Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!

News Archive    Translate Traducen

News January 20002

31 January 2002 New trojan(s): Casus 2.0 F-Backdoor 0.8 Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data. Read more www.securityfocus.com: Tru64 UNIX Potential Security Vulnerability. Read more www.securityfocus.com: DSA 107-1: jgroff format print. Read more www.securityfocus.com: HPSBTL0201-022: Security flaw in rsync. Read more www.securityfocus.com: CNet CatchUp Remote Arbitrary Code Execution Vulnerability. Read more www.securityfocus.com: Xoops Remote SQL Injection Vulnerability. Read more www.securityfocus.com: Xoops Private Message Box Cross-Site Scripting Vulnerability. Read more www.securityfocus.com: CNet CatchUp Remote Arbitrary Code Execution Vulnerability. Read more www.securitytracker.com: SGI IRIX O2 Video Workstation Allows Remote Users to View the Screen Display on the System. Read more www.securitytracker.com: Agora.cgi E-Commerce System Discloses Path Names to Remote Users When in Debug Mode. Read more www.securitytracker.com: 'User-mode Linux' (UML) Environment Lets Local Users Obtain Root Privileges Within the Environment and May Let Local Users Break Out of the UML Environment into the Underlying Operating System. Read more www.securitytracker.com: Hosting Controller Web Hosting Management Application Discloses Information About Valid User Account Names and Allows Brute Force Username and Password Guessing Attacks. Read more www.securitytracker.com: Windows 2000 TCP Stack Bug Lets Remote Users Cause All Memory to Be Consumed on the Server. Read more www.securitytracker.com: BRU Backup Utility Has Temporary File Symlink Bug That Lets Local Users Overwrite Any File on the System. Read more www.securitytracker.com: Intel PRO/Wireless LAN Device Discloses Wireless Encryption Key to Local Users. Read more www.securitytracker.com: Xinet's 'xkas' AppleShare Administration Tool Discloses Any Local File Contents to Local Users. Read more www.accountingweb.co.uk: Virus Alert: Don't open festive photographs. Read more www.newsbytes.com: Top Security Sites Easy Prey To Script Attacks. Read more news.com.com: Windows 2000 security fixes released. Read more itmanagement.earthweb.com: Is Bill Gates Sincere About Security? Read more www.osopinion.com: Microsoft Piracy Police Target Honest Consumers. Read more www.securityfocus.com: Castles Built on Sand: Why Software is Insecure. Read more www.securityfocus.com: Black hats use 'passive fingerprinting' to identify your operating system without you knowing it. Read more www.computing.vnunet.com: Snort sniffs at security scare. Read more www.computing.vnunet.com: Obsolete network links open back doors into councils. Read more www.computing.vnunet.com: Latest hacker toy? Web-enabled Lego. Read more www.usatoday.com: Security-conscious groups ban Wi-Fi. Read more www.informationweek.com: Sifting For Software Vulnerabilities Drains Security Staff. Read more www.securityfocus.com: FBI Issues Water Supply Cyberterror Warning. Read more www.washingtonpost.com: Washtech.com Web Site Hacked. Read more www.theregister.co.uk: UK web host downed by DDoS attack. Read more www.tucsoncitizen.com: Cyberterrorism is major threat, information officers told. Read more www.dailytelegraph.news.com.au: Hacker threat to city systems. Read more www.newsobserver.com: Hackers move out of offices, into homes. Read more www.theage.com.au: Hacker says CityLink still vulnerable. Read more www.linuxsecurity.com: Home is Where the Hacker Is. Read more www.zdnet.com: How to catch hackers--and make them pay. Read more www.silicon.com: 'Irresponsible' encryption experts threaten corporate security. Read more www.linuxsecurity.com: A Brief Comparison of Email Encryption Protocols. Read more www.linuxsecurity.com: Accused Los Alamos Hacker Freed. Read more www.wired.com: Rail Against Econ Forum, Dot-Org. Read more news.com.au: Special password to buy online. Read more www.siliconvalley.com: DVD hacker vows to keep challenging ruling. Read more

30 January 2002 New trojan(s): Boiling Wildek 0.1 beta www.securityfocus.com: Tarantella Enterprise 3 gunzip Race Condition Vulnerability. Read more www.securiteam.com: SHOUTcast Vulnerable to Malformed CGI Request (admin.cgi). Read more www.securiteam.com: BadBlue Contains Multiple Security Vulnerabilities (Exploit code). Read more www.securiteam.com: Bug in AHG Search Engines Leads to Code Execution. Read more www.securiteam.com: CwpApi's GetRelativePath() Returns Invalid Paths. Read more www.securiteam.com: Windows NT/2000 DoS via Stream3 Flood Attack. Read more www.securiteam.com/unixfocus: ripMIME Mail Filter Remote Buffer Overflows. Read more www.securiteam.com/unixfocus: Alteon ACEdirector Signature/Security Bug. Read more www.securitytracker.com: Ganglia Clustering Environment Web Client Lets Remote Users Execute Arbitrary Commands on the Server. Read more www.securitytracker.com: Sony VAIO Personal Computers May Allow Remote Users to Access to Computer and Take Full Control of the System. Read more www.securitytracker.com: XOOPS Object-Oriented Web Portal Software Lets Remote Users Inject SQL Commands that Will Be Executed By the Underlying SQL Database. Read more www.theregister.co.uk: Cookie monster bites Netscape and Mozilla users. Read more www.latimes.com: Microsoft May Delay Products to Fix Security. Read more abcnews.go.com: To Tell or Not to Tell The Ethical Dilemma of Exposing Security Flaws. Read more www.newsbytes.com: Intrusion Software Maker Snorts At Security Alert. Read more news.com.au: CityLink credit card scam. Read more www.bangkokpost.com: Gates tires of being bugged, calls in security. Read more www.nandotimes.com: Accused Los Alamos hacker freed, barred from using computers. Read more www.theregister.co.uk: Russian hacker breaks into US bank database. Read more www.theregister.co.uk: US crackers top Internet attack league. Read more www.ananova.com: Report suggests most hackers are American. Read more cgi.usatoday.com: Security-conscious groups ban Wi-Fi Wireless networks more vulnerable to hackers. Read more www.newsbytes.com: More Online Security Woes For FBI's Data Firm. Read more www.themoscowtimes.com: From Computer Games to U.S. Prison Cells. Read more www.theregister.co.uk: ElcomSoft attacks DMCA in Sklyarov test case. Read more ] www.theregister.co.uk: Tiscali attacked by DDoSers. Read more www.nzherald.co.nz: Trustworthy computing? Not Hotmail. Read more independent-bangladesh.com: Govt tried to block Hasina's speech : Saber. Read more www.newsbytes.com: Google Denies Pop-Up Ads Are Its Fault. Read more www.techtv.com: Who's Eyeing Your Email? Read more

29 January 2002 New trojan(s): Sensive 1.1.2 Ping Server version e www.ists.dartmouth.edu: Cyber Attacks During the War on Terrorism: A Predictive Analysis. Read more www.linuxsecurity.com: Buffer Overflows in RealPlayer and GNU Chess. Read more www.securityfocus.com: MDKSA-2002:009: rsync. Read more www.securityfocus.com: MDKSA-2002:010: enscript. Read more www.securityfocus.com: IRIX O2 video security issue. Read more www.newsforge.com: YDL: 'groff' Security update. Read more www.securitytracker.com: Tarantella Enterprise Application Server Uses Unsafe Temporary Files During Installation, Allowing Local Users to Obtain Root Privileges on the System. Read more xforce.iss.net: Snort specially-crafted ICMP packet denial of service. Read more www.warpedsystems.sk.ca: Mandrake Linux Security Update Advisory. Read more www.vibrantmedia.com: Party Worm Poses as Yahoo URL. Read more www.pcworld.com: 'My Party' E-Mail Virus Hides as URL. Read more www.computeruser.com: New e-mail worm is no party, virus-fighters say. Read more www.computerworld.com: Myparty worm is no fun and games, experts warn. Read more www.infoworld.com: MyParty virus welcomes backdoor guests. Read more www.newsbytes.comL Holy Cow! Bowie Among Innocents Used In Ebay Scam. Read more www.latimes.com: Cyberspace Attacks Are on the Rise. Read more www.stuff.co.nz: Security needs to be on every company's agenda. Read more www.computeruser.com: DMA to adopt new rules on 'spam,' privacy policies. Read more www.computerworld.com: 'Big guns' weigh in on Microsoft case. Read more www.cnn.com: Study: Cyberattacks against companies on the rise. Read more www.washingtonpost.com: Computer Attacks on Companies Up Sharply. Read more

28 January 2002 New trojan(s): Vagr Nocker 1.2 www.securityfocus.com: DSA-106-1: rsync remote exploit. Read more www.securitytracker.com: PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users. Read more www.securitytracker.com: AHG's 'search.cgi' Search Engine Input Validation Flaw Lets Remote Users Execute Arbitrary Commands on the Web Server. Read more www.securitytracker.com: Nortel Alteon ACEdirector Load Balancer May Disclose the Real and Otherwise Hidden IP Addresses of Load Balanced Servers to Remote Users. Read more packetstorm.widexs.nl: Windows 2000 Format String Vulnerabilities. (doc)Read more www.securityfocus.com: HPSBTL0201-021: Heap corruption vulnerability in the at package. Read more www.securityfocus.com: HPSBTL0201-020: Security vulnerability in OpenLDAP packages. Read more www.securityfocus.com: PGPFire Desktop Firewall ICMP Fingerprinting Vulnerability. Read more www.nikkeibp.asiabiztech.com: Sony Confirms Vaio PCs Have Security Hole, But No Damage Reported Yet. Read more www.sub-seven.com: Computer crime in 2002, an insider's opinion. Read more www.cipherwar.com: What Defines a "Black Hat" Hacker? Read more eastbay.bcentral.com: Hackers move to messaging. Read more www.computeruser.com: Serious security hole in AOL's ICQ chat software - CERT. Read more www.gulf-news.com: Use of anti-virus software faces hurdles. Read more www.idg.net: Wireless carriers exploit firewall bypass. Read more quotes.freerealtime.com: Computer Bugs Are Everyone's Problem. Read more www.nzherald.co.nz: Hackers hit western governments. Read more www.wired.com: MS Refocuses on Software Pirates. Read more www.nzherald.co.nz: Hackers hijack Epson website. Read more

27 January 2002 New trojan(s): Baron Night 2.0 Pipes www.securityfocus.com: rsync Signed Array Index Remote Code Execution Vulnerability. Read more www.securityfocus.com: Sony VAIO Unauthorized System Access Vulnerability. Read more www.securityfocus.com: DSA-106-1: rsync remote exploit. Read more www.securityfocus.com: CLA-2002:458: rsync. Read more www.securityfocus.com: BindView NetInventory Password Retrieval Vulnerability. Read more www.securityfocus.com: FormMail Real Name/Email Address CGI Variable Spamming Vulnerability. Read more www.windowsitsecurity.com: Arbitrary Execution Vulnerability in PHP 4.0. Read more www.windowsitsecurity.com: FTP Bounce Vulnerablity in SpoonFTP. Read more www.securitytracker.com: SquirrelMail Web-based Mail Server Lets Remote Users Execute Arbitrary Code on the Server. Read more www.securitytracker.com: FormMail.pl Web-to-Email CGI Script Still Allows Unauthorized Users to Send Mail Anonymously (e.g., Send Spam). Read more www.securitytracker.com: Caldera 'sort' Command for UnixWare and Open UNIX Has Temporary File Security Hole That May Let Local Users Obtain Elevated Privileges. Read more www.securitytracker.com: FreeBSD Operating System Kernel Race Condition May Let a Local User Obtain Root Privileges on the Host. Read more www.securitytracker.com: Plumtree Corporate Portal Allows Cross-Site Scripting Attacks, Letting Remote Users Steal Cookies. Read more www.itworld.com: A Denial-of-Service Tale of Woe. Read more www.theregister.co.uk: AOL ICQ in hacker risk alert. Read more www.theregister.co.uk: Security bug hits 1m Sony Vaios. Read more www.theregister.co.uk: That Linux AMD bug in Technicolor detail. Read more www.securitynewsportal.com: Hacker blamed for planting virus on Newspaper's web server. Read more www.nzherald.co.nz: Hackers hijack Epson website. Read more www.nandotimes.com: Fewer hacking reports noted in wake of attacks. Read more www.nzherald.co.nz: Trade Me website beefs up security to stop sabotage. Read more news.zdnet.co.uk: Crypto tool strengthens 3G defences. Read more

26 January 2002 New trojan(s): CRAT PRO 1.1 www.securityfocus.com: SquirrelMail SquirrelSpell Remote Shell Command Execution Vulnerability. Read more www.securityfocus.com: PHPPGAdmin Plaintext Password Vulnerability. Read more www.securiteam.com: W3Perl Web Statistics Header Manipulation Vulnerability. Read more www.securityfocus.com: RipMime Mime_Header Long Filename Buffer Overflow Vulnerability. Read more www.securityfocus.com: jmcce Predictable Log File Symbolic Link Attack Vulnerability. Read more www.securityfocus.com: OpenLDAP Anonymous User Object Attribute Deletion Vulnerability. Read more www.securityfocus.com: OpenLDAP Authenticated User Object Attribute Deletion Vulnerability. Read more www.securiteam.com: Odd Behavior in Windows XP Home (Security Vulnerability, Shares). Read more www.securiteam.com/unixfocus: psyBNC Allows Encrypted Text to be "spoofed" in Others IRC Terminals. Read more www.securiteam.com/unixfocus: DNRD Contains Security Vulnerabilities (Request, Reply). Read more linuxtoday.com: Red Hat Security Advisory: rsync. Read more www.newsbytes.com: Real To Close Security Hole in RealPlayer. Read more www.computing.vnunet.com: Hackers' mirror shattered. Read more www.ananova.com: Overworked hackers' archive closes. Read more www.computing.vnunet.com: Millions threatened by AOL chat bug. Read more www.neowin.net: Wireless offices�a hacker boon? Read more www.computing.vnunet.com: Set a hacker to catch a hacker. Read more www.vnunet.com: MP slams government e-security. Read more www.themoscowtimes.com: Suspected Hacker Detained in Surgut. Read more

25 January 2002 New trojan(s): Helios 4.10 LE www.securiteam.com: UnixWare 7.1.1 Scoadminreg.cgi Local Exploit. Read more www.securityfocus.com: CHUID Upload Directory Escaping File Owner Changing Vulnerability. Read more www.securityfocus.com: Citrix Nfuse Published Applications Information Leak Vulnerability. Read more www.securityfocus.com: FreeBSD-SA-02:08: race condition during exec may allow local root compromise. Read more www.securiteam.com: BadBlue Contains Multiple Security Vulnerabilities. Read more www.securiteam.com: Mozilla Cookie Stealing. Read more www.securiteam.com: Serious Privacy Leak in Python for Windows. Read more www.securiteam.com: Avirt Gateway Telnet Vulnerability. Read more www.securiteam.com: Citrix NFuse Information Leak. Read more www.securiteam.com/unixfocus: Maelstrom Symbolic Link Vulnerability. Read more CERT� Advisory CA-2002-02 Buffer Overflow in AOL ICQ. Read more security-protocols.com: Mozilla Cookie Stealing. Read more news.zdnet.co.uk: Sony's Vaio hit by security hole. Read more www.computeruser.com: Software tool from CNet opens security hole. Read more www.securityfocus.com: Results, Not Resolutions. A guide to judging Microsoft's security progress. Read more www.nzherald.co.nz: Dutch probe hack-attack on royal wedding chat. Read more news.scotsman.com: Royal couple�s chat blocked by half the world. Read more www.theregister.co.uk: Hacktivists crash online regal Dutch chat. Read more www.computing.vnunet.com: Analyst 'unfair' to virus writers. Read more www.securityfocus.com: Hack Suspect Held for Alleged Internet Use. Read more www.linuxsecurity.com: Hackers target vulnerable 6112 ports. Read more www.linuxsecurity.com: Use Linux firewall to fend off hackers. Read more news.mywebpal.com: Expert speaks on terrorism. Read more www.southnexus.com: Karkala: First cyber crime registered. Read more www.vnunet.com: Lax security left ILA accounts wide open. Read more www.themoscowtimes.com: Suspected Hacker Detained in Surgut. Read more www.theregister.co.uk: What Billg's new security effort will cost. Read more www.computing.vnunet.com: BugWatch: The threat from within. Read more www.timesofindia.com: Security flaw in Sony Vaio computers. Read more security-protocols.com: Police bust L.A. software piracy ring. Read more news.com.com: Alleged eBay hacker wants lawyer back. Read more

24 January 2002 New trojan(s): Massaker 1.1 v2 BlueFire 0.35 www.cgisecurity.net: Header Based Exploitation: Web Statistical Software Threats by Zenomorph. This paper helps describe an attack method often overlooked by programmers. It explains how modification of HTTP headers can cause possible system access, cookie theft/poisoning, tricked advertising, database injection, and other bad things in web statistical software. Read more Kurt Seifried Security Advisory 003 (KSSA-003) Multiple windows file wiping utilities do not properly wipe data with NTFS file systems. Read more www.securityfocus.com: Citrix Nfuse Published Applications Information Leak Vulnerability. Read more www.securityfocus.com: DaanSystems NewsReactor Password Encoding Vulnerability. Read more www.securityfocus.com: Cyberstop Web Server MS-DOS Device Denial of Service Vulnerability. Read more www.securityfocus.com: Cyberstop Web Server Long Request DoS Vulnerability. Read more www.securityfocus.com: COWS CGI Online Worldweb Shopping Compatible.CGI Cross-Site Scripting Vulnerability. Read more www.securityfocus.com: COWS CGI Online Worldweb Shopping Insecure File Permissions Vulnerability. Read more www.securityfocus.com: Kerberos 5 su Privilege Escalation Vulnerability. Read more www.securityfocus.com: GNU Enscript Insecure Temporary File Creation Vulnerability. Read more www.securityfocus.com: Netscape/Mozilla Null Character Cookie Stealing Vulnerability. Read more www.securiteam.com: Sambar Webserver DoS Vulnerability (cgitest.exe). Read more www.securiteam.com: Bounce Vulnerability in SpoonFTP. Read more www.securiteam.com: Gaining Root Access via PHP.exe. Read more www.securiteam.com/unixfocus: Chuid Found to Contain Two Security Holes ('..', overwriting). Read more www.securiteam.com/unixfocus: Remote Memory Reading Through TCP/ICMP. Read more www.latimes.com: Microsoft May Delay Products to Fix Security. Read more dailynews.yahoo.com: The Incredibly Vulnerable Online Shopper. Read more www.vnunet.com: Security of wireless networking still an afterthought. Read more www.nzherald.co.nz: Netscape sues Microsoft over browser battle. Read more www.themoscowtimes.com: Surgut Hacker Arrested. Read more www.reuters.com: Report: Russian Police Detain Bank Hacker. Read more www.theregister.co.uk: Ebay hacking case gets weird. Read more techupdate.zdnet.com: Security: What's going on? Read more www.pcworld.com: Banks Suffer Highest Rate of Security Incursions. Read more www.vnunet.com: Databases a soft touch for hackers. Read more www.theregister.co.uk: Look what they've done to my database, Ma. Read more

23 January 2002 New trojan(s): WinRat 1.0 Ping Server version c www.securityfocus.com: Multiple Vendor NTFS File Wipe Vulnerability. Read more www.securityfocus.com: SpoonFTP Bounce Vulnerability. Read more www.securityfocus.com: Maelstrom Insecure Symbolic Link Vulnerability. Read more www.securityfocus.com: SpoonFTP Bounce Vulnerability. Read more www.securiteam.com Sniffit Exploit Code Released (normmail). Read more www.securiteam.com NewsReactor Encryption Scheme Cracked. Read more www.securiteam.com CyberStop Web Server Remote DoS. Read more The "Lunch Break Hole" This advisory describes multiple problems regarding the unlocking of locked Windows NT machines (all versions). Read more www.informationweek.com: Hacker 'zine 2600 is appealing a court decision that prohibits it from linking to a controversial program. Read more www.zdnet.com: MS's security push: Too little, too late? Or just in time? Read more www.nydailynews.com: Microsoft on Hacker High Alert. Read more www.idg.net: Q&A: Microsoft's Cliff Reeves talks about security flaws, fixes. Read more www.nypost.com: MICROSOFT FACES DELAYS OVER SECURITY. Read more news.zdnet.co.uk: Port 12345: Hacker haven or Internet X-File? Read more www.newscientist.com: Cracking code gives password for college place. Read more news.com.com: Data on Internet threats still out cold. Read more www.newsbytes.com: Accused Ebay Hacker To Defend Himself From Jail. Read more sanjose.bcentral.com: Hospital hacker to be sentenced. Read more www.internet-magazine.com: Hackers force Cloud Nine shutdown. Read more www.guardian.co.uk: Bin Laden's online foe extradited on suspicion of fraud. Read more news.com.com: Hacker-millionaire suspected of fraud. Read more www.silicon.com: Threat of "drive-by hacking" a myth. Read more www.ananova.com: US fearful of failing internet security. Read more www.zdnet.com: Netscape hits Microsoft with lawsuit. Read more in.news.yahoo.com: Course for police on cyber crime. Read more www.zdnet.com: How to break into your own computer (it's easy). Read more www.wired.com: Data Firm Exposes Records Online. Read more

22 January 2002 New trojan(s): DataSpy Network X 0.4 beta Clandestine 1.5.1 www.nextgenss.com: E-mail Spoofing and CDONTS.NEWMAIL (Protecting Microsoft Active Server Pages Applications)(PDF). Read more www.vnunet.com: Two year old bug bites Linux users. Read more www.faz.com: Hackers Target Almost Every Second Major Company. Read more quote.bloomberg.com: Government Warns Companies to Combat Cyber Terror With Security. Read more www.theregister.co.uk: Windows wipe utilities fail to shift stubborn data stains. Read more www.cnn.com: Despite more spending, dangers lurk on the Net. Read more www.silicon.com: Hack attack brings down ISP. Read more challenge.cylant.com: Break through the CylantSecure barrier on challenge.softsysint.com and earn $5000. Read more www.cnn.com: Ellison: Oracle remains unbreakable. Read more sanjose.bcentral.com: 'Re-evaluation of security networks is an ongoing process'. Read more seattletimes.nwsource.com: Gates' security memo triggers mixed reactions. Read more www.satirewire.com: SURPRISE SETTLEMENT EVENLY SPLITS MICROSOFT; ONE FIRM TO MAKE SOFTWARE, OTHER TO MAKE PATCHES. Read more quotes.freerealtime.com: Finally, Microsoft discovers security. Read more www.theregister.co.uk: Microsoft's crucial new hire. Read more www.rockymountainnews.com: Hackers at Westminster's White Hat paid to hunt for network security weaknesses. Read more www.nypost.com: HACKERS: UNCLE SAM (SHOULD) WANT YOU. Read more www.vnunet.com: Police stop hacker's online cop-out. Read more www.reuters.co.uk: German hacker turned millionaire faces probe. Read more www.wired.com: Osama Hunter-Hacker Busted. Read more

21 January 2002 New trojan(s): Infiltration 4.6 URL2DWORD. A program to convert URLS to DWORD for use with the Zone Spoofing Vulnerability security-protocols.com: Snort Core Dump Vulnerability. Read more www.securiteam.com: Web Server 4D/eCommerce DoS Vulnerability. Read more www.securityfocus.com: Joe Testa hellbent Relative Web Root Path Information Disclosure Vulnerability. Read more www.securityfocus.com: Joe Testa hellbent Information Leak Vulnerability. Read more packetstorm.widexs.nl: Avirt Gateway Telnet Vulnerability (and more?). Read more www.computerbytesman.com: Internet Explorer SuperCookies. Read more www.aberdeennews.com: Despite added security spending, Internet more dangerous. Read more zdnet.com.com: Wireless enlists in war on terrorism. Read more newsfind.com: China Issues Internet Controls. Read more www.vnunet.com: Europe is virus hotbed, warns report. Read more news.independent.co.uk: 'We only teach ethical hacking'. Read more www.vnunet.com: Bug Watch: Remembering Achilles' heel. Read more www.computeruser.com: Arrest thwarts hacker kimble's threatened suicide - report. Read more www.canoe.ca: Texas teen says he hacked into Canadian military computer network. Read more www.canada.com: Haligonian teen key in hacker bust. Read more news.bbc.co.uk: Thai police detain internet whizkid. Read more www.nationalpost.com: 17-year-old hacker penetrated DND network. Read more www.silicon.com: Energis forced to hide hacker. Read more

20 January 2002 New trojan(s): REX 0.1 Beta www.securitytracker.com: Avirt Gateway Web Proxy Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server with SYSTEM Level Privileges. Read more ww.securitytracker.com: Avirt Gateway Suite Telnet Proxy Flaw Gives Remote Users Telnet Command Line Access to the Server With SYSTEM Level Privileges. Read more www.securityfocus.com: Oracle Database Auditing Insecure Default Configuration Vulnerability. Read more www.securityfocus.com: Oracle 8i dbsnmp Command Remote Denial of Service Vulnerability. Read more cryptome.org: Account of Spy Trip on Kabul PC Matches Travels of Richard Reid. Read more www.internetweek.com: Microsoft Patches Bug Customers. Read more www.antiwar.com: Albanian Hackers Deface Macedonian Website. Read more www.theregister.co.uk: YIHAT founder Kimble/Schmitz arrested. Read more news.com.com: AOL reportedly in talks to buy Red Hat. Read more

19 January 2002 New trojan(s): Guangwai Girl 1.52c cobra.lucidx.com: screamingCobra is an application to find vulnerabilities in remote CGIs by using techniques that are able to spot very common bugs in many CGIs. Read more NetBSD Security Advisory 2002-001 A vulnerability found in the ptrace implementation on NetBSD 1.5.* , 1.4.* and CURRENT (prior to January 14, 2002) systems can result in race conditions where it is possible to use ptrace and SUID binaries to execute code with elevated privileges. Read more FreeBSD-SA-02:07 Kerberos 5 su command uses getlogin for authorization. Read more www.securityfocus.com: Lucent VitalNet Password Authentication Bypass Vulnerability. Read more www.securityfocus.com: Chinput Environment Variable Buffer Overflow Vulnerability. Read more www.securityfocus.com: Sambar Server Sample Script Denial Of Service Vulnerability. Read more www.securityfocus.com: Multiple Vendor Unprivileged User Permissions Log File Modification Vulnerability. Read more www.securityfocus.com: PHPNuke Remote Arbitrary File Include Vulnerability. Read more www.securityfocus.com: Askey ADSL Router NMap Scan Denial Of Service Vulnerability. Read more www.securityfocus.com: HP Sendmail Diagnostic Code Information Leakage Vulnerability. Read more www.securityfocus.com: BSD exec() Race Condition Vulnerability. Read more www.eweek.com: Klez Worm Goes After Myriad Files. Read more news.com.com: Security gurus welcome Microsoft's goal. Read more www4.gartner.com: Microsoft Needs Time to Prove It's Serious About Security. Read more www.securityfocus.com: Will Microsoft's Trustworthy Computing Sell? Read more news.com.com: Con: Trust, but verify, Microsoft's pledge. Read more www.reuters.co.uk: Hackers attacked 103 Moroccan websites in 2001. Read more www.newsbytes.com: Criminal Charges Settled In Distributed-Computing Case. Read more www.denverpost.com: Alert preceded Indian trust hacker breach. Read more www.washingtonpost.com: Los Alamos Scientist Criticizes FBI in Book. Read more www.theregister.co.uk: bin Laden hackmeister 'flees' Germany. Read more www.theregister.co.uk: Distributed computing case ends with probation. Read more www.newsbytes.com: Spammers Near Top Of Would-Be Hackers List. Read more

18 January 2002 New trojan(s): AlexMessoMalex Beta 2 Q-Taz 2.3 www.securiteam.com: UnixWare 7.1.1 rpc.cmsd Remote Exploit. Read more www.securiteam.com: Eterm SGID 'utmp' Local Buffer Overflow (exploit). Read more www.securiteam.com: Security Bug in Alcatel Speed Touch Home ADSL Modem (DoS). Read more www.securiteam.com: Hardening Solaris for MGC. Read more www.securiteam.com/unixfocus: Cdrdao Insecure File Handling. Read more www.securiteam.com/unixfocus: Kerberos 5 Core Dump Security Vulnerability. Read more www.securityfocus.com: AT Maliciously Formatted Time Heap Overflow Vulnerability. Read more www.securityfocus.com: Sambar Server Sample Script Denial Of Service Vulnerability. Read more www.securityfocus.com: ClanLib Environment Variable Overflow Vulnerability. Read more www.securityfocus.com: The Simplest Security: A Guide To Better Password Practices. Read more www.cnn.com: FBI: Al Qaeda may have probed government sites. Read more www.newscientist.com: Weakened encryption lays bare al-Qaeda files. Read more www.computeruser.com: Microsoft falling behind in browser security fixes. Read more www.iht.com: Microsoft, Vulnerable, Opens War On Hackers. Read more www.siliconvalley.com: FBI warns law enforcement, Internet companies of possible terrorist activity. Read more www.newsbytes.com: FBI Issues Net Terrorism Warning, Italy Finds Hackers. Read more www.cnn.com: FBI warns of potential cyberattack. Read more codecon.org: CodeCon 2002 will be February 15-17, noon-5pm at DNA lounge in San Francisco, California. CodeCon is the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community. Read more www.itworld.com: Can You su? (unix). Read more www.sfgate.com: Airport checks vulnerable to hackers, experts say. Read more www.theregister.co.uk: MS security memo a mere gesture. Read more www.computing.vnunet.com: Honest Bill says Microsoft is trustworthy. Read more news.bbc.co.uk: Microsoft to tackle security failings. Read more www.newsday.com: Local Hacking On The Rise. Read more www.computing.vnunet.com: Six arrested in anti-hacking swoop. Read more www.computing.vnunet.com: Hacker mag takes on US court. Read more

17 January 2002 New trojan(s): RUX The TIc.K 6.0 www.securiteam.com: UPNP Denial of Service (Joint code, Chargen, Initiator). Read more security-protocols.com: Heap Overflow in SNMPNetStat (Exploit Code). Read more www.solutions.fi: Microsoft Internet Explorer may download and run progams automatically - details. Read more security-protocols.com: MSIE may download and run programs automatically. Read more www.securiteam.com: AutoResponder Allows Spamming. Read more www.securiteam.com: www.address.com Account Hijacking Vulnerability. Read more www.securiteam.com: Palm Desktop for Mac OS X Security Vulnerability. Read more www.securiteam.com: Legato NetWorker Log File Vulnerability. Read more www.securiteam.com: Web Server 4D/eCommerce Directory Traversal Vulnerability. Read more www.securiteam.com: Pi3Web Webserver Buffer Overflow Vulnerability. Read more www.securiteam.com: MiraMail Gives POP Account Access and Details. Read more www.securiteam.com: OpenFile Win32 API Log Overwriting/Rewriting. Read more www.securiteam.com/unixfocus: Cookie Modification Allows Unauthenticated User Login in Geeklog. Read more quotes.freerealtime.com: Microsoft Falling Behind In Browser Security Fixes. Read more www.nandotimes.com: Microsoft bug prevents downloading Windows security patches. Read more www.internetnews.com: AOL Offers ICQ Bug Bomb. Read more www.newsbytes.com: Unix Admins Urged To Stop Up Security Hole In CDE. Read more www.silicon.com: Energis forced to hide hacker. Read more www.theregister.co.uk: Lies, damned lies and anti-virus statistics. Read more www.zdnet.com: Turning script kiddies into programmers. Read more www.zdnet.com: Hackers digging through Solaris hole. Read more www.computeruser.com: InstaKiss password-stealing scam sites proliferate. Read more star-techcentral.com: US expert: The military should guard our cyberspace borders. Read more www.washtech.com: U.S. Hopes To Unplug Cybercrime In N.Va. Read more www.ananova.com: 'Pentagon hackers' uncovered in Italy. Read more www.theregister.co.uk: Windows Media Player must be patched to fix IE. Read more news.cnet.com: Gates: Security a top priority. Read more

16 January 2002 New trojan(s): Alvgus 8.0 Gift 2.5 beta www.rpi.net.au: Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables. Read more www.osioniusx.com: Internet Explorer Pop-Up OBJECT Tag Bug (Revision 2) by the Pull. Read more CERT� Advisory CA-2002-01 Exploitation of Vulnerability in CDE Subprocess Control Service. Read more www.securiteam.com: Cross-Site Scripting Vulnerability Found in PostNuke. Read more www.securiteam.com: Siemens Mobile SMS Exceptional Character Vulnerability. Read more www.securiteam.com: Multiple Cross-Site Vulnerabilities Found in Leading Web Sites (IMDB, PlanetQuake, Merriam-Webster). Read more www.securiteam.com: Shockwave Flash Player Security Issue. Read more www.securiteam.com: MSIE May Download and Run Programs Automatically (Details and Exploit). Read more www.securiteam.com: Internet Explorer Clipboard Stealing Vulnerability. Read more www.securiteam.com: Internet Explorer SuperCookies P3P Bypass and Cookie Controls. Read more www.securiteam.com: EServ Password Protected File Arbitrary Read Access Vulnerability. Read more www.securiteam.com/unixfocus: PHP 4.x Session Spoofing. Read more www.securiteam.com/unixfocus: Vulnerability in New User Creation in Geeklog. Read more www.securiteam.com/unixfocus: Heap Overflow in SNMPNetStat (Exploit Code). Read more www.securiteam.com/unixfocus: Apache Mis-configuration Can Make You Vulnerable to a Local Denial of Service Attack. Read more www.securityfocus.com: John Roy Pi3Web Long Request Buffer Overflow Vulnerability. Read more www.securityfocus.com: CDRDAO Home Directory Configuration File Symbolic Link Vulnerability. Read more www.securityfocus.com: Microsoft Backup for Windows 95 Buffer Overflow Vulnerability. Read more news.cnet.com: Older ICQ software vulnerable to attack. Read more www.latimes.com: AOL Urges ICQ Program Updates. Read more news.cnet.com: Privacy flaw continues to dig IE hole. Read more www.pcworld.com: Multitasking Viruses Expected. Read more www.newsday.com: New Home PCs Increasingly Vulnerable. Read more news.cnet.com: Solaris hole opening way for hackers. Read more www.reuters.co.uk: Botched update puts Windows XP fix on hold. Read more www.eweek.com: Flaw Forces Microsoft E-Com Site to Go Offline. Read more news.cnet.com: .Net breakdown: More to come? Read more www.pcworld.com: Italian Police Nab Hacker Group. Read more www.eweek.com: Software Liability Gaining Attention. Read more

15 January 2002 New trojan(s): AlexMessoMalex Beta 1 Remote Hack 1.5b nextgenss.com: NGSSniff is a network packet capture and analysis program. It requires Windows 2000 or XP. Read more www.securiteam.com: BOOZT! Standard CGI Vulnerability (Exploit Released). Read more www.securiteam.com: User Posting Vulnerability in Nick.com Forums (Nickelodeon). Read more www.securiteam.com: Dino's Web Server Directory Traversal Vulnerability. Read more www.securiteam.com: Bea Weblogic DOS device Denial of Service. Read more www.securiteam.com: Savant Webserver Buffer Overflow Vulnerability. Read more www.securiteam.com: More Reading of Local Files Vulnerabilities in MSIE. Read more www.securiteam.com/unixfocus: PHP Rocket Add-in for FrontPage Directory Traversal Vulnerability. Read more www.securiteam.com/unixfocus: Vulnerability Found in Frox Transparent FTP Proxy. Read more www.securityfocus.com: Shingo beep2 Arbitrary File Reading Vulnerability. Read more www.securityfocus.com: FreeWnn jserver JS_MKDIR Metacharacter Command Execution Vulnerability. Read more www.nzherald.co.nz: Youth plot to 'take down' internet, FBI claims. Read more www.wired.com: Worm Poses as Outlook Update. Read more www.timesofindia.com: Worm posing as Microsoft update spreading. Read more www.forbes.com: UPDATE 1-AOL urges instant messagers to upgrade for security. Read more www.dailypress.com: U.S. attorney makes computer crimes a priority. Read more www.nandotimes.com: Government anti-hacking team formed to watch Washington area. Read more www.vnunet.com: Ministry of Defence hacked 27 times. Read more www.gulfnews.com: FBI probing Pakistan-based hackers. Read more www.vnunet.com: Web attacks up 160 per cent in 2001. Read more www.techweb.com: Routers Are The New Hack Attack. Read more www.vnunet.com: World of Hell back on the warpath. Read more news.zdnet.co.uk: Political hackers on the increase in Britain. Read more www.rockymountainnews.com: Hacked @ home. Read more www.latimes.com: Security Flaws May Be Pitfall for Microsoft. Read more news.zdnet.co.uk: Experts: Microsoft's security push lacks oomph. Read more www.sfgate.com: Privacy and Terrorism, Should state monitor e-mail? Read more www.idg.net: Hyped hacker-investor claims to flee Germany. Read more news.zdnet.co.uk: Five years ago: Tests show limits of virus scanners. Read more

14 January 2002 New trojan(s): Massaker 1.1 www.securityfocus.com: Geheimnis MKTemp Insecure Temporary File Vulnerability. Read more www.securiteam.com: Linksys Routers Found to be Vulnerable to SNMP Issues. Read more www.securiteam.com: Mail.com Cross Site Scripting Vulnerability. Read more www.securiteam.com: Myvoicestream.com Security Vulnerability. Read more www.securiteam.com: Vulnerabilities in Oracle9iAS Web Cache. Read more www.securiteam.com: AOLserver Unauthorized File Disclosure Vulnerability. Read more www.securiteam.com: Internet Explorer JavaScript Modeless Popup DoS. Read more www.securiteam.com: Pine URL Handler Allows Execution of Embedded Commands. Read more www.vnunet.com: 'High risk' virus hits PCs. Read more www.wired.com: 'Trojan' Company Changes Horses. Read more www.computeruser.com: Tools take on new Linux Trojan. Read more www.idg.net: Donut virus set to poke holes in .Net. Read more www.neowin.net: Security incidents nearly double in 2001. Read more www.vnunet.com: DNS not bound by Bind. Read more www.computeruser.com: Hacker pleads guilty to damaging energy lab's system. Read more www.computeruser.com: More libraries filtered in 2001--report. Read more www.nzherald.co.nz: Who watches the watchers? Read more

13 January 2002 New trojan(s): Silent Spy chocobospore.org: Mognet, Wireless Ethernet Java Based Sniffer/Analyzer. Read more www.securityfocus.com: EServ Password-Protected File Access Vulnerability. Read more www.securityfocus.com: Slashcode User Account Compromise Vulnerability. Read more www.securityfocus.com: Nevrona MiraMail Sensitive File Plain Text Storage Vulnerability. Read more www.securityfocus.com: Legato NetWorker Plaintext Log File Vulnerability. Read more www.securityfocus.com: Legato NetWorker Insecure Log Permissions Vulnerability. Read more www.securityfocus.com: Geeklog Permanent Cookie Account Hijacking Vulnerability. Read more www.securityfocus.com: Snort ICMP Denial of Service Vulnerability. Read more www.securiteam.com: AFTPd Core Dump Vulnerability. Read more www.debian.org: DSA-099-1 xchat: IRC session hijacking. Read more www.sgmvp.freewebsites.com: How to restart from Windows Millennium into Windows 98 DOS mode. Read more www.guardian.co.uk: Viruses infect one email in every 300. Read more news.cnet.com: Judge tosses Microsoft schools settlement. Read more

12 January 2002 New trojan(s): Cleptomaniacos 1.0 Litmus 2.03 www.securiteam.com: Improper Input Validation in Bugzilla (Exploit). Read more www.securiteam.com: XTerm UnixWare Exploit Code Released (-xrm). Read more www.securiteam.com: Netscape ?wp-html-rend Denial of Service Attack. Read more www.securiteam.com/unixfocus: Slashcode Login Vulnerability. Read more www.securiteam.com/unixfocus: XChat IRC Session Hijacking Vulnerability. Read more www.securiteam.com/unixfocus: Security Analysis of VTun. Read more www.securiteam.com/unixfocus: Security Flaws Found in Tinc. Read more www.zdnet.com: Gigger 'update' worm attacks hard drive. Read more www.zdnet.com: Microsoft: There's a hole in W32.Donut. Read more www.taipeitimes.com: Web hackers hit US via Taiwan. Read more ap.tbo.com: Norwegian Hacker Indicted for Breaking Hollywood DVD Code. Read more news.cnet.com: Web hoster takes security to extremes. Read more www.newsbytes.com: It's 'Bye-Bye, Deutschland' For Kim Schmitz. Read more www.fcw.com: Report: GPS at risk. Read more news.cnet.com: Commentary: Microsoft's security woes. Read more www.zdnet.com: Microsoft failing security test? Read more

11 January 2002 New trojan(s): Little Witch 5.0.1 Client Nemesis 1.0 Bypassing Firewall: Tools and Techniques (PDF). by Jake Hill www.securityfocus.com: YaBB Cross-Site Scripting Vulnerability. Read more www.securityfocus.com: Ultimate Bulletin Board Cross-Site Scripting Vulnerability. Read more www.securityfocus.com: PGP Outlook Plug-In Insecure Message Storage Vulnerability. Read more www.securityfocus.com: Forums! Insecure User Validation Message Posting Vulnerability. Read more www.securiteam.com: Netscape Publishing wp-force-auth Command. Read more www.securiteam.com: Multiple Vulnerabilities in Cisco SN 5420 Storage Routers. Read more www.securiteam.com: CSS Vulnerabilities in YaBB and UBB Allows Account Hijacking. Read more www.securiteam.com: Hacking LIDS. Read more packetstorm.widexs.nl: The Boozt! banner management software for Linux v0.9.8alpha has a remotely exploitable buffer overflow in a CGI executable. Read more www.computeruser.com: First 'proof of concept' .Net virus appears. Read more www.newsbytes.com: Macromedia's Flash Virus Fix Falls Short - Experts. Read more www.cnn.com: Debate continues over security of Windows XP. Read more www.ananova.com: Hackers used Taiwanese computers to deface US websites. Read more news.com.au: Hacker pleads guilty. Read more www.businessweek.com: Every Man a Cyber Crook. Read more www.latimes.com: Keeping Out the Hackers. Read more news.bbc.co.uk: Exam blunder 'may be sabotage'. Read more allafrica.com: Durban to Battle "Porn Nappers" for Tourism Website. Read more www.bostonphoenix.com: Brave new Web. Read more www.miami.com: Learning to love the computer, warts and all. Read more www.wired.com: Norway Cracks Down on DVD Hacker. Read more

10 January 2002 New trojan(s): Lamers Death 2.6 BlackHole 2.001 Client eyeonsecurity.net: CSS vulnerabilities in YaBB and UBB allow account hijack. Read more packetstorm.widexs.nl: Hosting Controller - Multiple vulnerabilities. Read more packetstorm.widexs.nl: AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability. Read more packetstorm.widexs.nl: Savant Webserver Buffer Overflow Vulnerability. Read more packetstorm.widexs.nl: NT PHP.exe remote exploit. Read more packetstorm.widexs.nl: Security Problem in Cisco ubr900 Series Routers. Read more www.securityfocus.com: HP-UX mmap() Denial of Service Vulnerability. Read more www.securityfocus.com: Anti-Web HTTPD Script Engine Heap Overflow Vulnerability. Read more www.securiteam.com: FAQmanager File Reading Vulnerability. Read more www.securityoffice.net: Cross Site Scripting "the security gap". Read more www.newsfactor.co: Name That Worm - How Computer Viruses Get Their Names. Read more freshmeat.net: Red Hat: New mutt packages available to fix security problem. Read more linuxtoday.com: Conectiva Linux Security Announcement: proftpd. Read more www.neowin.net: First dotNET virus. Read more www.securityfocus.com: Social Engineering Fundamentals, Part II: Combat Strategies. Read more www.siliconvalley.com: Virus targets Microsoft Web services software. Read more news.cnet.com: Virus writers take an early crack at .Net. Read more www.computeruser.com: Audiogalaxy installer may have harbored Nimda virus. Read more news.cnet.com: Back doors in AIM security tool irk pros. Read more www.zdnet.com: AIM security tool opens back doors. Read more www.computeruser.com: Go hack thyself, urges NRC. Read more www.gcn.com: Hacker pleads guilty to damaging Energy lab�s system. Read more news.com.au: Hacker pleads guilty. Read more www.theregister.co.uk: Guilty plea in nuke lab hack. Read more www.newsbytes.com: Prof Renews Free Speech Fight Against US Encryption Law. Read more news.cnet.com: Going mano a mano with Microsoft. Read more

09 January 2002 New trojan(s): Genue 1.0 Harvester 2.0 www.securityfocus.com: AOLServer Password Protected File Arbitrary Read Access Vulnerability. Read more www.securityfocus.com: Apache Non-Existent Log Directory Denial Of Service Vulnerability. Read more www.securityfocus.com: AOLServer Password Protected File Arbitrary Read Access Vulnerability. Read more www.securityfocus.com: Michael Lamont Savant Web Server Long Request DoS Vulnerability. Read more www.securiteam.com: VeriSign "PayFlow Link" Payment Service Security Vulnerability. Read more www.securiteam.com: AIM Filter Contains Spyware and Backdoors. Read more www.securiteam.com: C2IT.com Security Holes. Read more www.securiteam.com: Cross Site Scripting Vulnerability in Microsoft.com. Read more www.securiteam.com: PGP 7.0 Outlook Plug-in Flaw. Read more www.securiteam.com: Hosting Controller Multiple Security Vulnerabilities. Read more www.securiteam.com: Web Administration Vulnerability in CacheOS. Read more www.securiteam.com: BOOZT! Administration CGI Vulnerable to Buffer Overflow. Read more www.securityfocus.com: Virus Threatens Software Flash Files. Read more news.cnet.com: New virus first to infect Macromedia Flash. Read more www.theregister.co.uk: Shockwave gets its very own virus. Read more www.timesofindia.com: Now, there's a virus for Flash files too. Read more www.zdnet.com: What's in a virus's name? Everything you need to know! Read more news.com.au: Viruses enjoy quiet Christmas. Read more www.vnunet.com: Watching the detectives. Read more www.vnunet.com: Linux Mutt in the dog house. Read more www.theregister.co.uk: AOL buddy-hole fix has backdoor. Read more www.computerworld.com: AIM Vulnerability Highlights Risk of Rushing Features. Read more seattlepi.nwsource.com: Hackers found flaw in AOL service and kept mum about it. Read more www.vnunet.com: Hackers target governments worldwide. Read more www.cnn.com: Report: Cybervandalism jumped in 2001. Read more www.theregister.co.uk: 'Punish software makers for bad security' - NAS. Read more www.cnn.com: Report: Many U.S. firms at risk for cyberattacks. Read more news.cnet.com: Lax habits leave U.S. open to cyberattack. Read more www.wired.com: U.S. Cyber Security Weakening. Read more www.fcw.com: Homeland security IT spending lags. Read more www.redding.com: Making life miserable for cyber-intruders. Read more www.sfgate.com: Security takes center stage at tech show. Read more www.idg.net: Security challenges take toll. Read more www.theregister.co.uk: Gates gets even bigger XP sales number to boast about. Read more news.cnet.com: Microsoft shakes hands with CDMA. Read more www.theregister.co.uk: Judge denies MS request for more time. Read more www.theregister.co.uk: How MS tax policy saves Gates millions - Nader. Read more

08 January 2002 New trojan(s): Mainline 1.5 Ping Server version b security-protocols.com: ICQ remote buffer overflow vulnerability. Read more security-protocols.com: Faqmanager.cgi file read vulnerability. Read more security-protocols.com: Multiple pwck/grpck Privilege Elevation Vulnerabilities. Read more www.securityfocus.com: SuSE Security Announcement. Read more www.securityfocus.com: CLA-2002:449: mutt. Read more www.menewsline.com: TERRORISTS SENT FOR WMD, CYBER TRAINING. Read more biz.thestar.com.my: Countries putting up electronic fences. Read more www.computeruser.com: New Linux backdoor virus gains smarts. Read more www.linuxsecurity.com: Securing Air (Wireless Security). Read more www.computeruser.com: Microsoft breaks Netscape rule in new security flaw. Read more www.siliconvalley.com: Plea accord expected in hacking case. Read more www.wired.com: Virus Writers Here to 'Help'. Read more www.zwire.com: Computer problems running rampant. Read more web.thesunnews.com: Hackers targeting home computers. Read more www.korealink.co.kr: Hoax e-Mail Worm Spreads. Read more www.zdnet.com: Spyware, Part 3: Is using it illegal�or just sleazy? Read more www.post-gazette.com: Perspectives: Time to make Pittsburgh cybersecurity center. Read more www.washingtonpost.com: w00w00's Instant Message: Listen Up, AOL. Read more afr.com: Posting a guard for homeland security, cyberstyle. Read more www.fcw.com: DOD bills bolster anti-terrorism spending. Read more www.fcw.com: Interior unplugged. Read more www.sfgate.com: National parks caught in Web Court takes down Interior Dept. site to keep hackers from tribal funds. Read more www.zdnet.com: Gates to show TV-friendly XP. Read more www.infoworld.com: Analysis: Microsoft recommits to vigilant security patrols. Read more www.zdnet.com: Judge nixes Microsoft delay tactic. Read more www.zdnet.com: Lawmaker: Legalize home CD burning. Read more www.foxnews.com: War on Copy-Protected CDs Heats Up. Read more

07 January 2002 New trojan(s): Connect4 1.0 beta 1 Porkodio Server security-protocols.com: AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability. Read more security-protocols.com: BSCW Insecure Default Installation Vulnerability. Read more security-protocols.com: Multiple pwck/grpck Privilege Elevation Vulnerabilities. Read more www.securitytracker.com: Microsoft Internet Explorer (IE) May Allow Malicious Javascript to Poll a User's System for Known Files. Read more www.securitytracker.com: Miva Merchant Shopping Cart With VeriSign Payflow Link Module May Accept Invalid Credit Approval Transactions as Valid. Read more www.securitytracker.com: RPL/2 Programming Language Input Validation Errors May Let Local Users Gain Elevated Privileges on the Host. Read more www.securitytracker.com: PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error. Read more www.securitytracker.com: Anti-Web HTTPD (awhttpd) Web Server Can Be Crashed By Local Users. Read more www.koth.org: Corewar is a computer game with a difference. A recreation for programmers, it is not played by humans but by assembly language programs. Basically, programmers write warriors in a specialized language called redcode and two or more of these warriors are run in the memory (called the core) of a hypothetical computer called the MARS (Memory Array Redcode Simulator). It is an ideal game for you if you are a programmer. Read more www.xatrix.org: GeekLog - privileges vulnerability. Read more www.contracostatimes.com: Cyber insurance grows in popularity. Read more www.cnn.com: 'ZaCker' worm attacks security software. Read more www.govexec.com: Feds take minimal role in patching holes in cyberspace. Read more www.newsbytes.com: Microsoft Plug-And-Play Patch Pleases FBI. Read more news.cnet.com: Did AOL cold-shoulder AIM flaw exposer? Read more news.cnet.com: Appeals court upholds anti-spam law. Read more

06 January 2002 New trojan(s): Nakter Affe Phoenix II 1.90 www.securityfocus.com: BrowseFTP Client Buffer Overflow Vulnerability. Read more security-protocols.com: Security Problem Found with Cisco UBR900 Series Routers. Read more www.securiteam.com: ActivePerl Leaks True Path. Read more www.securiteam.com: Multiple pwck/grpck Privilege Elevation Vulnerabilities. Read more www.securiteam.com: AWHTTPd Local DoS. Read more www.securitytracker.com: Shopping Carts Using VeriSign's Payflow Link Payment System May Accept Invalid Credit Approval Transactions as Valid Transactions. Read more www.securitytracker.com: Snmpnetstat Component of Net-snmp (ucd-snmp) Has Heap Overflow That Allows Remote Servers to Execute Arbitrary Code on the System. Read more www.securitytracker.com: Mail.com E-mail Service Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks to Obtain Mail.com User Cookies. Read more www.grcsucks.com: 'Win-XP hole' misrepresented by FBI, press, Gibson, by Tim Mullen. Read more www.grcsucks.com: GRC-Reply by Dave Dittrich. Read more computerworld.com: Report warns of al-Qaeda's potential cybercapabilities. Read more www.cnn.com: Home is where the hackers are. Read more news.zdnet.co.uk: Linux world dismisses new Trojan risk. Read more www.newsbytes.com: New Linux Backdoor Virus Gains Smarts. Read more computerworld.com: Judge allows use of keystroke capture technology in N.J. trial. Read more www.ciol.com: Student defends handling of AOL security flaw. Read more www.linuxsecurity.com: Snort-Setup for Statistics HOWTO. Read more

05 January 2002 New trojan(s): Theef Downloader 1.0 Duddie 3.1c www.securiteam.com: AIM Buffer Overflow Exploit. Read more www.securiteam.com: UPNP Exploit Code Released. Read more www.securiteam.com: Solaris /bin/login Remote Exploit Code. Read more www.securiteam.com: DeleGate Cross Site Scripting Vulnerability. Read more www.securiteam.com: Security Problem Found with Cisco UBR900 Series Routers. Read more www.securiteam.com: Lynx Format String Vulnerability in URL Logging. Read more www.securiteam.com: Lastlines.CGI Path Traversal and Command Execution Vulnerability. Read more www.securiteam.com: Security hole in AOL Instant Messenger leaves computers vulnerable to remote takeover. Read more www.securityfocus.com: BSCW Remote Command Execution Vulnerability. Read more www.securityfocus.com: BSCW Insecure Default Installation Vulnerability. Read more www.theregister.co.uk: Ditch IE - veteran bug hunter. Read more www.globalsecurity.org: Kabul computer reveals files of top Al Qaeda officials. Read more networking.earthweb.com: Driveby Hacking on the Go. Read more www.wininformant.com: Antivirus Vendors Warn of Zacker Worm and ClickTillUWin Trojan Horse. Read more www.zdnet.com: Trojan horse conveys IE users to porn. Read more news.zdnet.co.uk: Porn Trojan exploits old Microsoft hole. Read more www.idg.net: FBI Agency Revises XP Security Alert. Read more www.zdnet.com: MS sounds Passport IE patch alarm. Read more www.wired.com: Judge OKs FBI Keyboard Sniffing. Read more www.theregister.co.uk: Popular file-share utilities contain Trojans. Read more www.computeruser.com: Music sharing programs share advertiser's 'Trojan' spyware. Read more www.theregister.co.uk: Nvidia settles Dutch hacking lawsuit. Read more www3.gartner.com: Microsoft Security Chief Can Boost Federal Cybersecurity. Read more www.theregister.co.uk: Bill Gates docu-death film shows at Slamdance. Read more

04 January 2002 New trojan(s): Xot 0.5 Beta 2 Espionage 1.1 news.cnet.com: Worm targets security software. Read more www.securiteam.com: Internet Explorer GetObject() Problems. Read more www.securityfocus.com: Microsoft Internet Explorer GetObject File Disclosure Vulnerability. Read more www.securiteam.com: Security Risk When Using the CGI Binary (PHP.EXE) Under Apache. Read more www.securiteam.com: AOL Instant Messenger Remote Buffer Overflow. Read more www.securiteam.com: Vulnerability in Encrypted Loop Device for Linux. Read more www.securiteam.com: Stunnel Format String Security Vulnerability. Read more www.securiteam.com: DayDream BBS Buffer Overflows. Read more www.securityfocus.com: AOL Instant Messenger Remote Buffer Overflow. Read more Phrack has been providing the hacker community with information on operating systems, networking technologies and telephony, as well as relaying features of interest to the international computer underground. The Phrack Magazine team released a new issue of this Magazine, number 58. Read more www.nandotimes.com: Instant Messenger flaw fixed; hackers criticized for little warning. Read more www.timesofindia.com: Utah student defends handling of AOL security flaw. Read more www.thetimes.co.uk: AOL admits security flaw. Read more www.thestar.com: Latest computer threats slither forth. Read more www.internetwk.com: Experts Foresee More Mass-Mailing Viruses In 2002. Read more www.vnunet.com: Rare Linux virus on the loose. Read more www.neowin.net: Nvidia seizes computers of hackers. Read more www.pcworld.com: Peer-to-Peer Apps Shared Trojan Horse. Read more www.cbsnews.com: Home Computers A Tempting Target. Read more www.canoe.ca: FBI: Windows XP fix is adequate. Read more hoovnews.hoovers.com: Remote Desktop: Secure or vulnerable? (Enterprise ENTE). Read more www.zdnet.com: Keep yourself top secret! How to defeat spyware (Part 2). Read more www.newsday.com: Popular Jargon in Computer Security. Read more

03 January 2002 New trojan(s): Lithium 1.0 Beta 5 SShare 2 Internet Security Systems Security Alert AOL Instant Messenger Remote Buffer Overflow. Read more www.securiteam.com: IMail Web Service User Aliases / Mailing Lists Admin Vulnerability. Read more www.securiteam.com: SpeedXess HASE-120(IPOA Router) Default Password. Read more www.securiteam.com: Daydream BBS Format String Vulnerability. Read more www.linuxsecurity.com: Vulnerability in encrypted loop device for Linux. Read more abcnews.go.com: New hole in AOL Instant Messenger lets hackers take over; solution promised soon. Read more www.cnn.com: Security hole found in AOL Instant Messenger. Read more www.wired.com: AOL's Messenger Ripe for Hacking. Read more www.zdnet.com: AIM hole could let worms wriggle in. Read more www.computeruser.com: Serious AIM security hole could invite worms - experts. Read more www.business2.com: File-sharing programs carry Trojan horse. Read more www.zdnet.com: Trojan horse targets file-swappers. Read more www.law.com: FBI May Use Keystroke-Recording Device Without Wiretap Order. Read more www.worldnetdaily.com: Echelon excesses. Read more www.heraldsun.news.com.au: Microsoft plugs its leaking plughole. Read more www.securityfocus.com: Fear, Uncertainty and Doubt, Inc. Read more www.osopinion.com: An Insecure Feeling About Microsoft's Security. Read more news.mywebpal.com: E-detectives help solve workplace cyber-crime Stalking workplace e-crimes. Read more www.newsfactor.com: Viruses in Review: How Curiosity Can Doom Users. Read more www.eweek.com: Viruses to Continue Their Assault on Net. Read more www.vnunet.com: Instant Messaging viruses set to soar. Read more www.nandotimes.com: MITZI PERDUE: Cyber security. Read more www.zdnet.com: How THEY know what you're doing on your PC (Part 1). Read more www.techtv.com: Web Attacks Go Wireless? Read more www.vnunet.com: Sklyarov returns to hero's welcome. Read more www.zdnet.com: Judge sets date for Microsoft hearing. Read more www.zdnet.com: The incredible shrinking Internet. Read more

02 January 2002 New trojan(s): XtraAccess 1.02 Wintrix Georgi Guninski security advisory #52, 2001 IE GetObject() problems. Read more www.securityfocus.com: Last Lines CGI Script Remote Command Execution Vulnerability. Read more security-protocols.com: Cherokee Webserver Directory Traversal and Elevated Privileges. Read more www.securityfocus.com: Last Lines CGI Script Directory Traversal Vulnerability. Read more www.securityfocus.com: DayDream BBS Control Code Multiple Buffer Overflow Vulnerability. Read more www.securiteam.com: ELSA Lancom 1100 Office Security Problems. Read more www.securiteam.com: Cherokee Webserver Directory Traversal and Elevated Privileges Vulnerabilities. Read more www.securiteam.com: Ztreet Markup Language Security Vulnerability. Read more www.securityfocus.com: IPTables Linux firewall with packet string-matching support. Read more www.business-standard.com: India is preparing for a war on the web. Read more www.businessweek.com: Toward More Cybersecurity in 2002. Read more news.com.au: Most troubled by net security. Read more www.belfasttelegraph.co.uk: Help! my computer's caught a code. Read more www.nikkeibp.asiabiztech.com: Future Computer Viruses to Be Less Damaging, Cause More Infections: Sophos CEO. Read more www.boston.com: E-mail glitch hits Harvard applicants. Read more www.asahi.com: CDs to thwart pirates. Read more

01 January 2002 New trojan(s): Khaos 2.1 Glacier 9.11 Special Edition www.theregister.co.uk: 'Win-XP hole' mis-represented by FBI, press, Gibson. Reading more news.cnet.com: Who are you? Microsoft and Sun Microsystems want your identity. Read more www.knoxnews.com: Preventing computer viruses and worms. Read more www.nzherald.co.nz: Watch out for possible New Year's computer attacks. Read more www.iht.com: Protecting Your Mac From Net Nuisances. Read more www.cnn.com: Freed Russian software programmer returns home. Read more www.globetechnology.com: The story of cyberlaw in 2001. Read more www1.keenesentinel.com: Keene woman eludes online fraud; EBay blames Monadnet. Read more www.infoworld.com: Security shopping lists made for the New Year. Read more

Copyright� MegaSecurity.org