Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!
News Archive    Translate Traducen
News August 2000

31 August 2000


New Trojans:
CrazzyNet 3.7.8 by CrAzzyWak.
Undetected 2.3 SE by KnoX_rw

ComputerWorld:
Developer unleashes Palm Trojan horse program. Read more
ZDNet:
Minimal impact of Palm Trojan hides future danger. Read more
PortableLife:
Trojan Horse Threatens Palm Organizers. Read more

Lberty Trojan Checker
This program scans Palm Computing Platform binary files for traces of the "Liberty" trojan horse program that was un-intentionally released on the Internet. See links above.

Wanted:
BioNet 2.10

30 August 2000


New Trojans:
Subseven 2.1.4 DEFCON8 by Mobman.

MultiBinder1.2.1 by The_Thinker.

Weekly Microsoft Security Digest 2000/08/21 to 2000/08/27. Read more

Weekly Linux Security Digest 2000/08/21 to 2000/08/27. Read more

Weekly Solaris Security Digest 2000/08/21 to 2000/08/27. Read more

Weekly Check Point Security Digest 2000/08/21 to 2000/08/27. Read more

NAI: W32/NewsTick Virus. Read more

Surfing the Tsunami
A large Southeastern university IS team fights off a massive distributed denial of-service attack and lives to tell about it. Read more

A random sample of 8081 different secure web servers (servers running the SSL protocol) in active use on the Internet shows that 32% are dangerously weak.
SSL, security, cryptography. Read more

TechWeb:
Trojan Horse App Threatens Palm Platform. Read more

29 August 2000


New Trojans:
Exploiter 1.0 beta by apOcalaps.
Infector 1.6a is the same as Infector 1.6, but with a different server. By coder FC.

Create a shadow directory of the real one with trojan versions of the same files. Read more

Microsoft Security Bulletin (MS00-062):
This vulnerability could allow a malicious user to corrupt parts of a Windows 2000 system's local security policy, with the effect of disrupting domain membership and trust relationship information. If a workstation or member server were attacked via this vulnerability, it would effectively remove the machine from the domain; if a domain controller were attacked, it could no longer process domain logon requests. Recovering from such an attack would likely require that a known-working configuration be restored from backup. Read more

NwFusion:
Survival Tips: Read more

TheRegister:
Hacktivists crash Korea govt home page. Read more

28 August 2000


New Trojans:
Lamers Death 2.2
Stukach is a tiny little program, which can run hiddenly on some computer, keeping track of everything user types on the keyboard, and sending this information to you via e-mail. Of course, user never would know you are reading his e-mail and stuff, unless you would say him.

FreeVeracity is a general-purpose data integrity tool for free platforms (e.g. GNU/Linux, FreeBSD, NetBSD, OpenBSD) that uses cryptographic hashes to detect changes in files. Link

NewsByte:
'Technicality' Sets Love Bug Suspect Free. Read more

AustralianIT:
Hackers target Olympics. Read more

KoreaHerald:
Hackers attack information ministry's Web site. Read more

ComputerUser:
Arachne Browser Architect Dismisses Virus Charge. Read more

27 August 2000


New Trojans:
Undetected 2.3a. New server by Knox_rw
PC Invader 0.7 alfa7 by Heraldo J. A. Carneiro Filho

AVP Updates 25 august 2000

New PGP release
MIT Distribution Center for PGP software has the new version of the program posted on-line. This release corrects a security-related bug with Additional Decryption Keys (ADKs) that may allow sophisticated attackers to add unauthorized ADK key IDs to the unhashed areas of PGP public keys. Link

FresfMeat:
Six Reasons Not to Use an ASP. Read more

Canada probes allegation that U.S. hacked secret files. Read more

CNN:
U.S. Justice Department releases criteria for 'Carnivore' review. Read more

FCW:
Jersey taking hard look at computer crime. Read more

26 August 2000


FC has improved his Infector:
Infector 1.6

By Evil Unca HeLLfiReZ:
SubSeven Mass Server Updater And Stealer. Download

Virus Trap creates two 15kb test files (result.exe and result.com). The theory is that if any viruses are running on your computer, running these test files should be enough to infect result.exe/com with that virus - trapping it for analysis.

Microsoft Security Bulletin (MS00-060):
Patch Available for "IIS Cross-Site Scripting" Vulnerabilities.Read more
Issue ===== On February 20, 2000, Microsoft and CERT (www.cert.org) published information on a newly-identified security vulnerability affected all web server products. This vulnerability, known as Cross-Site Scripting (CSS), results when web applications don't properly validate inputs before using them in dynamic web pages. If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to "inject" script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user's script to run on the user's machine using the trust afforded the other site.
More information about this subject can be found here:
Prevent Cross-Site Scripting Security Issues
Cross Site Scripting
IIS 5.0 cross site scripting vulnerability

Microsoft Security Bulletin (MS00-061)
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Money. The vulnerability could allow a malicious user to obtain the password of a Money data file. Read more

ComputerWeekly:
UK firms unite on early virus warning. Read more

Fake ID. Read more

PlanetIT:
Security Experts Discuss Hacking Trends. Read more

BBC:
Pokemon virus contained. Read more

ComputerUser:
Pokey Worm Is Moving Slow But Hitting Hard. Read more

WIRED:
Pretty Good Bug Found in PGP. Read more

NewsBytes:
PGP - Not As 'Pretty Good' As You Might Think. Read more

ComputerUser:
Egg Bank Hackers May Have Hit Other Online Banks. Read more

CNet:
Microsoft glitch leaves IM contact lists vulnerable. Read more

CNet:
Yahoo to offer encrypted email option. Read more

MSNBC:
How to spy on your employees. Read more

SPTIMES:
FBI arrests extortion suspect at library computer. Read more

NewsByte:
Love Bug Author Offered Various Jobs. Read more

ComputerUser:
UK's Ticketmaster Hacked By Napster Fans. Read more

25 August 2000


New Trojans:
CrazzyNet 3.7.5 by CrAzzyWak.
Asylum Multipager by Slim, modified by UXmaX.

Exe binder: MultiBinder1.2 by The_Thinker

Peacefire.org:
Using Akamai to bypass Internet censorship. Read more

UK.Internet:
Email security blown open by Critical Path bug. Read more

Yahoo:
Microsoft glitch leaves IM contact lists vulnerable. Read more

Individal.com:
Made-in-China Firewall Challenges Global Hackers. Read more

Ticketmaster hacked by music fans. Read more

SPTimes:
FBI arrests extortion suspect at library computer. Read more

24 August 2000


ISO has joined the crew. Welcome.
Please take time to make a vote.

New Trojans:
Backage 3.1
GIP 1.07

Exe Binder: MultiBinder 1.1 by The_Thinker.

CNNfn:
'Pokey' virus hits U.S.
Computer virus featuring Japanese cartoon character 'Pikachu' spreads. Read more

ZDNet:
Protect your Internet privacy ... by lying. Read more

ComputerUser:
Philippines Drops Love Bug Virus Charges. Read more

ZoneAlarm Firewall Spreads to Nets. Read more

ZDNet:
New weapon in child-porn wars. Read more

23 August 2000


New Trojans:
X-Console beta
Lamers Death 2.1
Un-detected 1.1 muerte
Thanks to WH¥ and ISO for sending me links.

Cross Site Scripting
IIS 5.0 cross site scripting vulnerability

TheAge:
Computer experts working to counter any Olympic attack. Read more

ComputerUser:
Kevin Mitnick on Net Radio Show Today. Read more

Techweb:
Defending Your Turf From Within -- Don't let the enemy sneak in via your LAN clients. The best personal firewalls ensure security and allow easy management from behind the walls. Read more

GlobeTechnology:
Believe it or not, there are hackers lurking everywhere. Read more

WIRED:
Top Guns Want to Probe Carnivore. Read more

PanetIT:
U.S. Web Surfers Worry About Privacy. Read more

22 August 2000


Trojans:
Y3K RAT 1.3 by -/Chucky-\- and [Firelarm].

CrazzyNet 3.7.1 by CrAzzyWak.

PC Invader 0.7 alfa6 by Heraldo J. A. Carneiro Filho.

Microsoft Security Bulletin (MS00-059):
Patch Available for "Java VM Applet" Vulnerability. Read more

Weekly Executive Security Digest 2000/08/14 to 2000/08/20. Read more

CrackPipe.c. Program to tunnel an IP, used to break through firewalls. (source)

Times of India:
Cookies. Read more

PCWorld:
Court Bars Hacker From Posting Code. Read more

CNet:
All "Love" virus charges dropped. Read more

Outrider Coputer Journal:
The Truth About Security. Read more

Telegraph.co.uk:
Computer hacker alert for 30,000. Read more

Washington Post:
A Bite Out of Carnivore. Read more

Security Focus:
Forty-five days of the Carnivore. Read more

Sunday Times:
Hackers caught in Bloomberg e-sting. Read more

Irish Independent:
10,000 still not back on line after net hacking. Read more

Mainichini:
Bounty put on hacker-proof home page. Read more

ComputerWorld:
Third suspect identified in Bloomberg cyberextortion case. Read more

Technology Evaluation:
Study Shows: FBI Alienates Industry Security Experts. Read more

FCW:
FBI releasing Carnivore files. Read more

Irish Independent:
When a hacker slips through the net. Read more

Irish Independent:
Gardai step up online hunt for mystery hacker. Read more

San Francisco Chronicle:
Companies gain from e-mail security paranoia. Read more

ABCNEWS:
Operating Systems: Debate Is Over Which Is Less Flawed. Read more

21 August 2000


Trojans:
NetDemon 1.0c by ][CrAsH][ (thanks to Sniper) and

Peanut Brittle 0.2beta by eXodus

WM Remote KeyLogger sends you the keystrokes of a remote computer.

Netscape Communicator Java Security BUG Patch. Read more

Update to Netscape 4.75. Read more

Weekly Microsoft Security Digest 2000/08/14 to 2000/08/20. Read more

Weekly Linux Security Digest 2000/08/14 to 2000/08/20. Read more

Weekly BSD Security Digest 2000/08/14 to 2000/08/20. Read more

Weekly Solaris Security Digest 2000/08/14 to 2000/08/20. Read more

Weekly Check Point Security Digest 2000/08/14 to 2000/08/20. Read more

ComputerUser:
LoveBug" Worm Variant Arouses FBI Scrutiny. Read more

20 August 2000


Trojan Skydance 2.291 beta

Trojan Pc Invader 0.6 beta

LinuxToday:
Red Hat Security Advisory: New Netscape packages fix Java security hole. Read more

TechWeb:
Privacy Group Wants Speedier Carnivore Disclosure. Read more

The-Times:
Older News.
Nato creates computer virus that reveals its secrets. Read more

ZDNet:
'Stages' scribe: 'I'm not fooling anybody'
In an exclusive interview with ZDNet Latin America, the reputed author of the 'Stages' worm says he's neither a 'veteran' nor a 'hacker' -- just a twenty-something who wants to have fun. Read more

19 August 2000


New Moscow Mail Trojan 1.5. Thanks to "Kronos".

Asylum Binder 1.0 by Slim.

AVP Updates 18 august 2000

Distributed Denial of Service (DDoS) Attacks/tools by David Dittrich

The Irish Times:
No arrests imminent in Eircom hacker case. Read more

CNN:
Surf-for-pay sites jeopardized by hackers. Read more

VNUNET:
Hacked websites 'didn't read the manual. Read more

VNUNET:
Love Bug variant hits European banks. Read more

ComputerWorld:
Security experts say 'Love Bug' variant poses little threat. Read more

ComputerWorld:
University researcher traces response to DDOS attacks. Read more

18 August 2000


Trojan BackAge 3.0.1 by Ne-O-Sk8.

Retina has the ability to scan, monitor and fix vulnerabilities within a network’s Internet, Intranet, and Extranet. Thus, giving the network administrator complete control across all possible points of attack within an organization.
Platform: NT

CNet:
FBI investigates password-stealing scam. Read more

FT.com:
Hacker takes Ireland offline. Read more

Security gates held open for "Love" virus, mutants. Read more

ILOVEYOU Virus Rides Again - As A Resume. Read more

NandoTimes:
Computer virus steals information on Swiss bank accounts. Read more

CNet:
New strain of "Love" virus steals passwords. Read more

Napster fan hacks dozens of sites. Read more

CANOE:
FBI, Mounties hunt Internet hackers. Read more

17 August 2000


Trojan Lamers Death 2.4. Thanks to "NoTrojan".

IE executes arbitrary files thru Microsoft Network

X-Exejoiner and Icon changer by Lazarus

NewdByte:
ILOVEYOU Virus Rides Again. Read more

ABCNEWS:
Taking a Byte Out of Crime
New Public-Private Venture Meant to Combat Cybercrime. Read more

CANOE:
FBI, Mounties hunt Internet hackers. Read more

Ecommerce:
Microsoft's Monopoly on Security Flaws. Read more

CNET:
Commentary: Microsoft lacks motivation to change security. Read more

CNET:
Bug hunter spies holes in Windows, IE 5.x. Read more

NetworkWorldFusion:
Confusion rife over 'Brown Orifice' Trojan horse. Read more

CNN:
Despite warnings, e-mail hoaxes still fooling people. Read more

16 August 2000


New: Trojan SniperNet 2.2 by Real Sniper. Thanks to the Trojan Sign.

Using publicly available tools and sniffers in hacking by Timo Aterma and Johannes Kleimola. Department of Computer ScienceHelsinki University of technology

Backdoors in U**x Systems by ManiaX Killerian

Trojan horse hiding under Linux by Iron Code

The Gentle Art of Trojan Horsing under Windows by EXo.

Collecting Information from Remote Sites by ManiaX Killerian.

Attacking Windows 9x with Loadable Kernel Modules by Solar Eclipse.

From Trojan Horses to Worms: Understanding Various Malicious Threats. Read more

TROJ_PERSONAL_ID
This malicious Trojan sends unsolicited email to an unknown number of contacts in the infected user's Microsoft Outlook address book. The executable file (written in Chinese) is sent as an attachment of the mail, which disguises itself as a "Personal ID Number" generator when it is executed. Read more

Microsoft Security Bulletin MS00-058 announces the availability of a patch that eliminates a vulnerability in Internet Information Server that ships with Microsoft® Windows 2000. Under certain conditions, the vulnerability could cause a web server to send the source code of a web file to a visiting user. Microsoft is committed to protecting customers' information, and is providing the bulletin to inform customers of the vulnerability and what they can do about it. Read more

VNUNET:
Bloomberg blackmail hacker suspects held. Read more

PCWorld:
F-Secure Puts Virus Protection in Your Hand. Read more

MSNBC:
Verizon site exposed customer data. Read more

15 August 2000


Trojan Undetected 2.2
- Lot of functions
- Server only 20 k

Remote OS detection via TCP/IP Stack FingerPrinting

PCWORLD:
National broadband provider DSLnetworks this week will unveil a free, managed firewall service designed to prevent spoofing attacks against the company's DSL customers. Read more

WIRED NEWS:
These Wires Were Made for Tapping. Read more.

Sniffers and Anti-Sniffing. Read more

News.FT.com:
UK: Safeway shoppers hit by e-mail hoax. Read more

Computer User:
GAO Again Reports EPA Computers Open To Hackers. Read more

Next: viruses that cripple cities. Read more

Guardian Unlimited:
The spy in your server.
There is no hiding place on the net as governments around the world chase your data. Read more

Inside China:
New Chinese Internet Police Springs Into Action. Read more

InfoWorld:
Confusion rife over Trojan horse. Read more

IDG.NET:
Netscape bug wrecks Java system security. Read more

14 August 2000


Barrio Trojan 4.0. Thanks to "Explorer".

TROJ_QAZ.A.
This new backdoor Trojan allows hackers to access and control an infected system. Read more

Security Portal:
Weekly Microsoft Security Digest 2000/08/07 to 2000/08/13. Read more

Security Portal:
Weekly Linux Security Digest 2000/08/07 to 2000/08/13. Read more

Security Portal:
Weekly BSD Security Digest 2000/08/07 to 2000/08/13. Read more

Security Portal:
Weekly Solaris Security Digest 2000/08/07 to 2000/08/13. Read more

IDGNET:
Red Hat boosts Linux security. Read more

Security Auditor's Research Assistant (SARA) is a third generation Unix-based security analysis tool. Read more

ZDNet:
Another massive Net attack looming? Read more

ComputerUser:
GAO Again Reports EPA Computers Open To Hackers. Read more

Security Portal:
Stupid, Stupid Protocols: Telnet, FTP, rsh/rcp/rlogin. Read more.

13 August 2000


Trojan Skydance 2.25 beta by Edrin.

HPTeam Mail Trojan 0.02 norasby Lynx.

Microsoft:
Office 2000 Security Update: HTML Object Tag. Read more

CERT® Advisory CA-2000-16 Microsoft 'IE Script'/Access/OBJECT Tag Vulnerability.
Under certain conditions, Internet Explorer can open Microsoft Access database or project files containing malicious code and execute the code without giving a user prior warning. Access files that are referenced by OBJECT tags in HTML documents can allow attackers to execute arbitrary commands using Visual Basic for Applications (VBA) or macros.
Read more

Farm9:
Trojans Sending More Data to Russia. Read more

Linux Today:
Debian Security Advisory: new version of Zope released. Read more

32% of SSL Servers are insecure by Eric Murray

ZDNet:
Anti-virus software for future phones released. Read more

CNET:
EPA's Web security still vulnerable to hackers. Read more

IDG:
Government report finds major security risks on EPA computers. Read more

Windows IT Security:
Are Security Bugs an Unfair Liability? Read more

12 August 2000


New Moscow Troyan. Final release 6.

Wanted:
New Moscow Mail Troyan 1.5

AVP Updates 08 august 2000

Re-Release - Microsoft Security Bulletin (MS00-056)
Due to a typographical error, the original version of this Bulletin stated that Word 2000 users who have not applied this patch could protect themselves by "disabling" Confirm conversion on Open.This should have read "enabling". Read more

NAI: W32/Sysid.worm Virus - This is a 32bit Internet worm for Windows9x/NT systems. It was written in Delphi and then compressed using ASPACK. This trojan does not appear to have a damaging payload however does contain an email routine using MAPI application OUTLOOK. Read more

CERT® Advisory CA-2000-15 Netscape Allows Java Applets to Read Protected Resources. Read more.

Sophos: XM97/Barisada-C Virus - this virus has a payload which will attempt to clear all active sheets if the user does not correctly answer a series of questions. Read more

VNUNET:
Microsoft plugs Office 2000 security hole. Read more

UK Linux group slams Sophos virus threat claims. Read more.

FreshMeat"
Network Security Analysis Tool 1.22 : A high-performance network security scanner. Read more

CNN:
Insulate your PC from hackers. Read more.

ZDNet:
Prank directs phones to call police.
Japan's i-mode mobile phones were hit by a bizarre attack which security experts warned may be just the first of many security worries for broadband mobile Internet. Read more

CNN:
U.S. official: University to review FBI's Internet-wiretap system. Read more.

ZDNet:
White House staff nailed for cyberporn. Read more.

11 August 2000


Trojan Nirvana 2.0a. Thanks to The Trojan Sign

Brown Orifice Netscape exploit is vulnerable itself. Read more

Microsoft Security Bulletin (MS00-049) re-release.
It provided a patch to eliminate a security vulnerability in Microsoft(r) Office 2000 and PowerPoint 97, and a workaround to protect against a vulnerability in Internet Explorer. Read more.

Microsoft Security Bulletin (MS00-055)
announces the availability of a patch that eliminates a vulnerability in Microsoft® Internet Explorer. Read more

Microsoft Security Bulletin MS00-056
announces the availability of a patch that eliminates a vulnerability in certain Microsoft® Office 2000 products. Read more.

PCWORLD:
Batten Down Windows' Hatches! Read more.

PCWORLD:
Trouble on the Network. Read more.

The Register:
Inter-mediates' sites hacked and down. Read more.

CNN:
Pentagon still under assault from hackers. Read more.

10 August 2000


Trojan PC Invader 0.5 beta

Silent delivery and installation of an executable on a target computer.

Disable ActiveScripting and ActiveX Controls

The Washington Times:
Free software would block FBI's Carnivore. Read more

TechWeb:
Pentagon Still Under Assault From Hackers. Read more

PCWorld:
Make Your PC Hacker-Proof.
Our test of six personal firewalls finds the best ones for keeping uninvited guests out of your office or home system. Read more.

ZDNet:
Hacker Groups Mull Corporate Offers. Read more

Protesting Hacker Out on Bail. Read more.

9 August 2000


E-mail Trojan Barrio 3.06 is an update for version 3.05.
- Dial-Up password
- Cached resourses
- Crypted passwords from E-Type Dialer
- Everything that was pressed in some windows (Login request e.t.s.)
To configure trojan you should run "btrcfg.exe". You need to type your E-Mail address and a SMPT server

Dragon IDS - from Network Security Wizards. A packet based IDS that searches for over 600 different network attacks at fully saturated 100 Mb/s speeds. Runs on Linux, OpenBSD, FreeBSD and Solaris. All of the signatures are completely open and writing new signatures is easy. Dragon collects complete attack information - raw packet dumps, the response for the server under attack and follow activity from suspicious hackers. Free demo.

Planet IT:
Hacker Pleads Not Guilty To Old, New Charges. Read more.

NewsByte:
Month-old FreeWebStuff Downed By Hackers. Read more

RootPrompt:
The Danger of Script Kiddies. Read more.

RootPrompt:
Armoring Linux. Read more
Armoring Solaris. Read more.

Security Portal:
Key certificates are an important element in the use of public-key cryptography (PKC)
Why Are Keys Certified? Read more.

DigiCrime, Inc.
An amusing, yet thought-provoking send-up of the computer security industry. Link

ResearchBuzz:
URL Hacking In Google. Read more.

8 August 2000


Senna Spy Fenasoft 2000 Virus
This a true virus. Next version, that will come out soon, will have worm and trojan features. Read more

Brown Orifice Spy. Free acces to infected users. Read more
Brown Orifice Information, the new multi-platform remote management tool and Trojan
Netscape hit by security breach. Read more
Brown Orifice, the new multi-platform remote management tool and Trojan. Read more.

7 August 2000


BO infects users through webpages.
Dan Brumleve has discovered a serious security flaw in Netscape browsers.
Because of the way Netscape handles java, it is possible for a malicious web site operator to run a hostile java applet on a client machine. To demonstrate this vulnerability, Dan has written a piece of code (Brown Orifice) which can turn Netscape browsers into a web server, and serve up the entire directory tree from root. Since this application is written in java, it works cross on most operating systems, including Linux. Dan has made the source code available for inspection at his web site. Read more.
Sources.

Weekly Microsoft Security Digest 2000/07/31 to 2000/08/06. Read more.

Weekly Linux Security Digest 2000/07/31 to 2000/08/06. Read more.

Weekly Solaris Security Digest 2000/07/31 to 2000/08/06. Read more.

6 August 2000


Trojan Backage 3.0. Thanks to TLSecurity.

VNUET:
Adobe Acrobat bug puts users at risk. Read more.

VLAD is a free, open source tool that checks for the common security vulnerabilities on the SANS Top Ten list.
VLAD runs on most Unix systems (tested on Linux, and *BSDs) and requires a number of PERL modules from CPAN CPAN.

Adding a small function (Autostart) to Shell32.dll by LaZaRuS

Top Secret Messenger (TSM) is a powerful and secure public-encryption add-on for instant messengers, such as America Online's ICQ. Read more.

Nmap 2.53 Russian Released: Link

Digital Mass:
The antidote to e-snoops. Read more.

Wired News:
Will Crypto Feast on Carnivore? Read more.

ZDNet:
Netscape to kill SmartDownload feature. Read more.

PlanetIT:
FBI Agrees To Release Carnivore Details. Read more.

BusinessWeek:
The Dark Side of the One-Click Download. Read more.

CNN:
Hackers close down Myanmar government Web site. Read more.

PlanetIT:
BindView Offers Security Tools At DefCon, Black Hat. Read more.

Security Watch:
Lithuanian hacker-spy applies for asylum in Sweden. Read more.

Bookstore:
New Books about Security. Read more

5 August 2000


E-mail trojan HPTeam 0.02 RAS

The Korea Herald:
250 Linux servers infected by denial-of-service program. Read more.

PCWORLD.COM:
Norton Patches Firewall Holes. Read more.

AVP Updates 04 august 2000

WWW.Cisco.Com:
Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards. Read more.

IDzap provides a free anonymous web surfing service and Comprehensive list of resources for anonymous use on the internet. Link.

ComputerWorld:
'Mafiaboy' hit with 64 new charges. Read more

Security Focus:
Hackers take 'Notes' in Vegas
White Hat hackers from the Netherlands plan to blow the lid off Lotus Notes security. Just another Saturday night at DefCon. Read more.

Register:
Virus launches DDoS for mobile phones. Read more.

Washington Times:
Hackers linked to China stole Los Alamos documents. Read more.

Digitalmass:
Don't worry, keep surfing
Sure lots of e-tailers collect personal data as you click around their sites -- but is that really as sinister as people make it out to be? Read more.

4 August 2000

Trojan CAFEiNi 0.9
-can kill more than 20 Windows antiviruses and antibackdoors from memory
-doesn't installs itself into registry (when can)
-written in Visual C++ (smaller and faster than Delphi)
-you can control remote computer by telnet (eg. from Unix)
-works on Windows 95/98 and also Windows NT/2000
-with CAFEiNiclient you can control multiple computers
(eg. open CD-ROM doors on 10 computers with one button click)
-full multitasking (eg. you can upload and download files in
one time from multiple computers)
-some new backdoors commands (especially with desktop)
-automatic update of server by http

Windows IT Security:
Relative Registry Paths May Allow Trojans to Run. Read more

Free Macro AntiVirus Techniques by Chengi Jimmy Kuo

Microsoft Corp will give personal firewall vendors advanced access to code for future Windows 2000 Service Packs to avoid repetition of the bug that this week disabled firewalls for more than 3.5 million users using the Redmond, Washington-based company's latest operating system. Read more.

Windows About:
What's Wrong with Internet Explorer 5.5? Read more.

3 August 2000

Noob is a HTML based trojan that can bypass firewalls. Read me
Download Noob 3.01.

IDcide Privacy Companion is a free browser add-on that alerts you if you are being monitored online. Find out who might be tracking you.

Microsoft Security Bulletin (MS00-053):
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows 2000(r). The vulnerability could allow a user logged onto a Windows 2000 machine from the keyboard to become an administrator on the machine. Read more

Help Net Security:
New netscape packages for Red Hat linux are available that fix a potential overflow due to improper input verification in netscape's JPEG processing code. It is recommended that users of netscape update to the fixed packages. Read more.

Microsoft:
Microsoft Battles Consumer Fraud on the Internet. Read more.

Wired:
Attack on Spy Activist's Site.
A website that distributed secret documents from U.S. and Japanese intelligence agencies apparently is under siege in a denial-of-service attack. Read more

ABC News:
System Shut Down by ‘Love’
The “love bug” computer virus once again infected computers at U.S. Department of Veterans Affairs offices throughout upstate New York, shutting down e-mail systems for six hours, officials said. Read more.

Computeruser:
Lotus E-Mail Security Problem: The Domino Effect.
Companies that rely on a version of Lotus Notes e-mail system called Domino could find their e-mail accounts and passwords jeopardized by a security weakness in the software, according to online security firm iDefense. Read more.
Techweb:
Lotus: Security Flaw Easily Fixed. Read more.

Hackers pick security holes.
A member of the Cult of the Dead Cow known as Sir Dystic developed a tool called NBName that he said can exploit the NetBIOS hole by rejecting all name-registration requests received by servers on TCP/IP networks. Read more.

Fox News:
Pirates Beware: This File Will Self-Destruct. Read more.

ZDNet:
Hackers breach Checkpoint's Firewall-1. Read more.

Info World:
Dutch e-mail snooping? Read more.

Israels business Arena:
Firewalls Don't Impress Them. Read more

2 August 2000

Trojan PC Invader 1.0

IDG.net:
Dutch Secret Service accused of e-mail snooping. Read more.

IDG.net:
Hackers Demo Notes Sabotage. Read more.

JavaWorld:
Java security evolution and concepts, Part 1: Security nuts and bolts. Read more.

Java security evolution and concepts, Part 2: Java security. Read more.

Vnunet:
Security flaw demonstrated in Notes. Read more.

Worldtribune:
Cyber-war? U.S. defense sites invaded by young hackers, not Iraqis.Read more.

1 August 2000

Trojan CC Invader 2

Out of order SMTP DATA command can be used to bypass firewall protection

Weekly Microsoft Security Digest 2000/07/24 to 2000/07/30. Read more.

Weekly Linux Security Digest 2000/07/24 to 2000/07/30. Read more.

Weekly Solaris Security Digest 2000/07/24 to 2000/07/30. Read more.

ZDNet:
Hackers: Uncle Sam wants you! Read more.

PC World:
Fake Bank Sites Trick Customers. Read more.


Copyright© MegaSecurity.org