Home.
News Archive    Translate Traducen
News December 2001
31 December 2001

New trojan(s):
WebDownloader 1.0

www.securityfocus.com:
Apple Mac OS X PPP Authentication Credentials Disclosure Vulnerability. Read more

www.securityfocus.com:
DeleGate Cross-Site Scripting Vulnerability. Read more

www.securityfocus.com:
GPM-Root Format String Vulnerability. Read more

www.securitytracker.com:
PHP Rocket Add-in for FrontPage Discloses Files on the Server to Remote Users. Read more

www.securitytracker.com:
Smcboot Component of Solaris Management Console Lets Local Users Damage the System When the System Boots. Read more

www.securitytracker.com:
Vim Text Editor Backup File Configuration Errors May Let Remote Users View the Source Code of Web Scripts That Have Been Edited With the VIM Editor. Read more

www.securitytracker.com:
DeleGate Proxy Server Allows Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
GPM Console Menu Utility Contains Format String Bug That Gives Local Users Root Access. Read more

www.securitytracker.com:
KDE Konqueror Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information. Read more

www.securitytracker.com:
Mozilla Personal Security Manager Uses Unsafe Temporary Files and May Allow Local Users to Overwrite Critical Files on the Server. Read more

boston.internet.com:
Badtrans Tops List Of 2001 Virus Threats. Read more

www.zdnet.com:
Piecemeal patchwork? How to best protect Internet Explorer. Read more

www.macobserver.com:
Still More Microsoft Security Holes. Read more

www.siliconvalley.com:
Piracy and hacking prevention efforts should target kids, experts say. Read more

www.idg.net:
"How Not To Recover From Getting Hacked...A Loser's Guide". Read more

www.crn.com:
Nvidia Settles Dutch Hacker Case. Read more

www.iht.com:
Predictable Passwords Simplify a Hacker's Task. Read more

www.news-star.com:
Shawnee man designs software to rid networks of unwanted e-mail. Read more

www.hometownannapolis.com:
Hunt for hidden gold lures NSA cryptologists. Read more

www.zdnet.com:
Spy games: Is someone leaking your company secrets? Read more

30 December 2001

New trojan(s):
Diablo Keys 1.0

MadClient 1.0

hackingtruths.box.sk:
Port Scanning Unscanned. Read more

www.securityfocus.com:
Mozilla Predictable Temporary File Symbolic Link Attack Vulnerability. Read more

www.securityfocus.com:
Hughes Technologies Mini SQL Denial of Service Vulnerability. Read more

www.securityfocus.com:
ELSA Lancom 1100 Office Insecure Web Administration Vulnerability. Read more

www.securityfocus.com:
AdCycle Remote SQL Query Modification Vulnerability. Read more

www.xatrix.org:
D-Link DWL-1000AP Wireless LAN Access Point Plaintext Password Vulnerability. Read more

www.bugtraq.org:
LAME INFORMATION LEAKAGE BUG IN NETSCAPE MAIL. (older news) Read more

networking.earthweb.com:
Nasty New Year Virus. Read more

www.treachery.net:
EARLY BIRD -- A realtime HTTP worm attempt reporting utility. Read more

www.usatoday.com:
Judge: FBI's PC-snooping perfectly lawful. Read more

29 December 2001

New trojan(s):
Schneckenkorn 1.0

Trepid Client

www.securiteam.com:
WebSEAL Vulnerable to a DoS Attack (%2E). Read more

www.securiteam.com:
SMC Barricade's Dodgy "DMZ" Feature. Read more

www.securiteam.com:
EFTP Directory Content Disclosure. Read more

www.securiteam.com:
Local DoS in Solaris 8 (smcboot). Read more

www.securiteam.com:
IBM WebSphere Reveals System Administrator Password. Read more

www.securiteam.com:
klprfax_filter Symlink Vulnerability. Read more

www.securityfocus.com:
gpm local root vulnerability. Read more

www.securityfocus.com:
DeleGate Cross Site Scripting Vulnerability. Read more

packetderm.cotse.com:
Defacements/Server Compromise Some Companies Simply Don't Care. Read more

www.crn.com:
Nvidia Settles Dutch Hacker Case. Read more

news.bbc.co.uk:
Security overhaul for wireless networks. Read more

www.thesun.co.uk:
Microsoft in security scare. Read more

www.idg.net:
How to not recover from getting hacked. Read more

www.crn.com:
Reverse Firewall Stymies DDoS Attacks. Read more

www.auschron.com:
Brave New Web. Read more

www.oreillynet.com:
Open Sesame: The Art of Passwords. Read more

28 December 2001

New trojan(s):
NeuroticKat 1.2b

Phoenix II 1.80

www.securiteam.com:
Dangerous Information in CentraOne Log Files (Vendor Response). Read more

By Stefan Esser:
IE https certificate attack.
This morning i was googling through the web and found out that the issue is not that new for Microsoft.
If you compare http://www.acros.si/aspr/ASPR-1999-12-15-1-PUB.txt with my advisory at
http://security.e-matters.de/advisories/012001.html you can see that the same bug was reported 2(!) years ago to microsoft.
At that time (or better half a year later) Microsoft released the patches for that vulnerability that fixed the bug within IE 4.0 and the early versions of IE 5.0. The Microsoft Security Bulletin (MS00-039) clearly states that IE 5.01 SP1 and IE 5.5 are not vulnerable. That means, that one of the "security patches" that Microsoft released since that date reimplemented the bug and made all IEs vulnerable again.

security-protocols.com:
Grokster and possible trojan. Read more

www.xatrix.org:
Debian - DSA-095-1. Read more

vapid.dhs.org:
An account of Sawmill web log analyzer vulnerability discovery. Read more

rnmap.sourceforge.net:
Rnmap 0.6 is available. Read more

www.nl.vergenet.net:
Perdition: Mail Retrieval Proxy
Perdition is allows users to connect to a content-free POP3 or IMAP4 server that will redirect them to their real POP3 or IMAP4 server. This enables mail retrieval for a domain to be split across multiple backend servers on a per user basis. This can also be used to as a POP3 or IMAP4 proxy especially in firewall applications. Read more

kerneltrap.com:
Linux Kernel Hacker Interview: Dave Jones. Read more

One of the TASC web sites was compromised and defaced by Crookies, and gave a birthday greeting to EvilByte.
This defacement is ironic due to TASC's security group and consulting.
TASC
Mirror

www.latimes.com:
XP 'Patch' Leaves Door Wide Open. Read more

www.zdnet.com:
Microsoft: Piecemeal patchwork for IE. Read more

grc.com:
The FBI has Strongly Recommended that All Users Immediately Disable Windows' Universal Plug n' Play Support. Read more

www.internetnews.com:
Privacy Expert Roots Out True Origin of "XP Flaw". Read more

www.theinquirer.net:
SQL Server hit by big bad security holes. Read more

www.wired.com:
Why Worm Writers Stay Free. Read more

www.crn.com:
CA: E-Mail Method Of Choice For Virus Writers In 2001. Read more

rtnews.globetechnology.com:
Viruses expected to proliferate. Read more

www.nj.com:
Judge rules computer information can be used at reputed mobster's trial. Read more

www.securityfocus.com:
The Littlest Security Pro. Read more

news.bbc.co.uk:
Security by remote control. Read more

www.freep.com:
INFORMATION NETWORK: Cops abuse database, 3 privacy suits say. Read more

dailynews.yahoo.com:
And the Password Is . . . Waterloo. Read more

27 December 2001

New trojan(s):
Clandestine 3.0

Nethief 2.7

www.securiteam.com:
Serious Security Flaw in Citrix Client. Read more

www.securiteam.com:
Caramail Cross-Site Scripting Vulnerability. Read more

www.securiteam.com:
QwikAd Allows Malicious SQL Code Injection. Read more

www.securiteam.com:
Linux Package Default UID (573). Read more

www.securiteam.com:
PFinger Format String Vulnerability. Read more

www.securiteam.com:
AdStreamer Allows Execution of Arbitrary Commands. Read more

www.securiteam.com:
Perdition/Vanessa_logger Format String Vulnerability. Read more

www.linuxsecurity.com:
Authentication Gateway HOWTO. Read more

www.reuters.co.uk:
Stand by for more nasty Web attacks in 2002. Read more

www.guardcentral.com:
New European Worm, W32/Sheer.A@mm, Makes a Christmas Debut. Read more

www.nikkeibp.asiabiztech.com:
Nimda-Class Virus May Strike IE Users; Patch Must be Applied Immediately. Read more

www.computeruser.com:
Zoher worm gives unwelcome Christmas PC present. Read more

www.computeruser.com:
Microsoft browser slips up on SSL certificates - report. Read more

www.internetnews.com:
Privacy Expert Roots Out True Origin of "XP Flaw". Read more

scripts.ireland.com:
Windows XP proves vulnerable to hackers. Read more

www.zdnet.com:
Gartner: XP's 'plug and prey' hole. Read more

www.infoworld.com:
Microsoft issues SQL Server security warning. Read more

www.onlamp.com:
Snort 'n Dragon. Read more

26 December 2001

New trojan(s):
Glacier 6.0

DS Web Downloader 1.01

www.securiteam.com:
Best Practices for Secure Development. Read more

www.securiteam.com:
Atmel SNMP Non Public Community String DoS Vulnerability. Read more

www.securiteam.com:
Apache's mod_bf Vulnerable to a Buffer Overflow and DoS. Read more

www.securityfocus.com:
Les VanBrunt AdRotate Pro SQL Injection Vulnerability. Read more

www.indiaexpress.com:
Pak cyber terrorism ‘injures’ 20 Indian web sites. Read more

www.ananova.com:
2001 a year of worms, Trojans and viruses. Read more

www.smh.com.au:
Year the worm turned nasty with viruses rampaging on the Internet. Read more

www.securityfocus.com:
How the Grinch Stole Keystrokes. Read more

www.computeruser.com:
CERT warns of deadly security hole in Internet Explorer. Read more

www.guardian.co.uk:
Windows XP fails to shake off hacker attacks. Read more

www.computeruser.com:
Trail of zombie servers leads to online payment firm. Read more

www.bangkokpost.com:
Hacker wake up call works well for Thai Net provider. Read more

abcnews.go.com:
'Zacker' Worm E-mails Holiday Mayhem. Read more

inq.philly.com:
N. J. school behind new hacking law. Read more

www.computeruser.com:
Bill strengthens Internet criminal sentencing. Read more

dailynews.yahoo.com:
Trying to Keep Young Internet Users From a Life of Piracy. Read more

25 December 2001

New trojan(s):
Laocoon 1.0

www.securiteam.com:
D-Link DWL-1000AP can be Compromised Due to Insecure SNMP Configuration. Read more

www.securiteam.com:
Buffer Overflow Vulnerability in Oracle's "Unbreakable" 9iAS. Read more

www.securiteam.com:
SQL Server Text Formatting Functions Suffer from Buffer Overflows. Read more

www.securiteam.com:
Internet Explore HTTPS Certificate Attack. Read more

www.securiteam.com:
PGP Plugin for Outlook Can Send Unencrypted Messages. Read more

www.securiteam.com:
Multiple Overflow and Format String Vulnerabilities in Microsoft SQL Server. Read more

www.securiteam.com:
UPNP - Multiple Remote Windows XP/ME/98 Vulnerabilities. Read more

www.securiteam.com:
Webmin view_man.cgi Security Vulnerability. Read more

www.securiteam.com:
Plesk (PSA) Allows Reading of .PHP Files. Read more

www.blackhat.com:
Black Hat Windows Security Briefings and Training 2002. Read more

www.raid-symposium.org:
RAID 2002
Fifth International Symposium on Recent Advances in Intrusion Detection. Read more

www.hackinthebox.org:
The State of The Hack Awards #7. Read more

www.egghelp.org:
Information on eggdrop bots, shell accounts. Read more

canberra.yourguide.com.au:
Cybercrime fight hampered. Read more

houston.bcentral.com:
Winning viral war requires the right weapons, training. Read more

www.computerworld.com:
Linux in 2002: More security, high-end computing. Read more

www.inq7.net:
Hacker targets Globe website. Read more

news.ninemsn.com.au:
Unauthorised intrusion to Optus internet network. Read more

www.siliconvalley.com:
Security consultant finds plent of holes to plug. Read more

www.thestar.com:
Thank `hacker' for fixing XP flaw. Read more

www.reuters.com:
FBI Computer Security Arm Warns of Windows XP Holes. Read more

www.infowarrior.org:
Who Needs Hackers? We've Got Microsoft! Read more

24 December 2001

New trojan(s):
G-Spot Tight 1.0

Duddie 3.1b

security.e-matters.de:
IE https certificate attack. Read more

www.twlc.net:
twlc advisory: plesk (psa) allows reading of .php files (0 day). Read more

quote.bloomberg.com:
Microsoft's Culp: Windows XP Security Flaw & Fix Offer. Read more

www.computeruser.com:
Severe security hole discovered in Microsoft XP. Read more

www.chicagotribune.com:
How hackers can exploit Microsoft flaw. Read more

www.idg.net:
Microsoft Improves Security Plans. Read more

www.infoworld.com:
Time to come clean. Read more

www.computeruser.com:
Cybersecurity think tank formed in NJ. Read more

www.nzherald.co.nz:
Stranger danger lurks in chatroom meetings. Read more

www.idg.net:
Companies look to 'vaccinate' weary users against spam deluge. Read more

www.idg.net:
E-Mail Tops Company's Wireless Wish Lists. Read more

23 December 2001

New trojan(s):
Optix Lite 0.4

Nerte 7.7.1

chocobospore.org:
Mognet is a free, open source wireless ethernet sniffer/analyzer written in Java. Read more

www.pbs.org:
Interview: Chris Davis
A security consultant and ex-hacker from Ottawa, Davis tracked down Curador, an 18-year old hacker from South Wales who in 2000 stole an estimated 26,000 credit card numbers from e-commerce web sites and posted them online. Read more

www.securiteam.com:
ATPHTTPd Buffer Overflow Exploit Code. Read more

www.securityfocus.com:
Microsoft Windows C Runtime Library Format String Vulnerability. Read more

www.securityfocus.com:
Atmel SNMP public Community or Unknown OID Denial of Service Vulnerability. Read more

www.securityfocus.com:
Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability. Read more

www.securityfocus.com:
Microsoft SQL-Server Buffer Overflow Vulnerability. Read more

www.securiteam.com:
Dangerous Information Recorded in CentraOne Log Files. Read more

www.securiteam.com:
MSIE May Download and Run Programs Automatically. Read more

www.securiteam.com:
Windows FTP "Network Place" Exposes Saved Passwords. Read more

www.securiteam.com:
Hot Key Permissions Bypass under Windows XP. Read more

www.securiteam.com:
ASPSession ID's Vulnerability. Read more

www.securiteam.com:
WMCube-GDK Yields KMEM Security Privileges. Read more

www.securiteam.com:
HP-UX Setuid RLPDaemon Illicit File Writes. Read more

POPAuth Symlink Problem Allows Creation of a Setuid Shell. Read more

www.securiteam.com:
Agoracgi Cross-Site Scripting Vulnerability. Read more

www.securiteam.com:
Glibc Globing Issues (~AAA{ Trick). Read more

www.securiteam.com:
PHPNuke module.php Vulnerability and PHP error_reporting Issue. Read more

www.theregister.co.uk:
Who needs hackers when we've got MS? Read more

quote.bloomberg.com:
FBI Urges Windows XP Users Take Extra Precautions (Update1). Read more

seattletimes.nwsource.com:
FBI urges extra hacker protection for XP. Read more

www.theregister.co.uk:
Feds grill MS on Windows security. Read more

i-want-a-website.com:
Microsoft Discloses Huge Security Hole. Read more

www.theregister.co.uk:
US to yank Kevin Mitnick's radio license. Read more

www.linuxsecurity.com:
Letter to Santa from a Security Administrator. Read more

www.2600.com:
2600 WINS FORD LAWSUIT - RIGHT TO LINK UPHELD. Read more

22 December 2001

New trojan(s):
Ghost 2.3 by Lame_joker

freedumb and Phr0stic assured me they have not made the dropper in this DS Web Downloader 1.0 .
Their DS Web Downloader 1.0 without Dropper.

www.securityfocus.com:
Microsoft Universal Plug and Play Simple Service Discovery Protocol Denial of Service Vulnerability. Read more

www.securityfocus.com:
Microsoft UPnP NOTIFY Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
Microsoft IE Same Origin Policy Violation Vulnerability. Read more

www.xatrix.org:
Microsoft-MS01-059-Multiple remote Windows XP/ME/98 Vulnerabilities. Read more

linuxtoday.com:
Red Hat Security Advisory: Updated Mailman packages available. Read more

www.pcworld.com:
File-Killing Shoho Worm Reported. Read more

www.idg.net:
Shoho worm adds, deletes files. Read more

www.zdnet.com:
Shoho outbreak--New worm, old tricks. Read more

www.washtech.com:
FBI Advises Windows XP Users on Measures to Block Hackers. Read more

www.timesofindia.com:
FBI asks XP users to take more security steps. Read more

www.reuters.co.uk:
Microsoft admits XP security hole. Read more

www.infoworld.com:
XP security glitch draws criticism. Read more

www3.gartner.com:
Windows XP Security Hole Lets Attackers 'Plug and Prey'. Read more

www.silicon.com:
Microsoft owns up to massive XP security hole. Read more

www4.gartner.com:
Deploy XP With Usual Precautions, Despite Security Flaw. Read more

www.reuters.co.uk:
Attack of the computer zombies. Read more

timesofindia.indiatimes.com:
Hack turned computers into waiting zombies. Read more

www.internetnews.com:
New Security Breach Threatens Net. Read more

news.bbc.co.uk:
Hacker boys from Brazil. Read more

quote.bloomberg.com:
Oracle Reports Flaws After Calling Its Software `Unbreakable'. Read more

www.theage.com.au:
Cyber terror law condemned. Read more

21 December 2001

New trojan(s):
Optix Lite 0.3

Winshell 3.0

Microsoft Security Bulletin MS01-059
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise. Read more

Microsoft Security Bulletin MS01-060
SQL Server Text Formatting Functions Contain Unchecked Buffers. Read more

CERT® Advisory CA-2001-37
Overflow in UPnP Service On Microsoft Windows. Read more

www.eeye.com:
Major Vulnerabilities in Default Installations of Windows XP and Certain Installations of Windows ME and 98. Read more

Internet Security Systems Security Alert
Multiple Vulnerabilities in Universal Plug and Play Service. Read more

www.securiteam.com:
Novell GroupWise Servlet Gateway Default Username and Password. Read more

www.securiteam.com:
Netware Web Server Sample Page Source Disclosure. Read more

www.securiteam.com:
Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, and Site Spoofing Bug. Read more

www.securiteam.com:
Aktivate Shopping System Cross-Site Scripting Vulnerability. Read more

www.securiteam.com:
Exim Recipient Decoding Execution. Read more

www.securiteam.com:
Linux Distributions are Vulnerable to the /bin/login Overflow. Read more

www.securityfocus.com:
OpenSSH Local root exploit if UseLogin option enabled. Read more

www.securityfocus.com:
Aktivate Shopping Cart Cross-Site Scripting Vulnerability. Read more

www.securityfocus.com:
Zyxel Prestige SDSL Router IP Fragment Reassembly Vulnerability. Read more

www.securityfocus.com:
Webmin Directory Traversal Vulnerability. Read more

www.securityfocus.com:
WMCube/GDK Object File Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
xSANE Insecure Temporary File Creation Vulnerability. Read more

www.securityfocus.com:
Agora.CGI Cross-Site Scripting Vulnerability. Read more

www.securityfocus.com:
Microsoft Windows XP Unauthorized Hotkey Program Execution Vulnerability. Read more

linuxtoday.com:
Mandrake Linux Security Update Advisory: glibc update. Read more

linuxtoday.com:
Trustix Secure Linux Advisor: glibc. Read more

www.thetimes.co.uk:
Windows XP has serious flaw. Read more

news.bbc.co.uk:
Fix your Windows, says Microsoft. Read more

www.zdnet.com:
Microsoft plugs XP security hole. Read more

newsfind.com:
Micrsoft Admits XP Security Flaw. Read more

www.ireland.com:
Windows XP proves vulnerable to hackers. Read more

www.crn.com:
CRN Test Center Examines Security Hole Found In Windows XP. Read more

www.theregister.co.uk:
MS warns of severe universal plug & play security hole. Read more

www.siliconvalley.com:
Microsoft, Oracle security flaws found. Read more

chicagotribune.com:
Buffer Overflows Computer Security. Read more

www.it.mycareer.com.au:
New computer virus brings festive misery. Read more

www.guardcentral.com:
Christmas e-mail greetings, the perfect disguise for a virus. Read more

enterprisesecurity.symantec.com:
Spy Software Helps FBI Crack Encrypted Email. Read more

chicagotribune.com:
Smart logs make it tough for hackers to cover their tracks. Read more

www.usdoj.gov:
Man Sentenced for Unauthorized Access into Computer Systems of Connecticut Consulting Firm. Read more

www.newsbytes.com:
Intruder Breaks Into Optus' Australian Network. Read more

www.azcentral.com:
Hacker gets to Tempe credit card processor. Read more

www.theregister.co.uk:
Porno paymaster CCBill hacked hard. Read more

www.theregister.co.uk:
The crime of distributed computing. Read more

www.zdnet.com:
Sklyarov stands by boss in DMCA case. Read more

allafrica.com:
Information Systems Security. Read more

www.zdnet.com:
Linux developer hit by Microsoft suit. Read more

www.sfgate.com:
Small calculation is big victory for quantum computing. Read more

20 December 2001

New trojan(s):
Clandestine 2.0

CyberSpy FTP

CERT® Advisory CA-2001-36
Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers. Read more

www.securiteam.com:
Magic Enterprise Multiple Vulnerabilities. Read more

www.securiteam.com:
Zyxel Prestige 681 and 1600 Remote DoS. Read more

www.securiteam.com:
Windows XP Security Concerns (Fast Switch, Password Reset, Remote Desktop). Read more

www.securiteam.com:
Internet Explorer 6 Allows Local File Reading (XMLHTTP). Read more

www.securiteam.com:
FtpXQ Default Install Read/Write Capabilities. Read more

www.securiteam.com:
Trust Issues with RH and Debian Package Managers. Read more

www.securiteam.com:
ProFTPD File Globbing Problems (////.../). Read more

www.securityfocus.com:
WMCube/GDK Object File Buffer Overflow Vulnerability. Read more

www.zdnet.com:
'Happy New Year' worm hits Windows. Read more

www.timesofindia.com:
Virus could render a very unhappy New Year. Read more

www.cmpnetasia.com:
Christmas virus makes the rounds. Read more

europe.cnn.com:
'Reeezak' worm offers holiday jeers. Read more

www.zdnet.com:
Worm piggybacks on holiday cheer. Read more

cryptome.org:
DIRT-Magic Lantern Firm Barred from Gov Work. Read more

www.theregister.co.uk:
FBI surveillance bonanza in BadTrans.B worm. Read more

www.cnn.com:
Fight against child abuse goes high-tech. Read more

news.cnet.com:
Sklyarov backs employer despite U.S. deal. Read more

www.cmpnetasia.com:
Unique viruses in China. Read more

www.siliconvalley.com:
RSA announces fix for wireless network security hole. Read more

www.idg.net:
Disk drives from World Trade Center could yield clues. Read more

www.zdnet.com:
Want better workplace security? Just use some common sense! Read more

www.zwire.com:
Schools form institute to stop hackers. Read more

www.boston.com:
Conn. hacker indicted in attacks on San Diego auto site. Read more

news.com.au:
Optus internet hacked. Read more

www.zdnet.com:
Warez groups wracked by FBI raids. Read more

www.ananova.com:
Microsoft issues security browser patches. Read more

www.zdnet.com:
Australia pushes for e-mail interception. Read more

www.zdnet.com:
Windows XP: Hot or not? Read more

www.securityfocus.com:
Is Distributed Computing A Crime? Read more

www.wired.com:
Steganography, Next Generation. Read more

news.cnet.com:
IBM's quantum baby step. Read more

www.wired.com:
Big Blue Takes Quantum Step. Read more

19 December 2001

New trojan(s):
DS Web Downloader 1.0

www.securityfocus.com:
Social Engineering Fundamentals, Part I: Hacker Tactics. Read more

www.securiteam.com:
Windows 2000 IKE DoS Exploit Code. Read more

linuxtoday.com:
Mandrake Linux Security Update Advisory: kerberos update. Read more

www.securityfocus.com:
Novell Groupwise Servlet Gateway Default Authentication Vulnerability. Read more

www.securityfocus.com:
Zyxel Prestige SDSL Router IP Packet Length Remote Denial Of Service Vulnerability. Read more

www.securiteam.com:
Analysis of Microsoft SQL Server 2000 Stored Procedure Encryption. Read more

www.securiteam.com:
NoHTML Built-in Outlook 2002 Feature Protects Against Malicious Code. Read more

www.securiteam.com:
SpiDynamics WebInspect Keeps Track of Its Users (Trial License). Read more

www.securiteam.com:
Hosting.com Cross-Site Scripting Vulnerability. Read more

www.securiteam.com:
"UNIX Manual" PHP-Script Allows Arbitrary Code Execution. Read more

www.theinquirer.net:
Al Qaeda infiltrates Microsoft, hacks Windows XP. Read more

www.wininformant.com:
Tales of the Bizarre: Al Qaeda Allegedly Hacked Microsoft. Read more

www3.gartner.com:
Patch Security Holes but Demand Better Security From Vendors. Read more

www.newsfactor.com:
Government Internet Snooping: Out of Control? Read more

seattletimes.nwsource.com:
FBI software program records each keystroke. Read more

www.dailyrotten.com:
FBI wants access to worm's pilfered data. Read more

news.bbc.co.uk:
Warning of malicious e-cards. Read more

news.com.au:
Optus internet hacked. Read more

news.com.au:
Watch for hackers, parents warned. Read more

www.theregister.co.uk:
A plague on all our networks. Read more

www.vnunet.com:
Sircam worms its way to number one. Read more

www.bergen.com:
Brain trust taking aim at hackers. Read more

thestar.com.my:
Hacking ‘reflects Malaysia as a laggard’. Read more

www.theregister.co.uk:
RSA supplies answer to drive-by hacking? Read more

www.denverpost.com:
Judge lets Interior reconnect its websites. Read more

www.silicon.com:
Fight against fraud gets teeth. Read more

cgi.usatoday.com:
While last-minute shopping online, keep security in mind. Read more

www.businessweek.com:
Visa's New Online Security Blanket. Read more

18 December 2001

New trojan(s):
G-Spot Tight 1.5

www.securityfocus.com:
FreeBSD-SA-01:68: xsane port uses insecure temporary file handling. Read more

www.securiteam.com:
OpenSSH UseLogin Bug Proof of Concept Exploit. Read more

linuxtoday.com:
Engarde Secure Linux: 'glibc' globbing buffer overflow. Read more

www.xatrix.org:
Microsoft Internet Explorer 6 can read local files. Read more

www.newsbytes.com:
Suspect Claims Al Qaeda Hacked Microsoft - Expert. Read more

www.internetweek.com:
Latest Hacker Target: Routers. Read more

www.cnn.com:
CERT: Plug Secure Shell holes before holidays. Read more

www.silicon.com:
Hackers looking forward to a merry Christmas. Read more

www.idg.net:
Microsoft Design to Blame for Virus Load. Read more

www.pcworld.com:
Is Linux Immune to E-Mail Viruses? Read more

www.vnunet.com:
BugWatch: Magic Lantern - not magic and not very bright. Read more

www.silicon.com:
Vendors bare souls, discuss vulnerabilities. Read more

phoenix.bcentral.com:
Company survival at risk without computer security. Read more

www.govexec.com:
Defense inks deal to train more cybercrime fighters. Read more

www.vnunet.com:
Saint emerges as hacker tackler. Read more

baltimore.bcentral.com:
Beware of theft when shopping on the Web. Read more

www.sunspot.net:
Cracking the code. Read more

www.nzherald.co.nz:
Wheels turning with secret keys. Read more

www.latimes.com:
Copy-Protected CD to Be Released. Read more

17 December 2001

New trojan(s):
Little Witch 5.0 Client

Little Witch 4.5 Server

Leszcz 5.50

www.enderunix.org:
BUFFER OVERFLOWS DEMYSTIFIED. Read more

www.securityfocus.com:
Microsoft Internet Explorer Remote File Viewing Vulnerability. Read more

www.securityfocus.com:
Zyxel Prestige SDSL Router Remote Denial Of Service Vulnerability. Read more

www.securiteam.com:
Red Faction Server/Client DoS (UDP 7755). Read more

www.securiteam.com:
File Locking and Security (Group Policy DoS on Windows 2000 Domains). Read more

www.xatrix.org:
Red Hat - RHSA-2001:160-09. Read more

www.linuxsecurity.com:
Understanding Rootkits. Read more

www.thetimes.co.uk:
Rob Rosenberger is on a crusade against the mass hysteria he says is regularly whipped up by anti-virus companies. Read more

www.idgnet.co.nz:
Christmas greetings by e-mail, the perfect disguise for a virus. Read more

www.computeruser.com:
Cisco release of Goner worm raises eyebrows. Read more

cryptome.org:
The MS DRM Patent and Freedom to Speak and Think. Read more

www.computeruser.com:
Windows XP down and dirty. Read more

www.idg.net:
Microsoft top security officer expected to join U.S. cybersecurity team. Read more

www.zawya.com:
Shanghai hails success of new cyber crime task force. Read more

news.bbc.co.uk:
Paving the way for 'uncrackable' codes. Read more

16 December 2001

New trojan(s):
Theef 1.35

RTB 666 1.65

www.pbs.org:
Interview: Curador is a 18-year old hacker from rural Wales who in the winter of 2000 stole an estimated 26,000 credit cards numbers from a group of e-commerce web sites and posted the numbers on the web. Read more

www.securityfocus.com:
HTML2WML Scheme File Arbitrary Access Vulnerability. Read more

www.securityfocus.com:
IBM WebSphere JSP Root Password Disclosure Vulnerability. Read more

www.securityfocus.com:
EFTP Directory Traversal Vulnerability. Read more

www.securiteam.com:
Axis Network Camera Requires No Authentication to Access Sensitive Information. Read more

www.securiteam.com:
Another IE Denial of Service Attack (Box Value). Read more

www.securiteam.com:
APMd Vulnerable to Symlink Attack (RedHat). Read more

www.securiteam.com:
LDAP Authentication Brute Forcing. Read more

www.securiteam.com:
MHW, Macintosh Hacker's Workshop. Read more

www.vnunet.com:
DoS attacks could soon meet their match. Read more

www.theregister.co.uk:
IDS users swamped with false alerts. Read more

www.nandotimes.com:
Russian encryption hacker will testify to avoid prosecution. Read more

www.vnunet.com:
Dmitri deal is struck. Read more

www.vnunet.com:
Hackers blinded by the light. Read more

www.eweek.com:
5 Steps to Enterprise Security. Read more

www.federaltimes.com:
Agencies In Market To Block Hackers. Read more

15 December 2001

New trojan:
NeuroticKat 1.2

www.securiteam.com:
Mail Essentials Reveals Identity of First BCC Recipient. Read more

www.securiteam.com:
"Spammers Delights" (Mailto.exe). Read more

www.securiteam.com:
IE Denial of Service (Bad IMG Tag). Read more

www.securiteam.com:
Ettercap Local Root Exploit. Read more

www.securiteam.com:
OpenSSH UseLogin Directive Vulnerability Leads to Remote Root Compromise. Read more

www.securiteam.com:
CSVForm (Perl CGI) Remote Execution Vulnerability. Read more

linuxtoday.com:
Caldera Security Advisory: Linux - Local vulerability in OpenSSH. Read more

www.thestar.com:
`Microsoft ignored our warning'. Read more

www.zdnet.com:
Poetic Goker disables antivirus protection. Read more

www.newsfactor.com:
Antivirus Protection Under Fire from Latest Worms. Read more

www.theregister.co.uk:
MS releases mother of all IE security patches. Read more

www.theregister.co.uk:
Microsoft, terrorism, and computer security. Read more

www.securityfocus.com:
Bill Would Toughen Cybercrime Penalties. Read more

www.theregister.co.uk:
White House CyberSecurity ignores bad (MS) software. Read more

www.hackinthebox.org:
Master hackers can be crime busters too. Read more

www.nandotimes.com:
Security hole leaves some Unix servers wide open. Read more

www.law.com:
Anatomy of a Virus. Read more

www.ananova.com:
Scientists hope diode discovery will frustrate hackers. Read more

14 December 2001

New trojan:
G-Spot 2.0 by J3NtiL and xMs

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.
Ettercap 0.6.3.1 RELEASED. Read more

www.securiteam.com:
Microsoft IIS/5.0 Content-Length DoS Exploit Code. Read more

www.securiteam.com:
Lucent ORiNOCO Registry Decryption. Read more

www.securityfocus.com:
Kebi WebMail Unauthenticated Administration Vulnerability. Read more

www.securityfocus.com:
XTerm Title Bar Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
Lotus Domino bad URL database Denial of Service Vulnerability. Read more

www.securityfocus.com:
GFI Mail Essentials BCC Information Disclosure Vulnerability. Read more

www.securiteam.com:
Cross-Frame Security Zone Spoofing in Internet Explorer Using the 'About' Protocol. Read more

www.securiteam.com:
Vulnerabilities in PGPMail.pl Lead to Remote Code Execution. Read more

www.securiteam.com:
Hardlink Vulnerability in 'script' Command. Read more

CERT® Advisory CA-2001-35
Recent Activity Against Secure Shell Daemons. Read more

news.cnet.com:
E-mail worm Gokar spreading. Read more

www.zdnet.com:
Sweet-talking worm overcomes defenses. Read more

www.computeruser.com:
Antivirus firms warn about Gokar self-disguising worm. Read more

www.infoworld.com:
IE hole can become a 'back door' for hackers. Read more

www.computing.vnunet.com:
Small bug found in IE - not many dead. Read more

www.computing.vnunet.com:
French hacker uncovers email holes. Read more

www.computing.vnunet.com:
Sun logs in buffer vulnerability. Read more

news.com.au:
Yahoo coy on security breach. Read more

news.cnet.com:
IBM, Sun scramble to fix security hole. Read more

www.zdnet.com:
Scary Solaris, AIX hole unearthed. Read more

cultdeadcow.com:
THE CULT OF THE DEAD COW OFFERS A HELPING HAND IN AMERICA'S TIME OF NEED. Read more

www.cnn.com:
FBI confirms 'Magic Lantern' spy project. Read more

www.eff.org:
Government Agrees to Defer Prosecution of Dmitry Sklyarov. Read more

news.cnet.com:
U.S. to free Russian hacker on testimony. Read more

www.wired.com:
Russian Hacker Charges Dropped. Read more

www.theregister.co.uk:
Microsoft Hotmail still runs on U**x. Read more

www.cnn.com:
Hacker posts nudity on Mandela Web site. Read more

news.24.com:
Mandela fund website hacked. Read more

www.newsday.com:
Slamming Windows Shut on Hackers. Read more

www.eetimes.com:
U.S. moves to tighten network security. Read more

www.wired.com:
Cerf Disses Bush's Patch Plan. Read more

www.varbusiness.com:
Concern Over Cyber Security Grows, But Online Behavior Remains the Same. Read more

Amnesty International Defaced.
On December 8, a group known as "BL4F" compromised and defaced the Amnesty International (www.amnesty.org) web page. The message put up questions United States activity in Afghanistan as well as those who compare hackers to terrorists. Mirror URL

www.theregister.co.uk:
MS rolls out security obscurity bribe program. Read more

13 December 2001

New trojan:
Asylum 0.1.4

CERT® Advisory CA-2001-34
Buffer Overflow in System V Derived Login. Read more

www.securityfocus.com:
Microsoft IIS False Content-Length Field DoS Vulnerability. Read more

www.securityfocus.com:
CSVForm Remote Arbitrary Command Execution Vulnerability. Read more

www.securityfocus.com:
Denicomp Winsock RSHD/NT Standard Error Denial of Service Vulnerability. Read more

www.securiteam.com:
Flawed Outbound Packet Filtering in Various Personal Firewalls. Read more

www.securiteam.com:
IPRoute Fragmentation Denial of Service Vulnerability. Read more

www.securiteam.com:
Microsoft IIS/5 Bogus Content-Length Memory Bug. Read more

www.securiteam.com:
Winsock RSHD/NT DoS. Read more

www.securiteam.com:
Buffer Overflow in /bin/login. Read more

www.securiteam.com:
Large Form Text Fields in konqueror Causes X to Crash (DoS). Read more

www.securiteam.com:
LSF Contains Multiple Security Vulnerabilities. Read more

reuters.com:
FBI Confirms 'Magic Lantern' Project Exists. Read more

www.computing.vnunet.com:
Infamous hacker group helps the Feds. Read more

www.computing.vnunet.com:
FBI Trojan goes underground. Read more

www.nma.co.uk:
The Web: Security through Obscurity. Read more

reuters.com:
Solaris, AIX Hole Said to Leave Computers Wide Open. Read more

sns.chicagotribune.com:
Internet Founder Warns on Security. Read more

www.reuters.co.uk:
Microsoft slams Oracle claim on not using Windows. Read more

www.softwarewire.com:
Computer Virus Spread Due to Lack of Education. Read more

www.bday.co.za:
Smarter hacker a threat. Read more

www.linuxdevices.com:
Hacking the TCSX-1 for fun and profit. Read more

www.codecon.org:
CodeCon 2002 CFP is the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community. Read more

www.businessweek.com:
Is Open-Source Security Software Safe? Read more

www.computing.vnunet.com:
Blind man's buff. Read more

www3.gartner.com:
Tax Breaks for Internet Security Will Increase Vulnerabilities. Read more

www.usdoj.gov:
FEDERAL LAW ENFORCEMENT TARGETS INTERNATIONAL INTERNET PIRACY SYNDICATES. Read more

www.idg.net:
UPDATE - Raids crack down on pirated software. Read more

www.newsbytes.com:
Lawmaker: Net Security Bill Will Pass This Year. Read more

www.zdnet.com:
Feds: Warez crackdown's just begun. Read more

timesofindia.indiatimes.com:
'Goner' suspects under house arrest in Israel. Read more

enquirer.com:
Identity thieves make messes of victims' lives. Read more

www.zdnet.com:
Oracle paints a bull's-eye for hackers. Read more

www.zdnet.com:
Hackers, programmers tear apart Xbox. Read more

news.cnet.com:
Hackers, programmers "improve" Xbox. Read more

12 December 2001

New trojan:
Nerte 7.7

www.securiteam.com:
Race Condition in FreeBSD AIO Implementation. Read more

www.securiteam.com:
Microsoft Outlook Express 6 "E-mail Attachment Security" Flawed. Read more

www.securiteam.com:
Weak Encryption in Pathways Homecare. Read more

www.securiteam.com:
UDP DoS Attack on Windows 2000 IKE. Read more

www.securiteam.com:
Lotus Domino Web Server DoS Vulnerability (DB Lock). Read more

www.securiteam.com:
Workaround Addresses JRun Server SSIFilter Security Issue. Read more

www.securiteam.com:
NSI RWhoisd Remote Format String Vulnerability. Read more

www.reuters.co.uk:
Antivirus Firms Say They Won't Create FBI Loophole. Read more

www.zdnet.com:
Antivirus firms: FBI loophole is out of line. Read more

www.securityfocus.com:
Memo to Oracle: Nothing is 'Unbreakable'. Read more

www.ciac.org:
IRIX NEdit Vulnerability. Read more

www.cisco.com:
Cisco IOS ARP Table Overwrite Vulnerability. Read more

stage.caldera.com:
OpenServer: setcontext and sysi86 vulnerabilities. Read more

stage.caldera.com:
Open UNIX, UnixWare 7: timed does not enforce nulls. Read more

www.computeruser.com:
Microsoft to plug devastating browser download hole. Read more

www.bangkokpost.com:
Viruses are a symptom of change. Read more

www.eweek.com:
GAO Site Hackers Were Protesting Afghan War. Read more

www.computeruser.com:
Anti-India hackers turn attacks on U.S. systems. Read more

www.thestar.com:
MD, patient privacy may be at risk. Read more

www.zdnet.com:
Web makes ICQ mobile. Read more

www.lasvegassun.com:
Cybercrime in Clark County is growing problem, say experts. Read more

www.osopinion.com:
The True Online Security Story. Read more

www.newsbytes.com:
Consumers Concerned About Internet Security - Poll. Read more

www.nwc.com:
Fireproofing Against DoS Attacks. Read more

www.computeruser.com:
'Multi-billion dollar’ net software piracy ring busted. Read more

www.reuters.co.uk:
Police arrest six in global cyberpiracy probe. Read more

www.computeruser.com:
Senators to quiz government, Microsoft on settlement. Read more

www.computeruser.com:
Eye in the sky will track California parolees. Read more

11 December 2001

New trojan:
Mini-Gift 0.1

www.securityfocus.com:
Allaire JRun JSP Source Disclosure Vulnerability. Read more

www.securityfocus.com:
Allaire JRun Duplicate Session ID Vulnerability. Read more

www.securityfocus.com:
Allaire JRun 3.0 Directory Disclosure Vulnerability. Read more

www.securiteam.com:
OpenBSD Local DoS (Bad Syscalls Releases). Read more

www.securiteam.com:
UUCP Family Exploit (uucp / uuparams / uuname). Read more

linux.oreillynet.com:
New Vulnerability in OpenSSH. Read more

www.securiteam.com:
CFEXECUTE Tag Security Vulnerability in ColdFusion. Read more

www.securiteam.com:
Kebi Webmail Solution Security Vulnerability. Read more

www.securiteam.com:
Runas Vulnerable to Format String Attack. Read more

www.securiteam.com:
PHPNuke Vulnerable to Cross Site Scripting. Read more

www.vnunet.com:
Linux supporter challenges virus claim. Read more

www.vnunet.com:
DoS attacks defeat oldest IRC server. Read more

www.thestandard.com.au:
DoS attack cripples BigPond network. Read more

www.theglobeandmail.com:
Tests find medical files open to hackers. Read more

timesofindia.indiatimes.com:
The murky world of cyber-criminals. Read more

www.newsbytes.com:
Anti-India Hackers Turn Attacks on US Systems. Read more

www.eweek.com:
GAO Site Defaced by "Alqaeda" Hackers. Read more

www.pcworld.com
Bank Closes Web Security Hole. Read more

www.internetworld.com:
Would You Hire a Hacker? Read more

www.zdnet.com:
Oracle paints a bull's-eye for hackers. Read more

www.vnunet.com:
Cisco a Goner after email slip-up. Read more

www.vnunet.com:
Israeli teenagers behind Goner virus. Read more

www.computerworld.com:
Brief: Israeli youths admit to creating 'Goner' worm. Read more

timesofindia.indiatimes.com:
'Goner' suspects under house arrest in Israel. Read more

www.computeruser.com:
Chat volunteers block worm's channel of attack. Read more

www.computerworld.com:
No Magic Bullet. Read more

www.informationweek.com:
Relaxen Und Watchen Das Blinkenlights. Read more

www.osopinion.com:
The True Online Security Story. Read more

www.computerworld.com:
FBI streamlines operations. Read more

www.informationweek.com:
Not everyone wants the government involved in IT security. Read more

www.zdnet.com:
Federal government beefs up security. Read more

www.2600.com:
2600 IRC NETWORK RETURNS. Read more

www.informationweek.com:
MicronPC Boosts Security With Biometrics. Read more

www.zdnet.com:
Users find hole in PocketPC upgrade. Read more

www.zdnet.com:
Microsoft: Antitrust talks all aboveboard. Read more

www.eweek.com:
Microsoft Offers Settlement Changes. Read more

10 December 2001

New trojan:
Fragglerock 2.0 lite by Gobo.
Server has the option to become a worm spreading through Outlook to all contacts in the Windows Address Book (WAB)

www.securityfocus.com:
Lotus Domino bad URL database Denial of Service Vulnerability. Read more

www.securityfocus.com:
Kebi WebMail Unauthenticated Administration Vulnerability. Read more

security-protocols.com:
MS OWA Server Embedded Script Execution Vulnerability. Read more

www.securiteam.com:
Specially Malformed Script in HTML Mail Can Execute in Exchange 5.5 OWA. Read more

www.securiteam.com:
Goner/Pentagone Mass-Mailer Worm. Read more

www.securiteam.com:
Duplicate Session IDs Cause JRun Security Vulnerability (Hotfix). Read more

www.securiteam.com:
Buffer Overflow Found in Outlook Express for Macintosh. Read more

www.securiteam.com:
mIRC DDE Permissions Security Bug. Read more

www.linuxsecurity.com:
Fireproofing Against DoS Attacks. Read more

www.ireland.com:
Four Israeli’s arrested for creating computer virus. Read more

www.theregister.co.uk:
Israeli kids fess up to stupid worm attack. Read more

news.com.au:
Customs admit worm to network. Read more

www.guardcentral.com:
Computer viruses take turn for worse. Read more

www.wired.com:
Guess Who's Hacking to Dinner? Read more

www.siliconvalley.com:
Oracle's `unbreakable' boast attracting hackers. Read more

www.thetimes.co.uk:
Hackers 'siphoned off handouts from State'. Read more

www.theregister.co.uk:
Spam out, cookies tolerated, data retention remains: EU. Read more

www.guardcentral.com:
Feds To Draw 'Map' of Internet. Read more

www.theregister.co.uk:
Windows hack for Web-surfing privacy. Read more

www.theregister.co.uk:
Online bank fraudsters jailed for eight years. Read more

www.theregister.co.uk:
SMS phone crash exploit a risk for older Nokias. Read more

09 December 2001

New trojan:
Guptachar

www.pbs.org:
Interview: breaking into NASA's computers. Read more

www.anticrack.de:
Winzip Self-Extractor 2.1 - Tutorial. Read more

www.securityfocus.com:
Microsoft OWA Server Embedded Script Execution Vulnerability. Read more

www.securiteam.com:
November Changelog Madness. Read more

www.securiteam.com:
Axis Network Camera Default Password Vulnerability. Read more

www.securiteam.com:
AudioGalaxy Username and Password Saved in Cleartext. Read more

www.securiteam.com:
Multiple ValiCert Security Problems. Read more

www.securiteam.com:
Using public proxies to spoof user clicks on banners. Read more

www.securiteam.com:
ICQr Information - password, contact lists, and personal information recovery. Read more

www.securiteam.com:
libgtop_daemon Remote Format String and Buffer Overflow Vulnerabilities. Read more

www.securiteam.com:
Sendpage (Perl CGI) Remote Execution Vulnerability. Read more

security-protocols.com:
MS OWA Server Embedded Script Execution Vulnerability. Read more

security-protocols.com:
Another IE denial of service attack. Read more

www.windowsitsecurity.com:
Outlook Web Access Script Execution Vulnerability in Microsoft Exchange. Read more

www.guardcentral.com:
Teens say they created the computer worm Goner. Read more

www.nandotimes.com:
Israeli teens admit unleashing computer worm attack. Read more

www.hackinthebox.org:
Hackers 'siphoned off handouts from State'. Read more

www.guardcentral.com:
Compaq site exposes customer details. Read more

www.computeruser.com:
Antivirus vendors wary of FBI's magic lantern. Read more

www.computeruser.com:
IT's darkest hour. Read more

www.cnn.com:
States demand Microsoft restrictions. Read more

www.computeruser.com:
Governors outline how states would use homeland security funds. Read more

www.infoanarchy.org:
KaZaA Goes the Way of Napster. Read more

08 December 2001

New trojan:
Sensive 5.1

Karmaz 1.0

Microsoft Security Bulletin MS01-057(version 2.0)
Specially Formed Script in HTML Mail can Execute in Exchange 5.5 OWA. Read more

www.securityfocus.com:
Apache Possible Directory Index Disclosure Vulnerability. Read more

www.securityfocus.com:
SCO OpenServer lpstat Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
OpenSSH UseLogin Environment Variable Passing Vulnerability. Read more

www.securityfocus.com:
RHSA-2001:164-08: Updated secureweb packages available. Read more

www.computerworld.com:
Hacker explains recent exploits inside WorldCom network. Read more

www.informationweek.com:
Another Week, Another Outlook Flaw. Read more

www.computerworld.com:
Microsoft warns of another hole in Outlook Web Access. Read more

www.silicon.com:
1,000 patches per year. Read more

scripts.ireland.com:
Corporate secrets at mercy of hackers. Read more

www.it-director.com:
Linux lined up as virus target. Read more

www.guardcentral.com:
Past lessons limit 'Goner' worm's spread. Read more

rtnews.globetechnology.com:
Goner worm less costly than recent computer viruses. Read more

www.newsbytes.com:
Chat Volunteers Block Worm's Channel Of Attack. Read more

www.pcadvisor.co.uk:
Spam is can of worms. Read more

www.guardcentral.com:
Nevada Cyber Crime Task Force goes on line with forensics lab. Read more

www.siliconvalley.com:
Valley to make security pitch. Read more

www.businessweek.com:
A New Twist in Computer Security Tools. Read more

www.onlamp.com:
Procmail Basics. Read more

www.infoanarchy.org:
Anonymity under Windows. Read more

07 December 2001

New trojan:
Duddie 3.1

Penrox server

Microsoft Security Bulletin MS01-057
Specially Formed Script in HMTL Mail can Execute in Exchange 5.5 OWA. Read more

www.securityfocus.com:
Multiple CDE Vendor ToolTalk Database Server Format String Vulnerability. Read more

www.securityfocus.com:
Viralator CGI Input Validation Remote Shell Command Vulnerability. Read more

www.securityfocus.com:
Linux Ptrace/Setuid Exec Vulnerability. Read more

www.gcn.com:
Antivirus vendors are wary of FBI’s Magic Lantern. Read more

seattletimes.nwsource.com:
E-mail virus causes mess for Boeing computers. Read more

news.cnet.com:
Hacker had WorldCom in his hands. Read more

www.businessweek.com:
A New Twist in Computer Security Tools. Read more

www.newsbytes.com:
New Tool Defuses Attacks On Microsoft Outlook. Read more

www.nzherald.co.nz:
UK police bid to spy on calls, e-mails. Read more

www.wired.com:
'Goner' Today, and Forgotten. Read more

www.starnews.com:
'Friendly' worm infests area computer systems. Read more

www.infoworld.com:
Changing security landscape on view at InfoSecurity 2001. Read more

news.cnet.com:
FBI builds cybercrime division. Read more

www.miami.com:
House passes initiative to widen eavesdropping powers. Read more

seattlep-i.nwsource.com:
Security is a top Web issue, Bush aide says. Read more

www.newsfind.com:
EU Dispute Delays Data Protection Bill. Read more

www.newsforge.com:
Secured against disaster: Governments look to Linux to avoid viruses. Read more

msn.vnunet.com:
Linux lined up as virus target. Read more

www.eweek.com:
5 Steps to Enterprise Security - Step 4: Response. Read more

news.cnet.com:
Apple: Microsoft should pay $1 billion--cash. Read more

06 December 2001

New trojan:
Mantis 0.3

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
Snort 1.8.3 Bugfix release. Read more

www.securityfocus.com:
Icecast Server Slash File Name Denial Of Service Vulnerability. Read more

www.securityfocus.com:
Icecast Directory Traversal Vulnerability. Read more

www.securityfocus.com:
OpenBSD lpd Remote File Creation By Trusted Root User Vulnerability. Read more

security-protocols.com:
Small flaw in Outlook Express. Read more

security-protocols.com:
Many vulnerabilities in LSF 4.0. Read more

www.windowsitsecurity.com:
Disclosure Vulnerability in Allaire JRun for Microsoft Internet Information Server. Read more

sns.chicagotribune.com:
Worldcom Security Hole Risked Computers. Read more

www.newsbytes.com:
MCI Security Hole Put AOL, Others, In Hacker's Crosshairs. Read more

www.zdnet.com:
CERT: Hacker-tracking site attacked. Read more

www.zdnet.com:
Warning: We know what you're typing (and so does the FBI). Read more

www.nzherald.co.nz:
UK police bid to spy on calls, e-mails. Read more

www.securityfocus.com:
Lamo's Adventures in WorldCom. Read more

it.mycareer.com.au:
Worm turns into nightmare for computer users. Read more

rtnews.globetechnology.com:
Timing of virus worries experts. Read more

www.stuff.co.nz:
Worm not a goner yet. Read more

www.zdnet.com:
Goner: Social viruses still a threat. Read more

sns.chicagotribune.com:
'Goner' e-mail virus hits thousands of PCs. Read more

investor.cnet.com:
"Pentagone" virus tours Europe. Read more

www.nzherald.co.nz:
Hacker arrest prompts warning. Read more

www.idg.net:
Germany Privacy Trends Disturbing. Read more

www.eetimes.com:
U.S. unveils advanced encryption standard. Read more

www.theregister.co.uk:
Internet anonymity for Windows power users. Read more

05 December 2001

New trojan:
SmallBigBrother 0.2 beta 1

Sepro server

Win32/Badtrans.B Decryption Utility
A program which is able to decrypt the keylog protocol (passwords) of the Win32/Badtrans.B worm. Download

www.securityfocus.com:
Allaire JRun Web Root Directory Disclosure Vulnerability. Read more

www.securityfocus.com:
BSD/OS UUCP Argument Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
PHPNuke Cross-Site Scripting Vulnerability. Read more

xforce.iss.net:
Goner/Pentagone Mass-Mailer Worm. Read more

www.newsfactor.com:
'Goner' Worm Takes Out Firewalls, Antivirus Protection. Read more

www.computeruser.com:
Goner worm causing problems for Outlook, ICQ users. Read more

www.zdnet.com:
'Goner' worm spreading fast. Read more

www.newsbytes.com:
Goner Worm Goes To Top Of Virus Charts In Just One Day. Read more

news.com.au:
Australia braces for Goner virus. Read more

www.newsfind.com:
'Goner' Virus Infects Businesses. Read more

news.cnet.com:
"Pentagone" virus still spreading. Read more

www.nzherald.co.nz:
Hacker arrest prompts warning. Read more

www.usdoj.gov:
Information on the United States v. Microsoft Settlement. Read more

www.csmonitor.com:
Paris school offers primer for cyberpirates. Read more

www.newsbytes.com:
Computer Security Advisory Site Suffers Attack. Read more

www.zdnet.com:
Rebel states ready to hit Microsoft hard. Read more

www.zdnet.com:
Could XP allow hackers into your fridge? Read more

www.washingtonpost.com:
Counterterrorism, Cybercrime Are Focus of FBI's Overhaul. Read more

news.cnet.com:
FBI builds cybercrime division. Read more

www.nandotimes.com:
White House computer security adviser wants home computers secured. Read more

www.computerworld.com:
Feds pick next-generation encryption standard. Read more

www.osopinion.com:
U.S. Awards $86.9M Cybercrime Training Contract. Read more

www.cnn.com:
July 3, 2000: Are cyberterrorists for real? Read more

www.computeruser.com:
Porn directory isn't only master of 'link-o-rama' domain. Read more

04 December 2001

New trojan:
TriRat 1.1

www.securityfocus.com:
BSD/OS UUCP Argument Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
WhitSoft SlimServe FTPd Directory Traversal Vulnerability. Read more

www.securiteam.com:
Security Vulnerability in Cisco's IOS Firewall Feature Set. Read more

www.securityfocus.com:
Allaire JRun Web Root Directory Disclosure Vulnerability. Read more

www.securiteam.com:
Allaire JRun Directory Browsing Vulnerability. Read more

www.securiteam.com:
JRun SSI Request Body Parsing. Read more

www.securiteam.com:
Cray UNICOS NQSD Format String Security Vulnerability. Read more

www.securiteam.com:
Mailman Email Archive Cross Site Scripting Vulnerability. Read more

www.securityfocus.com:
'Magic Lantern' Rubs the Wrong Way. Read more

www.theregister.co.uk:
FBI 'Magic Lantern' reality check. Read more

www.connected.telegraph.co.uk:
Snooping on behalf of national security. Read more

www.vnunet.com:
Checking out hacking tools. Read more

www.computing.vnunet.com:
Wireless hacking kits cheap to compile. Read more

www.computeruser.com:
BadTrans has AOL written all over it. Read more

www.theregister.co.uk:
BadTrans surges past SirCam as most infectious virus. Read more

www.computeruser.com:
Sega Dreamcast game infected with Kriz virus. Read more

www.vnunet.com:
Fluffi Bunni on rampage. Read more

www.silicon.com:
Nokia phones at risk from hacker shutdown. Read more

www.vnunet.com:
French hackers' school claims aim is good. Read more

abcnews.go.com:
How Computer Encryption Works to Protect Online Secrets. Read more

www.techtv.com:
A Simple Explanation of Encryption. Read more

www.computing.vnunet.com:
UK ministries hacked five times this year. Read more

www.siliconvalley.com:
College student refutes charges he is high-level hacker. Read more

www.vnunet.com:
Open source mounts IDS challenge. Read more

www.vnunet.com:
Common sense key to beating hackers. Read more

www.washingtonpost.com:
Microsoft Parries Foe In AT&T Bidding. Read more

www.newsbytes.com:
Bills Would Boost Electronic Security Research Funding. Read more

www.siliconvalley.com:
Hewlett-Packard launches `blade' network computers. Read more

03 December 2001

New trojan:
Skyfiree Spy 1.09

www.securiteam.com:
NAI WebShield SMTP for WinNT MIME Header Vulnerability Allows BadTrans Virus to Pass. Read more

www.securiteam.com:
Compaq Insight Manager Remote SYSTEM Shell (Exploit). Read more

www.securiteam.com:
IIS Server Side Include Buffer Overflow (Exploit). Read more

www.securiteam.com:
TWIG Default Configurations May Lead to Insecure Auth-cookie Password Storage. Read more

www.newsforge.com:
Reader-submitted tutorial: Linux password policies. Read more

news.bbc.co.uk:
Learning to hack. Read more

www.silicon.com:
Snooping virus could backfire on men in black. Read more

it.mycareer.com.au:
Spy virus. Read more

www.computeruser.com:
'Mujihadeen' hackers take out U.S. government sites. Read more

www.newsfind.com:
World Governments Choosing Linux. Read more

www.computerworld.com:
Study: Constant security fixes overwhelming IT managers. Read more

www.eweek.com:
Windows Gets Security Boost. Read More

web.lexis-nexis.com:
GP's reward to catch hackers. Read more

www.latimes.com:
Your Privacy Is a Disappearing Act. Read more

www.foxnews.com:
Industry Looks for State High Court Review of DVD Hacker Ruling. Read more

www.nzherald.co.nz:
Burning issue: the high cost of CD piracy. Read more

www.reuters.co.uk:
DMCA Seen Denying Free Speech Rights in Cyberspace. Read more

02 December 2001

New trojan:
Kilo 0.16

ettercap.sourceforge.net:
Ettercap is a network sniffer/interceptor/logger for switched LANs.
It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Read more

www.securiteam.com:
UUCP Command Line Arguments Buffer Overflow. Read more

otn.oracle.com:
Oracle Home Environment Variable Validation Vulnerability. Read more (pdf)

www.bugtraq.org:
INADEQUATE LOGGING IN OPENSSH SFTP ALLOWS ATTACKER TRANSPARENT ACCESS TO VICTIM FILESYSTEM. Read more

www.pbs.org:
Reid and Count Zero are members of the Cult of the Dead Cow, a hacker organization which developed "Back Orifice. Read more

neworder.box.sk:
My First Actual Hack. Read more

www.securityfocus.com:
Black Hats Prefer Linux. Read more

news.zdnet.co.uk:
Christmas cheer brings virus fear. Read more

www.federaltimes.com:
Agencies In Market To Block Hackers. Read more

www.newsbytes.com:
'Mujihadeen' Hackers Take Out US Government Sites. Read more

www.reuters.com:
NetTrends: Instant Messaging - Hackers Like It, Too. Read more

news.zdnet.co.uk:
Security services check for intruders. Read more

www.nzherald.co.nz:
Burning issue: the high cost of CD piracy. Read more

news.zdnet.co.uk:
Intel terahertz transistor breaks speed limits. Read more

01 December 2001

New trojan:
CyberSpy 8.2

www.securiteam.com:
Anonymizer.com Might Reveal Your IP (Double Proxy). Read more

www.securiteam.com:
PowerFTP Directory Traversal and DoS Vulnerabilities. Read more

www.securiteam.com:
Firewall-1 Remote SYSTEM Shell Buffer Overflow. Read more

www.securityfocus.com:
Redhat 7.0 local root (via uucp) (attempt 2). Read more

www.securityfocus.com:
Network Associates WebShield SMTP Malformed Mime Header Vulnerability. Read more

www.securityfocus.com:
Multiple Vendor CDE TTSession Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
CDE dtspcd Overflow Vulnerability. Read more

www.securiteam.com:
Wu-Ftpd File Globbing Heap Corruption Vulnerability. Read more

security-protocols.com:
Alchemy Eye Remote Unauthenticated Log Viewing. Read more

www.bugtraq.org:
FORMAT STRING VULNERABILITY IN RUNAS. Read more

www.blackhat.com:
The Black Hat Windows Security Briefings 2002. Read more

www.wired.com:
DOJ's Already Monitoring Modems. Read more

www.itworld.com:
Microsoft design to blame for virus load, says expert. Read more

www.theregister.co.uk:
US assumes global cyber-police authority. Read more

www.theregister.co.uk:
Dreamcast game spreads virus. Read more

abcnews.go.com:
'Badtrans' Worm Continues Spread. Read more

www.computeruser.com:
BadTrans' teeth proving hard to pull. Read more

www.newsfactor.com:
Alpha Force on Voyage to Hack Web Servers. Read more

www.federaltimes.com:
Agencies In Market To Block Hackers. Read more

www.newsfactor.com:
Hack Attacks Become Deadlier: Is There a Defense? Read more

www.newsbytes.com:
'Mujihadeen' Hackers Take Out US Government Sites. Read more

www.zdnet.com:
Hackers put IM in their sights. Read more

www.newsbytes.com:
Fluffi Bunni Places Ads At Security Site. Read more

www.theregister.co.uk:
The Google attack engine. Read more

www.zdnet.com:
Got hacked? Blame it on the software. Read more

www.infosecuritymag.com:
From the L0pht to the West Wing. Read more

www.securityfocus.com:
R.I.P. Cypherpunks. Read more

web.lexis-nexis.com:
NEW SERVER WORM SECURITY ALLOWS REMOTE ADMINISTRATION. Read more


Copyright© MegaSecurity.org