Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!
News Archive    Translate Traducen
News October 2000
31 October 2000

New:
The Godmessage worm 0.1 by The Pull.

IIS 5.0 cross site scripting vulnerability by Georgi Guninski
Using specially designed URLs, IIS 5.0 may return user specified content to the browser. This poses great security risk, especially if the browser is JavaScript enabled and the problem is greater in IE. By clicking on links, just visiting hostile web pages or opening HTML email the target IIS sever may return user defined malicous active content. This is a bug in IIS 5.0, but it affects end users and is exploited with a browser. A typical exploit scenario is stealing cookies which may contain sensitive information. Read more

Bday.co.za:
Microsoft hacker's motive suspected to be espionage. Read more

The Register:
MS blocks staff dial-in access after 'minor' hack. Read more

Times.spb.ru:
Petersburg's Hackers Break Into Microsoft. Read more

Newsre.com:
Microsoft Hacking Creates Wave of Anxiety for Tech Industry. Read more

LinuxToday:
NewsForge: Time for Microsoft to fix its security problems. Read more

LinuxToday:
LinuxFormat.co.uk: The Microsoft Break-In: What are the implications for the open source community? Read more

CNet:
Microsoft unable to catch hacker on its own. Read more

Yahoo:
How Microsoft Spotted Hackers. Read more

Yahoo:
Microsoft Says It Knew of Hackers. Read more

SecurityPortal:
Weekly Solaris Security Digest 2000/10/23 to 2000/10/29. Read more

Techweb:
Mitnick Turns Gamekeeper. Read more

30 October 2000


New:
The QAZ Trojan Horse that struck Microsoft!
Read more

Senna Spy Programming Center closed. : (Read more

Microsoft says it knew of hacker all along. Read more

Cnnfn:
MSFT revises hacker story. Read more

LinuxToday:
Seattle Times: Microsoft says hacker did no damage, but FBI called in. Read more

ZDNet:
MS hack: Was source code altered? Read more

SecurityPortal:
Microsoft Gets Hacked - What Can We Learn? Read more

ZDNet:
The day the hackers broke Microsoft's heart. Read more

TDS, The world's most comprehensive anti-trojan system since 1998. Read more

SecurityPortal:
Weekly Microsoft Security Digest 2000/10/23 to 2000/10/29. Read more

SecurityPortal:
Weekly Executive Security Digest 2000/10/23 to 2000/10/29. Read more

LinuxSecurity.com:
Linux Security Week - October 30th 2000. Read more

Vnunet:
Security information website hacked. Read more

29 October 2000


New:
InCommand 1.6 beta 2 by Stoner and Bogart.

Ireland.com:
Hackers had access to Microsoft for weeks, or months. Read more

ZDNet:
Microsoft -- burned by anti-virus tools? Read more

ZDNet:
Microsoft can't spin this worm. Read more

PlanetIT:
Hackers Penetrate Microsoft's Own Systems. Read more

Packetstorm:
Microsoft infected before: Read more

HelpNetSecurity:
Viruses: Then and Now. Read more

Reuters:
Computer Broker Jailed for Cheating Hewlett-Packard. Read more

CNet:
New technologies create fresh inroads for hackers. Read more

Wanted:
QAZ Trojan

28 October 2000


New:
Connection 1.3 by WishMaster.

Telekomnet:
Real security risks come from within, researcher says. Read more

PlanetIT:
License To Hack Leaves Companies Vulnerable. Read more

CNet:
Global hacker agreement could affect bug hunters. Read more

TheMoscowTimes:
Microsoft Hacked Via St. Petersburg. Read more

Computeruser:
Anti-Virus Firms Comment On MS Hack. Read more

GuardianUnlimited.co.uk:
Hacker goes for heart of Microsoft. Read more

ZDNet:
Microsoft -- burned by anti-virus tools? Read more

Cerias:
Treaty Letter

GuardianUnlimited:
Whodunnit? The professional hacker or unwitting employee. Read more

Ananova:
Microsoft hackers 'must have had inside help. Read more

Vnunet:
Microsoft hack may increase virus attacks. Read more

ZDNet:
Microsoft can't spin this worm. Read more

ZDNet:
Could stolen Microsoft code lead to more security mishaps? Read more

Lexis-nexis:
On Both Sides, Hackers Take Mideast Fight To Cyberspace. Read more

Lexis-nexis:
Hackers shut Israel government Internet sites. Read more

Computeruser:
Hizballah Aims Electronic Warfare At Israel - ISP. Read more

27 October 2000


New:
Exploiter 1.3 beta by ap0calaps.

F-Secure:
Trojan Seeker. Read more

HelpNetSecurity:
Beware the PIF! - A Dangerous Monster Can Hide Beneath Harmless Files. Read more

Cnnfn.com:
Hackers attack Microsoft. Read more

SSL-Proxy for WindowsNT. Read more

CNet:
Microsoft computer network hacked. Read more

Itn.co.uk:
Espionage by Microsoft hackers. Read more

BBC.co.uk:
Hackers hit Microsoft. Read more

Techweb.com:
Middle East Uses Web In Fight For Hearts, Minds. Read more

Lexis-nexis:
Cybercrime Bills To Reach Senate Floor Together. Read more

Lexis-nexis:
End Silence over Security Flaws, says Ethical Hacker. Read moreM

26 October 2000


New:
Godmessage IV (Creator 0.5) by The Pull.
Recent ActiveX exploit for Internet Explorer which attempts to install a Trojan on any machine which views the included HTML.

Microsoft Security Bulletin (MS00-081):
Microsoft has released a patch that eliminates a security vulnerability in the Microsoft(r) virtual machine (Microsoft VM) that originally was discussed in Microsoft Security Bulletin MS00-011. Like the original vulnerability, the new variant could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site was visited by a computer from within that intranet. Read more

Natas is an advanced network packet capturing and analyzing program designed for Windows 2000. Natas only works with the new Windows 2000 winsock v2.2 that supports raw sockets like *nix operating systems. You have to be admin on the machine to run. Read more

Winetd is a true inetd for WindowsNT/2000 with honey pot modules (simulated daemons with simulated exploits). It is a hacker trap that is designed to trick script kiddies while it logs all their activity and gathers all their information.

ZoneAlarm 2.1.44
ZoneAlarm includes five interlocking security services that deliver easy-to-use, comprehensive protection. Read more

Cryptome.org:
Public Demo of Carnivore and Friends. Read more

ZDNet:
EU pact criminalizing security research? Read more

Asia.internet.com:
Taiwan Plans New Laws To Counter Spam, Hacking. Read more

Upside.com:
Hacker raises Bush's hackles. Read more

Lexis-nexis:
Cyber Crime Threat Rising, Experts Say: Read more

CNet:
Security group alleges breach in bank's Web site. Read more

CNet:
U.S. crypto winners -- Belgian heroes. Read more

25 October 2000


New:
Remote Administrator 2.0 by Famatech.

CNN:
How a computer virus works. Read more

Windows IT Security:
IIS Vulnerable to Session Hijacking. Read more

Kablenet.com:
- Virus in the valleys. Read more

Japantimes.co.jo:
SDF prepares to combat cyberterrorism. Read more

Kablenet.com:
Virus in the valleys. Read more

Lexis-nexis:
Readers ask about hackers and cookies. Read more

Lexis-nexis:
In Computer Hackers' View, Many Are Doing No Wrong. Read more

ZDNet:
High-stakes hacking, Euro-style. Read more

24 October 2000


New:
Godmessage IV (Creator 0.4) by The PULL.

Microsoft Security Bulletin (MS00-080):
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Internet Information Server. The vulnerability could allow a malicious user to "hijack" another user's secure web session, under a very restricted set of circumstances. Read more

Silicon.com:
Security duo claim Trojan Horse protection. Read more

Idg.net:
Variant of 'I Love You' virus attacks. Read more

Wired.com:
Broadband Could be Hackland. Read more

SecurityPortal:
VBS_Placid Virus. Read more

Computerworld:
Companies Fight Back Against Internet Attacks. Read more

It-analysis.com:
Microsoft domain falls foul to hacker terrorists. Read more

Computeruser:
Virus Threat's Bad And Getting Worse - ICSA Survey. Read more

Slashdot.org:
Hacking AOL From The Inside. Read more

ZDNet:
Hot new Rumor spreads security updates. Read more

Codebook.org:
How we Cracked the Code Book Ciphers. Read more

23 October 2000


New:
Ass Sniffer 1.0.1 sniffs IP's over any messaging service and checks for common Trojans. By mf4.

Worms Generator 1.50b by [K]Alamar. Thanks to DEMONCRATES.

Weekly Microsoft Security Digest 2000/10/16 to 2000/10/22. Read more

Weekly Linux Security Digest 2000/10/16 to 2000/10/22. Read more

Weekly Solaris Security Digest 2000/10/16 to 2000/10/22. Read more

Mercurycenter.com:
`Love Bug' creator proclaims his fame. Read more

Uk.news.yahoo.com:
Japan considers 'cyber weapons' to fight hackers. Read more

Vnunet.com:
Wap gateways will be 'hacker magnets'. Read more

Internetnews.com:
Armey Aims Attack at Carnivore. Read more

22 October 2000


New:
BREACH Prowler 2.0 by -[FrEaK + HYBRiD]. Thanks to HeLLfiRez.

CryptCat is a natural extension to netcat, allowing simple encrypted tunnels to be generated between machines, across the Internet and, in some cases, through firewalls.
CryptCat is available for both Windows and Linux.
Download for NT
Download for Linux

Computeruser:
Daily Mail Hacker Sentenced To 18 Months. Read more

Bday.co.za:
Hackers flourish as law flounders. Read more

Lexis-nexis:
SOUTHERN CALIFORNIA / A NEWS SUMMARY; VIRUS INVADES 2,000 SCHOOL DISTRICT COMPUTERS. Read more

21 October 2000


New:
Der Spaeher 3.0 version 2 by PhilippP.

MaGus:
Here is an exclusive preview of Crackers new trojan called SubZero. It looks very nice and is about half done so far. Look forward to another great trojan from cracker! Read more

Infoworld:
Variant of 'I Love You' virus attacks. Read more

CNet:
Love virus variant plagues email systems. Read more

TheRegister:
Energis Squared hacked and used for spam. Read more

www.idg.net:
Security experts: Denial-of-service attacks still a big threat. Read more

Nwfusion:
DNS security upgrade promises a safer 'Net. Read more

Lexis-nexis:
FYI;Protect against Trojan horses. Read more

Lexis-nexis:
Hacker disables computers in North York area schools. Read more

www.fcw.com:
Maverick joins Army for network security. Read more

20 October 2000


New:
Eclipse 1.0 by Xylo. Thanks to HeLLfiRez.

Godmessage IV:
FAQ by The Pull and 6IT. Read more.

Cert.org:
CERT has is getting increased reports of the loveletter.as.worm variant, which uses the claim of Presidential and FBI secrets as bait. Read more

Security Portal:
Working the Big Computer Crime Case. Read more

Geek.com:
SafeWeb started offering its IP masking browsing service for free. Read more

IE 5.5/Outlook security vulnerability - com.ms.activeX.ActiveXComponent allows executing arbitrary programs. Read more

News.bbc.co.uk:
Cybercrime threat 'real and growing'. Read more

Openoffice.org:
Hackers Guide to Participating in OpenOffice.org. Read more

Bday.co.za:
Hackers flourish as law flounders. Read more

Wired.com:
Proud to Represent Hackers. Read more

Secure Root

19 October 2000


New:
NutShell is a Word Macro, that downloads Program on a specified http location, simulating a Word Update. By koR. Thanks to MaGus.

Microsoft Security Bulletin (MS00-079):
Microsoft has released a patch that eliminates a security vulnerability in the HyperTerminal application that ships with several Microsoft(r) operating systems.
This vulnerability could, under certain circumstances, allow a malicious user to execute arbitrary code on another user's system.
Frequently asked questions regarding this vulnerability and the patch can be found at Microsoft.

IE/Outlook java security vulnerability exposes local files.
There is a security vulnerability in IE 5.5/Outlook/Outlook Express, which allows reading of local files, arbitrary Intranet URLs and local directory structure after viewing a web page or reading a malicious HTML message. Read more

TelnetFP: OS Fingerprinting by telnet.
The TelnetFP program determines a given hosts OS via telnet do/dont negotiation.
How does it work?
When a telnet connection is established, options are exchanged. This can be used to fingerprint a host, because of the options requests themselves and the order of which they are sent. This program connects to a host's telnet daemon and reads the first set of options (do's in most cases). To these the proper answer is send. Now a second round of negotiation takes place. Options (dont's this time) are received and the fingerprint is completely received. Download

Winsock 2 Raw IP Packets creation library.
Tcpip_lib V2 is a library for Windows 2000 & NT which allows arbitrary packet creation. It uses Winsock 2 and opens up a raw socket, allowing you to send raw IP headers, do IP spoofing, and play with the details of networking protocols.
Unlike Libnet NT, Tcpip_lib v2 does not require installing an NDIS driver (a network interface), making it possible to work on the fly (without restarting, or installing of anything). Download

Saint 3.0
SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface. Download

ZDNet:
Bug-hunters say firms ignoring security holes. Read more

Usa Today:
Criminal charges filed against 'Echelon'. Read more

CNN:
Inside the world of a 'hactivist'. Read more

Ireland.com:
Teenager questioned in relation to Eircom hacking. Read more

Feedmag.com:
Cry Hackerdom! Is it possible that hackers -- long derided as antisocial geeks bent on causing havoc ­ are actually the last of the true, democratic optimists? Read more

Vnunet:
Anti-hacking squads could help corporates. Read more

Ecommercetimes:
World E-Commerce Forum Tackles Net Security. Read more

ComputerWeekly:
Forum unites to stop cyber crime. Read more

Fcw.com:
Don’t just complain about security. Read more

Secure Root

18 October 2000


New:
Ashley 1.1.0 by Nexzus.

Microsoft Security Bulletin (MS00-078):
Patch Available for "Web Server Folder Traversal" Vulnerability.
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) IIS 4.0 and 5.0.
The vulnerability could potentially allow a visitor to a web site to take a wide range of destructive actions against it,
including running programs on it.
This vulnerability is eliminated by the patch that accompanied Microsoft Security Bulletin MS00-057.
Customers who have applied that patch are already protected against the vulnerability and do not need to take additional action.
Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so to apply the patch immediately.
Frequently asked questions regarding this vulnerability and the patch can be found here

SecurityPortal:
Top 20 Virus Report. Read more

Purge-It
Most Anti-Viruses try to detect Viruses and Trojans by looking for known signatures in files or in the registry. In this arms race, Viruses and Trojans try to hide their signatures and Anti-Viruses respond by trying to keep up with constant updates. For users that do not trust their Anti-Virus software, Purge-It offers an alternative - Purge-It allows the user to get a complete view of the system, and detect 'strange' behavior: open ports, programs running in the background, and more. Purge-It is a fresh approach for fighting Viruses and Trojans. It was designed mainly for advanced users, and gives users the ability to see what's happening inside their system. Using this information, the user can determine whether a Trojan or Virus is running, and clean those from his system.
Feature list:
* Run-out-of-the-Box installation.
* Kill, View, Delete running Processes (even those Hidden to the Taskbar).
* View Connections established or being established to or from your PC.
* View, Delete all NetBios Shares currently in use on your PC.
* Direct Access to all System Files.
* Optimized for Speed and low system resources usage.
* Resolve all IPs connected to your PC.
* Everything (IP's, host, keys) is copyable to the clipboard with a single click.
* Access to all Auto-Start Methods and have full control over them.
Read more

Cybercrime.gov:
Here is a summary chart of recently prosecuted computer cases.
Computer Crime and Intellectual Property Section (CCIPS) . Read more

ZDNet:
EarthLink flaw exposes domains.
A combination of two exploits leaves tens of thousands of encrypted domain passwords open for the Web to see ... and possibly attack. Read more

Infoworld:
Business spy threat is real, former CIA chief says. Read more

Lexis-nexis:
Infamous hacker says identity theft still easy. Read more

ZDNet:
A Year Ago: Melissa virus lives on. Read more

Telekomnet:
Daily Mail hacker given 18 months. Read more

Secure Root

17 October 2000


New:
Trojan Net Trash 1.0 by Marc Benitz.

WinU is a set of system management, access control, event logging, web-browser oversight, remote administration and helpdesk tools. The tool contains a built-in emergency password, which enables administrative access. This emergency password is different for every WinU version, and some of those known passwords are listed below. Using this 'emergency password', a remote attacker can easily gain administrative privileges to the product.
DETAILS
Known Passwords
WinU 1.0-2.02: KX98592V63 BARRY SMILER
WinU 3.2a: LRTV5 BARRY SMILER
WinU 4.1-4.3: R2NAX14 BARRY SMILER
WinU 5.1: 1FPW804 BARRY SMILER

Uk.news.yahoo:
Newspaper targeted in 'evil' computer plot. Read more

The Register:
Brit sentenced in Daily Mail hacking plot. Read more

Foxnews.com:
FBI's Carnivore Just the First Step in Internet Surveillance. Read more

Foxnews.com:
The Federal Government is a Hacker's Paradise. Read more

ZDNet:
An outsider looks in on ICANN. Read more

Lexis-nexis:
Suspect in hacking surrenders, is jailed. Read more

Secure Root

16 October 2000


New:
SubSeven 2.2 beta 2 Client by Mobman.

Weekly Microsoft Security Digest 2000/10/09 to 2000/10/15. Read more

LinuxSecurity.com:
Linux Security Week, October 16th 2000. Read more

Weekly Executive Security Digest 2000/10/09 to 2000/10/15. Read more

Weekly BSD Security Digest 2000/10/09 to 2000/10/15. Read more

Lexis-nexis:
Denial-Of-Service Attacks May Rise. Read more

Lexis-nexis:
Suspect in hacking surrenders, is jailed;Lawyer says computer incidents in which 18-year-old is charged did not involve theft. Read more

Planet IT:
Trojan Variant Threatens Rash Of DoS Attacks. Read more

SecurityPortal:
IE Credentials Vulnerability. Read more

Secure Root

15 October 2000


New:
Godmessage IV (Creator 0.3) by The Pull.

The Security Administrator's Integrated Network Tool (SAINT™), an updated and enhanced version of SATAN, is designed to assess the security of computer networks. More information about SAINT™ can be found in the on-line documentation. Just Released (10/11/00): Version 3.0 Read more

Testing Times for Trojans by LogError Sunday 15 October 2000 on 4:44 AM In the field of computing, Trojan horses have been around for even longer than computer viruses – but traditionally have been less of a cause for concern amongst the community of PC users. In recent years, however, they have been the focus of increased attention from anti-virus companies and heightened levels of user concern. This paper aims to investigate the Trojan phenomenon; particular attention will be paid to the claims made in the field of NVM detection and those made by those who aim to test the vendors’ claims. PDF file. Read more.

Enterprise Linux Today:
Professional hackers unable to break into Trustix Secure Linux. Read more

ZDNet:
News: Mitnick: I don't want to be notorious. Read more

ZDNet:
Mitnick backs federal DNA database. Read more

Computeruser:
Swedish Teams Cracks "The Code Book" Cipher Challenges. Read more

News.ft.com:
Hackers crack music codes. Read more

Secure Root

14 October 2000


New:
Godmessage IV Creator 0.2 by The Pull.

Microsoft Security Bulletin (MS00-076):
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Internet Explorer. Under a daunting set of conditions, the vulnerability could enable a malicious user to obtain another user's userid and password to a web site. Read more

Microsoft Security Bulletin (MS00-077):
Microsoft has released a patch that eliminates a security vulnerability in NetMeeting, an application that ships with Microsoft(r) Windows 2000 and is also available as a separate download for Windows NT 4.0. The vulnerability could allow a malicious user to temporarily prevent an affected machine from providing any NetMeeting services and possibly consume 100% CPU utilization during an attack. Read more

Agnitum is a firewall that shows in a clear way, all the connection of your programs to the internet.
Screenshot
Read more

VLAD the Scanner is an open-source security scanner that checks for the SANS Top Ten security vulnerabilities commonly found to be the source of a system compromise. It has been tested on Linux, OpenBSD, and FreeBSD. It requires several Perl modules to run. Download

SecuritPortal:
A vulnerability within the NetMeeting application can cause it to consume all CPU resources within Windows NT and Windows 2000 when exploited remotely, creating a denial of service condition. Read more

CNet:
Privacy expert monitors issue with a keen eye. Read more

Ananova.com:
Hallowe'en hacker hacks off authorities. Read more

DenverPost:
Hacker Virtually Disables Nederland 'Net Service. Read more

Lexis-nexis:
Russian computer crime wizards pose real danger - Moscow police official. Read more

Lexis-nexis:
Hacking Takes a Holiday. Read more

13 October 2000


New:
Doly Trojan 1.1 by A-D-M. Thanks to Sniper.

Tomorrow update of The Godmessage by The Pull.

Grinder 1.1 is a simple program that will scan an arbitrary range of IP addresses for a webserver providing a certain URL. It is written inVC++ and full source code is provided. Grinder works by scanning for machines with port 80 open, and then querying them for a provided URL. Grinder will report if the URL is present, access is denied, or a strange request is received. Grinder will also attempt to determine and report the webserver version. The user can specify the timeout for a socket connection, and can also specify the number of parallel sockets to use during the scan.
Grinder was written by horizon, and full source is available.

Microsoft Security Bulletin (MS00-075):
This announces the availability of a patch that eliminates a vulnerability in Microsoft® virtual machine (Microsoft VM). The vulnerability could allow a malicious user operating a web site to take any desired action on a visiting user’s machine. Microsoft is committed to protecting customers' information,and is providing the bulletin to inform customers of the vulnerability and what they can do about it. Read more

Anivirus.com:
MSINIT.A is a worm that tries to spread itself via network shares.Read more

SecurityPortal:
Weekly Virus Digest 2000/10/06 to 2000/10/12. Read more

LinuxToday:
Professional hackers unable to break into Trustix Secure Linux. Read more

IDG.net:
Half of small & medium companies will suffer Internet attack. Read more

Lexis-nexis:
Finders seek keepers 'reward' at stolen goods website. Read more

ZDNet:
Gates victim as hacker changes newspaper Web site. Read more

The Register:
SubSeven variant rears its ugly head. Read more

Voila.co.uk:
Swiss judge cites lack of alert in mafia cybercrime probe. read more

12 October 2000


New:
Godmessage IV (Creator 0.1)

Microsoft Security Bulletin (MS00-073):
The Microsoft IPX/SPX protocol implementation (NWLink) includes an NMPI (Name Management Protocol on IPX) listener that will reply to any requesting network address. The NMPI listener software does not filter the requesting computer's network address correctly, and will therefore reply to a network broadcast address. Such a reply would in turn cause other IPX NMPI listener programs to also reply. This sequence of broadcast replies could generate a large amount of unnecessary network traffic. A machine that crashed due to this vulnerability could be put back into service by rebooting. Read more

Microsoft Security Bulletin (MS00-074):
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) WebTV for Windows. The vulnerability could allow a malicious user to remotely crash systems running WebTV for Windows. Read more

SecurityWatch:
Gigabyte - Part I - Interview with a virus coder. Read more
Gigabyte - Part II - Interview with a virus coder. Read more

Techweb:
Experts Keep Eye On New Trojan Horse. Read more

Telegraph:
It takes a hacker to catch one. Read more

ZDNet:
German hacker elected to ICANN board. Read more

ZDNet:
Interpol orders immediate cybercrime action. Read more

The Register:
Anarchist hacker voted onto ICANN board. Read more

11 October 2000


New Trojan:
BioNet 2.10.1b ME by ®ëZmØnd. Part of GCi in association with Krimson and Cyberium.

Microsoft Security Bulletin (MS00-072).
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows 95, 98, 98SE, and Windows Me. The vulnerability could allow a malicious user to programmatically access a Windows 9x/ME file share without knowing the entire password assigned to that share. Read more

Telekomnet:
ISS warns of backdoor virus problem. Read more

Techweb:
Trojan Variant Threatens Rash Of DoS Attacks. Read more

Informationweek:
New Trojan Variant Threatens Rash Of Denial-Of-Service Attacks. Read more

ZDNet:
Nearly half Net users put off by security fears. Read more

Top 20 Virus Report. Read more

Lexis-nexis:
Chinese hackers threaten to wage cyberwar on Taiwan's national day. Read more

It-director:
Less secrecy, more security. Read more

10 October 2000


New Trojan:
Godmessage 4 (revision 2) by The Pull.

IIS Security Alert: Subseven Defcon 2.1

UK.Internet.com:
China cracks down on internet freedom. Read more

ZDNet:
Why the world needs reverse engineers. Read more

LinuxNews:
Why Kids Shouldn't Be Criminal Hackers: An Explanation for High School Students, Parents and Teachers. Read more

CNN:
FBI pushes for cyber ethics education. Read more

Telegraph.co.uk:
Herbless has 'left hacking scene for good'. Read more

Lexis-nexis:
Hi-tech crime fighters former local cop trains cyber sleuths to net crooks on-line. Read more

9 October 2000


New Trojan:
Noknok 8.2 by VP Software.

LinuxSecurity.com:
Linux Security Week - October 9th, 2000. Read more

Lexis-nexis:
When Hackers Make House Calls. Read more

CNet:
Web-based email services offer employees little privacy. Read more

Netimperative:
CERT names and shames security holes. Read more

Do not forget this when browsing with explorer. Read more

uk.internet.com:
DTI funds fight against e-crime. Read more

Computerworld:
Government error exposes Carnivore investigators. Read more

8 October 2000


New Trojan:
Godmessage 3 (Revision 4) is an Active X trojan which automatically uploads a binary to unpatched IE browsers by simply viewing HTML code. Tested against IE 5.0, 5.01, and 5.5 on Windows NT, 2000, and 98.
By The Pull, known before as Osioniusx. Read more

Linux:
Nmap 2.54BETA6 released. Download

Help Net Security:
Securing a default Linux installation. Read more

Linux Today:
Red Hat Security Advisory: traceroute setuid root exploit with multiple -g options. Read more

CNN:
Scientists suggest solutions for Internet's future. Read more

ZDNet:
Fight back against governmental intrusionon your Fourth Amendment rights.
Downloads: Big Brother is watching you. Read more

Lexis-Nexis:
Senate Judiciary Approves Tools To Fight Computer Hackers. Read more

ZDNet:
Mitnick the poacher advises gamekeepers. Read more

ZDNet:
A Year Ago: Softseek infect users with Netbus Trojan. Read more

ZDNet:
Feds block alleged web sex scam. Read more

Lexis-Nexis:
Man imprisoned for cyberterror on teenage girls. Read more CNN:
Critics say 'Carnivore' review won't be independent. Read more

Lexis-Nexis:
New Study Shows Alarming Increase in Corporate Cybercrimes. Read more

Planet IT:
E-Signature Technology Takes Off In U.S. Read more

Upside.com:
OpenBSD plugs a rare security leak. Read more

7 October 2000


New Trojan:
Der Spaeher 2.0 by PhilippP

AVP Updates 06 october 2000

CNet:
Bug hunter finds another hole in Microsoft IE browser. Read more

ZDNet:
The Feds' Latest Crusade. Read more

Salon.com:
Is the SDMI boycott backfiring? Read more

Nua.ie:
Privacy, security major concerns for US consumers. Read more

InfoWorld.com:
Committee approves watered-down anti-hacker bill. Read more

Idg.net:
Hacking rises despite increased security spending. Read more

6 October 2000


New Trojan:
Netministrator 1.0

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Word 2000 and 97. The vulnerability could allow a malicious user to run arbitrary code on a victim's computer without their approval. Read more

The new guninski exploit - could probably be used as a "Godmessage" delivery. Link submitted by Dolemite. Read more

VNUNET:
Clock ticking to fix security holes. Read more

SecurityPortal:
Weekly Virus Digest - 2000/09/29 to 2000/10/05. Read more

The Register:
Carnivore does more than previously thought. Read more

VNUNET:
Bug Watch: Who names viruses? Read more

TheStandard:
Study: Money Alone Won't Shoo Away Hackers. Read more

5 October 2000


New Trojan:
Ashley 1.0.1 by Nexzus.
Four different servers from 13 to 16 k. It does download a file from a specific url. With ICQ notify.

ZDNet:
Carnivore review: A 'stacked deck?' Read more

Windows IT Security:
Defeating Denial of Service Attacks. Read more
Defeating Denial of Service – CPU Starvation Attacks. Read more

A Year Ago: Web site owner hacks own site. Read more

AntiOnline:
Military Takes on Computer Attack Mission. Read more

4 October 2000


New Trojan:
Revenger 0.2 by Absolut.

Microsoft Security Bulletin (MS00-070): Microsoft has released a patch that eliminates several security vulnerabilities in Microsoft(r) Windows NT(r) 4.0 and Windows(r) 2000. The vulnerabilities could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. Read more

VNUNET:
Virus naming chaos causes confusion. Read more

Telekomnet:
Kakworm remains top of Sophos' virus. Read more

Web.lexis-nexis:
Trojan Horse saddles you with losses. Read more

Help Net Security:
The media’s guide to talking to hackers. Read more

ZDNet:
FBI releases first Carnivore data. Read more

ComputerWorld:
Stopping Attacks at Their Source. Read more

3 October 2000


New Trojan:
Noknok 8.1 by VP Software.

VBS_COLOMBIA Virus. Read more

Infoworld:
Hacker puts Nasdaq on warning. Read more

Lexis-Nexis:
MITNICK breaks into consulting. Read more

CNet:
Critics blast FBI's first release of Carnivore documents. Read more

Wanted:
Doly 1.1

2 October 2000


New Trojan:
Acid Kor by koR.

Weekly Microsoft Security Digest 2000/09/25 to 2000/10/01. Read more

Weekly Linux Security Digest 2000/09/25 to 2000/10/01. Read more

Weekly BSD Security Digest 2000/09/25 to 2000/10/01. Read more

Weekly Axent Security Digest 2000/09/25 to 2000/10/01. Read more

Weekly Check Point Security Digest 2000/09/25 to 2000/10/01. Read more

PlanetIT:
Devastating DDoS Attacks Loom. Read more

Net-Security.org:
More information on Slashdot hack. Read more

Wanted:
Doly 1.1

1 October 2000


New Trojan:
PC Invader 0.7 alfa9

CNN:
Two views of hacking. Read more

Yahoo:
New turn in old war on macro viruses. Read more

ZDNet:
Security forum opens up. Read more

ITWeb:
Learning to counter-hack. Read more

Wanted:
Doly 1.1


Copyright© MegaSecurity.org