<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.5pt;
        font-family:Consolas;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:Consolas;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=WordSection1>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[OWASP]<o:p></o:p></span></p>

<p class=MsoPlainText><span lang=EN>This page contains details about the
ASP.NET POET vulnerability disclosed on 2010-09-17. This vulnerability exists
in all versions of ASP.NET (all versions released through 2010-09-18).</span><span
style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://www.owasp.org/index.php/ASP.NET_POET_Vulnerability">http://www.owasp.org/index.php/ASP.NET_POET_Vulnerability</a><o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[DataLossDB]
Summary: Employee sells unknown number of patients names, dates of birth,
Social Security numbers<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Organizations:
University of Pittsburgh Medical Center<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://datalossdb.org/incidents/3154">http://datalossdb.org/incidents/3154</a><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[DataLossDB]
Title: Hackers Find New Ways To Assume Identities<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Although
cyber scamming is nothing new, the way thieves use the data is constantly
changing, and social media is a gateway to the latest scams<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://www.mobile-tech-today.com/story.xhtml?story_id=75208">http://www.mobile-tech-today.com/story.xhtml?story_id=75208</a><o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[DataLossDB]
Title: Identity fraud costs billions a year, conference told<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Fraud
experts say one in five Australians have fallen victim to identity theft and it
is costing Australia around $3 billion a year <a
href="http://www.abc.net.au/news/stories/2010/09/20/3016521.htm">http://www.abc.net.au/news/stories/2010/09/20/3016521.htm</a><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[ISN]
Iran admits Stuxnet worm infected PCs at nuclear reactor<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Stuxnet,
considered by many security researchers to be the most sophisticated malware
ever, was first spotted in mid-June by VirusBlokAda, a little-known security
firm based in Belarus. A month later Microsoft acknowledged that the worm
targeted Windows PCs that managed large-scale industrial-control systems in
manufacturing and utility companies.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://www.computerworld.com/s/article/9188147/Iran_admits_Stuxnet_worm_infected_PCs_at_nuclear_reactor">http://www.computerworld.com/s/article/9188147/Iran_admits_Stuxnet_worm_infected_PCs_at_nuclear_reactor</a><o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://www.csmonitor.com/USA/2010/0921/Stuxnet-malware-is-weapon-out-to-destroy-Iran-s-Bushehr-nuclear-plant">http://www.csmonitor.com/USA/2010/0921/Stuxnet-malware-is-weapon-out-to-destroy-Iran-s-Bushehr-nuclear-plant</a><o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[ISN]
3 million gov't websites assailed by vicious hidden links<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#363636'>Shen Yang, a doctorial tutor at School of Information Management
under Wuhan University, showed reporters on Sept. 22 at his office that there
are some vicious hidden links among some government-run Web sites with domain
names ending in &quot;gov.cn,&quot; such as those linking to the &quot;latest
information on the Hong Kong Jockey Club&quot; and &quot;how to buy Mark
Six&quot; Web pages, according to a report by Changjiang Daily.</span><span
style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://english.people.com.cn/90001/90782/90872/7150848.html">http://english.people.com.cn/90001/90782/90872/7150848.html</a><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[ISN]
Cisco releases critical IOS security patches<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>There
are six advisories in all, each one covering a different component of the Cisco
Internetwork Operating System (IOS), which powers the routers<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://www.computerworld.com/s/article/9187320/Cisco_releases_critical_IOS_security_patches">http://www.computerworld.com/s/article/9187320/Cisco_releases_critical_IOS_security_patches</a><o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[ISN]
Former NSC Official Criticizes Cyber Security Policies<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>The
Obama administration's cyber security policies came under fire today from
unexpected quarters -- former National Security Council official Richard
Clarke, who advised the administration&#8217;s transition team.<o:p></o:p></span></p>

<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a
href="http://blogs.wsj.com/washwire/2010/09/21/former-nsc-official-criticizes-cyber-security-policies/">http://blogs.wsj.com/washwire/2010/09/21/former-nsc-official-criticizes-cyber-security-policies/</a><o:p></o:p></span></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Regards<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Marco Mirko Morana<o:p></o:p></p>

<p class=MsoNormal>OWASP Cincinnati USA Chapter Lead<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

</div>

</body>

</html>