Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!
News Archive    Translate Traducen
News January 20002
31 January 2002

New trojan(s):
Casus 2.0

F-Backdoor 0.8

Microsoft Security Bulletin MS02-001
Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data. Read more

www.securityfocus.com:
Tru64 UNIX Potential Security Vulnerability. Read more

www.securityfocus.com:
DSA 107-1: jgroff format print. Read more

www.securityfocus.com:
HPSBTL0201-022: Security flaw in rsync. Read more

www.securityfocus.com:
CNet CatchUp Remote Arbitrary Code Execution Vulnerability. Read more

www.securityfocus.com:
Xoops Remote SQL Injection Vulnerability. Read more

www.securityfocus.com:
Xoops Private Message Box Cross-Site Scripting Vulnerability. Read more

www.securityfocus.com:
CNet CatchUp Remote Arbitrary Code Execution Vulnerability. Read more

www.securitytracker.com:
SGI IRIX O2 Video Workstation Allows Remote Users to View the Screen Display on the System. Read more

www.securitytracker.com:
Agora.cgi E-Commerce System Discloses Path Names to Remote Users When in Debug Mode. Read more

www.securitytracker.com:
'User-mode Linux' (UML) Environment Lets Local Users Obtain Root Privileges Within the Environment and May Let Local Users Break Out of the UML Environment into the Underlying Operating System. Read more

www.securitytracker.com:
Hosting Controller Web Hosting Management Application Discloses Information About Valid User Account Names and Allows Brute Force Username and Password Guessing Attacks. Read more

www.securitytracker.com:
Windows 2000 TCP Stack Bug Lets Remote Users Cause All Memory to Be Consumed on the Server. Read more

www.securitytracker.com:
BRU Backup Utility Has Temporary File Symlink Bug That Lets Local Users Overwrite Any File on the System. Read more

www.securitytracker.com:
Intel PRO/Wireless LAN Device Discloses Wireless Encryption Key to Local Users. Read more

www.securitytracker.com:
Xinet's 'xkas' AppleShare Administration Tool Discloses Any Local File Contents to Local Users. Read more

www.accountingweb.co.uk:
Virus Alert: Don't open festive photographs. Read more

www.newsbytes.com:
Top Security Sites Easy Prey To Script Attacks. Read more

news.com.com:
Windows 2000 security fixes released. Read more

itmanagement.earthweb.com:
Is Bill Gates Sincere About Security? Read more

www.osopinion.com:
Microsoft Piracy Police Target Honest Consumers. Read more

www.securityfocus.com:
Castles Built on Sand: Why Software is Insecure. Read more

www.securityfocus.com:
Black hats use 'passive fingerprinting' to identify your operating system without you knowing it. Read more

www.computing.vnunet.com:
Snort sniffs at security scare. Read more

www.computing.vnunet.com:
Obsolete network links open back doors into councils. Read more

www.computing.vnunet.com:
Latest hacker toy? Web-enabled Lego. Read more

www.usatoday.com:
Security-conscious groups ban Wi-Fi. Read more

www.informationweek.com:
Sifting For Software Vulnerabilities Drains Security Staff. Read more

www.securityfocus.com:
FBI Issues Water Supply Cyberterror Warning. Read more

www.washingtonpost.com:
Washtech.com Web Site Hacked. Read more

www.theregister.co.uk:
UK web host downed by DDoS attack. Read more

www.tucsoncitizen.com:
Cyberterrorism is major threat, information officers told. Read more

www.dailytelegraph.news.com.au:
Hacker threat to city systems. Read more

www.newsobserver.com:
Hackers move out of offices, into homes. Read more

www.theage.com.au:
Hacker says CityLink still vulnerable. Read more

www.linuxsecurity.com:
Home is Where the Hacker Is. Read more

www.zdnet.com:
How to catch hackers--and make them pay. Read more

www.silicon.com:
'Irresponsible' encryption experts threaten corporate security. Read more

www.linuxsecurity.com:
A Brief Comparison of Email Encryption Protocols. Read more

www.linuxsecurity.com:
Accused Los Alamos Hacker Freed. Read more

www.wired.com:
Rail Against Econ Forum, Dot-Org. Read more

news.com.au:
Special password to buy online. Read more

www.siliconvalley.com:
DVD hacker vows to keep challenging ruling. Read more

30 January 2002

New trojan(s):
Boiling

Wildek 0.1 beta

www.securityfocus.com:
Tarantella Enterprise 3 gunzip Race Condition Vulnerability. Read more

www.securiteam.com:
SHOUTcast Vulnerable to Malformed CGI Request (admin.cgi). Read more

www.securiteam.com:
BadBlue Contains Multiple Security Vulnerabilities (Exploit code). Read more

www.securiteam.com:
Bug in AHG Search Engines Leads to Code Execution. Read more

www.securiteam.com:
CwpApi's GetRelativePath() Returns Invalid Paths. Read more

www.securiteam.com:
Windows NT/2000 DoS via Stream3 Flood Attack. Read more

www.securiteam.com/unixfocus:
ripMIME Mail Filter Remote Buffer Overflows. Read more

www.securiteam.com/unixfocus:
Alteon ACEdirector Signature/Security Bug. Read more

www.securitytracker.com:
Ganglia Clustering Environment Web Client Lets Remote Users Execute Arbitrary Commands on the Server. Read more

www.securitytracker.com:
Sony VAIO Personal Computers May Allow Remote Users to Access to Computer and Take Full Control of the System. Read more

www.securitytracker.com:
XOOPS Object-Oriented Web Portal Software Lets Remote Users Inject SQL Commands that Will Be Executed By the Underlying SQL Database. Read more

www.theregister.co.uk:
Cookie monster bites Netscape and Mozilla users. Read more

www.latimes.com:
Microsoft May Delay Products to Fix Security. Read more

abcnews.go.com:
To Tell or Not to Tell
The Ethical Dilemma of Exposing Security Flaws. Read more

www.newsbytes.com:
Intrusion Software Maker Snorts At Security Alert. Read more

news.com.au:
CityLink credit card scam. Read more

www.bangkokpost.com:
Gates tires of being bugged, calls in security. Read more

www.nandotimes.com:
Accused Los Alamos hacker freed, barred from using computers. Read more

www.theregister.co.uk:
Russian hacker breaks into US bank database. Read more

www.theregister.co.uk:
US crackers top Internet attack league. Read more

www.ananova.com:
Report suggests most hackers are American. Read more

cgi.usatoday.com:
Security-conscious groups ban Wi-Fi Wireless networks more vulnerable to hackers. Read more

www.newsbytes.com:
More Online Security Woes For FBI's Data Firm. Read more

www.themoscowtimes.com:
From Computer Games to U.S. Prison Cells. Read more

www.theregister.co.uk:
ElcomSoft attacks DMCA in Sklyarov test case. Read more

] www.theregister.co.uk:
Tiscali attacked by DDoSers. Read more

www.nzherald.co.nz:
Trustworthy computing? Not Hotmail. Read more

independent-bangladesh.com:
Govt tried to block Hasina's speech : Saber. Read more

www.newsbytes.com:
Google Denies Pop-Up Ads Are Its Fault. Read more

www.techtv.com:
Who's Eyeing Your Email? Read more

29 January 2002

New trojan(s):
Sensive 1.1.2

Ping Server version e

www.ists.dartmouth.edu:
Cyber Attacks During the War on Terrorism: A Predictive Analysis. Read more

www.linuxsecurity.com:
Buffer Overflows in RealPlayer and GNU Chess. Read more

www.securityfocus.com:
MDKSA-2002:009: rsync. Read more

www.securityfocus.com:
MDKSA-2002:010: enscript. Read more

www.securityfocus.com:
IRIX O2 video security issue. Read more

www.newsforge.com:
YDL: 'groff' Security update. Read more

www.securitytracker.com:
Tarantella Enterprise Application Server Uses Unsafe Temporary Files During Installation, Allowing Local Users to Obtain Root Privileges on the System. Read more

xforce.iss.net:
Snort specially-crafted ICMP packet denial of service. Read more

www.warpedsystems.sk.ca:
Mandrake Linux Security Update Advisory. Read more

www.vibrantmedia.com:
Party Worm Poses as Yahoo URL. Read more

www.pcworld.com:
'My Party' E-Mail Virus Hides as URL. Read more

www.computeruser.com:
New e-mail worm is no party, virus-fighters say. Read more

www.computerworld.com:
Myparty worm is no fun and games, experts warn. Read more

www.infoworld.com:
MyParty virus welcomes backdoor guests. Read more

www.newsbytes.comL
Holy Cow! Bowie Among Innocents Used In Ebay Scam. Read more

www.latimes.com:
Cyberspace Attacks Are on the Rise. Read more

www.stuff.co.nz:
Security needs to be on every company's agenda. Read more

www.computeruser.com:
DMA to adopt new rules on 'spam,' privacy policies. Read more

www.computerworld.com:
'Big guns' weigh in on Microsoft case. Read more

www.cnn.com:
Study: Cyberattacks against companies on the rise. Read more

www.washingtonpost.com:
Computer Attacks on Companies Up Sharply. Read more

28 January 2002

New trojan(s):
Vagr Nocker 1.2

www.securityfocus.com:
DSA-106-1: rsync remote exploit. Read more

www.securitytracker.com:
PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users. Read more

www.securitytracker.com:
AHG's 'search.cgi' Search Engine Input Validation Flaw Lets Remote Users Execute Arbitrary Commands on the Web Server. Read more

www.securitytracker.com:
Nortel Alteon ACEdirector Load Balancer May Disclose the Real and Otherwise Hidden IP Addresses of Load Balanced Servers to Remote Users. Read more

packetstorm.widexs.nl:
Windows 2000 Format String Vulnerabilities. (doc)Read more

www.securityfocus.com:
HPSBTL0201-021: Heap corruption vulnerability in the at package. Read more

www.securityfocus.com:
HPSBTL0201-020: Security vulnerability in OpenLDAP packages. Read more

www.securityfocus.com:
PGPFire Desktop Firewall ICMP Fingerprinting Vulnerability. Read more

www.nikkeibp.asiabiztech.com:
Sony Confirms Vaio PCs Have Security Hole, But No Damage Reported Yet. Read more

www.sub-seven.com:
Computer crime in 2002, an insider's opinion. Read more

www.cipherwar.com:
What Defines a "Black Hat" Hacker? Read more

eastbay.bcentral.com:
Hackers move to messaging. Read more

www.computeruser.com:
Serious security hole in AOL's ICQ chat software - CERT. Read more

www.gulf-news.com:
Use of anti-virus software faces hurdles. Read more

www.idg.net:
Wireless carriers exploit firewall bypass. Read more

quotes.freerealtime.com:
Computer Bugs Are Everyone's Problem. Read more

www.nzherald.co.nz:
Hackers hit western governments. Read more

www.wired.com:
MS Refocuses on Software Pirates. Read more

www.nzherald.co.nz:
Hackers hijack Epson website. Read more

27 January 2002

New trojan(s):
Baron Night 2.0

Pipes

www.securityfocus.com:
rsync Signed Array Index Remote Code Execution Vulnerability. Read more

www.securityfocus.com:
Sony VAIO Unauthorized System Access Vulnerability. Read more

www.securityfocus.com:
DSA-106-1: rsync remote exploit. Read more

www.securityfocus.com:
CLA-2002:458: rsync. Read more

www.securityfocus.com:
BindView NetInventory Password Retrieval Vulnerability. Read more

www.securityfocus.com:
FormMail Real Name/Email Address CGI Variable Spamming Vulnerability. Read more

www.windowsitsecurity.com:
Arbitrary Execution Vulnerability in PHP 4.0. Read more

www.windowsitsecurity.com:
FTP Bounce Vulnerablity in SpoonFTP. Read more

www.securitytracker.com:
SquirrelMail Web-based Mail Server Lets Remote Users Execute Arbitrary Code on the Server. Read more

www.securitytracker.com:
FormMail.pl Web-to-Email CGI Script Still Allows Unauthorized Users to Send Mail Anonymously (e.g., Send Spam). Read more

www.securitytracker.com:
Caldera 'sort' Command for UnixWare and Open UNIX Has Temporary File Security Hole That May Let Local Users Obtain Elevated Privileges. Read more

www.securitytracker.com:
FreeBSD Operating System Kernel Race Condition May Let a Local User Obtain Root Privileges on the Host. Read more

www.securitytracker.com:
Plumtree Corporate Portal Allows Cross-Site Scripting Attacks, Letting Remote Users Steal Cookies. Read more

www.itworld.com:
A Denial-of-Service Tale of Woe. Read more

www.theregister.co.uk:
AOL ICQ in hacker risk alert. Read more

www.theregister.co.uk:
Security bug hits 1m Sony Vaios. Read more

www.theregister.co.uk:
That Linux AMD bug in Technicolor detail. Read more

www.securitynewsportal.com:
Hacker blamed for planting virus on Newspaper's web server. Read more

www.nzherald.co.nz:
Hackers hijack Epson website. Read more

www.nandotimes.com:
Fewer hacking reports noted in wake of attacks. Read more

www.nzherald.co.nz:
Trade Me website beefs up security to stop sabotage. Read more

news.zdnet.co.uk:
Crypto tool strengthens 3G defences. Read more

26 January 2002

New trojan(s):
CRAT PRO 1.1

www.securityfocus.com:
SquirrelMail SquirrelSpell Remote Shell Command Execution Vulnerability. Read more

www.securityfocus.com:
PHPPGAdmin Plaintext Password Vulnerability. Read more

www.securiteam.com:
W3Perl Web Statistics Header Manipulation Vulnerability. Read more

www.securityfocus.com:
RipMime Mime_Header Long Filename Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
jmcce Predictable Log File Symbolic Link Attack Vulnerability. Read more

www.securityfocus.com:
OpenLDAP Anonymous User Object Attribute Deletion Vulnerability. Read more

www.securityfocus.com:
OpenLDAP Authenticated User Object Attribute Deletion Vulnerability. Read more

www.securiteam.com:
Odd Behavior in Windows XP Home (Security Vulnerability, Shares). Read more

www.securiteam.com/unixfocus:
psyBNC Allows Encrypted Text to be "spoofed" in Others IRC Terminals. Read more

www.securiteam.com/unixfocus:
DNRD Contains Security Vulnerabilities (Request, Reply). Read more

linuxtoday.com:
Red Hat Security Advisory: rsync. Read more

www.newsbytes.com:
Real To Close Security Hole in RealPlayer. Read more

www.computing.vnunet.com:
Hackers' mirror shattered. Read more

www.ananova.com:
Overworked hackers' archive closes. Read more

www.computing.vnunet.com:
Millions threatened by AOL chat bug. Read more

www.neowin.net:
Wireless offices—a hacker boon? Read more

www.computing.vnunet.com:
Set a hacker to catch a hacker. Read more

www.vnunet.com:
MP slams government e-security. Read more

www.themoscowtimes.com:
Suspected Hacker Detained in Surgut. Read more

25 January 2002

New trojan(s):
Helios 4.10 LE

www.securiteam.com:
UnixWare 7.1.1 Scoadminreg.cgi Local Exploit. Read more

www.securityfocus.com:
CHUID Upload Directory Escaping File Owner Changing Vulnerability. Read more

www.securityfocus.com:
Citrix Nfuse Published Applications Information Leak Vulnerability. Read more

www.securityfocus.com:
FreeBSD-SA-02:08: race condition during exec may allow local root compromise. Read more

www.securiteam.com:
BadBlue Contains Multiple Security Vulnerabilities. Read more

www.securiteam.com:
Mozilla Cookie Stealing. Read more

www.securiteam.com:
Serious Privacy Leak in Python for Windows. Read more

www.securiteam.com:
Avirt Gateway Telnet Vulnerability. Read more

www.securiteam.com:
Citrix NFuse Information Leak. Read more

www.securiteam.com/unixfocus:
Maelstrom Symbolic Link Vulnerability. Read more

CERT® Advisory CA-2002-02
Buffer Overflow in AOL ICQ. Read more

security-protocols.com:
Mozilla Cookie Stealing. Read more

news.zdnet.co.uk:
Sony's Vaio hit by security hole. Read more

www.computeruser.com:
Software tool from CNet opens security hole. Read more

www.securityfocus.com:
Results, Not Resolutions. A guide to judging Microsoft's security progress. Read more

www.nzherald.co.nz:
Dutch probe hack-attack on royal wedding chat. Read more

news.scotsman.com:
Royal couple’s chat blocked by half the world. Read more

www.theregister.co.uk:
Hacktivists crash online regal Dutch chat. Read more

www.computing.vnunet.com:
Analyst 'unfair' to virus writers. Read more

www.securityfocus.com:
Hack Suspect Held for Alleged Internet Use. Read more

www.linuxsecurity.com:
Hackers target vulnerable 6112 ports. Read more

www.linuxsecurity.com:
Use Linux firewall to fend off hackers. Read more

news.mywebpal.com:
Expert speaks on terrorism. Read more

www.southnexus.com:
Karkala: First cyber crime registered. Read more

www.vnunet.com:
Lax security left ILA accounts wide open. Read more

www.themoscowtimes.com:
Suspected Hacker Detained in Surgut. Read more

www.theregister.co.uk:
What Billg's new security effort will cost. Read more

www.computing.vnunet.com:
BugWatch: The threat from within. Read more

www.timesofindia.com:
Security flaw in Sony Vaio computers. Read more

security-protocols.com:
Police bust L.A. software piracy ring. Read more

news.com.com:
Alleged eBay hacker wants lawyer back. Read more

24 January 2002

New trojan(s):
Massaker 1.1 v2

BlueFire 0.35

www.cgisecurity.net:
Header Based Exploitation: Web Statistical Software Threats by Zenomorph.
This paper helps describe an attack method often overlooked by programmers.
It explains how modification of HTTP headers can cause possible system access, cookie theft/poisoning,
tricked advertising, database injection, and other bad things in web statistical software. Read more

Kurt Seifried Security Advisory 003 (KSSA-003)
Multiple windows file wiping utilities do not properly wipe data with NTFS file systems. Read more

www.securityfocus.com:
Citrix Nfuse Published Applications Information Leak Vulnerability. Read more

www.securityfocus.com:
DaanSystems NewsReactor Password Encoding Vulnerability. Read more

www.securityfocus.com:
Cyberstop Web Server MS-DOS Device Denial of Service Vulnerability. Read more

www.securityfocus.com:
Cyberstop Web Server Long Request DoS Vulnerability. Read more

www.securityfocus.com:
COWS CGI Online Worldweb Shopping Compatible.CGI Cross-Site Scripting Vulnerability. Read more

www.securityfocus.com:
COWS CGI Online Worldweb Shopping Insecure File Permissions Vulnerability. Read more

www.securityfocus.com:
Kerberos 5 su Privilege Escalation Vulnerability. Read more

www.securityfocus.com:
GNU Enscript Insecure Temporary File Creation Vulnerability. Read more

www.securityfocus.com:
Netscape/Mozilla Null Character Cookie Stealing Vulnerability. Read more

www.securiteam.com:
Sambar Webserver DoS Vulnerability (cgitest.exe). Read more

www.securiteam.com:
Bounce Vulnerability in SpoonFTP. Read more

www.securiteam.com:
Gaining Root Access via PHP.exe. Read more

www.securiteam.com/unixfocus:
Chuid Found to Contain Two Security Holes ('..', overwriting). Read more

www.securiteam.com/unixfocus:
Remote Memory Reading Through TCP/ICMP. Read more

www.latimes.com:
Microsoft May Delay Products to Fix Security. Read more

dailynews.yahoo.com:
The Incredibly Vulnerable Online Shopper. Read more

www.vnunet.com:
Security of wireless networking still an afterthought. Read more

www.nzherald.co.nz:
Netscape sues Microsoft over browser battle. Read more

www.themoscowtimes.com:
Surgut Hacker Arrested. Read more

www.reuters.com:
Report: Russian Police Detain Bank Hacker. Read more

www.theregister.co.uk:
Ebay hacking case gets weird. Read more

techupdate.zdnet.com:
Security: What's going on? Read more

www.pcworld.com:
Banks Suffer Highest Rate of Security Incursions. Read more

www.vnunet.com:
Databases a soft touch for hackers. Read more

www.theregister.co.uk:
Look what they've done to my database, Ma. Read more

23 January 2002

New trojan(s):
WinRat 1.0

Ping Server version c

www.securityfocus.com:
Multiple Vendor NTFS File Wipe Vulnerability. Read more

www.securityfocus.com:
SpoonFTP Bounce Vulnerability. Read more

www.securityfocus.com:
Maelstrom Insecure Symbolic Link Vulnerability. Read more

www.securityfocus.com:
SpoonFTP Bounce Vulnerability. Read more

www.securiteam.com Sniffit Exploit Code Released (normmail). Read more

www.securiteam.com NewsReactor Encryption Scheme Cracked. Read more

www.securiteam.com CyberStop Web Server Remote DoS. Read more

The "Lunch Break Hole"
This advisory describes multiple problems regarding the unlocking of locked Windows NT machines (all versions). Read more

www.informationweek.com:
Hacker 'zine 2600 is appealing a court decision that prohibits it from linking to a controversial program. Read more

www.zdnet.com:
MS's security push: Too little, too late? Or just in time? Read more

www.nydailynews.com:
Microsoft on Hacker High Alert. Read more

www.idg.net:
Q&A: Microsoft's Cliff Reeves talks about security flaws, fixes. Read more

www.nypost.com:
MICROSOFT FACES DELAYS OVER SECURITY. Read more

news.zdnet.co.uk:
Port 12345: Hacker haven or Internet X-File? Read more

www.newscientist.com:
Cracking code gives password for college place. Read more

news.com.com:
Data on Internet threats still out cold. Read more

www.newsbytes.com:
Accused Ebay Hacker To Defend Himself From Jail. Read more

sanjose.bcentral.com:
Hospital hacker to be sentenced. Read more

www.internet-magazine.com:
Hackers force Cloud Nine shutdown. Read more

www.guardian.co.uk:
Bin Laden's online foe extradited on suspicion of fraud. Read more

news.com.com:
Hacker-millionaire suspected of fraud. Read more

www.silicon.com:
Threat of "drive-by hacking" a myth. Read more

www.ananova.com:
US fearful of failing internet security. Read more

www.zdnet.com:
Netscape hits Microsoft with lawsuit. Read more

in.news.yahoo.com:
Course for police on cyber crime. Read more

www.zdnet.com:
How to break into your own computer (it's easy). Read more

www.wired.com:
Data Firm Exposes Records Online. Read more

22 January 2002

New trojan(s):
DataSpy Network X 0.4 beta

Clandestine 1.5.1

www.nextgenss.com:
E-mail Spoofing and CDONTS.NEWMAIL (Protecting Microsoft Active Server Pages Applications)(PDF). Read more

www.vnunet.com:
Two year old bug bites Linux users. Read more

www.faz.com:
Hackers Target Almost Every Second Major Company. Read more

quote.bloomberg.com:
Government Warns Companies to Combat Cyber Terror With Security. Read more

www.theregister.co.uk:
Windows wipe utilities fail to shift stubborn data stains. Read more

www.cnn.com:
Despite more spending, dangers lurk on the Net. Read more

www.silicon.com:
Hack attack brings down ISP. Read more

challenge.cylant.com:
Break through the CylantSecure barrier on challenge.softsysint.com and earn $5000. Read more

www.cnn.com:
Ellison: Oracle remains unbreakable. Read more

sanjose.bcentral.com:
'Re-evaluation of security networks is an ongoing process'. Read more

seattletimes.nwsource.com:
Gates' security memo triggers mixed reactions. Read more

www.satirewire.com:
SURPRISE SETTLEMENT EVENLY SPLITS MICROSOFT; ONE FIRM TO MAKE SOFTWARE, OTHER TO MAKE PATCHES. Read more

quotes.freerealtime.com:
Finally, Microsoft discovers security. Read more

www.theregister.co.uk:
Microsoft's crucial new hire. Read more

www.rockymountainnews.com:
Hackers at Westminster's White Hat paid to hunt for network security weaknesses. Read more

www.nypost.com:
HACKERS: UNCLE SAM (SHOULD) WANT YOU. Read more

www.vnunet.com:
Police stop hacker's online cop-out. Read more

www.reuters.co.uk:
German hacker turned millionaire faces probe. Read more

www.wired.com:
Osama Hunter-Hacker Busted. Read more

21 January 2002

New trojan(s):
Infiltration 4.6

URL2DWORD. A program to convert URLS to DWORD for use with the Zone Spoofing Vulnerability

security-protocols.com:
Snort Core Dump Vulnerability. Read more

www.securiteam.com:
Web Server 4D/eCommerce DoS Vulnerability. Read more

www.securityfocus.com:
Joe Testa hellbent Relative Web Root Path Information Disclosure Vulnerability. Read more

www.securityfocus.com:
Joe Testa hellbent Information Leak Vulnerability. Read more

packetstorm.widexs.nl:
Avirt Gateway Telnet Vulnerability (and more?). Read more

www.computerbytesman.com:
Internet Explorer SuperCookies. Read more

www.aberdeennews.com:
Despite added security spending, Internet more dangerous. Read more

zdnet.com.com:
Wireless enlists in war on terrorism. Read more

newsfind.com:
China Issues Internet Controls. Read more

www.vnunet.com:
Europe is virus hotbed, warns report. Read more

news.independent.co.uk:
'We only teach ethical hacking'. Read more

www.vnunet.com:
Bug Watch: Remembering Achilles' heel. Read more

www.computeruser.com:
Arrest thwarts hacker kimble's threatened suicide - report. Read more

www.canoe.ca:
Texas teen says he hacked into Canadian military computer network. Read more

www.canada.com:
Haligonian teen key in hacker bust. Read more

news.bbc.co.uk:
Thai police detain internet whizkid. Read more

www.nationalpost.com:
17-year-old hacker penetrated DND network. Read more

www.silicon.com:
Energis forced to hide hacker. Read more

20 January 2002

New trojan(s):
REX 0.1 Beta

www.securitytracker.com:
Avirt Gateway Web Proxy Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server with SYSTEM Level Privileges. Read more

ww.securitytracker.com:
Avirt Gateway Suite Telnet Proxy Flaw Gives Remote Users Telnet Command Line Access to the Server With SYSTEM Level Privileges. Read more

www.securityfocus.com:
Oracle Database Auditing Insecure Default Configuration Vulnerability. Read more

www.securityfocus.com:
Oracle 8i dbsnmp Command Remote Denial of Service Vulnerability. Read more

cryptome.org:
Account of Spy Trip on Kabul PC Matches Travels of Richard Reid. Read more

www.internetweek.com:
Microsoft Patches Bug Customers. Read more

www.antiwar.com:
Albanian Hackers Deface Macedonian Website. Read more

www.theregister.co.uk:
YIHAT founder Kimble/Schmitz arrested. Read more

news.com.com:
AOL reportedly in talks to buy Red Hat. Read more

19 January 2002

New trojan(s):
Guangwai Girl 1.52c

cobra.lucidx.com:
screamingCobra is an application to find vulnerabilities in remote CGIs by using techniques that are able to spot very common bugs in many CGIs. Read more

NetBSD Security Advisory 2002-001
A vulnerability found in the ptrace implementation on NetBSD 1.5.* , 1.4.* and CURRENT (prior to January 14, 2002) systems can result in race conditions where it is possible to use ptrace and SUID binaries to execute code with elevated privileges. Read more

FreeBSD-SA-02:07
Kerberos 5 su command uses getlogin for authorization. Read more

www.securityfocus.com:
Lucent VitalNet Password Authentication Bypass Vulnerability. Read more

www.securityfocus.com:
Chinput Environment Variable Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
Sambar Server Sample Script Denial Of Service Vulnerability. Read more

www.securityfocus.com:
Multiple Vendor Unprivileged User Permissions Log File Modification Vulnerability. Read more

www.securityfocus.com:
PHPNuke Remote Arbitrary File Include Vulnerability. Read more

www.securityfocus.com:
Askey ADSL Router NMap Scan Denial Of Service Vulnerability. Read more

www.securityfocus.com:
HP Sendmail Diagnostic Code Information Leakage Vulnerability. Read more

www.securityfocus.com:
BSD exec() Race Condition Vulnerability. Read more

www.eweek.com:
Klez Worm Goes After Myriad Files. Read more

news.com.com:
Security gurus welcome Microsoft's goal. Read more

www4.gartner.com:
Microsoft Needs Time to Prove It's Serious About Security. Read more

www.securityfocus.com:
Will Microsoft's Trustworthy Computing Sell? Read more

news.com.com:
Con: Trust, but verify, Microsoft's pledge. Read more

www.reuters.co.uk:
Hackers attacked 103 Moroccan websites in 2001. Read more

www.newsbytes.com:
Criminal Charges Settled In Distributed-Computing Case. Read more

www.denverpost.com:
Alert preceded Indian trust hacker breach. Read more

www.washingtonpost.com:
Los Alamos Scientist Criticizes FBI in Book. Read more

www.theregister.co.uk:
bin Laden hackmeister 'flees' Germany. Read more

www.theregister.co.uk:
Distributed computing case ends with probation. Read more

www.newsbytes.com:
Spammers Near Top Of Would-Be Hackers List. Read more

18 January 2002

New trojan(s):
AlexMessoMalex Beta 2

Q-Taz 2.3

www.securiteam.com:
UnixWare 7.1.1 rpc.cmsd Remote Exploit. Read more

www.securiteam.com:
Eterm SGID 'utmp' Local Buffer Overflow (exploit). Read more

www.securiteam.com:
Security Bug in Alcatel Speed Touch Home ADSL Modem (DoS). Read more

www.securiteam.com:
Hardening Solaris for MGC. Read more

www.securiteam.com/unixfocus:
Cdrdao Insecure File Handling. Read more

www.securiteam.com/unixfocus:
Kerberos 5 Core Dump Security Vulnerability. Read more

www.securityfocus.com:
AT Maliciously Formatted Time Heap Overflow Vulnerability. Read more

www.securityfocus.com:
Sambar Server Sample Script Denial Of Service Vulnerability. Read more

www.securityfocus.com:
ClanLib Environment Variable Overflow Vulnerability. Read more

www.securityfocus.com:
The Simplest Security: A Guide To Better Password Practices. Read more

www.cnn.com:
FBI: Al Qaeda may have probed government sites. Read more

www.newscientist.com:
Weakened encryption lays bare al-Qaeda files. Read more

www.computeruser.com:
Microsoft falling behind in browser security fixes. Read more

www.iht.com:
Microsoft, Vulnerable, Opens War On Hackers. Read more

www.siliconvalley.com:
FBI warns law enforcement, Internet companies of possible terrorist activity. Read more

www.newsbytes.com:
FBI Issues Net Terrorism Warning, Italy Finds Hackers. Read more

www.cnn.com:
FBI warns of potential cyberattack. Read more

codecon.org:
CodeCon 2002 will be February 15-17, noon-5pm at DNA lounge in San Francisco, California. CodeCon is the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community. Read more

www.itworld.com:
Can You su? (unix). Read more

www.sfgate.com:
Airport checks vulnerable to hackers, experts say. Read more

www.theregister.co.uk:
MS security memo a mere gesture. Read more

www.computing.vnunet.com:
Honest Bill says Microsoft is trustworthy. Read more

news.bbc.co.uk:
Microsoft to tackle security failings. Read more

www.newsday.com:
Local Hacking On The Rise. Read more

www.computing.vnunet.com:
Six arrested in anti-hacking swoop. Read more

www.computing.vnunet.com:
Hacker mag takes on US court. Read more

17 January 2002

New trojan(s):
RUX The TIc.K 6.0

www.securiteam.com:
UPNP Denial of Service (Joint code, Chargen, Initiator). Read more

security-protocols.com:
Heap Overflow in SNMPNetStat (Exploit Code). Read more

www.solutions.fi:
Microsoft Internet Explorer may download and run progams automatically - details. Read more

security-protocols.com:
MSIE may download and run programs automatically. Read more

www.securiteam.com:
AutoResponder Allows Spamming. Read more

www.securiteam.com:
www.address.com Account Hijacking Vulnerability. Read more

www.securiteam.com:
Palm Desktop for Mac OS X Security Vulnerability. Read more

www.securiteam.com:
Legato NetWorker Log File Vulnerability. Read more

www.securiteam.com:
Web Server 4D/eCommerce Directory Traversal Vulnerability. Read more

www.securiteam.com:
Pi3Web Webserver Buffer Overflow Vulnerability. Read more

www.securiteam.com:
MiraMail Gives POP Account Access and Details. Read more

www.securiteam.com:
OpenFile Win32 API Log Overwriting/Rewriting. Read more

www.securiteam.com/unixfocus:
Cookie Modification Allows Unauthenticated User Login in Geeklog. Read more

quotes.freerealtime.com:
Microsoft Falling Behind In Browser Security Fixes. Read more

www.nandotimes.com:
Microsoft bug prevents downloading Windows security patches. Read more

www.internetnews.com:
AOL Offers ICQ Bug Bomb. Read more

www.newsbytes.com:
Unix Admins Urged To Stop Up Security Hole In CDE. Read more

www.silicon.com:
Energis forced to hide hacker. Read more

www.theregister.co.uk:
Lies, damned lies and anti-virus statistics. Read more

www.zdnet.com:
Turning script kiddies into programmers. Read more

www.zdnet.com:
Hackers digging through Solaris hole. Read more

www.computeruser.com:
InstaKiss password-stealing scam sites proliferate. Read more

star-techcentral.com:
US expert: The military should guard our cyberspace borders. Read more

www.washtech.com:
U.S. Hopes To Unplug Cybercrime In N.Va. Read more

www.ananova.com:
'Pentagon hackers' uncovered in Italy. Read more

www.theregister.co.uk:
Windows Media Player must be patched to fix IE. Read more

news.cnet.com:
Gates: Security a top priority. Read more

16 January 2002

New trojan(s):
Alvgus 8.0

Gift 2.5 beta

www.rpi.net.au:
Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables. Read more

www.osioniusx.com:
Internet Explorer Pop-Up OBJECT Tag Bug (Revision 2) by the Pull. Read more

CERT® Advisory CA-2002-01
Exploitation of Vulnerability in CDE Subprocess Control Service. Read more

www.securiteam.com:
Cross-Site Scripting Vulnerability Found in PostNuke. Read more

www.securiteam.com:
Siemens Mobile SMS Exceptional Character Vulnerability. Read more

www.securiteam.com:
Multiple Cross-Site Vulnerabilities Found in Leading Web Sites (IMDB, PlanetQuake, Merriam-Webster). Read more

www.securiteam.com:
Shockwave Flash Player Security Issue. Read more

www.securiteam.com:
MSIE May Download and Run Programs Automatically (Details and Exploit). Read more

www.securiteam.com:
Internet Explorer Clipboard Stealing Vulnerability. Read more

www.securiteam.com:
Internet Explorer SuperCookies P3P Bypass and Cookie Controls. Read more

www.securiteam.com:
EServ Password Protected File Arbitrary Read Access Vulnerability. Read more

www.securiteam.com/unixfocus:
PHP 4.x Session Spoofing. Read more

www.securiteam.com/unixfocus:
Vulnerability in New User Creation in Geeklog. Read more

www.securiteam.com/unixfocus:
Heap Overflow in SNMPNetStat (Exploit Code). Read more

www.securiteam.com/unixfocus:
Apache Mis-configuration Can Make You Vulnerable to a Local Denial of Service Attack. Read more

www.securityfocus.com:
John Roy Pi3Web Long Request Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
CDRDAO Home Directory Configuration File Symbolic Link Vulnerability. Read more

www.securityfocus.com:
Microsoft Backup for Windows 95 Buffer Overflow Vulnerability. Read more

news.cnet.com:
Older ICQ software vulnerable to attack. Read more

www.latimes.com:
AOL Urges ICQ Program Updates. Read more

news.cnet.com:
Privacy flaw continues to dig IE hole. Read more

www.pcworld.com:
Multitasking Viruses Expected. Read more

www.newsday.com:
New Home PCs Increasingly Vulnerable. Read more

news.cnet.com:
Solaris hole opening way for hackers. Read more

www.reuters.co.uk:
Botched update puts Windows XP fix on hold. Read more

www.eweek.com:
Flaw Forces Microsoft E-Com Site to Go Offline. Read more

news.cnet.com:
.Net breakdown: More to come? Read more

www.pcworld.com:
Italian Police Nab Hacker Group. Read more

www.eweek.com:
Software Liability Gaining Attention. Read more

15 January 2002

New trojan(s):
AlexMessoMalex Beta 1

Remote Hack 1.5b

nextgenss.com:
NGSSniff is a network packet capture and analysis program. It requires Windows 2000 or XP. Read more

www.securiteam.com:
BOOZT! Standard CGI Vulnerability (Exploit Released). Read more

www.securiteam.com:
User Posting Vulnerability in Nick.com Forums (Nickelodeon). Read more

www.securiteam.com:
Dino's Web Server Directory Traversal Vulnerability. Read more

www.securiteam.com:
Bea Weblogic DOS device Denial of Service. Read more

www.securiteam.com:
Savant Webserver Buffer Overflow Vulnerability. Read more

www.securiteam.com:
More Reading of Local Files Vulnerabilities in MSIE. Read more

www.securiteam.com/unixfocus:
PHP Rocket Add-in for FrontPage Directory Traversal Vulnerability. Read more

www.securiteam.com/unixfocus:
Vulnerability Found in Frox Transparent FTP Proxy. Read more

www.securityfocus.com:
Shingo beep2 Arbitrary File Reading Vulnerability. Read more

www.securityfocus.com:
FreeWnn jserver JS_MKDIR Metacharacter Command Execution Vulnerability. Read more

www.nzherald.co.nz:
Youth plot to 'take down' internet, FBI claims. Read more

www.wired.com:
Worm Poses as Outlook Update. Read more

www.timesofindia.com:
Worm posing as Microsoft update spreading. Read more

www.forbes.com:
UPDATE 1-AOL urges instant messagers to upgrade for security. Read more

www.dailypress.com:
U.S. attorney makes computer crimes a priority. Read more

www.nandotimes.com:
Government anti-hacking team formed to watch Washington area. Read more

www.vnunet.com:
Ministry of Defence hacked 27 times. Read more

www.gulfnews.com:
FBI probing Pakistan-based hackers. Read more

www.vnunet.com:
Web attacks up 160 per cent in 2001. Read more

www.techweb.com:
Routers Are The New Hack Attack. Read more

www.vnunet.com:
World of Hell back on the warpath. Read more

news.zdnet.co.uk:
Political hackers on the increase in Britain. Read more

www.rockymountainnews.com:
Hacked @ home. Read more

www.latimes.com:
Security Flaws May Be Pitfall for Microsoft. Read more

news.zdnet.co.uk:
Experts: Microsoft's security push lacks oomph. Read more

www.sfgate.com:
Privacy and Terrorism, Should state monitor e-mail? Read more

www.idg.net:
Hyped hacker-investor claims to flee Germany. Read more

news.zdnet.co.uk:
Five years ago: Tests show limits of virus scanners. Read more

14 January 2002

New trojan(s):
Massaker 1.1

www.securityfocus.com:
Geheimnis MKTemp Insecure Temporary File Vulnerability. Read more

www.securiteam.com:
Linksys Routers Found to be Vulnerable to SNMP Issues. Read more

www.securiteam.com:
Mail.com Cross Site Scripting Vulnerability. Read more

www.securiteam.com:
Myvoicestream.com Security Vulnerability. Read more

www.securiteam.com:
Vulnerabilities in Oracle9iAS Web Cache. Read more

www.securiteam.com:
AOLserver Unauthorized File Disclosure Vulnerability. Read more

www.securiteam.com:
Internet Explorer JavaScript Modeless Popup DoS. Read more

www.securiteam.com:
Pine URL Handler Allows Execution of Embedded Commands. Read more

www.vnunet.com:
'High risk' virus hits PCs. Read more

www.wired.com:
'Trojan' Company Changes Horses. Read more

www.computeruser.com:
Tools take on new Linux Trojan. Read more

www.idg.net:
Donut virus set to poke holes in .Net. Read more

www.neowin.net:
Security incidents nearly double in 2001. Read more

www.vnunet.com:
DNS not bound by Bind. Read more

www.computeruser.com:
Hacker pleads guilty to damaging energy lab's system. Read more

www.computeruser.com:
More libraries filtered in 2001--report. Read more

www.nzherald.co.nz:
Who watches the watchers? Read more

13 January 2002

New trojan(s):
Silent Spy

chocobospore.org:
Mognet, Wireless Ethernet Java Based Sniffer/Analyzer. Read more

www.securityfocus.com:
EServ Password-Protected File Access Vulnerability. Read more

www.securityfocus.com:
Slashcode User Account Compromise Vulnerability. Read more

www.securityfocus.com:
Nevrona MiraMail Sensitive File Plain Text Storage Vulnerability. Read more

www.securityfocus.com:
Legato NetWorker Plaintext Log File Vulnerability. Read more

www.securityfocus.com:
Legato NetWorker Insecure Log Permissions Vulnerability. Read more

www.securityfocus.com:
Geeklog Permanent Cookie Account Hijacking Vulnerability. Read more

www.securityfocus.com:
Snort ICMP Denial of Service Vulnerability. Read more

www.securiteam.com:
AFTPd Core Dump Vulnerability. Read more

www.debian.org:
DSA-099-1 xchat: IRC session hijacking. Read more

www.sgmvp.freewebsites.com:
How to restart from Windows Millennium into Windows 98 DOS mode. Read more

www.guardian.co.uk:
Viruses infect one email in every 300. Read more

news.cnet.com:
Judge tosses Microsoft schools settlement. Read more

12 January 2002

New trojan(s):
Cleptomaniacos 1.0

Litmus 2.03

www.securiteam.com:
Improper Input Validation in Bugzilla (Exploit). Read more

www.securiteam.com:
XTerm UnixWare Exploit Code Released (-xrm). Read more

www.securiteam.com:
Netscape ?wp-html-rend Denial of Service Attack. Read more

www.securiteam.com/unixfocus:
Slashcode Login Vulnerability. Read more

www.securiteam.com/unixfocus:
XChat IRC Session Hijacking Vulnerability. Read more

www.securiteam.com/unixfocus:
Security Analysis of VTun. Read more

www.securiteam.com/unixfocus:
Security Flaws Found in Tinc. Read more

www.zdnet.com:
Gigger 'update' worm attacks hard drive. Read more

www.zdnet.com:
Microsoft: There's a hole in W32.Donut. Read more

www.taipeitimes.com:
Web hackers hit US via Taiwan. Read more

ap.tbo.com:
Norwegian Hacker Indicted for Breaking Hollywood DVD Code. Read more

news.cnet.com:
Web hoster takes security to extremes. Read more

www.newsbytes.com:
It's 'Bye-Bye, Deutschland' For Kim Schmitz. Read more

www.fcw.com:
Report: GPS at risk. Read more

news.cnet.com:
Commentary: Microsoft's security woes. Read more

www.zdnet.com:
Microsoft failing security test? Read more

11 January 2002

New trojan(s):
Little Witch 5.0.1 Client

Nemesis 1.0

Bypassing Firewall: Tools and Techniques (PDF). by Jake Hill

www.securityfocus.com:
YaBB Cross-Site Scripting Vulnerability. Read more

www.securityfocus.com:
Ultimate Bulletin Board Cross-Site Scripting Vulnerability. Read more

www.securityfocus.com:
PGP Outlook Plug-In Insecure Message Storage Vulnerability. Read more

www.securityfocus.com:
Forums! Insecure User Validation Message Posting Vulnerability. Read more

www.securiteam.com:
Netscape Publishing wp-force-auth Command. Read more

www.securiteam.com:
Multiple Vulnerabilities in Cisco SN 5420 Storage Routers. Read more

www.securiteam.com:
CSS Vulnerabilities in YaBB and UBB Allows Account Hijacking. Read more

www.securiteam.com:
Hacking LIDS. Read more

packetstorm.widexs.nl:
The Boozt! banner management software for Linux v0.9.8alpha has a remotely exploitable buffer overflow in a CGI executable. Read more

www.computeruser.com:
First 'proof of concept' .Net virus appears. Read more

www.newsbytes.com:
Macromedia's Flash Virus Fix Falls Short - Experts. Read more

www.cnn.com:
Debate continues over security of Windows XP. Read more

www.ananova.com:
Hackers used Taiwanese computers to deface US websites. Read more

news.com.au:
Hacker pleads guilty. Read more

www.businessweek.com:
Every Man a Cyber Crook. Read more

www.latimes.com:
Keeping Out the Hackers. Read more

news.bbc.co.uk:
Exam blunder 'may be sabotage'. Read more

allafrica.com:
Durban to Battle "Porn Nappers" for Tourism Website. Read more

www.bostonphoenix.com:
Brave new Web. Read more

www.miami.com:
Learning to love the computer, warts and all. Read more

www.wired.com:
Norway Cracks Down on DVD Hacker. Read more

10 January 2002

New trojan(s):
Lamers Death 2.6

BlackHole 2.001 Client

eyeonsecurity.net:
CSS vulnerabilities in YaBB and UBB allow account hijack. Read more

packetstorm.widexs.nl:
Hosting Controller - Multiple vulnerabilities. Read more

packetstorm.widexs.nl:
AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability. Read more

packetstorm.widexs.nl:
Savant Webserver Buffer Overflow Vulnerability. Read more

packetstorm.widexs.nl:
NT PHP.exe remote exploit. Read more

packetstorm.widexs.nl:
Security Problem in Cisco ubr900 Series Routers. Read more

www.securityfocus.com:
HP-UX mmap() Denial of Service Vulnerability. Read more

www.securityfocus.com:
Anti-Web HTTPD Script Engine Heap Overflow Vulnerability. Read more

www.securiteam.com:
FAQmanager File Reading Vulnerability. Read more

www.securityoffice.net:
Cross Site Scripting "the security gap". Read more

www.newsfactor.co:
Name That Worm - How Computer Viruses Get Their Names. Read more

freshmeat.net:
Red Hat: New mutt packages available to fix security problem. Read more

linuxtoday.com:
Conectiva Linux Security Announcement: proftpd. Read more

www.neowin.net:
First dotNET virus. Read more

www.securityfocus.com:
Social Engineering Fundamentals, Part II: Combat Strategies. Read more

www.siliconvalley.com:
Virus targets Microsoft Web services software. Read more

news.cnet.com:
Virus writers take an early crack at .Net. Read more

www.computeruser.com:
Audiogalaxy installer may have harbored Nimda virus. Read more

news.cnet.com:
Back doors in AIM security tool irk pros. Read more

www.zdnet.com:
AIM security tool opens back doors. Read more

www.computeruser.com:
Go hack thyself, urges NRC. Read more

www.gcn.com:
Hacker pleads guilty to damaging Energy lab’s system. Read more

news.com.au:
Hacker pleads guilty. Read more

www.theregister.co.uk:
Guilty plea in nuke lab hack. Read more

www.newsbytes.com:
Prof Renews Free Speech Fight Against US Encryption Law. Read more

news.cnet.com:
Going mano a mano with Microsoft. Read more

09 January 2002

New trojan(s):
Genue 1.0

Harvester 2.0

www.securityfocus.com:
AOLServer Password Protected File Arbitrary Read Access Vulnerability. Read more

www.securityfocus.com:
Apache Non-Existent Log Directory Denial Of Service Vulnerability. Read more

www.securityfocus.com:
AOLServer Password Protected File Arbitrary Read Access Vulnerability. Read more

www.securityfocus.com:
Michael Lamont Savant Web Server Long Request DoS Vulnerability. Read more

www.securiteam.com:
VeriSign "PayFlow Link" Payment Service Security Vulnerability. Read more

www.securiteam.com:
AIM Filter Contains Spyware and Backdoors. Read more

www.securiteam.com:
C2IT.com Security Holes. Read more

www.securiteam.com:
Cross Site Scripting Vulnerability in Microsoft.com. Read more

www.securiteam.com:
PGP 7.0 Outlook Plug-in Flaw. Read more

www.securiteam.com:
Hosting Controller Multiple Security Vulnerabilities. Read more

www.securiteam.com:
Web Administration Vulnerability in CacheOS. Read more

www.securiteam.com:
BOOZT! Administration CGI Vulnerable to Buffer Overflow. Read more

www.securityfocus.com:
Virus Threatens Software Flash Files. Read more

news.cnet.com:
New virus first to infect Macromedia Flash. Read more

www.theregister.co.uk:
Shockwave gets its very own virus. Read more

www.timesofindia.com:
Now, there's a virus for Flash files too. Read more

www.zdnet.com:
What's in a virus's name? Everything you need to know! Read more

news.com.au:
Viruses enjoy quiet Christmas. Read more

www.vnunet.com:
Watching the detectives. Read more

www.vnunet.com:
Linux Mutt in the dog house. Read more

www.theregister.co.uk:
AOL buddy-hole fix has backdoor. Read more

www.computerworld.com:
AIM Vulnerability Highlights Risk of Rushing Features. Read more

seattlepi.nwsource.com:
Hackers found flaw in AOL service and kept mum about it. Read more

www.vnunet.com:
Hackers target governments worldwide. Read more

www.cnn.com:
Report: Cybervandalism jumped in 2001. Read more

www.theregister.co.uk:
'Punish software makers for bad security' - NAS. Read more

www.cnn.com:
Report: Many U.S. firms at risk for cyberattacks. Read more

news.cnet.com:
Lax habits leave U.S. open to cyberattack. Read more

www.wired.com:
U.S. Cyber Security Weakening. Read more

www.fcw.com:
Homeland security IT spending lags. Read more

www.redding.com:
Making life miserable for cyber-intruders. Read more

www.sfgate.com:
Security takes center stage at tech show. Read more

www.idg.net:
Security challenges take toll. Read more

www.theregister.co.uk:
Gates gets even bigger XP sales number to boast about. Read more

news.cnet.com:
Microsoft shakes hands with CDMA. Read more

www.theregister.co.uk:
Judge denies MS request for more time. Read more

www.theregister.co.uk:
How MS tax policy saves Gates millions - Nader. Read more

08 January 2002

New trojan(s):
Mainline 1.5

Ping Server version b

security-protocols.com:
ICQ remote buffer overflow vulnerability. Read more

security-protocols.com:
Faqmanager.cgi file read vulnerability. Read more

security-protocols.com:
Multiple pwck/grpck Privilege Elevation Vulnerabilities. Read more

www.securityfocus.com:
SuSE Security Announcement. Read more

www.securityfocus.com:
CLA-2002:449: mutt. Read more

www.menewsline.com:
TERRORISTS SENT FOR WMD, CYBER TRAINING. Read more

biz.thestar.com.my:
Countries putting up electronic fences. Read more

www.computeruser.com:
New Linux backdoor virus gains smarts. Read more

www.linuxsecurity.com:
Securing Air (Wireless Security). Read more

www.computeruser.com:
Microsoft breaks Netscape rule in new security flaw. Read more

www.siliconvalley.com:
Plea accord expected in hacking case. Read more

www.wired.com:
Virus Writers Here to 'Help'. Read more

www.zwire.com:
Computer problems running rampant. Read more

web.thesunnews.com:
Hackers targeting home computers. Read more

www.korealink.co.kr:
Hoax e-Mail Worm Spreads. Read more

www.zdnet.com:
Spyware, Part 3: Is using it illegal…or just sleazy? Read more

www.post-gazette.com:
Perspectives: Time to make Pittsburgh cybersecurity center. Read more

www.washingtonpost.com:
w00w00's Instant Message: Listen Up, AOL. Read more

afr.com:
Posting a guard for homeland security, cyberstyle. Read more

www.fcw.com:
DOD bills bolster anti-terrorism spending. Read more

www.fcw.com:
Interior unplugged. Read more

www.sfgate.com:
National parks caught in Web Court takes down Interior Dept. site to keep hackers from tribal funds. Read more

www.zdnet.com:
Gates to show TV-friendly XP. Read more

www.infoworld.com:
Analysis: Microsoft recommits to vigilant security patrols. Read more

www.zdnet.com:
Judge nixes Microsoft delay tactic. Read more

www.zdnet.com:
Lawmaker: Legalize home CD burning. Read more

www.foxnews.com:
War on Copy-Protected CDs Heats Up. Read more

07 January 2002

New trojan(s):
Connect4 1.0 beta 1

Porkodio Server

security-protocols.com:
AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability. Read more

security-protocols.com:
BSCW Insecure Default Installation Vulnerability. Read more

security-protocols.com:
Multiple pwck/grpck Privilege Elevation Vulnerabilities. Read more

www.securitytracker.com:
Microsoft Internet Explorer (IE) May Allow Malicious Javascript to Poll a User's System for Known Files. Read more

www.securitytracker.com:
Miva Merchant Shopping Cart With VeriSign Payflow Link Module May Accept Invalid Credit Approval Transactions as Valid. Read more

www.securitytracker.com:
RPL/2 Programming Language Input Validation Errors May Let Local Users Gain Elevated Privileges on the Host. Read more

www.securitytracker.com:
PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error. Read more

www.securitytracker.com:
Anti-Web HTTPD (awhttpd) Web Server Can Be Crashed By Local Users. Read more

www.koth.org:
Corewar is a computer game with a difference. A recreation for programmers, it is not played by humans but by assembly language programs. Basically, programmers write warriors in a specialized language called redcode and two or more of these warriors are run in the memory (called the core) of a hypothetical computer called the MARS (Memory Array Redcode Simulator). It is an ideal game for you if you are a programmer. Read more

www.xatrix.org:
GeekLog - privileges vulnerability. Read more

www.contracostatimes.com:
Cyber insurance grows in popularity. Read more

www.cnn.com:
'ZaCker' worm attacks security software. Read more

www.govexec.com:
Feds take minimal role in patching holes in cyberspace. Read more

www.newsbytes.com:
Microsoft Plug-And-Play Patch Pleases FBI. Read more

news.cnet.com:
Did AOL cold-shoulder AIM flaw exposer? Read more

news.cnet.com:
Appeals court upholds anti-spam law. Read more

06 January 2002

New trojan(s):
Nakter Affe

Phoenix II 1.90

www.securityfocus.com:
BrowseFTP Client Buffer Overflow Vulnerability. Read more

security-protocols.com:
Security Problem Found with Cisco UBR900 Series Routers. Read more

www.securiteam.com:
ActivePerl Leaks True Path. Read more

www.securiteam.com:
Multiple pwck/grpck Privilege Elevation Vulnerabilities. Read more

www.securiteam.com:
AWHTTPd Local DoS. Read more

www.securitytracker.com:
Shopping Carts Using VeriSign's Payflow Link Payment System May Accept Invalid Credit Approval Transactions as Valid Transactions. Read more

www.securitytracker.com:
Snmpnetstat Component of Net-snmp (ucd-snmp) Has Heap Overflow That Allows Remote Servers to Execute Arbitrary Code on the System. Read more

www.securitytracker.com:
Mail.com E-mail Service Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks to Obtain Mail.com User Cookies. Read more

www.grcsucks.com:
'Win-XP hole' misrepresented by FBI, press, Gibson, by Tim Mullen. Read more

www.grcsucks.com:
GRC-Reply by Dave Dittrich. Read more

computerworld.com:
Report warns of al-Qaeda's potential cybercapabilities. Read more

www.cnn.com:
Home is where the hackers are. Read more

news.zdnet.co.uk:
Linux world dismisses new Trojan risk. Read more

www.newsbytes.com:
New Linux Backdoor Virus Gains Smarts. Read more

computerworld.com:
Judge allows use of keystroke capture technology in N.J. trial. Read more

www.ciol.com:
Student defends handling of AOL security flaw. Read more

www.linuxsecurity.com:
Snort-Setup for Statistics HOWTO. Read more

05 January 2002

New trojan(s):
Theef Downloader 1.0

Duddie 3.1c

www.securiteam.com:
AIM Buffer Overflow Exploit. Read more

www.securiteam.com:
UPNP Exploit Code Released. Read more

www.securiteam.com:
Solaris /bin/login Remote Exploit Code. Read more

www.securiteam.com:
DeleGate Cross Site Scripting Vulnerability. Read more

www.securiteam.com:
Security Problem Found with Cisco UBR900 Series Routers. Read more

www.securiteam.com:
Lynx Format String Vulnerability in URL Logging. Read more

www.securiteam.com:
Lastlines.CGI Path Traversal and Command Execution Vulnerability. Read more

www.securiteam.com:
Security hole in AOL Instant Messenger leaves computers vulnerable to remote takeover. Read more

www.securityfocus.com:
BSCW Remote Command Execution Vulnerability. Read more

www.securityfocus.com:
BSCW Insecure Default Installation Vulnerability. Read more

www.theregister.co.uk:
Ditch IE - veteran bug hunter. Read more

www.globalsecurity.org:
Kabul computer reveals files of top Al Qaeda officials. Read more

networking.earthweb.com:
Driveby Hacking on the Go. Read more

www.wininformant.com:
Antivirus Vendors Warn of Zacker Worm and ClickTillUWin Trojan Horse. Read more

www.zdnet.com:
Trojan horse conveys IE users to porn. Read more

news.zdnet.co.uk:
Porn Trojan exploits old Microsoft hole. Read more

www.idg.net:
FBI Agency Revises XP Security Alert. Read more

www.zdnet.com:
MS sounds Passport IE patch alarm. Read more

www.wired.com:
Judge OKs FBI Keyboard Sniffing. Read more

www.theregister.co.uk:
Popular file-share utilities contain Trojans. Read more

www.computeruser.com:
Music sharing programs share advertiser's 'Trojan' spyware. Read more

www.theregister.co.uk:
Nvidia settles Dutch hacking lawsuit. Read more

www3.gartner.com:
Microsoft Security Chief Can Boost Federal Cybersecurity. Read more

www.theregister.co.uk:
Bill Gates docu-death film shows at Slamdance. Read more

04 January 2002

New trojan(s):
Xot 0.5 Beta 2

Espionage 1.1

news.cnet.com:
Worm targets security software. Read more

www.securiteam.com:
Internet Explorer GetObject() Problems. Read more

www.securityfocus.com:
Microsoft Internet Explorer GetObject File Disclosure Vulnerability. Read more

www.securiteam.com:
Security Risk When Using the CGI Binary (PHP.EXE) Under Apache. Read more

www.securiteam.com:
AOL Instant Messenger Remote Buffer Overflow. Read more

www.securiteam.com:
Vulnerability in Encrypted Loop Device for Linux. Read more

www.securiteam.com:
Stunnel Format String Security Vulnerability. Read more

www.securiteam.com:
DayDream BBS Buffer Overflows. Read more

www.securityfocus.com:
AOL Instant Messenger Remote Buffer Overflow. Read more

Phrack has been providing the hacker community with information on operating systems, networking technologies and telephony, as well as relaying features of interest to the international computer underground. The Phrack Magazine team released a new issue of this Magazine, number 58. Read more

www.nandotimes.com:
Instant Messenger flaw fixed; hackers criticized for little warning. Read more

www.timesofindia.com:
Utah student defends handling of AOL security flaw. Read more

www.thetimes.co.uk:
AOL admits security flaw. Read more

www.thestar.com:
Latest computer threats slither forth. Read more

www.internetwk.com:
Experts Foresee More Mass-Mailing Viruses In 2002. Read more

www.vnunet.com:
Rare Linux virus on the loose. Read more

www.neowin.net:
Nvidia seizes computers of hackers. Read more

www.pcworld.com:
Peer-to-Peer Apps Shared Trojan Horse. Read more

www.cbsnews.com:
Home Computers A Tempting Target. Read more

www.canoe.ca:
FBI: Windows XP fix is adequate. Read more

hoovnews.hoovers.com:
Remote Desktop: Secure or vulnerable? (Enterprise ENTE). Read more

www.zdnet.com:
Keep yourself top secret! How to defeat spyware (Part 2). Read more

www.newsday.com:
Popular Jargon in Computer Security. Read more

03 January 2002

New trojan(s):
Lithium 1.0 Beta 5

SShare 2

Internet Security Systems Security Alert
AOL Instant Messenger Remote Buffer Overflow. Read more

www.securiteam.com:
IMail Web Service User Aliases / Mailing Lists Admin Vulnerability. Read more

www.securiteam.com:
SpeedXess HASE-120(IPOA Router) Default Password. Read more

www.securiteam.com:
Daydream BBS Format String Vulnerability. Read more

www.linuxsecurity.com:
Vulnerability in encrypted loop device for Linux. Read more

abcnews.go.com:
New hole in AOL Instant Messenger lets hackers take over; solution promised soon. Read more

www.cnn.com:
Security hole found in AOL Instant Messenger. Read more

www.wired.com:
AOL's Messenger Ripe for Hacking. Read more

www.zdnet.com:
AIM hole could let worms wriggle in. Read more

www.computeruser.com:
Serious AIM security hole could invite worms - experts. Read more

www.business2.com:
File-sharing programs carry Trojan horse. Read more

www.zdnet.com:
Trojan horse targets file-swappers. Read more

www.law.com:
FBI May Use Keystroke-Recording Device Without Wiretap Order. Read more

www.worldnetdaily.com:
Echelon excesses. Read more

www.heraldsun.news.com.au:
Microsoft plugs its leaking plughole. Read more

www.securityfocus.com:
Fear, Uncertainty and Doubt, Inc. Read more

www.osopinion.com:
An Insecure Feeling About Microsoft's Security. Read more

news.mywebpal.com:
E-detectives help solve workplace cyber-crime Stalking workplace e-crimes. Read more

www.newsfactor.com:
Viruses in Review: How Curiosity Can Doom Users. Read more

www.eweek.com:
Viruses to Continue Their Assault on Net. Read more

www.vnunet.com:
Instant Messaging viruses set to soar. Read more

www.nandotimes.com:
MITZI PERDUE: Cyber security. Read more

www.zdnet.com:
How THEY know what you're doing on your PC (Part 1). Read more

www.techtv.com:
Web Attacks Go Wireless? Read more

www.vnunet.com:
Sklyarov returns to hero's welcome. Read more

www.zdnet.com:
Judge sets date for Microsoft hearing. Read more

www.zdnet.com:
The incredible shrinking Internet. Read more

02 January 2002

New trojan(s):
XtraAccess 1.02

Wintrix

Georgi Guninski security advisory #52, 2001
IE GetObject() problems. Read more

www.securityfocus.com:
Last Lines CGI Script Remote Command Execution Vulnerability. Read more

security-protocols.com:
Cherokee Webserver Directory Traversal and Elevated Privileges. Read more

www.securityfocus.com:
Last Lines CGI Script Directory Traversal Vulnerability. Read more

www.securityfocus.com:
DayDream BBS Control Code Multiple Buffer Overflow Vulnerability. Read more

www.securiteam.com:
ELSA Lancom 1100 Office Security Problems. Read more

www.securiteam.com:
Cherokee Webserver Directory Traversal and Elevated Privileges Vulnerabilities. Read more

www.securiteam.com:
Ztreet Markup Language Security Vulnerability. Read more

www.securityfocus.com:
IPTables Linux firewall with packet string-matching support. Read more

www.business-standard.com:
India is preparing for a war on the web. Read more

www.businessweek.com:
Toward More Cybersecurity in 2002. Read more

news.com.au:
Most troubled by net security. Read more

www.belfasttelegraph.co.uk:
Help! my computer's caught a code. Read more

www.nikkeibp.asiabiztech.com:
Future Computer Viruses to Be Less Damaging, Cause More Infections: Sophos CEO. Read more

www.boston.com:
E-mail glitch hits Harvard applicants. Read more

www.asahi.com:
CDs to thwart pirates. Read more

01 January 2002

New trojan(s):
Khaos 2.1

Glacier 9.11 Special Edition

www.theregister.co.uk:
'Win-XP hole' mis-represented by FBI, press, Gibson. Reading more

news.cnet.com:
Who are you? Microsoft and Sun Microsystems want your identity. Read more

www.knoxnews.com:
Preventing computer viruses and worms. Read more

www.nzherald.co.nz:
Watch out for possible New Year's computer attacks. Read more

www.iht.com:
Protecting Your Mac From Net Nuisances. Read more

www.cnn.com:
Freed Russian software programmer returns home. Read more

www.globetechnology.com:
The story of cyberlaw in 2001. Read more

www1.keenesentinel.com:
Keene woman eludes online fraud; EBay blames Monadnet. Read more

www.infoworld.com:
Security shopping lists made for the New Year. Read more


Copyright© MegaSecurity.org