Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!
News Archive    Translate Traducen
News February 20002
28 February 2002

New trojan(s):
CyberPaky 1.8

www.dachb0den.com:
bsd-airtools is a package that provides a complete toolset for wireless 802.11b auditing. Read more

Microsoft Security Bulletin MS01-011
Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service. Read more

Microsoft Security Bulletin MS01-012
Malformed Data Transfer Request can Cause Windows SMTP Service to Fail. Read more

security.e-matters.de:
PHP remote vulnerabilities. Read more

www.netfilter.org:
Important security announcement of the netfilter project. Read more

www.securityoffice.net:
Novell GroupWise Web Access Path Disclosure Vulnerability. Read more

homepage.mac.com:
Auto file execution vulnerability in Mac OS. Read more

Cisco Security Advisory:
Data Leak with Cisco Express Forwarding Enabled. Read more

GreyMagic Security Advisory GM#001-IE
Executing arbitrary commands without Active Scripting or ActiveX. Read more

Internet Security Systems Security Alert
Multiple PHP Vulnerabilities: Remote Compromise Exploit in Circulation. Read more

online.securityfocus.com:
Working Resources BadBlue Cross Site Scripting Vulnerability. Read more

online.securityfocus.com:
Working Resources BadBlue Triple-Dot-Slash Directory Traversal Vulnerability. Read more

www.securiteam.com:
Kazaa, Grokster and Morpheus Remote Denial of Service. Read more

www.securiteam.com:
Symantec Enterprise Firewall (SEF) SMTP Proxy Inconsistencies. Read more

www.securiteam.com:
Gator Installer Plugin Allows Any Software to be Installed Remotely. Read more

www.securitytracker.com:
'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users. Read more

www.securitytracker.com:
AOL Instant Messenger (AIM) May Disclose AIM Passwords to Remote Users in Certain Situations. Read more

www.securitytracker.com:
AMaViS SMTP Anti-Virus Scanner Can Be Crashed By Remote Users Sending Compressed Files With Large Numbers of Null Characters. Read more

www.securitytracker.com:
Tumbleweed Secure Mail SMTP Anti-virus Scanner Can Be Crashed By Remote Users Sending Compressed Files With Large Numbers of Null Characters. Read more

www.securitytracker.com:
Windows Media Player Executes URLs in Windows Media Files that Have Been Renamed as MP3 Files. Read more

www.securitytracker.com:
Open Bulletin Board (OpenBB) Input Filtering Bug Lets Remote Users Conduct Cross-Site Scripting Attacks Against OpenBB Users. Read more

www.securitytracker.com:
ScriptEase Web Server Edition Sample Script (comment2.jse) Discloses Files Located Anywhere on the Server to Remote Users. Read more

www.securitytracker.com:
UnrealIRCd Internet Relay Chat (IRC) Server Format String Bug Lets Remote Users Crash the Chat Service. Read more

www.securitytracker.com:
Compaq Application Control Management System (ACMS) for OpenVMS Operating System May Allow Local Users to Obtain Elevated Privileges. Read more

www.securitytracker.com:
Ethereal SNMP Processing Bug Lets Remote Users Crash the Network Sniffer. Read more

www.defcon.org:
DEF CON 10 Call for Papers Announcement. Read more

www.raid-symposium.org:
Fifth International Symposium on Recent Advances in Intrusion Detection. Read more

www.blackhat.com:
Black Hat Briefings 2002 conference. Read more

www.osopinion.com:
Microsoft Admits XP Media Player Spies on Users. Read more

www.newsbytes.com:
Another Security Hole Found In Macromedia Flash. Read more

www.reuters.co.uk:
Microsoft Security Push Faces Skepticism. Read more

online.securityfocus.com:
Sniffers: What They Are and How to Protect Yourself. Read more

www.wired.com:
Hack a PC, Get Life in Jail. Read more

www.cnn.com:
House panel OKs boost in cybercrime penalties. Read more

www.newsbytes.com:
New York Times Intranet, Source Database Hacked. Read more

www.idg.net:
Security holes closed in New York Times intranet after hacker intrusion. Read more

www.usatoday.com:
Hacker says he infiltrated 'New York Times'. Read more

www.computerworld.com:
New York pulls sensitive data from state's Web sites. Read more

www.wired.com:
Are Crackers Behind AOL Spree? Read more

sportsillustrated.cnn.com:
Formula One teams on watch for computer hackers. Read more

www.computerworld.com:
Energy firms move to thwart cyberattacks. Read more

news.com.au:
Cyber crime gathers strength. Read more

www.zdnet.com:
The Next Big Virus: How can we prepare ourselves? Read more

www.usatoday.com:
Agency raises the bar on tech security. Read more

www.cnn.com:
How can personal firewalls help your PC? Read more

www.zdnet.com:
Why passwords will always be a pain. Read more

27 February 2002

New trojan(s):
InCommand 1.7 beta

www.dachb0den.com:
Practical Exploitation of RC4 Weaknesses in WEP Environments. Read more

online.securityfocus.com:
Symantec Norton Antivirus LiveUpdate Plaintext Credentials Vulnerability. Read more

online.securityfocus.com:
OpenBB Image Tag Cross-Site Scripting Vulnerability. Read more

www.securiteam.com:
Antivirus Mail Scanners DoS. Read more

www.securiteam.com:
Buffer Overflow in Microsoft Internet Explorer. Read more

www.securiteam.com:
Compromising IIS or Apache Servers Running PHP for Windows (Step-by-Step). Read more

www.securiteam.com:
AdMentor Login Flaw (SQL Injection). Read more

www.securiteam.com:
Cheating CHAP. A paper explaining the weakness in the CHAP protocol as used within PPP and PPTP has been released. The vulnerability described allows for authentication in PPTP networks without knowing valid a login and password. Read more

www.securitytracker.com:
Citrix NFuse Web Publishing Server May Disclose Novell Directory Services (NDS) Network Information to Remote Users. Read more

www.securitytracker.com:
Symantec Enterprise Firewall (Raptor) Fails to Report Some Alerts via SNMP. Read more

www.securitytracker.com:
Zero One Technology's ZOT P100s Print Server Discloses Information to Remote Users via SNMP Even When Configured Not To. Read more

www.securitytracker.com:
Greymatter Weblog Software Discloses Administrator Account Passwords to Remote Users in Certain Configurations. Read more

www.attrition.org:
Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue. Read more

www.computerworld.com:
Q&A with ICANN's security chairman, Stephen Crocker. Read more

industry.java.sun.com:
Gong Li Sheds Light on Sun's Security. Read more

online.securityfocus.com:
New York Times Internal Network Hacked. Read more

online.securityfocus.com:
MP3 Files Not Always Safe. Read more

www.computeruser.com:
Gator digital wallet allows hacker back doors. Read more

www.silicon.com:
Freeware: The new threat to company security. Read more

www.informationweek.com:
Hackers Sneak Through Open Doors In Applications. Read more

www.helsinki-hs.net:
Hackers accessed more than 100,000 systems at home and abroad. Read more

www.silicon.com:
UK businesses making a hash of security. Read more

ua.pennwellnet.com:
Protecting the Grid from Cyber Attack. Read more

news.mysanantonio.com:
Cyberterror worries federal, state experts. Read more

news.com.au:
Net bank fraud inevitable: expert. Read more

www.sfgate.com:
Indian Affairs security lapses exposed Under instruction from court, lawyer easily infiltrated bureau's computer system. Read more

www.theregister.co.uk:
Security suppliers compared to dodgy car mechanics. Read more

www.newsbytes.com:
Commerce Dept Fines Company For Illegal Crypto Exports. Read more

www.computeruser.com:
If Morpheus is illegal, so is the rest of the Net - EFF. Read more

26 February 2002

New trojan(s):
Casus 2.3

www.securiteam.com:
ACK Tunneling Trojans. Read more

x82.i21c.net:
UCD-snmp-4.0.1-5 Remote exploit. Read more

CERT® Advisory CA-2002-04
Buffer Overflow in Microsoft Internet Explorer. Read more

www.kb.cert.or:
Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive. Read more

www.cert.org:
Steps for Changing Your Options in Web Browsers - Netscape and Internet Explorer. Read more

www.securitytracker.com:
Century Software's TERM Terminal Emulator Software Buffer Overflow Lets Local Users Gain Root Privileges on the System. Read more

www.securitytracker.com:
XMB Forum Allows Cross-Site Scripting Attacks. Read more

online.securityfocus.com:
XMB 1.6x JavaScript Messages Vulnerability. Read more

www.securiteam.com:
LilHTTP Web Server Protected File Access Vulnerability. Read more

www.securiteam.com:
Essentia Web Server DoS Vulnerability. Read more

www.securiteam.com:
Essentia Web Server Directory Traversal Vulnerability. Read more

www.securiteam.com:
Greymatter Remote Login / Password Exposure. Read more

www.securiteam.com:
Century Software's TERM Emu Buffer Overflows. Read more

www.theregister.co.uk:
Steve Gibson invents broken SYNcookies. Read more

cr.yp.to:
SYN cookies. Read more

www.internetnews.com:
New Security Flaw Found in IE. Read more

zdnet.com.com:
MS warns of 'critical' flaws. Read more

www.eweek.com:
Sans Predicted Snmp Attack; What's Next? Read more

www.newsbytes.com:
'Distributed' Web Projects Raise Security Issues. Read more

www.vnunet.com:
Experts back 'rules' for bug fixes. Read more

news.bbc.co.uk:
Hiding security bugs. Read more

www.wired.com:
Bush Push for Stiffer Hack Fines. Read more

news.bbc.co.uk:
Tipping the balance on net security. Read more

www.latimes.com:
Microsoft's Mundie Says Viruses Must Be Fought. Read more

news.com.com:
Some Microsoft testimony open to media. Read more

www.chron.com:
Programs flawed, Microsoft reveals. Read more

www.chron.com:
Judge's porn case hinges on computer hacker. Read more

www.sfgate.com:
An Internet outlaw goes on record Pleasant Hill student tells of his 'hacktivism'. Read more

www.rferl.org:
EU: E-Mail Publication In Turkey Causes Diplomatic Row. Read more

news.independent.co.uk:
The secret life of your own laptop. Read more

25 February 2002

New trojan(s):
F-Backdoor 1.0

www.securitytracker.com:
Rich Media Technologies JustAddCommerce E-commerce Software Discloses User Passwords to Local Users.
Read more

www.securitytracker.com:
FreeRADIUS Authentication Server (and Possibly Other RADIUS Servers) May Become Overloaded By a Remote Flood of Access-Request Packets from a Single User. Read more

www.securitytracker.com:
Yahoo Messenger Client Can Be Crashed By Remote Users and Spoofed Messages Can Be Sent By Remote Users. Read more

www.securitytracker.com:
Squid Proxy Cache Server Buffer Overflow Lets Remote Users Create Denial of Service Conditions and May Let Remote Users Execute Arbitrary Code on the System. Read more

www.securitytracker.com:
Netopia Timbuktu Remote Access Software Lets Users Without Administrator Privileges Modify User Account Restrictions. Read more

www.securiteam.com:
Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise. Read more

www.securiteam.com:
CNet CatchUp Arbitrary Code Execution. Read more

www.securiteam.com:
Phorum Discussion Board Security Bug (Email Disclosure). Read more

online.securityfocus.com:
Powie PForum Username Cross-Site Scripting Vulnerability. Read more

www.securityspace.com:
XML Core Services patch (Q318203). Read more

www.vnunet.com:
Bug Watch: Heuristics is the way forward. Read more

news.com.com:
Industry group to stamp on bugs. Read more

www.vnunet.com:
Microsoft puts trust in security wizards. Read more

www.vnunet.com:
Don't be lulled by the illusion of security. Read more

www.eweek.com:
Glitches Plague Windows Messenger. Read more

24 February 2002

New trojan(s):
Duddie 3.2

Spyware ripped apart by Doc. Read More

www.acsac.org:
ITS4: A Static Vulnerability Scanner for C and C++ Code. Read more

lin.fsid.cvut.cz:
Hunt, TCP Hijacking tool. Read more

www.securiteam.com:
Alcatel 4400 PBX Hack. Read more

www.securitytracker.com:
Trend Micro's InterScan VirusWall Proxy Bug Lets Remote Users Bypass Some Access Controls and Connect to Arbitrary Ports on Internal/Protected Hosts. Read more

www.securitytracker.com:
Finjan SurfinGate Proxy Bug Lets Remote Users Bypass Some Access Controls and Connect to Arbitrary Ports on Internal/Protected Hosts. Read more

www.securitytracker.com:
Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files. Read more

www.securitytracker.com:
Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files. Read more

www.securitytracker.com:
NetWin's WebNEWS Server Has Built-in Default User Names That Cannot Be Removed and That Allow Remote Users to Gain Access. Read more

www.securitytracker.com:
Essentia Web Server Discloses Files Located Anywhere on the System to Remote Users and Lets Remote Users Crash the Web Service. Read more

www.securitytracker.com:
Microsoft Internet Explorer Has Another Frame Domain Security Bug That Lets Remote Users View Files or Other Personal Information from a Victim's Computer By Using Malicious VBScripts. Read more

www.securitytracker.com:
Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server. Read more

www.securitytracker.com:
ASPCode.net's AdMentor Banner Rotation Script Filtering Bug Gives Remote Users Administrator Access to the Application. Read more

www.securitytracker.com:
Avenger's News System CGI (ans.pl) Input Filtering Hole Lets Remote Users Execute Arbitrary Commands on the Web Server. Read more

online.securityfocus.com:
Essentia Web Server Long URL Denial Of Service Vulnerability. Read more

online.securityfocus.com:
Essentia Web Server Directory Traversal Vulnerability. Read more

online.securityfocus.com:
Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Microsoft VBScript Same Origin Policy Violation Vulnerability. Read more

online.securityfocus.com:
Yahoo! Instant Messenger Spoofed Username Vulnerability. Read more

www.securiteam.com:
ScriptEase MiniWeb Server DoS. Read more

www.securiteam.com:
MSDE, SQL Server 7 & 2000 Adhoc Heterogeneous Queries Buffer Overflow and DoS. Read more

www.securiteam.com:
Netwin Webnews.exe (utoken). Read more

www.techtv.com:
FBI Says It's Monitoring Web Vulnerability. Read more

news.com.com:
Group to set bug-reporting standards. Read more

news.com.com:
Famed hacker Mitnick meets his mark. Read more

news.com.com:
Napster court win puts labels in spotlight. Read more

news.com.com:
Gates plugs Xbox as man about Tokyo. Read more

www.techtv.com:
Self-Sending Spam. Read more

23 February 2002

New trojan(s):
Starline 2.0 beta

mIRC Backdoors - An advanced overview by ReDeeMeR. Read more

stage.caldera.com:
Open UNIX, UnixWare 7: Webtop setuid script vulnerability. Read more

www.securityoffice.net:
Cross Site Scripting "the security gap". Read more

www.securityoffice.net:
Essentia Web Server DoS Vulnerability. Read more

www.securityoffice.net:
LilHTTP Web Server Protected File Access Vulnerability. Read more

www.securiteam.com:
Tripod Account Hijack. Read more

www.securiteam.com:
ASP.NET Session Information Leakage. Read more

online.securityfocus.com:
Squid HTCP Runtime Configuration Vulnerability. Read more

online.securityfocus.com:
Nombas ScriptEase:WebServer Edition GET Request Denial of Service Vulnerability. Read more

online.securityfocus.com:
Squid Cache SNMP Denial of Service Vulnerability. Read more

online.securityfocus.com:
Avenger's News System Directory Traversal Vulnerability. Read more

online.securityfocus.com:
Squid Cache FTP Proxy URL Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Avenger's News System Remote Command Execution Vulnerability. Read more

online.securityfocus.com:
AdMentor Remote SQL Injection Vulnerability. Read more

online.securityfocus.com:
Citrix NFuse Network Information Disclosure Vulnerability. Read more

online.securityfocus.com:
Apple MacOS 9 Classic Reverse DNS Lookup DoS Vulnerability. Read more

online.securityfocus.com:
Novell GroupWise 6 Post Office LDAP Authentication Bypass Vulnerability. Read more

online.securityfocus.com:
Compaq Nonstop Himalaya SNMP Agent Denial Of Service Vulnerability. Read more

www.securiteam.com:
Rich Media E-Commerce Stores Sensitive Information Insecurely. Read more

www.securitytracker.com:
MacOS DNS Bug Lets Remote DNS Servers Crash the Operating System. Read more

www.securitytracker.com:
Novell GroupWise LDAP Authentication Configuration Error Lets Remote Users Access GroupWise Accounts Without Having to Supply a Password. Read more

www.securitytracker.com:
Symantec Enterprise Firewall (Raptor) SMTP Proxy Fails to Fully Rewrite Some SMTP Headers. Read more

www.securitytracker.com:
Lil' HTTP Server Discloses Files in Password Protected Directories on the Web Server to Remote Users. Read more

www.securitytracker.com:
Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host. Read more

www.theregister.co.uk:
Three new MS security holes - two nasty. Read more

www.theregister.co.uk:
SNMP exploit causes printers to jam. Read more

www.theregister.co.uk:
Most SNMP vulns quietly lurking. Read more

www.newsbytes.com:
Gator Digital Wallet Allows Hacker Back Doors. Read more

w3.ivy.hu:
Hungarian discovery: a new security gap in Internet Explorer. Read more

www.newsbytes.com:
Disclosure Guidelines For Bug-Spotters Proposed. Read more

theregister.co.uk:
Mass ICQ 'hack' baffles world+dog. Read more

www.newsbytes.com:
Sites Revealed Passwords For Thousands Of Ameritech Users. Read more

www.silicon.com:
Security experts release free Cisco router tool. Read more

www.theregister.co.uk:
US Air traffic safe from hackers - FAA. Read more

zdnet.com.com:
Security experts: We need more money. Read more

www.thisislondon.co.uk:
Warnings over net stalking danger. Read more

www.theregister.co.uk:
Beware the bogus domain sellers. Read more

22 February 2002

New trojan(s):
Nauka

Ping Server version j

www.ee.oulu.fi:
Publications and Discussions on Liability for Bad Software. Read more

Microsoft Security Bulletin MS02-008
XMLHTTP Control Can Allow Access to Local Files. Read more

Microsoft Security Bulletin MS02-009
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files. Read more

Microsoft Security Bulletin MS02-010
Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise. Read more

www.corsaire.com:
Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies. Read more

www.corsaire.com:
Symantec/Axent NetProwler 3.5.x database configuration. Read more

www.squid-cache.org:
Squid Proxy Cache Security Update Advisory SQUID-2002:1. Read more

eyeonsecurity.net:
Gator installer Plugin allows any software to be installed. Read more

www.securitytracker.com:
Tarantella Enterprise Server '/tmp/spinning' Symlink Hole Lets Local Users Obtain Root Access When the Software is Installed. Read more

www.securitytracker.com:
Slash Code Allows Remote Users to Conduct Cross-Site Scripting Attacks to Steal Slash Web Site User Cookies. Read more

www.securitytracker.com:
Microsoft SQL Server Buffer Overflow Lets Remote Users Crash the Server and May Allow Remote Code to Be Executed on the Database Server. Read more

www.securitytracker.com:
RealSystem Server and RealSystem Proxy Buffer Overflows May Let Remote Users Execute Arbitrary Code on the Server or Cause the Server to Crash. Read more

www.securitytracker.com:
Netwin's WebNEWS News Server CGI May Execute Arbitrary Code Supplied By Remote Users. Read more

www.securitytracker.com:
GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions. Read more

www.securitytracker.com:
Lotus Domino Server Discloses Installation Path to Remote Users That Request Non-existent Perl Scripts. Read more

www.securitytracker.com:
Check Point FireWall-1 HTTP Proxy Bug Lets Remote Users Bypass Some Access Controls and Connect to Arbitrary Ports on Internal/Protected Hosts. Read more

www.securitytracker.com:
Alcatel 4000 PBX Phone Switch Default Configuration Lets Remote Users Access the Switch and Gain Root Access. Read more

www.securitytracker.com:
ScriptEase Mini WebServer Can Be Crashed By Remote Users Sending Long HTTP Requests. Read more

www.securitytracker.com:
Microsoft Outlook Web Access Discloses 'Include' Archive Files in the 'lib' Directory to Remote Users. Read more

online.securityfocus.com:
Alcatel OmniPCX Password File Encrypted Password Access Vulnerability. Read more

online.securityfocus.com:
Alcatel OmniPCX Unprivileged User System Shutdown Denial Of Service Vulnerability. Read more

online.securityfocus.com:
HP JetDirect SNMP Denial of Service Vulnerability. Read more

online.securityfocus.com:
Alcatel OmniPCX Default File Permissions World Writeable Vulnerability. Read more

digitalmass.boston.com:
Microsoft music, movie player logs users entertainment habits. Read more

www.computerbytesman.com:
Serious privacy problems in Windows Media Player for Windows XP. Read more

www.eweek.com:
Security Group Pinpoints Cisco Router Weakness. Read more

www.theregister.co.uk:
'Penetrate and patch' e-business security is grim. Read more

www.theregister.co.uk:
Tripod account hijack risk patched. Read more

www.businessweek.com:
Patching the Net's Fatal Flaws. Read more

online.securityfocus.com:
FAA: Air Traffic Control Holes Plugged. Read more

www.businessweek.com:
This LAN Is Whose LAN? Read more

www.cw360.com:
Law ties police hands in fight with hackers. Read more

www.reuters.com:
Famed Hacker Mitnick Greets Former Target. Read more

www.aftenposten.no:
Hackers hit University of Oslo. Read more

www.latimes.com:
Porn Case Hinges on Hacker. Read more

zdnet.com.com:
Cyberterrorists will be after you. Read more

hoovnews.hoovers.com:
Cyberterrorism: Get ready to become a hard target. Read more

www.wired.com:
Security: 3 Confabs' Killer App. Read more

www.eetimes.com:
Data networks pose crypto conundrum. Read more

www.newscientist.com:
Peekabooty aims to banish internet censorship. Read more

sunspot.net:
Pryin' Eyes. Spyware: Computer users beware sneaky programs that slip in and report data to marketers. Read more

21 February 2002

New trojan(s):
Cyn 2.0

Microsoft Security Bulletin MS02-007
SQL Server Remote Data Source Function Contain Unchecked Buffers. Read more

www.stdnet.com:
Regarding SNMP Vulnerabilities. Read more

www.aelita.com:
Protecting Active Directory from "Domain Trust" Vulnerability. Read more

www.cs.princeton.edu:
Timing Attacks on Web Privacy (pdf). Read more

www.ezkracho.com.ar:
Buffer overflow vulnerability in BladeEnc 0.94.1 Ad-Exploit Tested on Mandrake 7.0. Read more

www.ietf.org:
Responsible Vulnerability Disclosure Process draft-christey-wysopal-vuln-disclosure-00.txt. Read more

www.ietf.org:
The Tao of IETF - A Novice's Guide to the Internet Engineering. Read more Task Force

ftp.isi.edu:
The Internet Standards Process -- Revision 3. Read more

www.securityfriday.com:
About "Share-Level Password" Vulnerability. Read more

www.computerbytesman.com:
Serious privacy problems in Windows Media Player for Windows XP. Read more

www.securitytracker.com:
EverySoft's EveryAuction Software Allows Cross-Site Scripting Attacks and Lets Remote Users Send Unwanted E-mail Messages to Arbitrary Recipients. Read more

www.securitytracker.com:
Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations. Read more

www.securitytracker.com:
Adobe PhotoDeluxe Java Configuration Flaw Lets Malicious Applets Obtain Directory Listings and May Allow Remote Code to Be Executed on the User's Computer. Read more

www.securitytracker.com:
Windows XP Networking Port May Allow Remote Users to Deny Service By Sending a Stream of TCP SYN Packets. Read more

www.securitytracker.com:
Winamp Media Player Discloses Temporary File Path to Remote Web Servers, Potentially Allowing a Remote Server to Execute Arbitrary Code on the User's PC. Read more

www.securitytracker.com:
Ncurses Library Buffer Overflow May Allow a Local User to Crash Applications and Possibly Execute Arbitrary Code. Read more

www.securitytracker.com:
mwForum Bulletin Board CGI Parameter Bug Lets Remote Users Obtain Administrative Access on the Bulletin Board. Read more

www.securitytracker.com:
Dino's WebServer Can Be Crashed By Remote Users Sending Multiple Long HTTP GET Requests. Read more

www.securiteam.com:
Bypassing Content Filtering Software (Exploit). Read more

www.securiteam.com:
More Local Root Vulnerabilities during Installation of Tarantella Enterprise. Read more

www.securiteam.com:
Slashcode Login Vulnerability (Patch Available). Read more

online.securityfocus.com:
Tarantella Enterprise 3 Symbolic Link Vulnerability. Read more

online.securityfocus.com:
Cigital ITS4 Software Security Tool Weakness. Read more

qmail-scanner.sourceforge.net:
Qmail-Scanner: Content Scanner for Qmail. Read more

techupdate.zdnet.com:
Dangerous Yarner worm could delete your Windows files. Read more

www.elcom.co.uk:
Nasty Internet Worm Targets German Anti-Trojan Users. Read more

www.infoworld.com:
Free Cisco router security tool released. Read more

www.newscientist.com:
Peekabooty aims to banish internet censorship. Read more

www.bbspot.com:
Virus Responsible for Gates Security Memo. Read more

www.businessweek.com:
Patching the Net's Fatal Flaws. Read more

www.eastsidejournal.com:
'Soft Talk: Microsoft's `bug' leads to Peyton Place. Read more

www.idg.net:
Cybercrime reporting procedure draws fire. Read more

www.newsbytes.com:
Alleged Hacker Charged In Australia. Read more

www.linuxworld.com:
A walk on the wireless side. Read more

www.washingtonpost.com:
Computer Czar Issues Warning. Read more

www.vnunet.com:
Linux for the paranoid. Read more

www.vnunet.com:
Microsoft 'won't break Lindows'. Read more

news.com.com:
Microsoft preps Windows security scanner. Read more

techupdate.zdnet.com:
Liberty Alliance, Passport miles apart. Read more

www.csmonitor.com:
Your good name, sold for a penny. Read more

www.zdnet.com:
How password chaos could kill e-commerce. Read more

20 February 2002

New trojan(s):
HackWorld 2.03

www.securitytracker.com:
Microsoft Internet Security Acceleration Server Can Be Affected By Remote Users Conducting a LAND Flood Attack. Read more

www.securitytracker.com:
Deerfield WebSite Web Server Software Discloses Installation Path Location to Remote Users. Read more

www.securitytracker.com:
WeSQL Library May Allow Remote Users to Access Database Content Without Authenticating. Read more

www.securitytracker.com:
Phusion Web Server Has Multiple Flaws That Let Remote Users View Files, Crash the Server, and Execute Commands and Code to Gain System Level Access. Read more

www.securitytracker.com:
CodeBlue Log File Analysis Software Has Buffer Overflow That Allows Remote Users to Obtain Root Privileges. Read more

www.securityfocus.com:
Powie's pforum sql-injection User Authentication Vulnerability. Read more

www.ngsec.com:
Ettercap v0.6.3.1 and below advisory and remote root exploit against Linux. Read more

ettercap.sourceforge.net:
Ettercap 0.6.4 released. Read more

www.iss.net:
LICQ '%d' static buffer overflow. Read more

www.nmt.edu:
Avoid Microsoft Outlook. Read more

tom.me.uk:
MSN Messenger Hijacking. Read more

www.aristelecom.com.br:
Outlook Web Access view include files vulnerability. Read more

vapid.dhs.org:
Another local root vulnerability during installation of Tarantella Enterprise 3. Read more

www.nextgenss.com:
Netwin's WebNews contains a remotely exploitable buffer overrun that allows the execution of arbitrary code. Read more

www.computeruser.com:
Nasty Internet worm targets German anti-Trojan users. Read more

zdnet.com.com:
Dangerous Yarner worm spells bad news. Read more

www.theregister.co.uk:
German worm makes PCs kaput. Read more

zdnet.com.com:
Is Microsoft promising too much? Read more

hoovnews.hoovers.com:
Study says not all hackers are real computer wizards. Read more

news.com.com:
Dot-com dropouts share open-source love. Read more

news.com.com:
Microsoft unveils wireless strategies. Read more

www.securityfocus.com:
Terrorism Talks Open RSA Conference. Read more

www.foxnews.com:
Bush's Cybersecurity Adviser Urges Precautions to Avoid Digital Attacks. Read more

www.securityfocus.com:
Censor-buster Peek-A-Booty goes public. Read more

new.financialexpress.com:
Secure move: Get a hacker to plug the gaps. rEAD MORE

www.newsbytes.com:
Hong Kong Hacker Charged, Sentenced. Read more

www.chicagotribune.com:
High-tech teens turn to life of cybercrime. rEAD MORE

www.osopinion.com:
Is This a Good Time To Be a Hacker? Read more

www.computerworld.com:
Lockstep repairs hacked Web sites with WebAgain. Read more

www.zdnet.com:
Security guru: Let's secure the Net. Read more

www.zdnet.com:
Long haul ahead for social hackers. Read more

www.zdnet.com:
All-in-one security: It's where we're headed. Read more

19 February 2002

New trojan(s):
ScreenGrab 1.0

RemEye 1.0

Security in the Microsoft .NET Framework (pdf). Read more

www.cw360.com:
Viruses find way round server-based protection. Read more

www.cw360.com:
Latest IE patch can crash browsers. Read more

www.securiteam.com:
PowerFTP Server File Reading and DoS Vulnerabilities. Read more

www.securiteam.com:
Bypassing Content Filtering Software. Read more

www.securiteam.com:
Blue World Web Data Engine Web Server Overflow. Read more

www.securiteam.com:
PForum MySQL Injection Bug. Read more

www.securiteam.com:
HNS's webif.cgi Allows Overwriting of Diary Content. Read more

www.securiteam.com:
HNS Multiple Cross-Site Scripting Vulnerabilities. Read more

www.securitytracker.com:
Powie's PHP Forum (PFORUM) Web Board Authentication Flaw Lets Remote Users Login as Any Other User. Read more

www.securitytracker.com:
Hyper Nikki System Web Diary Software Allows Cross-Site Scripting Attacks. Read more

www.securityfocus.com:
DCP-Portal System Information Path Disclosure Vulnerability. Read more

www.debian.org:
hanterm: buffer overflow. Read more

www.linuxsecurity.com:
Message To Microsoft: Only The Truth Shall Set You Free. Read more

www.securityfocus.com:
The Enemy Inside the Gates: Preventing and Detecting Insider Attacks. Read more

ap.tbo.com:
Software Snags Crooks, Sneaking Spouses, but Alarms Privacy Advocates. Read more

www.theregister.co.uk:
SafeWeb holes emerge, said fixed. Read more

www.newsday.com:
SOME WEAK LINKS. Cases used to illustrate the cyber-terror threat. Read more

www.vnunet.com:
Smells like teen virus writers. Read more

www.vnunet.com:
Hackers face US bombing. Read more

www.infoworld.com:
Researchers crack new wireless security spec. Read more

seattletimes.nwsource.com:
Hacker attacks becoming more malicious, criminal. Read more

www.cnn.com:
Hack forces security audit at Morningstar Canada. Read more

www.theregister.co.uk:
802.1X can be toppled 'like set of dominoes'. Read more

www.vnunet.com:
Peekabooty comes out of hiding. Read more

www.vnunet.com:
FBI lets anarchist web geek go free. Read more

www.chicagotribune.com:
New security czar key to push for safer Microsoft software. Read more

www.infowarrior.org:
The Gates Declaration and Microsoft Security Day. Read more

18 February 2002

New trojan(s):
ANewTrojan

www.securiteam.com:
CodeBlue Vulnerable to an Exploitable Buffer Overflow. Read more

www.securiteam.com:
PHP for Windows Arbitrary Files Execution (GIF, MP3). Read more

www.securiteam.com:
Website Pro Path Disclosure (%20, "). Read more

www.securiteam.com:
Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities. Read more

www.securiteam.com:
Exim -C Security Vulnerability. Read more

www.securiteam.com:
MPG123 Local Buffer Overflow Vulnerability (Command Line). Read more

www.securitytracker.com:
Lasso Web Data Engine May Allow Remote Users to Crash the Web Server. Read more

www.securitytracker.com:
DCP-Portal Web Content Management Software Allows Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
DCP-Portal Web Site Content Management Software Discloses Web Root Installation Path to Remote Users. Read more

www.securitytracker.com:
NETGEAR Router Denial of Service Vulnerability Lets Remote Users Crash the Device With a Port Scan. Read more

www.theregister.co.uk:
Judge grants States access to Windows source. Read more

news.com.com:
Judge orders Microsoft to reveal code. Read more

www.startribune.com:
A legislative measure would increase hackers penalties. Read more

it.mycareer.com.au:
Hug a hacker, before they go underground. Read more

www.eweek.com:
Key Generator Beats Windows Product Activation. Read more

www.linuxsecurity.com:
Dealing with External Computer Security Incidents. Read more

www.theregister.co.uk:
MS bug busting tool is buggy. Read more

www.theregister.co.uk:
MS to block internet apps by default in .NET. Read more

www.theregister.co.uk:
Sony: MS already using Seattlement terms to screw us. Read more

www.theregister.co.uk:
Freedom Network source code now available. Read more

news.com.com:
The week in review: Net insecurity. Read more

www.stuff.co.nz:
Even small companies need security policies. Read more

17 February 2002

New trojan(s):
G-Spot Bot 1.0

StackGuard is a compiler that emits programs hardened against "stack smashing" attacks.
Stack smashing attacks are the most common form of penetration attack. Programs that have been compiled with StackGuard are largely immune to stack smashing attack. Protection requires no source code changes at all. Read more

www.codeproject.com:
How Visual C++ .NET Can Prevent Buffer Overruns. Read more

netgroup-serv.polito.it:
WinPcap: the Free Packet Capture Architecture for Windows. Read more

www.security.nnov.ru:
There are common methods allowing to bypass almost any content filtering software
(antiviral products, CVP firewalls, mail attachment filters, etc). Read more

www.securiteam.com:
SiteNews Remote Add User (exploit). Read more

www.securiteam.com:
Web Browsers Ignore Content-Type Headers Allowing Cross-site Scripting. Read more

www.securiteam.com:
Some IRC Servers Auto-DeOP Users Too Slowly. Read more

www.securiteam.com:
Falcon Web Server Authentication Circumvention Vulnerability. Read more

www.securiteam.com:
NetWin CWMail.exe Buffer Overflow (item=). Read more

www.securiteam.com:
DCP-Portal Root Path Disclosure. Read more

www.securiteam.com:
DCP-Portal Cross-Site Scripting. Read more

www.securiteam.com:
Add2it Mailman Command Execution (File Writing). Read more

www.securitytracker.com:
phpMyNewsletter Mailing List Management Script Static Cookie Hole Gives Remote Users Administrative Privileges on the Application. Read more

www.securitytracker.com:
BlackICE Fails to Log TCP Packets That Have the Urgent Flag Set. Read more

www.securityfocus.com:
Blue World Lasso Web Data Engine Vulnerability. Read more

www.securityfocus.com:
Netgear Dialup Router UDP Portscan Denial Of Service Vulnerability. Read more

www.securitytracker.com:
PrivaSec SurfSecure Web Privacy Software Fails to Block Spyware and Leaks Visited URLs to Remote Web Sites. Read more

www.securitytracker.com:
Microsoft Visual C++ Compiler Buffer Security Mode Does Not Eliminate Buffer Overflows in Compiled Applications. Read more

www.securitytracker.com:
DansGuardian Web Content Filtering Proxy Bug Lets Remote Users Bypass File Name Extension Filtering Restrictions. Read more

www.securitytracker.com:
Common UNIX Printing System (CUPS) Buffer Overflow May Allow a Remote User to Execute Arbitrary Code or Crash the Process. Read more

www.nextgenss.com:
E-mail Spoofing and CDONTS.NEWMAIL (Protecting Microsoft Active Server Pages Applications) (pdf). Read more

www.heise.de:
German language: XP-Lizenz öffnet PCs -- für Microsoft (Update). Read more

seifried.org:
Creating and Preventing Backdoors in UNIX Systems. Read more

linuxtoday.com:
Debian Security Advisory: New hanterm packages fix buffer overflow. Read more

cryptome.org:
Covert Internet interception and collection of data is underway in the United States (and perhaps elsewhere). Read more

www.ciol.com:
Menger virus strikes MSN. Readmore

www.linuxsecurity.com:
Keeping hackers from the 'dark side'. Read more

www.linuxsecurity.com:
ISP hackers likely to evade justice. Read more

16 February 2002

New trojan(s):
DFch 0.1 beta 2

Microsoft Security Bulletin MS02-006 (version 2.0)
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run. Read more

www.wtcs.org:
Testing your SNMP Implementation. Read more

www.securiteam.com:
Avirt Gateway Remote Buffer Overflow Proof of Concept. Read more

www.securiteam.com:
Privacy Exposure by Bypassing the HTTP Proxy. Read more

www.securityfocus.com:
HNS Multiple Cross-Site Scripting Vulnerability. Read more

www.securityfocus.com:
Common Unix Printing System Attribute Name Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
BlueFace Falcon Web Server Authentication Bypass Vulnerability. Read more

www.securiteam.com:
Identix's BioLogon 3 Can be Easily Bypassed. Read more

www.securiteam.com:
Buffer Overflow Found in MSHTML.DLL. Read more

www.securiteam.com:
Account Theft Vulnerability in MakeBid Auction Deluxe. Read more

www.securiteam.com:
Digitally Signing Buggy ActiveX Components. Read more

www.securiteam.com:
SIPS Allows Attackers to Gain Administrative Access. Read more

www.securitytracker.com:
ForumPerso PHP-based Web Forum Lets Remote Users Gain Administrator Access to the Application. Read more

www.securitytracker.com:
Identix BioLogon Authentication Protections Can Be Bypassed By Physically Local Users to Gain System Level Access. Read more

www.securitytracker.com:
Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges. Read more

www.securitytracker.com:
Microsoft Outlook E-mail Client May Display Potentially Malicious File Attachments Illegally Embedded Within Mail Headers. Read more

www.securitytracker.com:
Microsoft Internet Explorer Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser. Read more

www.securitytracker.com:
Ettercap Network Sniffer Has Buffer Overflow in Several Decoders That Allow Remote Users to Execute Arbitrary Code with Root Level Privileges. Read more

www.securitytracker.com:
Opera Web Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser. Read more

www.secadministrator.com:
Multiple Vulnerabilities in Microsoft Internet Explorer. Read more

news.com.com:
Was Cigital security warning too hasty? Read more

www.pcworld.com:
Can Some Viruses Duck Server-Based Traps? Read more

www.idg.net:
Beware of typos that lead you to malicious sites--and here's how to break free if you get caught at one. Read more

digitalmass.boston.com:
Hacker break-in forces firm to issue results early. Read more

www.computeruser.com:
Hacker-proof Web is years away - cyber security chief. Read more

www.idg.net:
Hacker forces security audit at Morningstar Canada. Read more

www.vnunet.com:
High noon for hackers. Read more

www.reuters.com:
Microsoft: Security Charges 'Unfounded'. Read more

www.ntsecurity.net:
Microsoft Responds to Visual C++ Vulnerability Charges. Read more

www.newsbytes.com:
Most Federal Agencies Unable To Spot Cyber-Attacks - OMB. Read more

www.blackhat.com:
Papers and presentations are now being accepted for the Black Hat Briefings 2002 conference. Read more

www.msnbc.com:
Microsoft’s new ‘compiler’ program has security flaw, consultancy says. Read more

15 February 2002

New trojan(s):
Ping Server version h

BlueFire 0.50

www.guninski.com:
Digitally signing buggy ActiveX components. Read more

www.cigital.com:
Microsoft Compiler Flaw Technical Note. Read more

www.phrack.org:
BYPASSING STACKGUARD AND STACKSHIELD (bottom of page). Read more

www.security.nnov.ru:
buffer overflow in mshtml.dll. Read more

eyeonsecurity.net:
Microsoft Passport Account Hijack Attack. Read more

www.securityfocus.com:
Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vulnerability. Read more

www.securityfocus.com:
Exim Configuration File Argument Command Line Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
Netwin CWMail Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
Bavo Message Editing Insecure CGI Vulnerability. Read more

www.securityfocus.com:
HP-UX 11.11 strlimit() Kernel Panic Vulnerability. Read more

www.securiteam.com:
Sybex E-Trainer Directory Traversal Vulnerability. Read more

www.securitytracker.com:
Caldera UnixWare 'ifile' Default Permissions Disclose Hashed Root Password to Local Users. Read more

www.securitytracker.com:
Astaro Linux Insecure Default File Permissions May Allow a Local User to Gain Elevated Privileges on the System. Read more

www.securitytracker.com:
Sun Solaris mail(1) Utility Lets Programs Pass Command Line Options to Sendmail that Could Give a Local or Remote User Elevated Privileges on the System. Read more

www.securitytracker.com:
PHPWebThings Web Page Creation Tool May Allow Remote Users to Modify SQL Queries. Read more

www.securiteam.com:
Deanonymizing SafeWeb Users. Read more

www.securiteam.com:
InstantServers MiniPortal Multiple Vulnerabilities. Read more

www.securiteam.com/unixfocus:
Bad Temporary File Handling in GNAT. Read more

www.securiteam.com/unixfocus:
Ettercap Remote Root Compromise. Read more

www.securiteam.com/unixfocus:
Security Vulnerability Found in Sawmill (Incorrect Permissions). Read more

www.securiteam.com/unixfocus:
Astaro Security Linux File Permissions Problem. Read more

www.nsag.net:
CERT SNMP Advisory: What It Is, What To Do. Read more

Simple Network Management Protocol (SNMP) Vulnerabilities
Frequently Asked Questions (FAQ) Read more

www.securityfocus.com:
The SNMP fiasco: steps you need to take. Read more

www.ee.oulu.fi:
PROTOS Test-Suite: c06-snmpv1. Read more

www.themercury.news.com.au:
Net flaw hits computers. Read more

techupdate.zdnet.com:
SNMP bugs put Net traffic at risk. Read more

www.informationweek.com:
Microsoft Security Patch Said Ineffective. Read more

www.securityfocus.com:
Snort Sniffs Out a Commercial Future. Read more

www.securityfocus.com:
MSN Messenger Worm Entices the Unwary. Read more

www.newsfactor.com:
MSN Messenger Worm Marks Troubling Trend. Read more

www.vnunet.com:
'Warhol' porn worm warning. Read more

www.usatoday.com:
Cyberattack could result in military response. Read more

www.nypost.com:
CLARKE: TERRORIST ORGANIZATIONS MAY HAVE PENETRATED GOV COMPUTERS. Read more

zdnet.com.com:
Did MS bug alarm go off too early? Read more

www.reuters.com:
Hacker Break-in Forces Firm to Issue Results Early. Read more

www.vnunet.com:
Only seven hackers jailed in two years. Read more

www.naplesnews.com:
Inmate's hacking through jail computers comes to an end. Read more

www.washingtonpost.com:
Bush Adviser Warns Cyberterrorists. Read more

www.seacoastonline.com:
Congress Considers Cybercrime Bill. Read more

www.nytimes.com:
U.S. Backing for Guidelines on Fighting Cybercrime. Read more

www.infoworld.com:
The Gripe Line. Read more

zdnet.com.com:
ISP hackers making a clean getaway? Read more

www.vnunet.com:
Bug Watch: Weathering the storm. Read more

www.crn.com:
Secure Computing Agrees To Buy Gauntlet. Read more

chkpt.zdnet.com:
BILL GATES UNVEILS VISUAL STUDIO.NET. Read more

www.reuters.com:
Microsoft Web Toolkit Has Security Loophole -Expert. Read more

www.canoe.ca:
Japan space agency hacked. Read more

www.newsforge.com:
New software brings user-friendly data encryption to home and office PCs. Read more

14 February 2002

New trojan(s):
Meet the Lamer 1.0

Download Massaker 1.1

Default installation of Internet Explorer 5.5 and 6.0 still allows us to execute files on default installations of the target computer, technically trivial silent delivery and installation of an executable on the target computer. Read more

www.securiteam.com:
Internet Explorer and Access Allows Macros to be Executed Automatically. Read more

Extended HTML Form Attack.
Making use of Non-HTTP protocols to launch Cross Site Scripting attacks. Read more

www.ngsec.com:
Ettercap, remote root compromise. Read more

www.securityfocus.com:
Microsoft Internet Explorer Forced Script Execution Vulnerability. Read more

www.securitytracker.com:
Microsoft Internet Explorer (IE) HTML Directive Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed on Another User's Computer. Read more

www.securitytracker.com:
Microsoft Internet Explorer (IE) 'Content-Type' Processing Hole Lets Remote Users Open Applications on Another User's Computer. Read more

www.securitytracker.com:
Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System. Read more

www.securityfocus.com:
Microsoft Internet Explorer MIME Type File Extension Spoofing Vulnerability. Read more

www.securityfocus.com:
Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerability. Read more

www.securityfocus.com:
Multiple Vendor SNMP Trap Handling Vulnerabilities. Read more

www.securityfocus.com:
Multiple Vendor SNMP Request Handling Vulnerabilities. Read more

www.securityfocus.com:
GNU Ada Compiler Runtime Library Insecure Temporary File Creation Vulnerability. Read more

www.securitytracker.com:
SYBEX e-trainer Training Software Discloses Files on the System to Remote Users When Training Software is in Use. Read more

www.securiteam.com:
PROTOS Remote SNMP Attack Tool. Read more

www.securiteam.com:
Malformed Network Request can cause Office X for Mac to Fail. Read more

www.securiteam.com:
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code Execution. Read more

www.securityfocus.com:
MSN Messenger Worm Entices the Unwary. Read more

www.wired.com:
Cybercrime Bill Ups the Ante. Read more

www.nandotimes.com:
Group warns of widespread security flaw among Internet network devices. Read more

www.komotv.com:
Gov't Group Warns Large Sector Of Internet Vulnerable. Read more

www.sfgate.com:
Technology flaw causes fear of hacking. Read more

www.boston.com:
Security flaw could threaten Internet. Read more

www.elcom.co.uk:
SNMP Security Flaw Threatens Network Infrastructure. Read more

hoovnews.hoovers.com:
All networks are insecure (Enterprise ENTE). Read more

www.bayarea.com:
Life in jail for hacking proposed. Read more

investor.cnet.com:
Government renews cybercrime push. Read more

www.nzherald.co.nz:
Govt looks at repelling hackers. Read more

www.business.scotsman.com:
Microsoft tackles security flaws. Read more

13 February 2002

New trojan(s):
Charge version b

Microsoft Security Bulletin MS02-006
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run. Read more

_vti_bin/shtml.dll Can lead to REMOTE Exploit on IIS 5.1. Read more

www.iss.net:
PROTOS Remote SNMP Attack Tool. Read more

CERT® Advisory CA-2002-03
Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP). Read more

www.securityfocus.com:
EZNE.NET Ezboard 2000 Remote Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
Cooolsoft PowerFTP Server Path Disclosure Vulnerability. Read more

www.securityfocus.com:
Cooolsoft PowerFTP Server Plaintext Account Information Vulnerability. Read more

www.securityfocus.com:
InstantServers MiniPortal FTP Login Remote Buffer Overlow Vulnerability. Read more

www.securitytracker.com:
Prospero Message Boards Has Cross-Site Scripting Flaw That Allows Remote Users to Steal Message Board User Cookies. Read more

www.securitytracker.com:
IBM OS/400 Operating System Discloses User Account Names to Valid Remote Users in the Default Configuration. Read more

www.securitytracker.com:
CGINews Web-based News Management Application Discloses Files on the System to Remote Users. Read more

www.securitytracker.com:
MSN Messenger Instant Messaging System Discloses Contact List Contents From Inactive Accounts to Remote Users. Read more

www.securitytracker.com:
Atomic Photo Album Bugs Let Remote Users Crash the Application. Read more

www.securitytracker.com:
BAVO PHP-based Web News Software Authentication Bug Lets Remote Users Gain Administrative Access to the Application. Read more

www.securiteam.com:
Format String Vulnerability in VXPrint Allows Gaining of Arbitrary Privileges (exploit). Read more

www.securiteam.com:
Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions. Read more

www.securiteam.com:
Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution. Read more

www.securiteam.com/unixfocus:
EasyBoard 2000 Remote Buffer Overflow Vulnerability. Read more

www.newsbytes.com:
Hackers Shortcut Hotmail Password Reset Protections. Read more

www.usatoday.com:
Research group finds holes in Net security. Read more

www.pcplus.co.uk:
Big new IE security patch. Read more

www.theregister.co.uk:
Serious network security holes surface. Read more

www.theregister.co.uk:
IBM Memory Keys in mystery virus infection. Read more

www.reuters.com:
FBI Says It's Monitoring Internet Vulnerability. Read more

www.ananova.com:
Gates orders Microsoft security blitz. Read more

www.startribune.com:
Internet computers threatened by hackers, research group warns. Read more

www.theadvertiser.news.com.au:
ISPs lead fraud crackdown. Read more

www.silicon.com:
'I'll be back,' says knackered hacker tracker. Read more

www.pcworld.com:
Wireless LANs Raise Security Worries. Read more

www.theregister.co.uk:
Gambling software firm takes $1.3m charge for security breach. Read more

12 February 2002

New trojan:
NetDevil 1.2

Microsoft Security Bulletin MS02-005
Cumulative Patch for Internet Explorer. Read more

www.securitytracker.com:
Actinic Catalog E-commerce Software Allows Cross-Site Scripting Attacks, Letting Remote Users Steal User Cookies. Read more

www.securitytracker.com:
'2037 Gestion Liens' Web Portal Software Lets Remote Users Gain Administrative Access to the Application. Read more

www.securitytracker.com:
AtheOS Operating System chroot() Function Lets Local Users Break Out and Access Files Outside of the Chroot Jail. Read more

www.securitytracker.com:
MakeBid Auction Deluxe Online Auction Software Has Cross-Site Scripting Flaw That Lets Remote Users Steal User Authentication Cookies and Access User Accounts. Read more

www.securitytracker.com:
Sitenews PHP-Based Web News System Lets Remote Users Add User Accounts. Read more

www.securitytracker.com:
InstantServer's MiniPortal FTP Server Has Multiple Flaws That Allow Remote Users to Execute Arbitrary Code and View Files on the Server. Read more

www.securitytracker.com:
ARESCOM NetDSL 800 Router Default Configuration Lets Remote Users Access the Telnet Management Port. Read more

www.securitytracker.com:
IceWarp Web Mail Lets Remote Users Steal User Session IDs and Access Mail Accounts Belonging to Other Users. Read more

www.securitytracker.com:
Dlogin Buffer Overflow May Let Local Users Execute Arbitrary Code and Obtain Elevated Privileges. Read more

www.securityfocus.com:
Arescom Net DSL 1000 telnet Denial of Service Vulnerability. Read more

www.securityfocus.com:
Arescom NetDSL DSL Router Administrative Access Password Vulnerability. Read more

www.securiteam.com:
Hewlett Packard AdvanceStack Switch Management Authentication Bypass Vulnerability. Read more

www.securiteam.com:
MSN Contact List Disclosure. Read more

www.securiteam.com:
Texis CGI Path Disclosure Vulnerability. Read more

www.securiteam.com:
Default HELP System of Internet Explorer Allows Arbitrary Code Execution. Read more

news.com.com:
Mac Office vulnerable, Microsoft warns. Read more

news.com.com:
Microsoft plugs six browser holes. Read more

www.newsbytes.com:
Microsoft Recalls Botched Browser Security Patch. Read more

www.ananova.com:
Microsoft offers anti-hacker remedy for browser flaws. Read more

www.timesofindia.com:
Security top priority for Microsoft now. Read more

www.theregister.co.uk:
The Valentine's Day virus massacre. Read more

www.linuxsecurity.com:
Operating system security stats hard to compare, but more Linux vulnerabilities being reported. Read more

www.theregister.co.uk:
IE bug allows full MSN Messenger hijack. Read more

news.com.com:
Analysts: Security's where the money is. Read more

seattletimes.nwsource.com:
Software world's job one: No more bugs. Read more

www.stuff.co.nz:
Building a defence to combat theft and hacking. Read more

www.theregister.co.uk:
BlackICE slips up over serious security risk. Read more

www.sundaytimes.news.com.au:
CityLink to say sorry 8000 times. Read more

www.nwc.com:
Send Spammers Packing. Read more

11 February 2002

New trojan(s):
Helios 4.08-LE

www.securityfriday.com:
Something interesting about the Windows registry. Read more

www.securityfocus.com:
PHP Include File Relative Directory Information Disclosure Vulnerability. Read more

www.securityfocus.com:
Arescom NetDSL DSL Router Administrative Access Password Vulnerability. Read more

www.securityfocus.com:
Apple QuickTime Content-Type Remote Buffer Overflow Vulnerability. Read more

www.securitytracker.com:
RealSecure Server Sensor Has Exploitable Buffer Overflow That Lets Remote Users Execute Arbitrary Code in the Kernel Context on the System. Read more

www.securitytracker.com:
Licq Instant Messaging Client Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
HP AdvanceStack Switching Hub Access Control Bug Lets Remote Users Gain Full Access to the Switch. Read more

www.securitytracker.com:
Apple QuickTime Media Player Has Buffer Overflow in 'Content-Type' Processing That Allows Remote Users to Execute Arbitrary Code on the Player. Read more

www.reuters.com:
ISS Issues Patch for Hole in BlackICE Firewall Software. Read more

www.computeruser.com:
NY State sues Network Associates over review ban. Read more

www.computeruser.com:
Spyware removal firm issues apology, plea for help. Read more

www.sundaytimes.news.com.au:
CityLink to say sorry 8000 times. Read more

www.asahi.com:
Malaysian student suspected of hacking. Read more

thestar.com.my:
Malaysian held in Japan over hacking. Read more

www.sfgate.com:
Battling Computer Crime. Livermore students on front lines of cyber defense. Read more

www.cnn.com:
Security holes found in Oracle software. Read more

www.zdnet.com:
Things about MS Outlook that bug me (How about you?). Read more

www.embedded.com:
Jump Zero and Explode. Read more

www.zdnet.com:
Worried about wireless security? Here's a solution. Read more

www.nypost.com:
JAILBIRD HACKS PRISON COMPUTER. Read more

www.nationalpost.com:
How to keep out cyber-voyeurs. Read more

www.gnome.org:
Interview with GNOME hacker Daniel Veillard. Read more

www.nationalpost.com:
Liberal tried to hack our computers, Tories say. Read more

www.newsbytes.com:
New Twist On Web-Forms Hack Scarfs Browser Cookies. Read more

www.zdnet.com:
Stop the insanity! Kill spam dead with these 3 tools. Read more

www.computeruser.com:
Judge orders March hearing on Microsoft settlement. Read more

www.idg.net:
Microsoft to fight for antitrust settlement. Read more

10 February 2002

New trojan(s):
WinRat 1.2 by Cloak.

www.cirt.net:
Nikto is a web server scanner. It is based on and inspired by Whisker 1.4 scanner. Read more

opensource.isc.vt.edu:
Daisy is a program that reviews your system for service pack and os level, determines what hotfixes the base os needs, and downloads and installs them in a correct and consistent manner. Read more

www.securiteam.com:
Hanterm Exploit Code Released. Read more

www.securitytracker.com:
Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges. Read more

www.securityfocus.com:
WMTV Configuration File Symlink Vulnerability. Read more

www.securityfocus.com:
Microsoft Exchange Inappropriate Registry Permissions Vulnerability. Read more

www.securiteam.com:
Arescom NetDSL 800 Authentication Flaw. Read more

www.securiteam.com:
Cisco CatOS Telnet Buffer Vulnerability. Read more

www.securiteam.com:
Apple QuickTime Player "Content-Type" Buffer Overflow. Read more

www.securiteam.com:
ISS BlackICE Exploitable Kernel Overflow. Read more

www.securiteam.com/unixfocus:
Plumtree Corporate Portal Cross-Site Scripting. Read more

www.securitytracker.com:
Trend Micro's OfficeScan Fails to Scan Files With Certain Types of Long NTFS File Path Names. Read more

www.securitytracker.com:
Faq-O-Matic FAQ Management Application Allows Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Castelle FaxPress Fax Server Discloses Network Print Queue Passwords to Remote Users. Read more

www.securitytracker.com:
DeleGate Proxy Server Has Multiple Buffer Overflow Vulnerabilities That Let Remote Users Execute Arbitrary Code on the Server. Read more

www.securitytracker.com:
WindowMaker TV (wmtv) Symlink Bug Lets Local Users Overwrite Arbitrary Files With Root Privileges. Read more

www.securitytracker.com:
Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings. Read more

www.securitytracker.com:
Cisco Secure Access Control Server (ACS) Lets Remote Users With Novell Directory Service (NDS) 'Expired' or 'Disabled' Account Status Gain Access to Cisco Resources Managed By ACS. Read more

www.securitytracker.com:
eshare Expressions Web Site Software Discloses Files on the Hard Drive to Remote Users. Read more

www.securitytracker.com:
Caldera UniwWare 'libc.so.1' Library Function Lets Local Users Execute Arbitrary Code with Elevated Privileges. Read more

www.securiteam.com:
SQL Injection Whitepaper Released. Read more

www.securiteam.com:
New SQL Injection Whitepaper. Read more

www.ngsec.com:
Polymorphic Shellcodes vs. Application IDS's. Read more

www.riptech.com:
RIPTECH RELEASES GROUNDBREAKING INTERNET SECURITY THREAT REPORT. Read more

www.newsbytes.com:
Microsoft Recalls Botched Browser Security Patch. Read more

www.linux-box.org:
Peer-To-Peer Networking Security. Read more

www.linux-box.org:
New Twist On Web-Forms Hack Scarfs Browser Cookies. Read more

www.herald-mail.com:
Parks forced off Internet. Read more

www.wired.com:
Mitnick to Plead for Ham License. Read more

www.nikkeibp.asiabiztech.com:
Illegal Net Access Cases Rise in 2001, IPA of Japan Says. Read more

www.nandotimes.com:
House passes computer security bill aimed at thwarting hackers. Read more

www.computeruser.com:
House panel to examine another Net security bill. Read more

www.computeruser.com:
Hong Kong to consider restricting cybercenters. Read more

www.vnunet.com:
Fans should 'weep' over Linux lapses. Read more

www.vnunet.com:
The Penguin bites back at Windows. Read more

www.theregister.co.uk:
IE bug allows full MSN Messenger hijack. Read more

www.nandotimes.com:
Hole discovered in Internet security program. Read more

news.com.com:
ISS issues patch for firewall software. Read more

www.theregister.co.uk:
Oracle posts fix - servers 'unbreakable' again? Read more

www.techweb.com:
Encryption Leaves DES Behind. Read more

09 February 2002

New trojan(s):
Wildek 0.2 beta

www.securityoffice.net:
HP AdvanceStack Switch Managment Authentication Bypass Vulnerability. Read more

www.securityfocus.com:
Cisco Secure ACS NDS Expired/Disabled User Authentication Vulnerability. Read more

www.securityfocus.com:
AtheOS Change Root Relative Path Directory Escaping Vulnerability. Read more

www.securityfocus.com:
Caldera OpenServer Port Scan InetD Denial of Service Vulnerability. Read more

www.securityfocus.com:
Sitenews Unauthorized User Addition Vulnerability. Read more

www.securitytracker.com:
Opera Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers. Read more

www.securitytracker.com:
PHP for Windows Discloses Path Information to Remote Users. Read more

www.securitytracker.com:
PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests. Read more

www.securitytracker.com:
Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers. Read more

www.securitytracker.com:
Microsoft Office v. X for Mac OS X Can Be Crashed By Remote Users Sending Malformed Product Identification Packets. Read more

www.securiteam.com:
Lotus Domino Information Disclosure Vulnerability. Read more

www.securiteam.com:
Thunderstone Texis Path Disclosure Vulnerability. Read more

www.securiteam.com:
MRTG CGI Script "Show Files" Vulnerability. Read more

www.securityfocus.com:
The Devil You Know: Responding to Interface-based Insider Attacks. Read more

www.securityfocus.com:
Network Associates is Sued Over Review Ban. Read more

cryptome.org:
Anti-Keylogger tested by Cryptome. Read more

www.first.org:
14th Annual Computer Security Incident Handling Conference. Read more

news.com.com:
Microsoft developers feel Windows pain. Read more

news.com.com:
Microsoft works to fix MSN privacy flaw. Read more

www.silicon.com:
Microsoft's suffers further embarrassment. Read more

www.newsbytes.com:
Teen Anarchist's Supporters Accuse FBI Of AIM Hack. Read more

www.wired.com:
Mitnick to Plead for Ham License. Read more

news.zdnet.co.uk:
NY accuses software maker of censorship. Read more

www.onlinecasinonews.com:
Cryptologic results hit by hackers. Read more

www.nikkeibp.asiabiztech.com:
Illegal Net Access Cases Rise in 2001, IPA of Japan Says. Read more

08 February 2002

New trojan(s) added to the Archive:
NetControle 3.0

Microsoft Security Bulletin MS02-003
Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions. Read more

Microsoft Security Bulletin MS02-004
Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution. Read more

Extended HTML Form Attack.
Making use of Non-HTTP protocols to launch Cross Site Scripting attacks. Read more

www.securitytracker.com:
Sophos Anti-Virus Fails to Scan Files With Certain Types of Long NTFS File Path Names. Read more

www.securityfocus.com:
Oracle TNS Listener Arbitrary Library Call Execution Vulnerability. Read more

www.securityfocus.com:
Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability. Read more

www.securityfocus.com:
FreeBSD FStatFS Syscall Race Condition Vulnerability. Read more

www.securityfocus.com:
Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability. Read more

www.securityfocus.com:
ICQ For MacOS X Client Denial Of Service Vulnerability. Read more

www.securitytracker.com:
Microsoft Internet Information Server Can Be Stopped By Local Users Removing Virtual Directories in a Shared Hosting Environment. Read more

www.securitytracker.com:
Thunderstone Software's texis(CGI) for the TEXIS Database Discloses Path Information to Remote Users. Read more

www.securitytracker.com:
Squid Caching Server 'cachemgr.cgi' Configuration Error Still Allows Remote Users to Connect to Arbitrary Ports on Other Hosts. Read more

www.securiteam.com:
Vulnerability in Oracle 9i Database Server Leads to Remote Compromise. Read more

www.securiteam.com:
Multiple Buffer Overflows in Oracle 9iAS. Read more

www.securiteam.com:
JSP Translation File Access under Oracle 9iAS. Read more

www.securiteam.com:
ISAPI Priority Issue with IIS (NetPoint). Read more

www.securiteam.com:
Intel.com Mailing List Arbitrary Address Removal Link. Read more

www.securiteam.com:
Web Browsers Vulnerable to the Extended HTML Form Attack. Read more

www.securiteam.com/unixfocus:
SquirrelMail Security Bug Allows Execution of Arbitrary Commands. Read more

www.theregister.co.uk:
MS taunted with 'trustworthy computing' Web page. Read more

www.theregister.co.uk:
NY sues NAI so you can say McAfee sucks. Read more

www.theregister.co.uk:
How to hack unbreakable Oracle servers. Read more

www.nikkeibp.asiabiztech.com:
Illegal Net Access Cases Rise in 2001, IPA of Japan Says. Read more

www.nandotimes.com:
House passes computer security bill aimed at thwarting hackers. Read more

news.zdnet.co.uk:
Bugs bust open 'unbreakable' Oracle 9i. Read more

www.techfocus.org:
Crackers use MS's "phone-home" feature to exploit Mac Office. Read more

news.zdnet.co.uk:
Microsoft warns of Mac Office security flaw. Read more

www.silicon.com:
Gates red-faced as Microsoft leaves Apple users exposed to hackers. Read more

zdnet.com.com:
MS puts coders on bug alert. Read more

news.zdnet.co.uk:
Public blasts Microsoft antitrust settlement. Read more

www.msnbc.com:
Treasury computers said vulnerable. Read more

www.canada.com:
Identity theft a growth industry. Read more

07 February 2002

New trojan(s) added to the Archive:
Cyn 1.21

DarkSky version a

Microsoft Security Bulletin MS01-002
Malformed Network Request can cause Office v. X for Mac to Fail. Read more

www.securityfocus.com:
Castelle Faxpress Plaintext Password Disclosure Vulnerability. Read more

www.securityfocus.com:
eshare Expressions Directory Traversal Vulnerability. Read more

www.securitytracker.com:
Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users. Read more

www.securitytracker.com:
Windows Messenger (aka MSN Messenger) Instant Messaging Client Discloses Display Name and Contacts to Remote Users. Read more

www.securitytracker.com:
NETGEAR Router Allows Cross Site Scripting Attacks, Possibly Allowing a Remote User to Gain Access to the Router. Read more

www.wiretrip.net:
MS Site Server Evilness
A very interesting read on Site Server security problems. Read more

www.nextgenss.com:
OracleJSP. NGSSoftware Insight Security Research Advisory. Read more

www.securiteam.com:
Sastcpd 'authprog' Local Root Compromise (exploit). Read more

www.securiteam.com:
User-mode-Linux Security Flaws (exploit). Read more

www.securiteam.com:
NETGEAR RT311/RT314 Cross-Site Issue. Read more

www.securiteam.com:
Malicious Data Injection into Perl Modules. Read more

www.securiteam.com:
NetScreen Response to ScreenOS Port Scan DoS Vulnerability. Read more

www.securiteam.com:
Vulnerability in Lucent VitalSuite Software. Read more

www.securiteam.com:
PhpSmsSend Remote Command Execution Bug. Read more

www.securiteam.com:
Remote Denial of Service Vulnerability in BlackICE Products. Read more

www.securiteam.com/unixfocus:
Faq-O-Matic Cross-Site Scripting Vulnerability. Read more

www.securiteam.com/unixfocus:
PHP-Nuke-Add-on Allows Viewing of Arbitrary Files (HTMLToNuke). Read more

www.securiteam.com/unixfocus:
Vulnerabilities in Astaro Security Linux. Read more

www.theregister.co.uk:
MS bitten by old .NET vulnerability. Read more

www.networknews.co.uk:
Microsoft 'code scrub' ridiculed. Read more

www.theregister.co.uk:
Chinese SMS can crash Siemens mobiles. Read more

www3.gartner.com:
AOL Should Stop Fighting and Start Fixing IM Security. Read more

www.arabnews.com:
A virus or a solution? Read more

www.computerworld.com:
Airline Web sites seen as riddled with security holes. Read more

news.com.com:
Oracle shaky on 9i security vow. Read more

www.newsbytes.com:
Security Alerts Take Swing At Oracle's 'Unbreakable' Pitch. Read more

www.newsbytes.com:
BlackIce Firewalls Vulnerable To DOS Attack. Read more

news.zdnet.co.uk:
Morpheus denies security breach. Read more

www.msnbc.com:
NASA hacker gets 21 months in jail. Read more

english.peopledaily.com.cn:
China's Cyber Police Detain Teenage Hacker. Read more

www.oreillynet.com:
Life Imprisonment for Hacking? Read more

www.chron.com:
Provider blames ongoing hacker attack for demise. Read more

www.networknews.co.uk:
High noon for hackers. Read more

www.canada.com:
Hackers clip gambling firm. Read more

zdnet.com.com:
What makes a hacker hack? Read more

www.guardian.co.uk:
Don't risk it: analyse the threat. Read more

www.theregister.co.uk:
MS taunted with 'trustworthy computing' Web page. Read more

www.reuters.com:
Interior Dept: No End in Sight for Web Site Woes. Read more

www.pcworld.com:
Russian, U.S. Authorities Nab Alleged Hacker. Read more

www.infoworld.com:
Russian hacker arrested in bank extortion case. Read more

www.techweb.com:
Encryption Leaves DES Behind. Read more

news.zdnet.co.uk:
Code-eating software battles it out in P2P arena. Read more

06 February 2002

New trojan(s) added to the Archive:
BlueFire 0.41

FoxEyes 3.0

www.securityfocus.com:
Heuristic Techniques in AV Solutions: An Overview. Read more

rr.sans.org:
Deconstructing SubSeven, the Trojan Horse of Choice. Read more

Internet Security Systems Security Alert
Remote Denial of Service Vulnerability in BlackICE Products. Read more

www.securityfocus.com:
MRTG Configuration Generator Path Disclosure Vulnerability. Read more

www.securityfocus.com:
Lotus Domino MS-Dos Device Name Denial Of Service Vulnerability. Read more

www.securityfocus.com:
Lotus Domino Remote Authentication Bypass Vulnerability. Read more

www.securityfocus.com:
Lotus Domino Webserver DOS Device Extension Denial of Service Vulnerability. Read more

www.securitytracker.com:
Portix-PHP Web Portal Software Discloses Files to Remote Users and Lets Remote Users Gain Administrator Access on the Portal Application. Read more

www.securitytracker.com:
mIRC Internet Relay Chat (IRC) Windows Client Buffer Overflow Lets Malicious IRC Servers Execute Arbitrary Code on the Client and Take Full Control of the Client's Host. Read more

www.securitytracker.com:
Lotus Domino Web Server Gives Access to Password-Protected Functions to Unauthorized Remote Users Via Malformed URLs. Read more

www.securiteam.com:
Virus Can Exploit Long Path under NTFS to Evade Detection. Read more

www.securiteam.com:
Lotus Domino Web server DOS-device Denial of Service. Read more

www.securiteam.com/unixfocus:
Tac_plus File Permissions Security Vulnerability. Read more

www.securiteam.com/unixfocus:
Agora.cgi True Path Revealing Vulnerability. Read more

www.securiteam.com/unixfocus:
Vulnerabilities in SquirrelMail (JavaScript). Read more

www.securiteam.com/unixfocus:
RRDTool Path Disclosure Vulnerability (MRTG). Read more

www.zdnet.com:
Watch out! 2002 could be the year of the Trojan horse. Read more

www.uniontrib.com:
Service provider's collapse: Size matters in fending off hacker attacks. Read more

www.canada.com:
Hacker costs CryptoLogic US$1.3M charge. Gamblers won every time. Read more

quote.bloomberg.com:
Microsoft Messenger Hole Exposes Screen Names, E-mail (Update1). Read more

www.taipeitimes.com:
Experts say hackers spy on Net users. Read more

www.vnunet.com:
Nasa hacker thrown in the slammer. Read more

news.com.com:
Deciphering the hacker myth. Read more

news.com.com:
Chat-program bugs could bite millions. Read more

www.personneltoday.com:
Surviving a systems security breach. Read more

www.linuxsecurity.com:
Outside Hackers vs. the Enemy Within: Who's Worse? Read more

www.it-director.com:
Security: What you need to know - Standards and Certification. Read more

zdnet.com.com:
Millions at risk from chat flaws. Read more

www.computeruser.com:
Top news sites close script hacking hole. Read more

05 February 2002

New trojan(s) added to the Archive:
F17 1.4 b

DataSpy Network X 0.2 beta

www.securitytracker.com:
The '14all.cgi' Front End CGI Script for Multi Router Traffic Grapher (MRTG) Network Monitoring Application Has Input Validation Flaw That Discloses Portions of Files on the System to Remote Users. Read more

www.securitytracker.com:
'kicq' ICQ Client for KDE Can Be Crashed By Remote Users. Read more

www.securiteam.com:
Multiple pwck/grpck Privilege Elevation Vulnerabilities (Exploit code). Read more

www.securiteam.com:
PHP Safe Mode Filesystem Circumvention Problem. Read more

www.securiteam.com:
Free Online Personal Security Advisor. Read more

www.securiteam.com:
Lotus Domino Password Protected URL Bypass. Read more

www.securiteam.com:
Privilege Escalation with NDS for NT. Read more

www.securiteam.com:
RealPlayer Buffer Overflow. Read more

www.securiteam.com:
eNom Domain Registration Services Domain Hijacking Vulnerability. Read more

www.securiteam.com:
Intel WLAN Driver Stores 128bit WEP-Key in Plain Text. Read more

www.securiteam.com:
Vulnerabilities in EServ (PASV). Read more

www.securiteam.com:
BindView NETinventory NetRC HOSTCFG._NI Password Passed in Clear Text. Read more

www.securiteam.com:
Vulnerability in Hosting Controller (Username Detection). Read more

www.securiteam.com/unixfocus:
Header Based Exploitation and Web Statistical Software Threats (W3Perl). Read more

www.securiteam.com/unixfocus:
GNU Chess Buffer Overflow Vulnerability. Read more

www.securiteam.com/unixfocus:
Xkas Application Vulnerability. Read more

www.securiteam.com/unixfocus:
BRU Backup Program Vulnerable to Symlink Attack. Read more

www.deadly.org:
Using Active FTP Clients Through an OpenBSD 3.0 Firewall. Read more

www.zdnet.com:
'Dangerous' hole discovered in Morpheus. Read more

www.newsbytes.com:
No Exploit Required To Read Morpheus Users' Files. Read more

news.bbc.co.uk:
Hole in chat software fixed. Read more

www.computeruser.com:
Top news sites close script hacking hole. Read more

www.computeruser.com:
More spam-friendly holes found in popular Web software. Read more

theaspsite.org:
Near Phonetic Password Generator Version 1.2. Read more

www.computerworld.com:
Microsoft taps former DOJ cybercop for top security slot. Read more

www.zdnet.com:
Who's to blame when hackers hack? Here's who. Read more

www.business.scotsman.com:
Be prepared or get really hacked off.. Read more

kansascity.bcentral.com:
Businesses fight fire with fire to keep their systems from being hacked. Read more

www.idg.net:
Airline Web sites seen as riddled with security holes. Read more

www.salon.com:
The encrypted jihad. Read more

www.fcw.com:
Tools of SAN mischief-makers. Read more

www.people.co.uk:
Dr Vernon's casebook: The true cost of Internet vandals. Read more

www.newsday.com:
Stopping Cyber Terrorists a Tough Task. Read more

www.zdnet.com.au:
Global summit hit by cyberattack. Read more

www.washtech.com:
Computer Security At Treasury Dept. Arm 'Critical' – GAO. Read more

04 February 2002

New trojan(s) added to the Archive:
One 0.12 beta

Ping Server version g

www.securiteam.com:
NETGEAR RO318 HTTP Filter Vulnerability (exploit). Read more

www.securiteam.com:
mIRC irc:// Vulnerability and Nickname Buffer Overflow (exploit). Read more

www.securitytracker.com:
DCForum Messaging Board Lets Remote Users Gain Access to Other User Bulletin Board Accounts. Read more

www.securitytracker.com:
NetScreen Firewalls Can Be Made Unresponsive By a Remote User on the Trusted Interface Side Conducting Port Scans Through the Firewall. Read more

www.securityfocus.com:
MRTG CGI Arbitrary File Display Vulnerability. Read more

www.securityfocus.com:
kicq 2.0.0b1 Invalid ICQ Packet Denial of Service Vulnerability. Read more

www.securityfocus.com:
NetScreen ScreenOS Port Scan DoS Vulnerability. Read more

www.securiteam.com:
Security Hole in Upload System of UBBThreads and WWWThreads. Read more

www.securiteam.com:
Windows Based PHP Leaks True Path. Read more

www.securiteam.com:
PHP Reveals True Path (OPTIONS). Read more

www.securiteam.com:
PHP and JSP Trailing Slash Exposure. Read more

www.securiteam.com:
Security considerations to keep in mind when using Site Server 3.0. Read more

www.securiteam.com/unixfocus:
Tarantella Enterprise Directory Index Disclosure Vulnerability. Read more

www.securiteam.com/unixfocus:
Security Vulnerability in Several Versions of DCForum (New Password). Read more

www.securiteam.com/unixfocus:
Xoops Private Message System Script Injection. Read more

www.securiteam.com/unixfocus:
sastcpd Buffer Overflow and Format String Vulnerabilities. Read more

www.securiteam.com/unixfocus:
KICQ Vulnerable to a DoS Attack. Read more

www.smh.com.au:
Cyber assault hits global leaders' summit. Read more

www.dawn.com:
Cyber assault on WEF webpage. Read more

www.reuters.co.uk:
Cyber Assault Hits Global Leaders' Summit. Read more

www.cnn.com:
Elite forum beset by online attacks. Read more

www.nationalpost.com:
Terrorists may use Net to spy on infrastructure. Read more

www.securityfocus.com:
Solving the Problem of HTML Mail. Read more

news.com.au:
Credit card details at risk. Read more

www.pennlive.com:
Security, not speed, should be top PC concern, experts warn. Read more

www.stuff.co.nz:
Security: Firms should ditch traffic accident mentality. Read more

www.washingtonpost.com:
With a Vulnerable Computer System, Interior Is Cut Off From the Internet. Read more

www.computeruser.com:
Mobile workforce grows, security fears persist - study. Read more

www.computeruser.com:
Napster case: is judge turning tables on labels? Read more

www.computeruser.com:
Porn site, 900-number purveyors settle FTC fraud charges. Read more

03 February 2002

New trojan(s) added to the Archive:
BlueFire 0.36

www.securitytracker.com:
Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users. Read more

www.securitytracker.com:
Microsoft Site Server Commerce Edition Lets Remote Users With Valid NT Accounts Upload and Then Execute ASP Scripts on the Server or Consume Disk Space on the Server. Read more

www.securitytracker.com:
Sun Java Virtual Machine Can Be Crashed By Malicious Java Code. Read more

www.securitytracker.com:
Lotus Domino Web Server Discloses User Account Validity Information to Remote Users. Read more

www.securitytracker.com:
NetWare NDS for NT Configuration Error May Lets Remote Users Obtain NT Domain Administration Privileges. Read more

www.securitytracker.com:
Microsoft Distributed Transaction Coordinator (MSDTC) Service Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
Cisco Tac_plus TACACS+ Developer Kit Uses Unsafe File Permissions That May Allow Local Users to Modify the Logs, Overwrite Arbitrary Files, and Potentially Execute Arbitrary Code on the System. Read more

www.securiteam.com:
NetScreen ScreenOS Vulnerable to Trust Interface DoS Attack. Read more

www.securiteam.com:
MS Site Server Unauthorized SQL Command Injection Vulnerability. Read more

www.securityfocus.com:
DCForum Predictable Password Generation Vulnerability. Read more

www.securityfocus.com:
Jelsoft VBulletin Board HTML Posting Cross-Scripting Vulnerability. Read more

www.securityfocus.com:
Compaq Tru64 Inetd Port Scan Denial Of Service Vulnerability. Read more

www.securityfocus.com:
Novell NetWare NDS Domain Admin Null Password Vulnerability. Read more

www.securityfocus.com:
Microsoft Site Server LDAP Plain Text Password Storage Vulnerability. Read more

www.reuters.com:
Internet Firm Hacked Out of Business. Read more

www.uniontrib.com:
E-business edgy after hackers shut British firm. Read more

www.informationweek.com:
Microsoft Names Security Czar. Read more

www.theregister.co.uk:
DoS risks against Cisco storage routers routed. Read more

www.theregister.co.uk:
KaZaA.com 'evaluates' Dutch court ban. Read more

02 February 2002

New trojan(s)added to the Archive:
Baron Night 1.0

www.securitytracker.com:
NETGEAR Router Web Content Filtering Mechanism Can Be Bypassed By Remote Users With Certain Malformed HTTP GET Requests. Read more

www.securitytracker.com:
McAfee VirusScan Fails to Scan Files With Certain Types of Long NTFS File Path Names. Read more

www.securitytracker.com:
Symantec's Norton Anti-Virus Fails to Scan Files With Certain Types of Long NTFS File Path Names. Read more

www.securitytracker.com:
Compaq Tru64 Networking Stack Allows Remote Users to Cause Connections to Freeze. Read more

www.securitytracker.com:
SAP GUI Can Be Crashed By Remote Users Connecting to the GUI's Listening Port. Read more

www.securitytracker.com:
Jgroff pic Utility Format String Vulnerability Allows Remote Users to Execute Arbitrary Commands on the Server with 'lp' User Privileges. Read more

www.securitytracker.com:
RipMIME MIME Decoder Buffer Overflow Allows For Code Execution During Decoding. Read more

www.securitytracker.com:
UBBThreads Bulletin Board Application Lets Remote Users With Accounts on the Bulletin Board Upload Files With Prohibited Extensions, Including PHP Scripts Which Can Subsequently Be Executed on the System. Read more

www.securitytracker.com:
Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains. Read more

www.securitytracker.com:
CNET Catchup Software Update Utility Lets Remote Users Execute Arbitrary Code on Another User's Computer. Read more

www.securityfocus.com:
Cisco Tac_Plus Accounting Directive Insecure File Creation Vulnerability. Read more

www.securityfocus.com:
Cisco Tac_Plus Accounting Directive Insecure File Creation Vulnerability. Read more

www.securityfocus.com:
Microsoft Windows Trusted Domain Privilege Escalation Vulnerability. Read more

www.securityfocus.com:
UBBThreads/WWWThreads Arbitrary File Upload Vulnerability. Read more

www.securityfocus.com:
Sun Java Virtual Machine Segmentation Violation Vulnerability. Read more

www.securityfocus.com:
UBBThreads/WWWThreads Arbitrary File Upload Vulnerability. Read more

salix.org:
"Remote Access Session" is a security tool to analyze the integrity of systems. The program tries to gain access to a system using the most advanced techniques of remote intrusion. Read more

www.blackhat.com:
Windows Security 2002 Briefings and Training. Read more

www.securityfocus.com:
Microsoft's New Security Chief Was Hacker Hunter. Read more

www.computing.vnunet.com:
Microsoft Exchange servers dodge worm. Read more

www.computing.vnunet.com:
Interview with an ex-hacker. Read more

wired.com:
Where Did All the Hackers Go? Read more

www.newsbytes.com:
Top News Sites Close Script Hacking Hole. Read more

www.reuters.com:
Cyber Assault Hits Global Leaders' Summit. Read more

linuxtoday.co:
Survey Provides New Insights Into 'Hacker' Culture. Read more

news.com.com:
Microsoft appoints new security chief. Read more

www.reuters.com:
Internet Firm Hacked Out of Business. Read more

www.villagevoice.com:
Hackers Nuke Forum Site. Read more

www.osopinion.com:
Giving Hackers Their Due. Read more

www.reuters.com:
FTC to Crack Down on Deceptive Junk E-Mail. Read more

01 February 2002

New trojan(s) added to the Archive:
Daniel

BlueFire 0.1

www.securityfocus.com:
Sun Java Virtual Machine Segmentation Violation Vulnerability. Read more

www.securityfocus.com:
Lotus Domino Username Enumeration Vulnerability. Read more

www.securityfocus.com:
SAS SASTCPD Command Line Argument Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
SAS SASTCPD Command Format String Vulnerability. Read more

www.securityfocus.com:
Etype EServ Passive Mode Denial of Service Vulnerability. Read more

www.securityfocus.com:
AHG Search Engine Search.CGI Arbitrary Command Execution Vulnerability. Read more

www.securitytracker.com:
PhpSmsSend Front-End to SmsSend Allows Remote Users to Execute Arbitrary System Commands on the Server. Read more

www.securitytracker.com:
EServ FTP Server Allows Remote Users to Generate Bounce Attacks Against Remote Servers and Allows Remote Users to Cause Denial of Service Conditions on the Server. Read more

www.securitytracker.com:
SAS Job Spawner Buffer Overflow and Format String Bug Let Local Users Execute Arbitrary Code on the System with Root Privileges and Gain Root Privileges on the System. Read more

www.securitytracker.com:
Cisco Catalyst CatOS Telnet Daemon Buffer Overflow Lets Remote Users Crash and Reload the Switch. Read more

www.securiteam.com:
Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data. Read more

www.securiteam.com:
XOOPS Portal Software Private Message System Lets Remote Users Execute Javascript on the Recipient's Computer. Read more

www.computerworld.com:
Flaw in Win 2000, NT 4.0 makes domains 'too trusting'. Read more

www.theregister.co.uk:
MS fixes Win2K with 17MB security patch. Read more

www.newsbytes.com:
Top Security Sites Easy Prey To Script Attacks - Update. Read more

www.theregister.co.uk:
BadTrans-B tops virus charts. Read more

www.bday.co.za:
Worm wiggles its way into world's computers. Read more

www.theregister.co.uk:
Crackers exploit Cisco LAN switch flaw. Read more

www.computerworld.com:
Netscape flaw leaves cookies unsecure. Read more

www.theregister.co.uk:
Out of the box, Linux is 'dreadfully insecure'. Read more

www.villagevoice.com:
Hackers Nuke Forum Site. Read more

www.newsbytes.com:
FBI Raid Silences Teen Anarchist's Site. Read more

www.businessweek.com:
Accused Ebay Hacker Put on Electronic Leash. Read more

www.theregister.co.uk:
BBC bans use of non-MS PDAs. Read more

it.mycareer.com.au:
City Link review after card numbers leaked. Read more

www.theregister.co.uk:
Judge drops Napster bombshell. Read more

www.computeruser.com:
Justice Dept. to hire more computer crime attorneys. Read more

www.nzherald.co.nz:
Snooping bill troubles net lawyer. Read more

www.nst.com.my:
Safeguard against tech security threats. Read more

www.idg.net:
Microsoft taps former DOJ cybercop for top security slot. Read more

www.theneteconomy.com:
.NET: The Most Secure Microsoft Yet? Read more

www.reuters.com:
DVD Hacker Vows to Keep Challenging Ruling. Read more

www.themoscowtimes.com:
Hackers In Bat Suits. Read more


Copyright© MegaSecurity.org