 2005, and they did not discover it until this summer. Possible information that could have been taken includes full names of the students, their birthdates, social security numbers and their school addresses.  McKinney said he has not heard of anyone who has been the victim of identity theft due to the incident. “We don’t know,” McKinney said, “They may have.” McKinney said no one has contacted USC concerning that aspect of the incident.

The IBM Corporation has just announced that it will be purchasing Internet Security Systems Inc. (ISS) for $1.3 billion. IBM is expected to close the deal by the end of the year. ISS provides security solutions to thousands of the world’s leading companies and governments, helping to proactively protect against internet threats across networks, desktops and servers. ISS software, appliances and services monitor and manage network vulnerabilities and exploits and rapidly respond in advance of potential threats. This acquisition advances IBM’s strategy to utilize IT services, software and consulting expertise to help clients optimize and transform their businesses. IBM plans on enhancing ISS to stay ahead of targeted security attacks.