Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!

News Archive    Translate Traducen

News February 20002

28 February 2002 New trojan(s): CyberPaky 1.8 www.dachb0den.com: bsd-airtools is a package that provides a complete toolset for wireless 802.11b auditing. Read more Microsoft Security Bulletin MS01-011 Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service. Read more Microsoft Security Bulletin MS01-012 Malformed Data Transfer Request can Cause Windows SMTP Service to Fail. Read more security.e-matters.de: PHP remote vulnerabilities. Read more www.netfilter.org: Important security announcement of the netfilter project. Read more www.securityoffice.net: Novell GroupWise Web Access Path Disclosure Vulnerability. Read more homepage.mac.com: Auto file execution vulnerability in Mac OS. Read more Cisco Security Advisory: Data Leak with Cisco Express Forwarding Enabled. Read more GreyMagic Security Advisory GM#001-IE Executing arbitrary commands without Active Scripting or ActiveX. Read more Internet Security Systems Security Alert Multiple PHP Vulnerabilities: Remote Compromise Exploit in Circulation. Read more online.securityfocus.com: Working Resources BadBlue Cross Site Scripting Vulnerability. Read more online.securityfocus.com: Working Resources BadBlue Triple-Dot-Slash Directory Traversal Vulnerability. Read more www.securiteam.com: Kazaa, Grokster and Morpheus Remote Denial of Service. Read more www.securiteam.com: Symantec Enterprise Firewall (SEF) SMTP Proxy Inconsistencies. Read more www.securiteam.com: Gator Installer Plugin Allows Any Software to be Installed Remotely. Read more www.securitytracker.com: 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users. Read more www.securitytracker.com: AOL Instant Messenger (AIM) May Disclose AIM Passwords to Remote Users in Certain Situations. Read more www.securitytracker.com: AMaViS SMTP Anti-Virus Scanner Can Be Crashed By Remote Users Sending Compressed Files With Large Numbers of Null Characters. Read more www.securitytracker.com: Tumbleweed Secure Mail SMTP Anti-virus Scanner Can Be Crashed By Remote Users Sending Compressed Files With Large Numbers of Null Characters. Read more www.securitytracker.com: Windows Media Player Executes URLs in Windows Media Files that Have Been Renamed as MP3 Files. Read more www.securitytracker.com: Open Bulletin Board (OpenBB) Input Filtering Bug Lets Remote Users Conduct Cross-Site Scripting Attacks Against OpenBB Users. Read more www.securitytracker.com: ScriptEase Web Server Edition Sample Script (comment2.jse) Discloses Files Located Anywhere on the Server to Remote Users. Read more www.securitytracker.com: UnrealIRCd Internet Relay Chat (IRC) Server Format String Bug Lets Remote Users Crash the Chat Service. Read more www.securitytracker.com: Compaq Application Control Management System (ACMS) for OpenVMS Operating System May Allow Local Users to Obtain Elevated Privileges. Read more www.securitytracker.com: Ethereal SNMP Processing Bug Lets Remote Users Crash the Network Sniffer. Read more www.defcon.org: DEF CON 10 Call for Papers Announcement. Read more www.raid-symposium.org: Fifth International Symposium on Recent Advances in Intrusion Detection. Read more www.blackhat.com: Black Hat Briefings 2002 conference. Read more www.osopinion.com: Microsoft Admits XP Media Player Spies on Users. Read more www.newsbytes.com: Another Security Hole Found In Macromedia Flash. Read more www.reuters.co.uk: Microsoft Security Push Faces Skepticism. Read more online.securityfocus.com: Sniffers: What They Are and How to Protect Yourself. Read more www.wired.com: Hack a PC, Get Life in Jail. Read more www.cnn.com: House panel OKs boost in cybercrime penalties. Read more www.newsbytes.com: New York Times Intranet, Source Database Hacked. Read more www.idg.net: Security holes closed in New York Times intranet after hacker intrusion. Read more www.usatoday.com: Hacker says he infiltrated 'New York Times'. Read more www.computerworld.com: New York pulls sensitive data from state's Web sites. Read more www.wired.com: Are Crackers Behind AOL Spree? Read more sportsillustrated.cnn.com: Formula One teams on watch for computer hackers. Read more www.computerworld.com: Energy firms move to thwart cyberattacks. Read more news.com.au: Cyber crime gathers strength. Read more www.zdnet.com: The Next Big Virus: How can we prepare ourselves? Read more www.usatoday.com: Agency raises the bar on tech security. Read more www.cnn.com: How can personal firewalls help your PC? Read more www.zdnet.com: Why passwords will always be a pain. Read more

27 February 2002 New trojan(s): InCommand 1.7 beta www.dachb0den.com: Practical Exploitation of RC4 Weaknesses in WEP Environments. Read more online.securityfocus.com: Symantec Norton Antivirus LiveUpdate Plaintext Credentials Vulnerability. Read more online.securityfocus.com: OpenBB Image Tag Cross-Site Scripting Vulnerability. Read more www.securiteam.com: Antivirus Mail Scanners DoS. Read more www.securiteam.com: Buffer Overflow in Microsoft Internet Explorer. Read more www.securiteam.com: Compromising IIS or Apache Servers Running PHP for Windows (Step-by-Step). Read more www.securiteam.com: AdMentor Login Flaw (SQL Injection). Read more www.securiteam.com: Cheating CHAP. A paper explaining the weakness in the CHAP protocol as used within PPP and PPTP has been released. The vulnerability described allows for authentication in PPTP networks without knowing valid a login and password. Read more www.securitytracker.com: Citrix NFuse Web Publishing Server May Disclose Novell Directory Services (NDS) Network Information to Remote Users. Read more www.securitytracker.com: Symantec Enterprise Firewall (Raptor) Fails to Report Some Alerts via SNMP. Read more www.securitytracker.com: Zero One Technology's ZOT P100s Print Server Discloses Information to Remote Users via SNMP Even When Configured Not To. Read more www.securitytracker.com: Greymatter Weblog Software Discloses Administrator Account Passwords to Remote Users in Certain Configurations. Read more www.attrition.org: Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue. Read more www.computerworld.com: Q&A with ICANN's security chairman, Stephen Crocker. Read more industry.java.sun.com: Gong Li Sheds Light on Sun's Security. Read more online.securityfocus.com: New York Times Internal Network Hacked. Read more online.securityfocus.com: MP3 Files Not Always Safe. Read more www.computeruser.com: Gator digital wallet allows hacker back doors. Read more www.silicon.com: Freeware: The new threat to company security. Read more www.informationweek.com: Hackers Sneak Through Open Doors In Applications. Read more www.helsinki-hs.net: Hackers accessed more than 100,000 systems at home and abroad. Read more www.silicon.com: UK businesses making a hash of security. Read more ua.pennwellnet.com: Protecting the Grid from Cyber Attack. Read more news.mysanantonio.com: Cyberterror worries federal, state experts. Read more news.com.au: Net bank fraud inevitable: expert. Read more www.sfgate.com: Indian Affairs security lapses exposed Under instruction from court, lawyer easily infiltrated bureau's computer system. Read more www.theregister.co.uk: Security suppliers compared to dodgy car mechanics. Read more www.newsbytes.com: Commerce Dept Fines Company For Illegal Crypto Exports. Read more www.computeruser.com: If Morpheus is illegal, so is the rest of the Net - EFF. Read more

26 February 2002 New trojan(s): Casus 2.3 www.securiteam.com: ACK Tunneling Trojans. Read more x82.i21c.net: UCD-snmp-4.0.1-5 Remote exploit. Read more CERT� Advisory CA-2002-04 Buffer Overflow in Microsoft Internet Explorer. Read more www.kb.cert.or: Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive. Read more www.cert.org: Steps for Changing Your Options in Web Browsers - Netscape and Internet Explorer. Read more www.securitytracker.com: Century Software's TERM Terminal Emulator Software Buffer Overflow Lets Local Users Gain Root Privileges on the System. Read more www.securitytracker.com: XMB Forum Allows Cross-Site Scripting Attacks. Read more online.securityfocus.com: XMB 1.6x JavaScript Messages Vulnerability. Read more www.securiteam.com: LilHTTP Web Server Protected File Access Vulnerability. Read more www.securiteam.com: Essentia Web Server DoS Vulnerability. Read more www.securiteam.com: Essentia Web Server Directory Traversal Vulnerability. Read more www.securiteam.com: Greymatter Remote Login / Password Exposure. Read more www.securiteam.com: Century Software's TERM Emu Buffer Overflows. Read more www.theregister.co.uk: Steve Gibson invents broken SYNcookies. Read more cr.yp.to: SYN cookies. Read more www.internetnews.com: New Security Flaw Found in IE. Read more zdnet.com.com: MS warns of 'critical' flaws. Read more www.eweek.com: Sans Predicted Snmp Attack; What's Next? Read more www.newsbytes.com: 'Distributed' Web Projects Raise Security Issues. Read more www.vnunet.com: Experts back 'rules' for bug fixes. Read more news.bbc.co.uk: Hiding security bugs. Read more www.wired.com: Bush Push for Stiffer Hack Fines. Read more news.bbc.co.uk: Tipping the balance on net security. Read more www.latimes.com: Microsoft's Mundie Says Viruses Must Be Fought. Read more news.com.com: Some Microsoft testimony open to media. Read more www.chron.com: Programs flawed, Microsoft reveals. Read more www.chron.com: Judge's porn case hinges on computer hacker. Read more www.sfgate.com: An Internet outlaw goes on record Pleasant Hill student tells of his 'hacktivism'. Read more www.rferl.org: EU: E-Mail Publication In Turkey Causes Diplomatic Row. Read more news.independent.co.uk: The secret life of your own laptop. Read more

25 February 2002 New trojan(s): F-Backdoor 1.0 www.securitytracker.com: Rich Media Technologies JustAddCommerce E-commerce Software Discloses User Passwords to Local Users. Read more www.securitytracker.com: FreeRADIUS Authentication Server (and Possibly Other RADIUS Servers) May Become Overloaded By a Remote Flood of Access-Request Packets from a Single User. Read more www.securitytracker.com: Yahoo Messenger Client Can Be Crashed By Remote Users and Spoofed Messages Can Be Sent By Remote Users. Read more www.securitytracker.com: Squid Proxy Cache Server Buffer Overflow Lets Remote Users Create Denial of Service Conditions and May Let Remote Users Execute Arbitrary Code on the System. Read more www.securitytracker.com: Netopia Timbuktu Remote Access Software Lets Users Without Administrator Privileges Modify User Account Restrictions. Read more www.securiteam.com: Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise. Read more www.securiteam.com: CNet CatchUp Arbitrary Code Execution. Read more www.securiteam.com: Phorum Discussion Board Security Bug (Email Disclosure). Read more online.securityfocus.com: Powie PForum Username Cross-Site Scripting Vulnerability. Read more www.securityspace.com: XML Core Services patch (Q318203). Read more www.vnunet.com: Bug Watch: Heuristics is the way forward. Read more news.com.com: Industry group to stamp on bugs. Read more www.vnunet.com: Microsoft puts trust in security wizards. Read more www.vnunet.com: Don't be lulled by the illusion of security. Read more www.eweek.com: Glitches Plague Windows Messenger. Read more

24 February 2002 New trojan(s): Duddie 3.2 Spyware ripped apart by Doc. Read More www.acsac.org: ITS4: A Static Vulnerability Scanner for C and C++ Code. Read more lin.fsid.cvut.cz: Hunt, TCP Hijacking tool. Read more www.securiteam.com: Alcatel 4400 PBX Hack. Read more www.securitytracker.com: Trend Micro's InterScan VirusWall Proxy Bug Lets Remote Users Bypass Some Access Controls and Connect to Arbitrary Ports on Internal/Protected Hosts. Read more www.securitytracker.com: Finjan SurfinGate Proxy Bug Lets Remote Users Bypass Some Access Controls and Connect to Arbitrary Ports on Internal/Protected Hosts. Read more www.securitytracker.com: Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files. Read more www.securitytracker.com: Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files. Read more www.securitytracker.com: NetWin's WebNEWS Server Has Built-in Default User Names That Cannot Be Removed and That Allow Remote Users to Gain Access. Read more www.securitytracker.com: Essentia Web Server Discloses Files Located Anywhere on the System to Remote Users and Lets Remote Users Crash the Web Service. Read more www.securitytracker.com: Microsoft Internet Explorer Has Another Frame Domain Security Bug That Lets Remote Users View Files or Other Personal Information from a Victim's Computer By Using Malicious VBScripts. Read more www.securitytracker.com: Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server. Read more www.securitytracker.com: ASPCode.net's AdMentor Banner Rotation Script Filtering Bug Gives Remote Users Administrator Access to the Application. Read more www.securitytracker.com: Avenger's News System CGI (ans.pl) Input Filtering Hole Lets Remote Users Execute Arbitrary Commands on the Web Server. Read more online.securityfocus.com: Essentia Web Server Long URL Denial Of Service Vulnerability. Read more online.securityfocus.com: Essentia Web Server Directory Traversal Vulnerability. Read more online.securityfocus.com: Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability. Read more online.securityfocus.com: Microsoft VBScript Same Origin Policy Violation Vulnerability. Read more online.securityfocus.com: Yahoo! Instant Messenger Spoofed Username Vulnerability. Read more www.securiteam.com: ScriptEase MiniWeb Server DoS. Read more www.securiteam.com: MSDE, SQL Server 7 & 2000 Adhoc Heterogeneous Queries Buffer Overflow and DoS. Read more www.securiteam.com: Netwin Webnews.exe (utoken). Read more www.techtv.com: FBI Says It's Monitoring Web Vulnerability. Read more news.com.com: Group to set bug-reporting standards. Read more news.com.com: Famed hacker Mitnick meets his mark. Read more news.com.com: Napster court win puts labels in spotlight. Read more news.com.com: Gates plugs Xbox as man about Tokyo. Read more www.techtv.com: Self-Sending Spam. Read more

23 February 2002 New trojan(s): Starline 2.0 beta mIRC Backdoors - An advanced overview by ReDeeMeR. Read more stage.caldera.com: Open UNIX, UnixWare 7: Webtop setuid script vulnerability. Read more www.securityoffice.net: Cross Site Scripting "the security gap". Read more www.securityoffice.net: Essentia Web Server DoS Vulnerability. Read more www.securityoffice.net: LilHTTP Web Server Protected File Access Vulnerability. Read more www.securiteam.com: Tripod Account Hijack. Read more www.securiteam.com: ASP.NET Session Information Leakage. Read more online.securityfocus.com: Squid HTCP Runtime Configuration Vulnerability. Read more online.securityfocus.com: Nombas ScriptEase:WebServer Edition GET Request Denial of Service Vulnerability. Read more online.securityfocus.com: Squid Cache SNMP Denial of Service Vulnerability. Read more online.securityfocus.com: Avenger's News System Directory Traversal Vulnerability. Read more online.securityfocus.com: Squid Cache FTP Proxy URL Buffer Overflow Vulnerability. Read more online.securityfocus.com: Avenger's News System Remote Command Execution Vulnerability. Read more online.securityfocus.com: AdMentor Remote SQL Injection Vulnerability. Read more online.securityfocus.com: Citrix NFuse Network Information Disclosure Vulnerability. Read more online.securityfocus.com: Apple MacOS 9 Classic Reverse DNS Lookup DoS Vulnerability. Read more online.securityfocus.com: Novell GroupWise 6 Post Office LDAP Authentication Bypass Vulnerability. Read more online.securityfocus.com: Compaq Nonstop Himalaya SNMP Agent Denial Of Service Vulnerability. Read more www.securiteam.com: Rich Media E-Commerce Stores Sensitive Information Insecurely. Read more www.securitytracker.com: MacOS DNS Bug Lets Remote DNS Servers Crash the Operating System. Read more www.securitytracker.com: Novell GroupWise LDAP Authentication Configuration Error Lets Remote Users Access GroupWise Accounts Without Having to Supply a Password. Read more www.securitytracker.com: Symantec Enterprise Firewall (Raptor) SMTP Proxy Fails to Fully Rewrite Some SMTP Headers. Read more www.securitytracker.com: Lil' HTTP Server Discloses Files in Password Protected Directories on the Web Server to Remote Users. Read more www.securitytracker.com: Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host. Read more www.theregister.co.uk: Three new MS security holes - two nasty. Read more www.theregister.co.uk: SNMP exploit causes printers to jam. Read more www.theregister.co.uk: Most SNMP vulns quietly lurking. Read more www.newsbytes.com: Gator Digital Wallet Allows Hacker Back Doors. Read more w3.ivy.hu: Hungarian discovery: a new security gap in Internet Explorer. Read more www.newsbytes.com: Disclosure Guidelines For Bug-Spotters Proposed. Read more theregister.co.uk: Mass ICQ 'hack' baffles world+dog. Read more www.newsbytes.com: Sites Revealed Passwords For Thousands Of Ameritech Users. Read more www.silicon.com: Security experts release free Cisco router tool. Read more www.theregister.co.uk: US Air traffic safe from hackers - FAA. Read more zdnet.com.com: Security experts: We need more money. Read more www.thisislondon.co.uk: Warnings over net stalking danger. Read more www.theregister.co.uk: Beware the bogus domain sellers. Read more

22 February 2002 New trojan(s): Nauka Ping Server version j www.ee.oulu.fi: Publications and Discussions on Liability for Bad Software. Read more Microsoft Security Bulletin MS02-008 XMLHTTP Control Can Allow Access to Local Files. Read more Microsoft Security Bulletin MS02-009 Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files. Read more Microsoft Security Bulletin MS02-010 Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise. Read more www.corsaire.com: Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies. Read more www.corsaire.com: Symantec/Axent NetProwler 3.5.x database configuration. Read more www.squid-cache.org: Squid Proxy Cache Security Update Advisory SQUID-2002:1. Read more eyeonsecurity.net: Gator installer Plugin allows any software to be installed. Read more www.securitytracker.com: Tarantella Enterprise Server '/tmp/spinning' Symlink Hole Lets Local Users Obtain Root Access When the Software is Installed. Read more www.securitytracker.com: Slash Code Allows Remote Users to Conduct Cross-Site Scripting Attacks to Steal Slash Web Site User Cookies. Read more www.securitytracker.com: Microsoft SQL Server Buffer Overflow Lets Remote Users Crash the Server and May Allow Remote Code to Be Executed on the Database Server. Read more www.securitytracker.com: RealSystem Server and RealSystem Proxy Buffer Overflows May Let Remote Users Execute Arbitrary Code on the Server or Cause the Server to Crash. Read more www.securitytracker.com: Netwin's WebNEWS News Server CGI May Execute Arbitrary Code Supplied By Remote Users. Read more www.securitytracker.com: GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions. Read more www.securitytracker.com: Lotus Domino Server Discloses Installation Path to Remote Users That Request Non-existent Perl Scripts. Read more www.securitytracker.com: Check Point FireWall-1 HTTP Proxy Bug Lets Remote Users Bypass Some Access Controls and Connect to Arbitrary Ports on Internal/Protected Hosts. Read more www.securitytracker.com: Alcatel 4000 PBX Phone Switch Default Configuration Lets Remote Users Access the Switch and Gain Root Access. Read more www.securitytracker.com: ScriptEase Mini WebServer Can Be Crashed By Remote Users Sending Long HTTP Requests. Read more www.securitytracker.com: Microsoft Outlook Web Access Discloses 'Include' Archive Files in the 'lib' Directory to Remote Users. Read more online.securityfocus.com: Alcatel OmniPCX Password File Encrypted Password Access Vulnerability. Read more online.securityfocus.com: Alcatel OmniPCX Unprivileged User System Shutdown Denial Of Service Vulnerability. Read more online.securityfocus.com: HP JetDirect SNMP Denial of Service Vulnerability. Read more online.securityfocus.com: Alcatel OmniPCX Default File Permissions World Writeable Vulnerability. Read more digitalmass.boston.com: Microsoft music, movie player logs users entertainment habits. Read more www.computerbytesman.com: Serious privacy problems in Windows Media Player for Windows XP. Read more www.eweek.com: Security Group Pinpoints Cisco Router Weakness. Read more www.theregister.co.uk: 'Penetrate and patch' e-business security is grim. Read more www.theregister.co.uk: Tripod account hijack risk patched. Read more www.businessweek.com: Patching the Net's Fatal Flaws. Read more online.securityfocus.com: FAA: Air Traffic Control Holes Plugged. Read more www.businessweek.com: This LAN Is Whose LAN? Read more www.cw360.com: Law ties police hands in fight with hackers. Read more www.reuters.com: Famed Hacker Mitnick Greets Former Target. Read more www.aftenposten.no: Hackers hit University of Oslo. Read more www.latimes.com: Porn Case Hinges on Hacker. Read more zdnet.com.com: Cyberterrorists will be after you. Read more hoovnews.hoovers.com: Cyberterrorism: Get ready to become a hard target. Read more www.wired.com: Security: 3 Confabs' Killer App. Read more www.eetimes.com: Data networks pose crypto conundrum. Read more www.newscientist.com: Peekabooty aims to banish internet censorship. Read more sunspot.net: Pryin' Eyes. Spyware: Computer users beware sneaky programs that slip in and report data to marketers. Read more

21 February 2002 New trojan(s): Cyn 2.0 Microsoft Security Bulletin MS02-007 SQL Server Remote Data Source Function Contain Unchecked Buffers. Read more www.stdnet.com: Regarding SNMP Vulnerabilities. Read more www.aelita.com: Protecting Active Directory from "Domain Trust" Vulnerability. Read more www.cs.princeton.edu: Timing Attacks on Web Privacy (pdf). Read more www.ezkracho.com.ar: Buffer overflow vulnerability in BladeEnc 0.94.1 Ad-Exploit Tested on Mandrake 7.0. Read more www.ietf.org: Responsible Vulnerability Disclosure Process draft-christey-wysopal-vuln-disclosure-00.txt. Read more www.ietf.org: The Tao of IETF - A Novice's Guide to the Internet Engineering. Read more Task Force ftp.isi.edu: The Internet Standards Process -- Revision 3. Read more www.securityfriday.com: About "Share-Level Password" Vulnerability. Read more www.computerbytesman.com: Serious privacy problems in Windows Media Player for Windows XP. Read more www.securitytracker.com: EverySoft's EveryAuction Software Allows Cross-Site Scripting Attacks and Lets Remote Users Send Unwanted E-mail Messages to Arbitrary Recipients. Read more www.securitytracker.com: Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations. Read more www.securitytracker.com: Adobe PhotoDeluxe Java Configuration Flaw Lets Malicious Applets Obtain Directory Listings and May Allow Remote Code to Be Executed on the User's Computer. Read more www.securitytracker.com: Windows XP Networking Port May Allow Remote Users to Deny Service By Sending a Stream of TCP SYN Packets. Read more www.securitytracker.com: Winamp Media Player Discloses Temporary File Path to Remote Web Servers, Potentially Allowing a Remote Server to Execute Arbitrary Code on the User's PC. Read more www.securitytracker.com: Ncurses Library Buffer Overflow May Allow a Local User to Crash Applications and Possibly Execute Arbitrary Code. Read more www.securitytracker.com: mwForum Bulletin Board CGI Parameter Bug Lets Remote Users Obtain Administrative Access on the Bulletin Board. Read more www.securitytracker.com: Dino's WebServer Can Be Crashed By Remote Users Sending Multiple Long HTTP GET Requests. Read more www.securiteam.com: Bypassing Content Filtering Software (Exploit). Read more www.securiteam.com: More Local Root Vulnerabilities during Installation of Tarantella Enterprise. Read more www.securiteam.com: Slashcode Login Vulnerability (Patch Available). Read more online.securityfocus.com: Tarantella Enterprise 3 Symbolic Link Vulnerability. Read more online.securityfocus.com: Cigital ITS4 Software Security Tool Weakness. Read more qmail-scanner.sourceforge.net: Qmail-Scanner: Content Scanner for Qmail. Read more techupdate.zdnet.com: Dangerous Yarner worm could delete your Windows files. Read more www.elcom.co.uk: Nasty Internet Worm Targets German Anti-Trojan Users. Read more www.infoworld.com: Free Cisco router security tool released. Read more www.newscientist.com: Peekabooty aims to banish internet censorship. Read more www.bbspot.com: Virus Responsible for Gates Security Memo. Read more www.businessweek.com: Patching the Net's Fatal Flaws. Read more www.eastsidejournal.com: 'Soft Talk: Microsoft's `bug' leads to Peyton Place. Read more www.idg.net: Cybercrime reporting procedure draws fire. Read more www.newsbytes.com: Alleged Hacker Charged In Australia. Read more www.linuxworld.com: A walk on the wireless side. Read more www.washingtonpost.com: Computer Czar Issues Warning. Read more www.vnunet.com: Linux for the paranoid. Read more www.vnunet.com: Microsoft 'won't break Lindows'. Read more news.com.com: Microsoft preps Windows security scanner. Read more techupdate.zdnet.com: Liberty Alliance, Passport miles apart. Read more www.csmonitor.com: Your good name, sold for a penny. Read more www.zdnet.com: How password chaos could kill e-commerce. Read more

20 February 2002 New trojan(s): HackWorld 2.03 www.securitytracker.com: Microsoft Internet Security Acceleration Server Can Be Affected By Remote Users Conducting a LAND Flood Attack. Read more www.securitytracker.com: Deerfield WebSite Web Server Software Discloses Installation Path Location to Remote Users. Read more www.securitytracker.com: WeSQL Library May Allow Remote Users to Access Database Content Without Authenticating. Read more www.securitytracker.com: Phusion Web Server Has Multiple Flaws That Let Remote Users View Files, Crash the Server, and Execute Commands and Code to Gain System Level Access. Read more www.securitytracker.com: CodeBlue Log File Analysis Software Has Buffer Overflow That Allows Remote Users to Obtain Root Privileges. Read more www.securityfocus.com: Powie's pforum sql-injection User Authentication Vulnerability. Read more www.ngsec.com: Ettercap v0.6.3.1 and below advisory and remote root exploit against Linux. Read more ettercap.sourceforge.net: Ettercap 0.6.4 released. Read more www.iss.net: LICQ '%d' static buffer overflow. Read more www.nmt.edu: Avoid Microsoft Outlook. Read more tom.me.uk: MSN Messenger Hijacking. Read more www.aristelecom.com.br: Outlook Web Access view include files vulnerability. Read more vapid.dhs.org: Another local root vulnerability during installation of Tarantella Enterprise 3. Read more www.nextgenss.com: Netwin's WebNews contains a remotely exploitable buffer overrun that allows the execution of arbitrary code. Read more www.computeruser.com: Nasty Internet worm targets German anti-Trojan users. Read more zdnet.com.com: Dangerous Yarner worm spells bad news. Read more www.theregister.co.uk: German worm makes PCs kaput. Read more zdnet.com.com: Is Microsoft promising too much? Read more hoovnews.hoovers.com: Study says not all hackers are real computer wizards. Read more news.com.com: Dot-com dropouts share open-source love. Read more news.com.com: Microsoft unveils wireless strategies. Read more www.securityfocus.com: Terrorism Talks Open RSA Conference. Read more www.foxnews.com: Bush's Cybersecurity Adviser Urges Precautions to Avoid Digital Attacks. Read more www.securityfocus.com: Censor-buster Peek-A-Booty goes public. Read more new.financialexpress.com: Secure move: Get a hacker to plug the gaps. rEAD MORE www.newsbytes.com: Hong Kong Hacker Charged, Sentenced. Read more www.chicagotribune.com: High-tech teens turn to life of cybercrime. rEAD MORE www.osopinion.com: Is This a Good Time To Be a Hacker? Read more www.computerworld.com: Lockstep repairs hacked Web sites with WebAgain. Read more www.zdnet.com: Security guru: Let's secure the Net. Read more www.zdnet.com: Long haul ahead for social hackers. Read more www.zdnet.com: All-in-one security: It's where we're headed. Read more

19 February 2002 New trojan(s): ScreenGrab 1.0 RemEye 1.0 Security in the Microsoft .NET Framework (pdf). Read more www.cw360.com: Viruses find way round server-based protection. Read more www.cw360.com: Latest IE patch can crash browsers. Read more www.securiteam.com: PowerFTP Server File Reading and DoS Vulnerabilities. Read more www.securiteam.com: Bypassing Content Filtering Software. Read more www.securiteam.com: Blue World Web Data Engine Web Server Overflow. Read more www.securiteam.com: PForum MySQL Injection Bug. Read more www.securiteam.com: HNS's webif.cgi Allows Overwriting of Diary Content. Read more www.securiteam.com: HNS Multiple Cross-Site Scripting Vulnerabilities. Read more www.securitytracker.com: Powie's PHP Forum (PFORUM) Web Board Authentication Flaw Lets Remote Users Login as Any Other User. Read more www.securitytracker.com: Hyper Nikki System Web Diary Software Allows Cross-Site Scripting Attacks. Read more www.securityfocus.com: DCP-Portal System Information Path Disclosure Vulnerability. Read more www.debian.org: hanterm: buffer overflow. Read more www.linuxsecurity.com: Message To Microsoft: Only The Truth Shall Set You Free. Read more www.securityfocus.com: The Enemy Inside the Gates: Preventing and Detecting Insider Attacks. Read more ap.tbo.com: Software Snags Crooks, Sneaking Spouses, but Alarms Privacy Advocates. Read more www.theregister.co.uk: SafeWeb holes emerge, said fixed. Read more www.newsday.com: SOME WEAK LINKS. Cases used to illustrate the cyber-terror threat. Read more www.vnunet.com: Smells like teen virus writers. Read more www.vnunet.com: Hackers face US bombing. Read more www.infoworld.com: Researchers crack new wireless security spec. Read more seattletimes.nwsource.com: Hacker attacks becoming more malicious, criminal. Read more www.cnn.com: Hack forces security audit at Morningstar Canada. Read more www.theregister.co.uk: 802.1X can be toppled 'like set of dominoes'. Read more www.vnunet.com: Peekabooty comes out of hiding. Read more www.vnunet.com: FBI lets anarchist web geek go free. Read more www.chicagotribune.com: New security czar key to push for safer Microsoft software. Read more www.infowarrior.org: The Gates Declaration and Microsoft Security Day. Read more

18 February 2002 New trojan(s): ANewTrojan www.securiteam.com: CodeBlue Vulnerable to an Exploitable Buffer Overflow. Read more www.securiteam.com: PHP for Windows Arbitrary Files Execution (GIF, MP3). Read more www.securiteam.com: Website Pro Path Disclosure (%20, "). Read more www.securiteam.com: Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities. Read more www.securiteam.com: Exim -C Security Vulnerability. Read more www.securiteam.com: MPG123 Local Buffer Overflow Vulnerability (Command Line). Read more www.securitytracker.com: Lasso Web Data Engine May Allow Remote Users to Crash the Web Server. Read more www.securitytracker.com: DCP-Portal Web Content Management Software Allows Cross-Site Scripting Attacks. Read more www.securitytracker.com: DCP-Portal Web Site Content Management Software Discloses Web Root Installation Path to Remote Users. Read more www.securitytracker.com: NETGEAR Router Denial of Service Vulnerability Lets Remote Users Crash the Device With a Port Scan. Read more www.theregister.co.uk: Judge grants States access to Windows source. Read more news.com.com: Judge orders Microsoft to reveal code. Read more www.startribune.com: A legislative measure would increase hackers penalties. Read more it.mycareer.com.au: Hug a hacker, before they go underground. Read more www.eweek.com: Key Generator Beats Windows Product Activation. Read more www.linuxsecurity.com: Dealing with External Computer Security Incidents. Read more www.theregister.co.uk: MS bug busting tool is buggy. Read more www.theregister.co.uk: MS to block internet apps by default in .NET. Read more www.theregister.co.uk: Sony: MS already using Seattlement terms to screw us. Read more www.theregister.co.uk: Freedom Network source code now available. Read more news.com.com: The week in review: Net insecurity. Read more www.stuff.co.nz: Even small companies need security policies. Read more

17 February 2002 New trojan(s): G-Spot Bot 1.0 StackGuard is a compiler that emits programs hardened against "stack smashing" attacks. Stack smashing attacks are the most common form of penetration attack. Programs that have been compiled with StackGuard are largely immune to stack smashing attack. Protection requires no source code changes at all. Read more www.codeproject.com: How Visual C++ .NET Can Prevent Buffer Overruns. Read more netgroup-serv.polito.it: WinPcap: the Free Packet Capture Architecture for Windows. Read more www.security.nnov.ru: There are common methods allowing to bypass almost any content filtering software (antiviral products, CVP firewalls, mail attachment filters, etc). Read more www.securiteam.com: SiteNews Remote Add User (exploit). Read more www.securiteam.com: Web Browsers Ignore Content-Type Headers Allowing Cross-site Scripting. Read more www.securiteam.com: Some IRC Servers Auto-DeOP Users Too Slowly. Read more www.securiteam.com: Falcon Web Server Authentication Circumvention Vulnerability. Read more www.securiteam.com: NetWin CWMail.exe Buffer Overflow (item=). Read more www.securiteam.com: DCP-Portal Root Path Disclosure. Read more www.securiteam.com: DCP-Portal Cross-Site Scripting. Read more www.securiteam.com: Add2it Mailman Command Execution (File Writing). Read more www.securitytracker.com: phpMyNewsletter Mailing List Management Script Static Cookie Hole Gives Remote Users Administrative Privileges on the Application. Read more www.securitytracker.com: BlackICE Fails to Log TCP Packets That Have the Urgent Flag Set. Read more www.securityfocus.com: Blue World Lasso Web Data Engine Vulnerability. Read more www.securityfocus.com: Netgear Dialup Router UDP Portscan Denial Of Service Vulnerability. Read more www.securitytracker.com: PrivaSec SurfSecure Web Privacy Software Fails to Block Spyware and Leaks Visited URLs to Remote Web Sites. Read more www.securitytracker.com: Microsoft Visual C++ Compiler Buffer Security Mode Does Not Eliminate Buffer Overflows in Compiled Applications. Read more www.securitytracker.com: DansGuardian Web Content Filtering Proxy Bug Lets Remote Users Bypass File Name Extension Filtering Restrictions. Read more www.securitytracker.com: Common UNIX Printing System (CUPS) Buffer Overflow May Allow a Remote User to Execute Arbitrary Code or Crash the Process. Read more www.nextgenss.com: E-mail Spoofing and CDONTS.NEWMAIL (Protecting Microsoft Active Server Pages Applications) (pdf). Read more www.heise.de: German language: XP-Lizenz �ffnet PCs -- f�r Microsoft (Update). Read more seifried.org: Creating and Preventing Backdoors in UNIX Systems. Read more linuxtoday.com: Debian Security Advisory: New hanterm packages fix buffer overflow. Read more cryptome.org: Covert Internet interception and collection of data is underway in the United States (and perhaps elsewhere). Read more www.ciol.com: Menger virus strikes MSN. Readmore www.linuxsecurity.com: Keeping hackers from the 'dark side'. Read more www.linuxsecurity.com: ISP hackers likely to evade justice. Read more

16 February 2002 New trojan(s): DFch 0.1 beta 2 Microsoft Security Bulletin MS02-006 (version 2.0) Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run. Read more www.wtcs.org: Testing your SNMP Implementation. Read more www.securiteam.com: Avirt Gateway Remote Buffer Overflow Proof of Concept. Read more www.securiteam.com: Privacy Exposure by Bypassing the HTTP Proxy. Read more www.securityfocus.com: HNS Multiple Cross-Site Scripting Vulnerability. Read more www.securityfocus.com: Common Unix Printing System Attribute Name Buffer Overflow Vulnerability. Read more www.securityfocus.com: BlueFace Falcon Web Server Authentication Bypass Vulnerability. Read more www.securiteam.com: Identix's BioLogon 3 Can be Easily Bypassed. Read more www.securiteam.com: Buffer Overflow Found in MSHTML.DLL. Read more www.securiteam.com: Account Theft Vulnerability in MakeBid Auction Deluxe. Read more www.securiteam.com: Digitally Signing Buggy ActiveX Components. Read more www.securiteam.com: SIPS Allows Attackers to Gain Administrative Access. Read more www.securitytracker.com: ForumPerso PHP-based Web Forum Lets Remote Users Gain Administrator Access to the Application. Read more www.securitytracker.com: Identix BioLogon Authentication Protections Can Be Bypassed By Physically Local Users to Gain System Level Access. Read more www.securitytracker.com: Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges. Read more www.securitytracker.com: Microsoft Outlook E-mail Client May Display Potentially Malicious File Attachments Illegally Embedded Within Mail Headers. Read more www.securitytracker.com: Microsoft Internet Explorer Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser. Read more www.securitytracker.com: Ettercap Network Sniffer Has Buffer Overflow in Several Decoders That Allow Remote Users to Execute Arbitrary Code with Root Level Privileges. Read more www.securitytracker.com: Opera Web Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser. Read more www.secadministrator.com: Multiple Vulnerabilities in Microsoft Internet Explorer. Read more news.com.com: Was Cigital security warning too hasty? Read more www.pcworld.com: Can Some Viruses Duck Server-Based Traps? Read more www.idg.net: Beware of typos that lead you to malicious sites--and here's how to break free if you get caught at one. Read more digitalmass.boston.com: Hacker break-in forces firm to issue results early. Read more www.computeruser.com: Hacker-proof Web is years away - cyber security chief. Read more www.idg.net: Hacker forces security audit at Morningstar Canada. Read more www.vnunet.com: High noon for hackers. Read more www.reuters.com: Microsoft: Security Charges 'Unfounded'. Read more www.ntsecurity.net: Microsoft Responds to Visual C++ Vulnerability Charges. Read more www.newsbytes.com: Most Federal Agencies Unable To Spot Cyber-Attacks - OMB. Read more www.blackhat.com: Papers and presentations are now being accepted for the Black Hat Briefings 2002 conference. Read more www.msnbc.com: Microsoft�s new �compiler� program has security flaw, consultancy says. Read more

15 February 2002 New trojan(s): Ping Server version h BlueFire 0.50 www.guninski.com: Digitally signing buggy ActiveX components. Read more www.cigital.com: Microsoft Compiler Flaw Technical Note. Read more www.phrack.org: BYPASSING STACKGUARD AND STACKSHIELD (bottom of page). Read more www.security.nnov.ru: buffer overflow in mshtml.dll. Read more eyeonsecurity.net: Microsoft Passport Account Hijack Attack. Read more www.securityfocus.com: Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vulnerability. Read more www.securityfocus.com: Exim Configuration File Argument Command Line Buffer Overflow Vulnerability. Read more www.securityfocus.com: Netwin CWMail Buffer Overflow Vulnerability. Read more www.securityfocus.com: Bavo Message Editing Insecure CGI Vulnerability. Read more www.securityfocus.com: HP-UX 11.11 strlimit() Kernel Panic Vulnerability. Read more www.securiteam.com: Sybex E-Trainer Directory Traversal Vulnerability. Read more www.securitytracker.com: Caldera UnixWare 'ifile' Default Permissions Disclose Hashed Root Password to Local Users. Read more www.securitytracker.com: Astaro Linux Insecure Default File Permissions May Allow a Local User to Gain Elevated Privileges on the System. Read more www.securitytracker.com: Sun Solaris mail(1) Utility Lets Programs Pass Command Line Options to Sendmail that Could Give a Local or Remote User Elevated Privileges on the System. Read more www.securitytracker.com: PHPWebThings Web Page Creation Tool May Allow Remote Users to Modify SQL Queries. Read more www.securiteam.com: Deanonymizing SafeWeb Users. Read more www.securiteam.com: InstantServers MiniPortal Multiple Vulnerabilities. Read more www.securiteam.com/unixfocus: Bad Temporary File Handling in GNAT. Read more www.securiteam.com/unixfocus: Ettercap Remote Root Compromise. Read more www.securiteam.com/unixfocus: Security Vulnerability Found in Sawmill (Incorrect Permissions). Read more www.securiteam.com/unixfocus: Astaro Security Linux File Permissions Problem. Read more www.nsag.net: CERT SNMP Advisory: What It Is, What To Do. Read more Simple Network Management Protocol (SNMP) Vulnerabilities Frequently Asked Questions (FAQ) Read more www.securityfocus.com: The SNMP fiasco: steps you need to take. Read more www.ee.oulu.fi: PROTOS Test-Suite: c06-snmpv1. Read more www.themercury.news.com.au: Net flaw hits computers. Read more techupdate.zdnet.com: SNMP bugs put Net traffic at risk. Read more www.informationweek.com: Microsoft Security Patch Said Ineffective. Read more www.securityfocus.com: Snort Sniffs Out a Commercial Future. Read more www.securityfocus.com: MSN Messenger Worm Entices the Unwary. Read more www.newsfactor.com: MSN Messenger Worm Marks Troubling Trend. Read more www.vnunet.com: 'Warhol' porn worm warning. Read more www.usatoday.com: Cyberattack could result in military response. Read more www.nypost.com: CLARKE: TERRORIST ORGANIZATIONS MAY HAVE PENETRATED GOV COMPUTERS. Read more zdnet.com.com: Did MS bug alarm go off too early? Read more www.reuters.com: Hacker Break-in Forces Firm to Issue Results Early. Read more www.vnunet.com: Only seven hackers jailed in two years. Read more www.naplesnews.com: Inmate's hacking through jail computers comes to an end. Read more www.washingtonpost.com: Bush Adviser Warns Cyberterrorists. Read more www.seacoastonline.com: Congress Considers Cybercrime Bill. Read more www.nytimes.com: U.S. Backing for Guidelines on Fighting Cybercrime. Read more www.infoworld.com: The Gripe Line. Read more zdnet.com.com: ISP hackers making a clean getaway? Read more www.vnunet.com: Bug Watch: Weathering the storm. Read more www.crn.com: Secure Computing Agrees To Buy Gauntlet. Read more chkpt.zdnet.com: BILL GATES UNVEILS VISUAL STUDIO.NET. Read more www.reuters.com: Microsoft Web Toolkit Has Security Loophole -Expert. Read more www.canoe.ca: Japan space agency hacked. Read more www.newsforge.com: New software brings user-friendly data encryption to home and office PCs. Read more

14 February 2002 New trojan(s): Meet the Lamer 1.0 Download Massaker 1.1 Default installation of Internet Explorer 5.5 and 6.0 still allows us to execute files on default installations of the target computer, technically trivial silent delivery and installation of an executable on the target computer. Read more www.securiteam.com: Internet Explorer and Access Allows Macros to be Executed Automatically. Read more Extended HTML Form Attack. Making use of Non-HTTP protocols to launch Cross Site Scripting attacks. Read more www.ngsec.com: Ettercap, remote root compromise. Read more www.securityfocus.com: Microsoft Internet Explorer Forced Script Execution Vulnerability. Read more www.securitytracker.com: Microsoft Internet Explorer (IE) HTML Directive Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed on Another User's Computer. Read more www.securitytracker.com: Microsoft Internet Explorer (IE) 'Content-Type' Processing Hole Lets Remote Users Open Applications on Another User's Computer. Read more www.securitytracker.com: Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System. Read more www.securityfocus.com: Microsoft Internet Explorer MIME Type File Extension Spoofing Vulnerability. Read more www.securityfocus.com: Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerability. Read more www.securityfocus.com: Multiple Vendor SNMP Trap Handling Vulnerabilities. Read more www.securityfocus.com: Multiple Vendor SNMP Request Handling Vulnerabilities. Read more www.securityfocus.com: GNU Ada Compiler Runtime Library Insecure Temporary File Creation Vulnerability. Read more www.securitytracker.com: SYBEX e-trainer Training Software Discloses Files on the System to Remote Users When Training Software is in Use. Read more www.securiteam.com: PROTOS Remote SNMP Attack Tool. Read more www.securiteam.com: Malformed Network Request can cause Office X for Mac to Fail. Read more www.securiteam.com: Unchecked Buffer in SNMP Service Could Enable Arbitrary Code Execution. Read more www.securityfocus.com: MSN Messenger Worm Entices the Unwary. Read more www.wired.com: Cybercrime Bill Ups the Ante. Read more www.nandotimes.com: Group warns of widespread security flaw among Internet network devices. Read more www.komotv.com: Gov't Group Warns Large Sector Of Internet Vulnerable. Read more www.sfgate.com: Technology flaw causes fear of hacking. Read more www.boston.com: Security flaw could threaten Internet. Read more www.elcom.co.uk: SNMP Security Flaw Threatens Network Infrastructure. Read more hoovnews.hoovers.com: All networks are insecure (Enterprise ENTE). Read more www.bayarea.com: Life in jail for hacking proposed. Read more investor.cnet.com: Government renews cybercrime push. Read more www.nzherald.co.nz: Govt looks at repelling hackers. Read more www.business.scotsman.com: Microsoft tackles security flaws. Read more

13 February 2002 New trojan(s): Charge version b Microsoft Security Bulletin MS02-006 Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run. Read more _vti_bin/shtml.dll Can lead to REMOTE Exploit on IIS 5.1. Read more www.iss.net: PROTOS Remote SNMP Attack Tool. Read more CERT� Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP). Read more www.securityfocus.com: EZNE.NET Ezboard 2000 Remote Buffer Overflow Vulnerability. Read more www.securityfocus.com: Cooolsoft PowerFTP Server Path Disclosure Vulnerability. Read more www.securityfocus.com: Cooolsoft PowerFTP Server Plaintext Account Information Vulnerability. Read more www.securityfocus.com: InstantServers MiniPortal FTP Login Remote Buffer Overlow Vulnerability. Read more www.securitytracker.com: Prospero Message Boards Has Cross-Site Scripting Flaw That Allows Remote Users to Steal Message Board User Cookies. Read more www.securitytracker.com: IBM OS/400 Operating System Discloses User Account Names to Valid Remote Users in the Default Configuration. Read more www.securitytracker.com: CGINews Web-based News Management Application Discloses Files on the System to Remote Users. Read more www.securitytracker.com: MSN Messenger Instant Messaging System Discloses Contact List Contents From Inactive Accounts to Remote Users. Read more www.securitytracker.com: Atomic Photo Album Bugs Let Remote Users Crash the Application. Read more www.securitytracker.com: BAVO PHP-based Web News Software Authentication Bug Lets Remote Users Gain Administrative Access to the Application. Read more www.securiteam.com: Format String Vulnerability in VXPrint Allows Gaining of Arbitrary Privileges (exploit). Read more www.securiteam.com: Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions. Read more www.securiteam.com: Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution. Read more www.securiteam.com/unixfocus: EasyBoard 2000 Remote Buffer Overflow Vulnerability. Read more www.newsbytes.com: Hackers Shortcut Hotmail Password Reset Protections. Read more www.usatoday.com: Research group finds holes in Net security. Read more www.pcplus.co.uk: Big new IE security patch. Read more www.theregister.co.uk: Serious network security holes surface. Read more www.theregister.co.uk: IBM Memory Keys in mystery virus infection. Read more www.reuters.com: FBI Says It's Monitoring Internet Vulnerability. Read more www.ananova.com: Gates orders Microsoft security blitz. Read more www.startribune.com: Internet computers threatened by hackers, research group warns. Read more www.theadvertiser.news.com.au: ISPs lead fraud crackdown. Read more www.silicon.com: 'I'll be back,' says knackered hacker tracker. Read more www.pcworld.com: Wireless LANs Raise Security Worries. Read more www.theregister.co.uk: Gambling software firm takes $1.3m charge for security breach. Read more

12 February 2002 New trojan: NetDevil 1.2 Microsoft Security Bulletin MS02-005 Cumulative Patch for Internet Explorer. Read more www.securitytracker.com: Actinic Catalog E-commerce Software Allows Cross-Site Scripting Attacks, Letting Remote Users Steal User Cookies. Read more www.securitytracker.com: '2037 Gestion Liens' Web Portal Software Lets Remote Users Gain Administrative Access to the Application. Read more www.securitytracker.com: AtheOS Operating System chroot() Function Lets Local Users Break Out and Access Files Outside of the Chroot Jail. Read more www.securitytracker.com: MakeBid Auction Deluxe Online Auction Software Has Cross-Site Scripting Flaw That Lets Remote Users Steal User Authentication Cookies and Access User Accounts. Read more www.securitytracker.com: Sitenews PHP-Based Web News System Lets Remote Users Add User Accounts. Read more www.securitytracker.com: InstantServer's MiniPortal FTP Server Has Multiple Flaws That Allow Remote Users to Execute Arbitrary Code and View Files on the Server. Read more www.securitytracker.com: ARESCOM NetDSL 800 Router Default Configuration Lets Remote Users Access the Telnet Management Port. Read more www.securitytracker.com: IceWarp Web Mail Lets Remote Users Steal User Session IDs and Access Mail Accounts Belonging to Other Users. Read more www.securitytracker.com: Dlogin Buffer Overflow May Let Local Users Execute Arbitrary Code and Obtain Elevated Privileges. Read more www.securityfocus.com: Arescom Net DSL 1000 telnet Denial of Service Vulnerability. Read more www.securityfocus.com: Arescom NetDSL DSL Router Administrative Access Password Vulnerability. Read more www.securiteam.com: Hewlett Packard AdvanceStack Switch Management Authentication Bypass Vulnerability. Read more www.securiteam.com: MSN Contact List Disclosure. Read more www.securiteam.com: Texis CGI Path Disclosure Vulnerability. Read more www.securiteam.com: Default HELP System of Internet Explorer Allows Arbitrary Code Execution. Read more news.com.com: Mac Office vulnerable, Microsoft warns. Read more news.com.com: Microsoft plugs six browser holes. Read more www.newsbytes.com: Microsoft Recalls Botched Browser Security Patch. Read more www.ananova.com: Microsoft offers anti-hacker remedy for browser flaws. Read more www.timesofindia.com: Security top priority for Microsoft now. Read more www.theregister.co.uk: The Valentine's Day virus massacre. Read more www.linuxsecurity.com: Operating system security stats hard to compare, but more Linux vulnerabilities being reported. Read more www.theregister.co.uk: IE bug allows full MSN Messenger hijack. Read more news.com.com: Analysts: Security's where the money is. Read more seattletimes.nwsource.com: Software world's job one: No more bugs. Read more www.stuff.co.nz: Building a defence to combat theft and hacking. Read more www.theregister.co.uk: BlackICE slips up over serious security risk. Read more www.sundaytimes.news.com.au: CityLink to say sorry 8000 times. Read more www.nwc.com: Send Spammers Packing. Read more

11 February 2002 New trojan(s): Helios 4.08-LE www.securityfriday.com: Something interesting about the Windows registry. Read more www.securityfocus.com: PHP Include File Relative Directory Information Disclosure Vulnerability. Read more www.securityfocus.com: Arescom NetDSL DSL Router Administrative Access Password Vulnerability. Read more www.securityfocus.com: Apple QuickTime Content-Type Remote Buffer Overflow Vulnerability. Read more www.securitytracker.com: RealSecure Server Sensor Has Exploitable Buffer Overflow That Lets Remote Users Execute Arbitrary Code in the Kernel Context on the System. Read more www.securitytracker.com: Licq Instant Messaging Client Can Be Crashed By Remote Users. Read more www.securitytracker.com: HP AdvanceStack Switching Hub Access Control Bug Lets Remote Users Gain Full Access to the Switch. Read more www.securitytracker.com: Apple QuickTime Media Player Has Buffer Overflow in 'Content-Type' Processing That Allows Remote Users to Execute Arbitrary Code on the Player. Read more www.reuters.com: ISS Issues Patch for Hole in BlackICE Firewall Software. Read more www.computeruser.com: NY State sues Network Associates over review ban. Read more www.computeruser.com: Spyware removal firm issues apology, plea for help. Read more www.sundaytimes.news.com.au: CityLink to say sorry 8000 times. Read more www.asahi.com: Malaysian student suspected of hacking. Read more thestar.com.my: Malaysian held in Japan over hacking. Read more www.sfgate.com: Battling Computer Crime. Livermore students on front lines of cyber defense. Read more www.cnn.com: Security holes found in Oracle software. Read more www.zdnet.com: Things about MS Outlook that bug me (How about you?). Read more www.embedded.com: Jump Zero and Explode. Read more www.zdnet.com: Worried about wireless security? Here's a solution. Read more www.nypost.com: JAILBIRD HACKS PRISON COMPUTER. Read more www.nationalpost.com: How to keep out cyber-voyeurs. Read more www.gnome.org: Interview with GNOME hacker Daniel Veillard. Read more www.nationalpost.com: Liberal tried to hack our computers, Tories say. Read more www.newsbytes.com: New Twist On Web-Forms Hack Scarfs Browser Cookies. Read more www.zdnet.com: Stop the insanity! Kill spam dead with these 3 tools. Read more www.computeruser.com: Judge orders March hearing on Microsoft settlement. Read more www.idg.net: Microsoft to fight for antitrust settlement. Read more

10 February 2002 New trojan(s): WinRat 1.2 by Cloak. www.cirt.net: Nikto is a web server scanner. It is based on and inspired by Whisker 1.4 scanner. Read more opensource.isc.vt.edu: Daisy is a program that reviews your system for service pack and os level, determines what hotfixes the base os needs, and downloads and installs them in a correct and consistent manner. Read more www.securiteam.com: Hanterm Exploit Code Released. Read more www.securitytracker.com: Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges. Read more www.securityfocus.com: WMTV Configuration File Symlink Vulnerability. Read more www.securityfocus.com: Microsoft Exchange Inappropriate Registry Permissions Vulnerability. Read more www.securiteam.com: Arescom NetDSL 800 Authentication Flaw. Read more www.securiteam.com: Cisco CatOS Telnet Buffer Vulnerability. Read more www.securiteam.com: Apple QuickTime Player "Content-Type" Buffer Overflow. Read more www.securiteam.com: ISS BlackICE Exploitable Kernel Overflow. Read more www.securiteam.com/unixfocus: Plumtree Corporate Portal Cross-Site Scripting. Read more www.securitytracker.com: Trend Micro's OfficeScan Fails to Scan Files With Certain Types of Long NTFS File Path Names. Read more www.securitytracker.com: Faq-O-Matic FAQ Management Application Allows Cross-Site Scripting Attacks. Read more www.securitytracker.com: Castelle FaxPress Fax Server Discloses Network Print Queue Passwords to Remote Users. Read more www.securitytracker.com: DeleGate Proxy Server Has Multiple Buffer Overflow Vulnerabilities That Let Remote Users Execute Arbitrary Code on the Server. Read more www.securitytracker.com: WindowMaker TV (wmtv) Symlink Bug Lets Local Users Overwrite Arbitrary Files With Root Privileges. Read more www.securitytracker.com: Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings. Read more www.securitytracker.com: Cisco Secure Access Control Server (ACS) Lets Remote Users With Novell Directory Service (NDS) 'Expired' or 'Disabled' Account Status Gain Access to Cisco Resources Managed By ACS. Read more www.securitytracker.com: eshare Expressions Web Site Software Discloses Files on the Hard Drive to Remote Users. Read more www.securitytracker.com: Caldera UniwWare 'libc.so.1' Library Function Lets Local Users Execute Arbitrary Code with Elevated Privileges. Read more www.securiteam.com: SQL Injection Whitepaper Released. Read more www.securiteam.com: New SQL Injection Whitepaper. Read more www.ngsec.com: Polymorphic Shellcodes vs. Application IDS's. Read more www.riptech.com: RIPTECH RELEASES GROUNDBREAKING INTERNET SECURITY THREAT REPORT. Read more www.newsbytes.com: Microsoft Recalls Botched Browser Security Patch. Read more www.linux-box.org: Peer-To-Peer Networking Security. Read more www.linux-box.org: New Twist On Web-Forms Hack Scarfs Browser Cookies. Read more www.herald-mail.com: Parks forced off Internet. Read more www.wired.com: Mitnick to Plead for Ham License. Read more www.nikkeibp.asiabiztech.com: Illegal Net Access Cases Rise in 2001, IPA of Japan Says. Read more www.nandotimes.com: House passes computer security bill aimed at thwarting hackers. Read more www.computeruser.com: House panel to examine another Net security bill. Read more www.computeruser.com: Hong Kong to consider restricting cybercenters. Read more www.vnunet.com: Fans should 'weep' over Linux lapses. Read more www.vnunet.com: The Penguin bites back at Windows. Read more www.theregister.co.uk: IE bug allows full MSN Messenger hijack. Read more www.nandotimes.com: Hole discovered in Internet security program. Read more news.com.com: ISS issues patch for firewall software. Read more www.theregister.co.uk: Oracle posts fix - servers 'unbreakable' again? Read more www.techweb.com: Encryption Leaves DES Behind. Read more

09 February 2002 New trojan(s): Wildek 0.2 beta www.securityoffice.net: HP AdvanceStack Switch Managment Authentication Bypass Vulnerability. Read more www.securityfocus.com: Cisco Secure ACS NDS Expired/Disabled User Authentication Vulnerability. Read more www.securityfocus.com: AtheOS Change Root Relative Path Directory Escaping Vulnerability. Read more www.securityfocus.com: Caldera OpenServer Port Scan InetD Denial of Service Vulnerability. Read more www.securityfocus.com: Sitenews Unauthorized User Addition Vulnerability. Read more www.securitytracker.com: Opera Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers. Read more www.securitytracker.com: PHP for Windows Discloses Path Information to Remote Users. Read more www.securitytracker.com: PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests. Read more www.securitytracker.com: Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers. Read more www.securitytracker.com: Microsoft Office v. X for Mac OS X Can Be Crashed By Remote Users Sending Malformed Product Identification Packets. Read more www.securiteam.com: Lotus Domino Information Disclosure Vulnerability. Read more www.securiteam.com: Thunderstone Texis Path Disclosure Vulnerability. Read more www.securiteam.com: MRTG CGI Script "Show Files" Vulnerability. Read more www.securityfocus.com: The Devil You Know: Responding to Interface-based Insider Attacks. Read more www.securityfocus.com: Network Associates is Sued Over Review Ban. Read more cryptome.org: Anti-Keylogger tested by Cryptome. Read more www.first.org: 14th Annual Computer Security Incident Handling Conference. Read more news.com.com: Microsoft developers feel Windows pain. Read more news.com.com: Microsoft works to fix MSN privacy flaw. Read more www.silicon.com: Microsoft's suffers further embarrassment. Read more www.newsbytes.com: Teen Anarchist's Supporters Accuse FBI Of AIM Hack. Read more www.wired.com: Mitnick to Plead for Ham License. Read more news.zdnet.co.uk: NY accuses software maker of censorship. Read more www.onlinecasinonews.com: Cryptologic results hit by hackers. Read more www.nikkeibp.asiabiztech.com: Illegal Net Access Cases Rise in 2001, IPA of Japan Says. Read more

08 February 2002 New trojan(s) added to the Archive: NetControle 3.0 Microsoft Security Bulletin MS02-003 Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions. Read more Microsoft Security Bulletin MS02-004 Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution. Read more Extended HTML Form Attack. Making use of Non-HTTP protocols to launch Cross Site Scripting attacks. Read more www.securitytracker.com: Sophos Anti-Virus Fails to Scan Files With Certain Types of Long NTFS File Path Names. Read more www.securityfocus.com: Oracle TNS Listener Arbitrary Library Call Execution Vulnerability. Read more www.securityfocus.com: Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability. Read more www.securityfocus.com: FreeBSD FStatFS Syscall Race Condition Vulnerability. Read more www.securityfocus.com: Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability. Read more www.securityfocus.com: ICQ For MacOS X Client Denial Of Service Vulnerability. Read more www.securitytracker.com: Microsoft Internet Information Server Can Be Stopped By Local Users Removing Virtual Directories in a Shared Hosting Environment. Read more www.securitytracker.com: Thunderstone Software's texis(CGI) for the TEXIS Database Discloses Path Information to Remote Users. Read more www.securitytracker.com: Squid Caching Server 'cachemgr.cgi' Configuration Error Still Allows Remote Users to Connect to Arbitrary Ports on Other Hosts. Read more www.securiteam.com: Vulnerability in Oracle 9i Database Server Leads to Remote Compromise. Read more www.securiteam.com: Multiple Buffer Overflows in Oracle 9iAS. Read more www.securiteam.com: JSP Translation File Access under Oracle 9iAS. Read more www.securiteam.com: ISAPI Priority Issue with IIS (NetPoint). Read more www.securiteam.com: Intel.com Mailing List Arbitrary Address Removal Link. Read more www.securiteam.com: Web Browsers Vulnerable to the Extended HTML Form Attack. Read more www.securiteam.com/unixfocus: SquirrelMail Security Bug Allows Execution of Arbitrary Commands. Read more www.theregister.co.uk: MS taunted with 'trustworthy computing' Web page. Read more www.theregister.co.uk: NY sues NAI so you can say McAfee sucks. Read more www.theregister.co.uk: How to hack unbreakable Oracle servers. Read more www.nikkeibp.asiabiztech.com: Illegal Net Access Cases Rise in 2001, IPA of Japan Says. Read more www.nandotimes.com: House passes computer security bill aimed at thwarting hackers. Read more news.zdnet.co.uk: Bugs bust open 'unbreakable' Oracle 9i. Read more www.techfocus.org: Crackers use MS's "phone-home" feature to exploit Mac Office. Read more news.zdnet.co.uk: Microsoft warns of Mac Office security flaw. Read more www.silicon.com: Gates red-faced as Microsoft leaves Apple users exposed to hackers. Read more zdnet.com.com: MS puts coders on bug alert. Read more news.zdnet.co.uk: Public blasts Microsoft antitrust settlement. Read more www.msnbc.com: Treasury computers said vulnerable. Read more www.canada.com: Identity theft a growth industry. Read more

07 February 2002 New trojan(s) added to the Archive: Cyn 1.21 DarkSky version a Microsoft Security Bulletin MS01-002 Malformed Network Request can cause Office v. X for Mac to Fail. Read more www.securityfocus.com: Castelle Faxpress Plaintext Password Disclosure Vulnerability. Read more www.securityfocus.com: eshare Expressions Directory Traversal Vulnerability. Read more www.securitytracker.com: Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users. Read more www.securitytracker.com: Windows Messenger (aka MSN Messenger) Instant Messaging Client Discloses Display Name and Contacts to Remote Users. Read more www.securitytracker.com: NETGEAR Router Allows Cross Site Scripting Attacks, Possibly Allowing a Remote User to Gain Access to the Router. Read more www.wiretrip.net: MS Site Server Evilness A very interesting read on Site Server security problems. Read more www.nextgenss.com: OracleJSP. NGSSoftware Insight Security Research Advisory. Read more www.securiteam.com: Sastcpd 'authprog' Local Root Compromise (exploit). Read more www.securiteam.com: User-mode-Linux Security Flaws (exploit). Read more www.securiteam.com: NETGEAR RT311/RT314 Cross-Site Issue. Read more www.securiteam.com: Malicious Data Injection into Perl Modules. Read more www.securiteam.com: NetScreen Response to ScreenOS Port Scan DoS Vulnerability. Read more www.securiteam.com: Vulnerability in Lucent VitalSuite Software. Read more www.securiteam.com: PhpSmsSend Remote Command Execution Bug. Read more www.securiteam.com: Remote Denial of Service Vulnerability in BlackICE Products. Read more www.securiteam.com/unixfocus: Faq-O-Matic Cross-Site Scripting Vulnerability. Read more www.securiteam.com/unixfocus: PHP-Nuke-Add-on Allows Viewing of Arbitrary Files (HTMLToNuke). Read more www.securiteam.com/unixfocus: Vulnerabilities in Astaro Security Linux. Read more www.theregister.co.uk: MS bitten by old .NET vulnerability. Read more www.networknews.co.uk: Microsoft 'code scrub' ridiculed. Read more www.theregister.co.uk: Chinese SMS can crash Siemens mobiles. Read more www3.gartner.com: AOL Should Stop Fighting and Start Fixing IM Security. Read more www.arabnews.com: A virus or a solution? Read more www.computerworld.com: Airline Web sites seen as riddled with security holes. Read more news.com.com: Oracle shaky on 9i security vow. Read more www.newsbytes.com: Security Alerts Take Swing At Oracle's 'Unbreakable' Pitch. Read more www.newsbytes.com: BlackIce Firewalls Vulnerable To DOS Attack. Read more news.zdnet.co.uk: Morpheus denies security breach. Read more www.msnbc.com: NASA hacker gets 21 months in jail. Read more english.peopledaily.com.cn: China's Cyber Police Detain Teenage Hacker. Read more www.oreillynet.com: Life Imprisonment for Hacking? Read more www.chron.com: Provider blames ongoing hacker attack for demise. Read more www.networknews.co.uk: High noon for hackers. Read more www.canada.com: Hackers clip gambling firm. Read more zdnet.com.com: What makes a hacker hack? Read more www.guardian.co.uk: Don't risk it: analyse the threat. Read more www.theregister.co.uk: MS taunted with 'trustworthy computing' Web page. Read more www.reuters.com: Interior Dept: No End in Sight for Web Site Woes. Read more www.pcworld.com: Russian, U.S. Authorities Nab Alleged Hacker. Read more www.infoworld.com: Russian hacker arrested in bank extortion case. Read more www.techweb.com: Encryption Leaves DES Behind. Read more news.zdnet.co.uk: Code-eating software battles it out in P2P arena. Read more

06 February 2002 New trojan(s) added to the Archive: BlueFire 0.41 FoxEyes 3.0 www.securityfocus.com: Heuristic Techniques in AV Solutions: An Overview. Read more rr.sans.org: Deconstructing SubSeven, the Trojan Horse of Choice. Read more Internet Security Systems Security Alert Remote Denial of Service Vulnerability in BlackICE Products. Read more www.securityfocus.com: MRTG Configuration Generator Path Disclosure Vulnerability. Read more www.securityfocus.com: Lotus Domino MS-Dos Device Name Denial Of Service Vulnerability. Read more www.securityfocus.com: Lotus Domino Remote Authentication Bypass Vulnerability. Read more www.securityfocus.com: Lotus Domino Webserver DOS Device Extension Denial of Service Vulnerability. Read more www.securitytracker.com: Portix-PHP Web Portal Software Discloses Files to Remote Users and Lets Remote Users Gain Administrator Access on the Portal Application. Read more www.securitytracker.com: mIRC Internet Relay Chat (IRC) Windows Client Buffer Overflow Lets Malicious IRC Servers Execute Arbitrary Code on the Client and Take Full Control of the Client's Host. Read more www.securitytracker.com: Lotus Domino Web Server Gives Access to Password-Protected Functions to Unauthorized Remote Users Via Malformed URLs. Read more www.securiteam.com: Virus Can Exploit Long Path under NTFS to Evade Detection. Read more www.securiteam.com: Lotus Domino Web server DOS-device Denial of Service. Read more www.securiteam.com/unixfocus: Tac_plus File Permissions Security Vulnerability. Read more www.securiteam.com/unixfocus: Agora.cgi True Path Revealing Vulnerability. Read more www.securiteam.com/unixfocus: Vulnerabilities in SquirrelMail (JavaScript). Read more www.securiteam.com/unixfocus: RRDTool Path Disclosure Vulnerability (MRTG). Read more www.zdnet.com: Watch out! 2002 could be the year of the Trojan horse. Read more www.uniontrib.com: Service provider's collapse: Size matters in fending off hacker attacks. Read more www.canada.com: Hacker costs CryptoLogic US$1.3M charge. Gamblers won every time. Read more quote.bloomberg.com: Microsoft Messenger Hole Exposes Screen Names, E-mail (Update1). Read more www.taipeitimes.com: Experts say hackers spy on Net users. Read more www.vnunet.com: Nasa hacker thrown in the slammer. Read more news.com.com: Deciphering the hacker myth. Read more news.com.com: Chat-program bugs could bite millions. Read more www.personneltoday.com: Surviving a systems security breach. Read more www.linuxsecurity.com: Outside Hackers vs. the Enemy Within: Who's Worse? Read more www.it-director.com: Security: What you need to know - Standards and Certification. Read more zdnet.com.com: Millions at risk from chat flaws. Read more www.computeruser.com: Top news sites close script hacking hole. Read more

05 February 2002 New trojan(s) added to the Archive: F17 1.4 b DataSpy Network X 0.2 beta www.securitytracker.com: The '14all.cgi' Front End CGI Script for Multi Router Traffic Grapher (MRTG) Network Monitoring Application Has Input Validation Flaw That Discloses Portions of Files on the System to Remote Users. Read more www.securitytracker.com: 'kicq' ICQ Client for KDE Can Be Crashed By Remote Users. Read more www.securiteam.com: Multiple pwck/grpck Privilege Elevation Vulnerabilities (Exploit code). Read more www.securiteam.com: PHP Safe Mode Filesystem Circumvention Problem. Read more www.securiteam.com: Free Online Personal Security Advisor. Read more www.securiteam.com: Lotus Domino Password Protected URL Bypass. Read more www.securiteam.com: Privilege Escalation with NDS for NT. Read more www.securiteam.com: RealPlayer Buffer Overflow. Read more www.securiteam.com: eNom Domain Registration Services Domain Hijacking Vulnerability. Read more www.securiteam.com: Intel WLAN Driver Stores 128bit WEP-Key in Plain Text. Read more www.securiteam.com: Vulnerabilities in EServ (PASV). Read more www.securiteam.com: BindView NETinventory NetRC HOSTCFG._NI Password Passed in Clear Text. Read more www.securiteam.com: Vulnerability in Hosting Controller (Username Detection). Read more www.securiteam.com/unixfocus: Header Based Exploitation and Web Statistical Software Threats (W3Perl). Read more www.securiteam.com/unixfocus: GNU Chess Buffer Overflow Vulnerability. Read more www.securiteam.com/unixfocus: Xkas Application Vulnerability. Read more www.securiteam.com/unixfocus: BRU Backup Program Vulnerable to Symlink Attack. Read more www.deadly.org: Using Active FTP Clients Through an OpenBSD 3.0 Firewall. Read more www.zdnet.com: 'Dangerous' hole discovered in Morpheus. Read more www.newsbytes.com: No Exploit Required To Read Morpheus Users' Files. Read more news.bbc.co.uk: Hole in chat software fixed. Read more www.computeruser.com: Top news sites close script hacking hole. Read more www.computeruser.com: More spam-friendly holes found in popular Web software. Read more theaspsite.org: Near Phonetic Password Generator Version 1.2. Read more www.computerworld.com: Microsoft taps former DOJ cybercop for top security slot. Read more www.zdnet.com: Who's to blame when hackers hack? Here's who. Read more www.business.scotsman.com: Be prepared or get really hacked off.. Read more kansascity.bcentral.com: Businesses fight fire with fire to keep their systems from being hacked. Read more www.idg.net: Airline Web sites seen as riddled with security holes. Read more www.salon.com: The encrypted jihad. Read more www.fcw.com: Tools of SAN mischief-makers. Read more www.people.co.uk: Dr Vernon's casebook: The true cost of Internet vandals. Read more www.newsday.com: Stopping Cyber Terrorists a Tough Task. Read more www.zdnet.com.au: Global summit hit by cyberattack. Read more www.washtech.com: Computer Security At Treasury Dept. Arm 'Critical' � GAO. Read more

04 February 2002 New trojan(s) added to the Archive: One 0.12 beta Ping Server version g www.securiteam.com: NETGEAR RO318 HTTP Filter Vulnerability (exploit). Read more www.securiteam.com: mIRC irc:// Vulnerability and Nickname Buffer Overflow (exploit). Read more www.securitytracker.com: DCForum Messaging Board Lets Remote Users Gain Access to Other User Bulletin Board Accounts. Read more www.securitytracker.com: NetScreen Firewalls Can Be Made Unresponsive By a Remote User on the Trusted Interface Side Conducting Port Scans Through the Firewall. Read more www.securityfocus.com: MRTG CGI Arbitrary File Display Vulnerability. Read more www.securityfocus.com: kicq 2.0.0b1 Invalid ICQ Packet Denial of Service Vulnerability. Read more www.securityfocus.com: NetScreen ScreenOS Port Scan DoS Vulnerability. Read more www.securiteam.com: Security Hole in Upload System of UBBThreads and WWWThreads. Read more www.securiteam.com: Windows Based PHP Leaks True Path. Read more www.securiteam.com: PHP Reveals True Path (OPTIONS). Read more www.securiteam.com: PHP and JSP Trailing Slash Exposure. Read more www.securiteam.com: Security considerations to keep in mind when using Site Server 3.0. Read more www.securiteam.com/unixfocus: Tarantella Enterprise Directory Index Disclosure Vulnerability. Read more www.securiteam.com/unixfocus: Security Vulnerability in Several Versions of DCForum (New Password). Read more www.securiteam.com/unixfocus: Xoops Private Message System Script Injection. Read more www.securiteam.com/unixfocus: sastcpd Buffer Overflow and Format String Vulnerabilities. Read more www.securiteam.com/unixfocus: KICQ Vulnerable to a DoS Attack. Read more www.smh.com.au: Cyber assault hits global leaders' summit. Read more www.dawn.com: Cyber assault on WEF webpage. Read more www.reuters.co.uk: Cyber Assault Hits Global Leaders' Summit. Read more www.cnn.com: Elite forum beset by online attacks. Read more www.nationalpost.com: Terrorists may use Net to spy on infrastructure. Read more www.securityfocus.com: Solving the Problem of HTML Mail. Read more news.com.au: Credit card details at risk. Read more www.pennlive.com: Security, not speed, should be top PC concern, experts warn. Read more www.stuff.co.nz: Security: Firms should ditch traffic accident mentality. Read more www.washingtonpost.com: With a Vulnerable Computer System, Interior Is Cut Off From the Internet. Read more www.computeruser.com: Mobile workforce grows, security fears persist - study. Read more www.computeruser.com: Napster case: is judge turning tables on labels? Read more www.computeruser.com: Porn site, 900-number purveyors settle FTC fraud charges. Read more

03 February 2002 New trojan(s) added to the Archive: BlueFire 0.36 www.securitytracker.com: Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users. Read more www.securitytracker.com: Microsoft Site Server Commerce Edition Lets Remote Users With Valid NT Accounts Upload and Then Execute ASP Scripts on the Server or Consume Disk Space on the Server. Read more www.securitytracker.com: Sun Java Virtual Machine Can Be Crashed By Malicious Java Code. Read more www.securitytracker.com: Lotus Domino Web Server Discloses User Account Validity Information to Remote Users. Read more www.securitytracker.com: NetWare NDS for NT Configuration Error May Lets Remote Users Obtain NT Domain Administration Privileges. Read more www.securitytracker.com: Microsoft Distributed Transaction Coordinator (MSDTC) Service Can Be Crashed By Remote Users. Read more www.securitytracker.com: Cisco Tac_plus TACACS+ Developer Kit Uses Unsafe File Permissions That May Allow Local Users to Modify the Logs, Overwrite Arbitrary Files, and Potentially Execute Arbitrary Code on the System. Read more www.securiteam.com: NetScreen ScreenOS Vulnerable to Trust Interface DoS Attack. Read more www.securiteam.com: MS Site Server Unauthorized SQL Command Injection Vulnerability. Read more www.securityfocus.com: DCForum Predictable Password Generation Vulnerability. Read more www.securityfocus.com: Jelsoft VBulletin Board HTML Posting Cross-Scripting Vulnerability. Read more www.securityfocus.com: Compaq Tru64 Inetd Port Scan Denial Of Service Vulnerability. Read more www.securityfocus.com: Novell NetWare NDS Domain Admin Null Password Vulnerability. Read more www.securityfocus.com: Microsoft Site Server LDAP Plain Text Password Storage Vulnerability. Read more www.reuters.com: Internet Firm Hacked Out of Business. Read more www.uniontrib.com: E-business edgy after hackers shut British firm. Read more www.informationweek.com: Microsoft Names Security Czar. Read more www.theregister.co.uk: DoS risks against Cisco storage routers routed. Read more www.theregister.co.uk: KaZaA.com 'evaluates' Dutch court ban. Read more

02 February 2002 New trojan(s)added to the Archive: Baron Night 1.0 www.securitytracker.com: NETGEAR Router Web Content Filtering Mechanism Can Be Bypassed By Remote Users With Certain Malformed HTTP GET Requests. Read more www.securitytracker.com: McAfee VirusScan Fails to Scan Files With Certain Types of Long NTFS File Path Names. Read more www.securitytracker.com: Symantec's Norton Anti-Virus Fails to Scan Files With Certain Types of Long NTFS File Path Names. Read more www.securitytracker.com: Compaq Tru64 Networking Stack Allows Remote Users to Cause Connections to Freeze. Read more www.securitytracker.com: SAP GUI Can Be Crashed By Remote Users Connecting to the GUI's Listening Port. Read more www.securitytracker.com: Jgroff pic Utility Format String Vulnerability Allows Remote Users to Execute Arbitrary Commands on the Server with 'lp' User Privileges. Read more www.securitytracker.com: RipMIME MIME Decoder Buffer Overflow Allows For Code Execution During Decoding. Read more www.securitytracker.com: UBBThreads Bulletin Board Application Lets Remote Users With Accounts on the Bulletin Board Upload Files With Prohibited Extensions, Including PHP Scripts Which Can Subsequently Be Executed on the System. Read more www.securitytracker.com: Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains. Read more www.securitytracker.com: CNET Catchup Software Update Utility Lets Remote Users Execute Arbitrary Code on Another User's Computer. Read more www.securityfocus.com: Cisco Tac_Plus Accounting Directive Insecure File Creation Vulnerability. Read more www.securityfocus.com: Cisco Tac_Plus Accounting Directive Insecure File Creation Vulnerability. Read more www.securityfocus.com: Microsoft Windows Trusted Domain Privilege Escalation Vulnerability. Read more www.securityfocus.com: UBBThreads/WWWThreads Arbitrary File Upload Vulnerability. Read more www.securityfocus.com: Sun Java Virtual Machine Segmentation Violation Vulnerability. Read more www.securityfocus.com: UBBThreads/WWWThreads Arbitrary File Upload Vulnerability. Read more salix.org: "Remote Access Session" is a security tool to analyze the integrity of systems. The program tries to gain access to a system using the most advanced techniques of remote intrusion. Read more www.blackhat.com: Windows Security 2002 Briefings and Training. Read more www.securityfocus.com: Microsoft's New Security Chief Was Hacker Hunter. Read more www.computing.vnunet.com: Microsoft Exchange servers dodge worm. Read more www.computing.vnunet.com: Interview with an ex-hacker. Read more wired.com: Where Did All the Hackers Go? Read more www.newsbytes.com: Top News Sites Close Script Hacking Hole. Read more www.reuters.com: Cyber Assault Hits Global Leaders' Summit. Read more linuxtoday.co: Survey Provides New Insights Into 'Hacker' Culture. Read more news.com.com: Microsoft appoints new security chief. Read more www.reuters.com: Internet Firm Hacked Out of Business. Read more www.villagevoice.com: Hackers Nuke Forum Site. Read more www.osopinion.com: Giving Hackers Their Due. Read more www.reuters.com: FTC to Crack Down on Deceptive Junk E-Mail. Read more

01 February 2002 New trojan(s) added to the Archive: Daniel BlueFire 0.1 www.securityfocus.com: Sun Java Virtual Machine Segmentation Violation Vulnerability. Read more www.securityfocus.com: Lotus Domino Username Enumeration Vulnerability. Read more www.securityfocus.com: SAS SASTCPD Command Line Argument Buffer Overflow Vulnerability. Read more www.securityfocus.com: SAS SASTCPD Command Format String Vulnerability. Read more www.securityfocus.com: Etype EServ Passive Mode Denial of Service Vulnerability. Read more www.securityfocus.com: AHG Search Engine Search.CGI Arbitrary Command Execution Vulnerability. Read more www.securitytracker.com: PhpSmsSend Front-End to SmsSend Allows Remote Users to Execute Arbitrary System Commands on the Server. Read more www.securitytracker.com: EServ FTP Server Allows Remote Users to Generate Bounce Attacks Against Remote Servers and Allows Remote Users to Cause Denial of Service Conditions on the Server. Read more www.securitytracker.com: SAS Job Spawner Buffer Overflow and Format String Bug Let Local Users Execute Arbitrary Code on the System with Root Privileges and Gain Root Privileges on the System. Read more www.securitytracker.com: Cisco Catalyst CatOS Telnet Daemon Buffer Overflow Lets Remote Users Crash and Reload the Switch. Read more www.securiteam.com: Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data. Read more www.securiteam.com: XOOPS Portal Software Private Message System Lets Remote Users Execute Javascript on the Recipient's Computer. Read more www.computerworld.com: Flaw in Win 2000, NT 4.0 makes domains 'too trusting'. Read more www.theregister.co.uk: MS fixes Win2K with 17MB security patch. Read more www.newsbytes.com: Top Security Sites Easy Prey To Script Attacks - Update. Read more www.theregister.co.uk: BadTrans-B tops virus charts. Read more www.bday.co.za: Worm wiggles its way into world's computers. Read more www.theregister.co.uk: Crackers exploit Cisco LAN switch flaw. Read more www.computerworld.com: Netscape flaw leaves cookies unsecure. Read more www.theregister.co.uk: Out of the box, Linux is 'dreadfully insecure'. Read more www.villagevoice.com: Hackers Nuke Forum Site. Read more www.newsbytes.com: FBI Raid Silences Teen Anarchist's Site. Read more www.businessweek.com: Accused Ebay Hacker Put on Electronic Leash. Read more www.theregister.co.uk: BBC bans use of non-MS PDAs. Read more it.mycareer.com.au: City Link review after card numbers leaked. Read more www.theregister.co.uk: Judge drops Napster bombshell. Read more www.computeruser.com: Justice Dept. to hire more computer crime attorneys. Read more www.nzherald.co.nz: Snooping bill troubles net lawyer. Read more www.nst.com.my: Safeguard against tech security threats. Read more www.idg.net: Microsoft taps former DOJ cybercop for top security slot. Read more www.theneteconomy.com: .NET: The Most Secure Microsoft Yet? Read more www.reuters.com: DVD Hacker Vows to Keep Challenging Ruling. Read more www.themoscowtimes.com: Hackers In Bat Suits. Read more

Copyright� MegaSecurity.org