Home.

News Archive    Translate Traducen

News December 2001

31 December 2001 New trojan(s): WebDownloader 1.0 www.securityfocus.com: Apple Mac OS X PPP Authentication Credentials Disclosure Vulnerability. Read more www.securityfocus.com: DeleGate Cross-Site Scripting Vulnerability. Read more www.securityfocus.com: GPM-Root Format String Vulnerability. Read more www.securitytracker.com: PHP Rocket Add-in for FrontPage Discloses Files on the Server to Remote Users. Read more www.securitytracker.com: Smcboot Component of Solaris Management Console Lets Local Users Damage the System When the System Boots. Read more www.securitytracker.com: Vim Text Editor Backup File Configuration Errors May Let Remote Users View the Source Code of Web Scripts That Have Been Edited With the VIM Editor. Read more www.securitytracker.com: DeleGate Proxy Server Allows Cross-Site Scripting Attacks. Read more www.securitytracker.com: GPM Console Menu Utility Contains Format String Bug That Gives Local Users Root Access. Read more www.securitytracker.com: KDE Konqueror Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information. Read more www.securitytracker.com: Mozilla Personal Security Manager Uses Unsafe Temporary Files and May Allow Local Users to Overwrite Critical Files on the Server. Read more boston.internet.com: Badtrans Tops List Of 2001 Virus Threats. Read more www.zdnet.com: Piecemeal patchwork? How to best protect Internet Explorer. Read more www.macobserver.com: Still More Microsoft Security Holes. Read more www.siliconvalley.com: Piracy and hacking prevention efforts should target kids, experts say. Read more www.idg.net: "How Not To Recover From Getting Hacked...A Loser's Guide". Read more www.crn.com: Nvidia Settles Dutch Hacker Case. Read more www.iht.com: Predictable Passwords Simplify a Hacker's Task. Read more www.news-star.com: Shawnee man designs software to rid networks of unwanted e-mail. Read more www.hometownannapolis.com: Hunt for hidden gold lures NSA cryptologists. Read more www.zdnet.com: Spy games: Is someone leaking your company secrets? Read more

30 December 2001 New trojan(s): Diablo Keys 1.0 MadClient 1.0 hackingtruths.box.sk: Port Scanning Unscanned. Read more www.securityfocus.com: Mozilla Predictable Temporary File Symbolic Link Attack Vulnerability. Read more www.securityfocus.com: Hughes Technologies Mini SQL Denial of Service Vulnerability. Read more www.securityfocus.com: ELSA Lancom 1100 Office Insecure Web Administration Vulnerability. Read more www.securityfocus.com: AdCycle Remote SQL Query Modification Vulnerability. Read more www.xatrix.org: D-Link DWL-1000AP Wireless LAN Access Point Plaintext Password Vulnerability. Read more www.bugtraq.org: LAME INFORMATION LEAKAGE BUG IN NETSCAPE MAIL. (older news) Read more networking.earthweb.com: Nasty New Year Virus. Read more www.treachery.net: EARLY BIRD -- A realtime HTTP worm attempt reporting utility. Read more www.usatoday.com: Judge: FBI's PC-snooping perfectly lawful. Read more

29 December 2001 New trojan(s): Schneckenkorn 1.0 Trepid Client www.securiteam.com: WebSEAL Vulnerable to a DoS Attack (%2E). Read more www.securiteam.com: SMC Barricade's Dodgy "DMZ" Feature. Read more www.securiteam.com: EFTP Directory Content Disclosure. Read more www.securiteam.com: Local DoS in Solaris 8 (smcboot). Read more www.securiteam.com: IBM WebSphere Reveals System Administrator Password. Read more www.securiteam.com: klprfax_filter Symlink Vulnerability. Read more www.securityfocus.com: gpm local root vulnerability. Read more www.securityfocus.com: DeleGate Cross Site Scripting Vulnerability. Read more packetderm.cotse.com: Defacements/Server Compromise Some Companies Simply Don't Care. Read more www.crn.com: Nvidia Settles Dutch Hacker Case. Read more news.bbc.co.uk: Security overhaul for wireless networks. Read more www.thesun.co.uk: Microsoft in security scare. Read more www.idg.net: How to not recover from getting hacked. Read more www.crn.com: Reverse Firewall Stymies DDoS Attacks. Read more www.auschron.com: Brave New Web. Read more www.oreillynet.com: Open Sesame: The Art of Passwords. Read more

28 December 2001 New trojan(s): NeuroticKat 1.2b Phoenix II 1.80 www.securiteam.com: Dangerous Information in CentraOne Log Files (Vendor Response). Read more By Stefan Esser: IE https certificate attack. This morning i was googling through the web and found out that the issue is not that new for Microsoft. If you compare http://www.acros.si/aspr/ASPR-1999-12-15-1-PUB.txt with my advisory at http://security.e-matters.de/advisories/012001.html you can see that the same bug was reported 2(!) years ago to microsoft. At that time (or better half a year later) Microsoft released the patches for that vulnerability that fixed the bug within IE 4.0 and the early versions of IE 5.0. The Microsoft Security Bulletin (MS00-039) clearly states that IE 5.01 SP1 and IE 5.5 are not vulnerable. That means, that one of the "security patches" that Microsoft released since that date reimplemented the bug and made all IEs vulnerable again. security-protocols.com: Grokster and possible trojan. Read more www.xatrix.org: Debian - DSA-095-1. Read more vapid.dhs.org: An account of Sawmill web log analyzer vulnerability discovery. Read more rnmap.sourceforge.net: Rnmap 0.6 is available. Read more www.nl.vergenet.net: Perdition: Mail Retrieval Proxy Perdition is allows users to connect to a content-free POP3 or IMAP4 server that will redirect them to their real POP3 or IMAP4 server. This enables mail retrieval for a domain to be split across multiple backend servers on a per user basis. This can also be used to as a POP3 or IMAP4 proxy especially in firewall applications. Read more kerneltrap.com: Linux Kernel Hacker Interview: Dave Jones. Read more One of the TASC web sites was compromised and defaced by Crookies, and gave a birthday greeting to EvilByte. This defacement is ironic due to TASC's security group and consulting. TASC Mirror www.latimes.com: XP 'Patch' Leaves Door Wide Open. Read more www.zdnet.com: Microsoft: Piecemeal patchwork for IE. Read more grc.com: The FBI has Strongly Recommended that All Users Immediately Disable Windows' Universal Plug n' Play Support. Read more www.internetnews.com: Privacy Expert Roots Out True Origin of "XP Flaw". Read more www.theinquirer.net: SQL Server hit by big bad security holes. Read more www.wired.com: Why Worm Writers Stay Free. Read more www.crn.com: CA: E-Mail Method Of Choice For Virus Writers In 2001. Read more rtnews.globetechnology.com: Viruses expected to proliferate. Read more www.nj.com: Judge rules computer information can be used at reputed mobster's trial. Read more www.securityfocus.com: The Littlest Security Pro. Read more news.bbc.co.uk: Security by remote control. Read more www.freep.com: INFORMATION NETWORK: Cops abuse database, 3 privacy suits say. Read more dailynews.yahoo.com: And the Password Is . . . Waterloo. Read more

27 December 2001 New trojan(s): Clandestine 3.0 Nethief 2.7 www.securiteam.com: Serious Security Flaw in Citrix Client. Read more www.securiteam.com: Caramail Cross-Site Scripting Vulnerability. Read more www.securiteam.com: QwikAd Allows Malicious SQL Code Injection. Read more www.securiteam.com: Linux Package Default UID (573). Read more www.securiteam.com: PFinger Format String Vulnerability. Read more www.securiteam.com: AdStreamer Allows Execution of Arbitrary Commands. Read more www.securiteam.com: Perdition/Vanessa_logger Format String Vulnerability. Read more www.linuxsecurity.com: Authentication Gateway HOWTO. Read more www.reuters.co.uk: Stand by for more nasty Web attacks in 2002. Read more www.guardcentral.com: New European Worm, W32/Sheer.A@mm, Makes a Christmas Debut. Read more www.nikkeibp.asiabiztech.com: Nimda-Class Virus May Strike IE Users; Patch Must be Applied Immediately. Read more www.computeruser.com: Zoher worm gives unwelcome Christmas PC present. Read more www.computeruser.com: Microsoft browser slips up on SSL certificates - report. Read more www.internetnews.com: Privacy Expert Roots Out True Origin of "XP Flaw". Read more scripts.ireland.com: Windows XP proves vulnerable to hackers. Read more www.zdnet.com: Gartner: XP's 'plug and prey' hole. Read more www.infoworld.com: Microsoft issues SQL Server security warning. Read more www.onlamp.com: Snort 'n Dragon. Read more

26 December 2001 New trojan(s): Glacier 6.0 DS Web Downloader 1.01 www.securiteam.com: Best Practices for Secure Development. Read more www.securiteam.com: Atmel SNMP Non Public Community String DoS Vulnerability. Read more www.securiteam.com: Apache's mod_bf Vulnerable to a Buffer Overflow and DoS. Read more www.securityfocus.com: Les VanBrunt AdRotate Pro SQL Injection Vulnerability. Read more www.indiaexpress.com: Pak cyber terrorism �injures� 20 Indian web sites. Read more www.ananova.com: 2001 a year of worms, Trojans and viruses. Read more www.smh.com.au: Year the worm turned nasty with viruses rampaging on the Internet. Read more www.securityfocus.com: How the Grinch Stole Keystrokes. Read more www.computeruser.com: CERT warns of deadly security hole in Internet Explorer. Read more www.guardian.co.uk: Windows XP fails to shake off hacker attacks. Read more www.computeruser.com: Trail of zombie servers leads to online payment firm. Read more www.bangkokpost.com: Hacker wake up call works well for Thai Net provider. Read more abcnews.go.com: 'Zacker' Worm E-mails Holiday Mayhem. Read more inq.philly.com: N. J. school behind new hacking law. Read more www.computeruser.com: Bill strengthens Internet criminal sentencing. Read more dailynews.yahoo.com: Trying to Keep Young Internet Users From a Life of Piracy. Read more

25 December 2001 New trojan(s): Laocoon 1.0 www.securiteam.com: D-Link DWL-1000AP can be Compromised Due to Insecure SNMP Configuration. Read more www.securiteam.com: Buffer Overflow Vulnerability in Oracle's "Unbreakable" 9iAS. Read more www.securiteam.com: SQL Server Text Formatting Functions Suffer from Buffer Overflows. Read more www.securiteam.com: Internet Explore HTTPS Certificate Attack. Read more www.securiteam.com: PGP Plugin for Outlook Can Send Unencrypted Messages. Read more www.securiteam.com: Multiple Overflow and Format String Vulnerabilities in Microsoft SQL Server. Read more www.securiteam.com: UPNP - Multiple Remote Windows XP/ME/98 Vulnerabilities. Read more www.securiteam.com: Webmin view_man.cgi Security Vulnerability. Read more www.securiteam.com: Plesk (PSA) Allows Reading of .PHP Files. Read more www.blackhat.com: Black Hat Windows Security Briefings and Training 2002. Read more www.raid-symposium.org: RAID 2002 Fifth International Symposium on Recent Advances in Intrusion Detection. Read more www.hackinthebox.org: The State of The Hack Awards #7. Read more www.egghelp.org: Information on eggdrop bots, shell accounts. Read more canberra.yourguide.com.au: Cybercrime fight hampered. Read more houston.bcentral.com: Winning viral war requires the right weapons, training. Read more www.computerworld.com: Linux in 2002: More security, high-end computing. Read more www.inq7.net: Hacker targets Globe website. Read more news.ninemsn.com.au: Unauthorised intrusion to Optus internet network. Read more www.siliconvalley.com: Security consultant finds plent of holes to plug. Read more www.thestar.com: Thank `hacker' for fixing XP flaw. Read more www.reuters.com: FBI Computer Security Arm Warns of Windows XP Holes. Read more www.infowarrior.org: Who Needs Hackers? We've Got Microsoft! Read more

24 December 2001 New trojan(s): G-Spot Tight 1.0 Duddie 3.1b security.e-matters.de: IE https certificate attack. Read more www.twlc.net: twlc advisory: plesk (psa) allows reading of .php files (0 day). Read more quote.bloomberg.com: Microsoft's Culp: Windows XP Security Flaw & Fix Offer. Read more www.computeruser.com: Severe security hole discovered in Microsoft XP. Read more www.chicagotribune.com: How hackers can exploit Microsoft flaw. Read more www.idg.net: Microsoft Improves Security Plans. Read more www.infoworld.com: Time to come clean. Read more www.computeruser.com: Cybersecurity think tank formed in NJ. Read more www.nzherald.co.nz: Stranger danger lurks in chatroom meetings. Read more www.idg.net: Companies look to 'vaccinate' weary users against spam deluge. Read more www.idg.net: E-Mail Tops Company's Wireless Wish Lists. Read more

23 December 2001 New trojan(s): Optix Lite 0.4 Nerte 7.7.1 chocobospore.org: Mognet is a free, open source wireless ethernet sniffer/analyzer written in Java. Read more www.pbs.org: Interview: Chris Davis A security consultant and ex-hacker from Ottawa, Davis tracked down Curador, an 18-year old hacker from South Wales who in 2000 stole an estimated 26,000 credit card numbers from e-commerce web sites and posted them online. Read more www.securiteam.com: ATPHTTPd Buffer Overflow Exploit Code. Read more www.securityfocus.com: Microsoft Windows C Runtime Library Format String Vulnerability. Read more www.securityfocus.com: Atmel SNMP public Community or Unknown OID Denial of Service Vulnerability. Read more www.securityfocus.com: Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability. Read more www.securityfocus.com: Microsoft SQL-Server Buffer Overflow Vulnerability. Read more www.securiteam.com: Dangerous Information Recorded in CentraOne Log Files. Read more www.securiteam.com: MSIE May Download and Run Programs Automatically. Read more www.securiteam.com: Windows FTP "Network Place" Exposes Saved Passwords. Read more www.securiteam.com: Hot Key Permissions Bypass under Windows XP. Read more www.securiteam.com: ASPSession ID's Vulnerability. Read more www.securiteam.com: WMCube-GDK Yields KMEM Security Privileges. Read more www.securiteam.com: HP-UX Setuid RLPDaemon Illicit File Writes. Read more POPAuth Symlink Problem Allows Creation of a Setuid Shell. Read more www.securiteam.com: Agoracgi Cross-Site Scripting Vulnerability. Read more www.securiteam.com: Glibc Globing Issues (~AAA{ Trick). Read more www.securiteam.com: PHPNuke module.php Vulnerability and PHP error_reporting Issue. Read more www.theregister.co.uk: Who needs hackers when we've got MS? Read more quote.bloomberg.com: FBI Urges Windows XP Users Take Extra Precautions (Update1). Read more seattletimes.nwsource.com: FBI urges extra hacker protection for XP. Read more www.theregister.co.uk: Feds grill MS on Windows security. Read more i-want-a-website.com: Microsoft Discloses Huge Security Hole. Read more www.theregister.co.uk: US to yank Kevin Mitnick's radio license. Read more www.linuxsecurity.com: Letter to Santa from a Security Administrator. Read more www.2600.com: 2600 WINS FORD LAWSUIT - RIGHT TO LINK UPHELD. Read more

22 December 2001 New trojan(s): Ghost 2.3 by Lame_joker freedumb and Phr0stic assured me they have not made the dropper in this DS Web Downloader 1.0 . Their DS Web Downloader 1.0 without Dropper. www.securityfocus.com: Microsoft Universal Plug and Play Simple Service Discovery Protocol Denial of Service Vulnerability. Read more www.securityfocus.com: Microsoft UPnP NOTIFY Buffer Overflow Vulnerability. Read more www.securityfocus.com: Microsoft IE Same Origin Policy Violation Vulnerability. Read more www.xatrix.org: Microsoft-MS01-059-Multiple remote Windows XP/ME/98 Vulnerabilities. Read more linuxtoday.com: Red Hat Security Advisory: Updated Mailman packages available. Read more www.pcworld.com: File-Killing Shoho Worm Reported. Read more www.idg.net: Shoho worm adds, deletes files. Read more www.zdnet.com: Shoho outbreak--New worm, old tricks. Read more www.washtech.com: FBI Advises Windows XP Users on Measures to Block Hackers. Read more www.timesofindia.com: FBI asks XP users to take more security steps. Read more www.reuters.co.uk: Microsoft admits XP security hole. Read more www.infoworld.com: XP security glitch draws criticism. Read more www3.gartner.com: Windows XP Security Hole Lets Attackers 'Plug and Prey'. Read more www.silicon.com: Microsoft owns up to massive XP security hole. Read more www4.gartner.com: Deploy XP With Usual Precautions, Despite Security Flaw. Read more www.reuters.co.uk: Attack of the computer zombies. Read more timesofindia.indiatimes.com: Hack turned computers into waiting zombies. Read more www.internetnews.com: New Security Breach Threatens Net. Read more news.bbc.co.uk: Hacker boys from Brazil. Read more quote.bloomberg.com: Oracle Reports Flaws After Calling Its Software `Unbreakable'. Read more www.theage.com.au: Cyber terror law condemned. Read more

21 December 2001 New trojan(s): Optix Lite 0.3 Winshell 3.0 Microsoft Security Bulletin MS01-059 Unchecked Buffer in Universal Plug and Play can Lead to System Compromise. Read more Microsoft Security Bulletin MS01-060 SQL Server Text Formatting Functions Contain Unchecked Buffers. Read more CERT� Advisory CA-2001-37 Overflow in UPnP Service On Microsoft Windows. Read more www.eeye.com: Major Vulnerabilities in Default Installations of Windows XP and Certain Installations of Windows ME and 98. Read more Internet Security Systems Security Alert Multiple Vulnerabilities in Universal Plug and Play Service. Read more www.securiteam.com: Novell GroupWise Servlet Gateway Default Username and Password. Read more www.securiteam.com: Netware Web Server Sample Page Source Disclosure. Read more www.securiteam.com: Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, and Site Spoofing Bug. Read more www.securiteam.com: Aktivate Shopping System Cross-Site Scripting Vulnerability. Read more www.securiteam.com: Exim Recipient Decoding Execution. Read more www.securiteam.com: Linux Distributions are Vulnerable to the /bin/login Overflow. Read more www.securityfocus.com: OpenSSH Local root exploit if UseLogin option enabled. Read more www.securityfocus.com: Aktivate Shopping Cart Cross-Site Scripting Vulnerability. Read more www.securityfocus.com: Zyxel Prestige SDSL Router IP Fragment Reassembly Vulnerability. Read more www.securityfocus.com: Webmin Directory Traversal Vulnerability. Read more www.securityfocus.com: WMCube/GDK Object File Buffer Overflow Vulnerability. Read more www.securityfocus.com: xSANE Insecure Temporary File Creation Vulnerability. Read more www.securityfocus.com: Agora.CGI Cross-Site Scripting Vulnerability. Read more www.securityfocus.com: Microsoft Windows XP Unauthorized Hotkey Program Execution Vulnerability. Read more linuxtoday.com: Mandrake Linux Security Update Advisory: glibc update. Read more linuxtoday.com: Trustix Secure Linux Advisor: glibc. Read more www.thetimes.co.uk: Windows XP has serious flaw. Read more news.bbc.co.uk: Fix your Windows, says Microsoft. Read more www.zdnet.com: Microsoft plugs XP security hole. Read more newsfind.com: Micrsoft Admits XP Security Flaw. Read more www.ireland.com: Windows XP proves vulnerable to hackers. Read more www.crn.com: CRN Test Center Examines Security Hole Found In Windows XP. Read more www.theregister.co.uk: MS warns of severe universal plug & play security hole. Read more www.siliconvalley.com: Microsoft, Oracle security flaws found. Read more chicagotribune.com: Buffer Overflows Computer Security. Read more www.it.mycareer.com.au: New computer virus brings festive misery. Read more www.guardcentral.com: Christmas e-mail greetings, the perfect disguise for a virus. Read more enterprisesecurity.symantec.com: Spy Software Helps FBI Crack Encrypted Email. Read more chicagotribune.com: Smart logs make it tough for hackers to cover their tracks. Read more www.usdoj.gov: Man Sentenced for Unauthorized Access into Computer Systems of Connecticut Consulting Firm. Read more www.newsbytes.com: Intruder Breaks Into Optus' Australian Network. Read more www.azcentral.com: Hacker gets to Tempe credit card processor. Read more www.theregister.co.uk: Porno paymaster CCBill hacked hard. Read more www.theregister.co.uk: The crime of distributed computing. Read more www.zdnet.com: Sklyarov stands by boss in DMCA case. Read more allafrica.com: Information Systems Security. Read more www.zdnet.com: Linux developer hit by Microsoft suit. Read more www.sfgate.com: Small calculation is big victory for quantum computing. Read more

20 December 2001 New trojan(s): Clandestine 2.0 CyberSpy FTP CERT� Advisory CA-2001-36 Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers. Read more www.securiteam.com: Magic Enterprise Multiple Vulnerabilities. Read more www.securiteam.com: Zyxel Prestige 681 and 1600 Remote DoS. Read more www.securiteam.com: Windows XP Security Concerns (Fast Switch, Password Reset, Remote Desktop). Read more www.securiteam.com: Internet Explorer 6 Allows Local File Reading (XMLHTTP). Read more www.securiteam.com: FtpXQ Default Install Read/Write Capabilities. Read more www.securiteam.com: Trust Issues with RH and Debian Package Managers. Read more www.securiteam.com: ProFTPD File Globbing Problems (////.../). Read more www.securityfocus.com: WMCube/GDK Object File Buffer Overflow Vulnerability. Read more www.zdnet.com: 'Happy New Year' worm hits Windows. Read more www.timesofindia.com: Virus could render a very unhappy New Year. Read more www.cmpnetasia.com: Christmas virus makes the rounds. Read more europe.cnn.com: 'Reeezak' worm offers holiday jeers. Read more www.zdnet.com: Worm piggybacks on holiday cheer. Read more cryptome.org: DIRT-Magic Lantern Firm Barred from Gov Work. Read more www.theregister.co.uk: FBI surveillance bonanza in BadTrans.B worm. Read more www.cnn.com: Fight against child abuse goes high-tech. Read more news.cnet.com: Sklyarov backs employer despite U.S. deal. Read more www.cmpnetasia.com: Unique viruses in China. Read more www.siliconvalley.com: RSA announces fix for wireless network security hole. Read more www.idg.net: Disk drives from World Trade Center could yield clues. Read more www.zdnet.com: Want better workplace security? Just use some common sense! Read more www.zwire.com: Schools form institute to stop hackers. Read more www.boston.com: Conn. hacker indicted in attacks on San Diego auto site. Read more news.com.au: Optus internet hacked. Read more www.zdnet.com: Warez groups wracked by FBI raids. Read more www.ananova.com: Microsoft issues security browser patches. Read more www.zdnet.com: Australia pushes for e-mail interception. Read more www.zdnet.com: Windows XP: Hot or not? Read more www.securityfocus.com: Is Distributed Computing A Crime? Read more www.wired.com: Steganography, Next Generation. Read more news.cnet.com: IBM's quantum baby step. Read more www.wired.com: Big Blue Takes Quantum Step. Read more

19 December 2001 New trojan(s): DS Web Downloader 1.0 www.securityfocus.com: Social Engineering Fundamentals, Part I: Hacker Tactics. Read more www.securiteam.com: Windows 2000 IKE DoS Exploit Code. Read more linuxtoday.com: Mandrake Linux Security Update Advisory: kerberos update. Read more www.securityfocus.com: Novell Groupwise Servlet Gateway Default Authentication Vulnerability. Read more www.securityfocus.com: Zyxel Prestige SDSL Router IP Packet Length Remote Denial Of Service Vulnerability. Read more www.securiteam.com: Analysis of Microsoft SQL Server 2000 Stored Procedure Encryption. Read more www.securiteam.com: NoHTML Built-in Outlook 2002 Feature Protects Against Malicious Code. Read more www.securiteam.com: SpiDynamics WebInspect Keeps Track of Its Users (Trial License). Read more www.securiteam.com: Hosting.com Cross-Site Scripting Vulnerability. Read more www.securiteam.com: "UNIX Manual" PHP-Script Allows Arbitrary Code Execution. Read more www.theinquirer.net: Al Qaeda infiltrates Microsoft, hacks Windows XP. Read more www.wininformant.com: Tales of the Bizarre: Al Qaeda Allegedly Hacked Microsoft. Read more www3.gartner.com: Patch Security Holes but Demand Better Security From Vendors. Read more www.newsfactor.com: Government Internet Snooping: Out of Control? Read more seattletimes.nwsource.com: FBI software program records each keystroke. Read more www.dailyrotten.com: FBI wants access to worm's pilfered data. Read more news.bbc.co.uk: Warning of malicious e-cards. Read more news.com.au: Optus internet hacked. Read more news.com.au: Watch for hackers, parents warned. Read more www.theregister.co.uk: A plague on all our networks. Read more www.vnunet.com: Sircam worms its way to number one. Read more www.bergen.com: Brain trust taking aim at hackers. Read more thestar.com.my: Hacking �reflects Malaysia as a laggard�. Read more www.theregister.co.uk: RSA supplies answer to drive-by hacking? Read more www.denverpost.com: Judge lets Interior reconnect its websites. Read more www.silicon.com: Fight against fraud gets teeth. Read more cgi.usatoday.com: While last-minute shopping online, keep security in mind. Read more www.businessweek.com: Visa's New Online Security Blanket. Read more

18 December 2001 New trojan(s): G-Spot Tight 1.5 www.securityfocus.com: FreeBSD-SA-01:68: xsane port uses insecure temporary file handling. Read more www.securiteam.com: OpenSSH UseLogin Bug Proof of Concept Exploit. Read more linuxtoday.com: Engarde Secure Linux: 'glibc' globbing buffer overflow. Read more www.xatrix.org: Microsoft Internet Explorer 6 can read local files. Read more www.newsbytes.com: Suspect Claims Al Qaeda Hacked Microsoft - Expert. Read more www.internetweek.com: Latest Hacker Target: Routers. Read more www.cnn.com: CERT: Plug Secure Shell holes before holidays. Read more www.silicon.com: Hackers looking forward to a merry Christmas. Read more www.idg.net: Microsoft Design to Blame for Virus Load. Read more www.pcworld.com: Is Linux Immune to E-Mail Viruses? Read more www.vnunet.com: BugWatch: Magic Lantern - not magic and not very bright. Read more www.silicon.com: Vendors bare souls, discuss vulnerabilities. Read more phoenix.bcentral.com: Company survival at risk without computer security. Read more www.govexec.com: Defense inks deal to train more cybercrime fighters. Read more www.vnunet.com: Saint emerges as hacker tackler. Read more baltimore.bcentral.com: Beware of theft when shopping on the Web. Read more www.sunspot.net: Cracking the code. Read more www.nzherald.co.nz: Wheels turning with secret keys. Read more www.latimes.com: Copy-Protected CD to Be Released. Read more

17 December 2001 New trojan(s): Little Witch 5.0 Client Little Witch 4.5 Server Leszcz 5.50 www.enderunix.org: BUFFER OVERFLOWS DEMYSTIFIED. Read more www.securityfocus.com: Microsoft Internet Explorer Remote File Viewing Vulnerability. Read more www.securityfocus.com: Zyxel Prestige SDSL Router Remote Denial Of Service Vulnerability. Read more www.securiteam.com: Red Faction Server/Client DoS (UDP 7755). Read more www.securiteam.com: File Locking and Security (Group Policy DoS on Windows 2000 Domains). Read more www.xatrix.org: Red Hat - RHSA-2001:160-09. Read more www.linuxsecurity.com: Understanding Rootkits. Read more www.thetimes.co.uk: Rob Rosenberger is on a crusade against the mass hysteria he says is regularly whipped up by anti-virus companies. Read more www.idgnet.co.nz: Christmas greetings by e-mail, the perfect disguise for a virus. Read more www.computeruser.com: Cisco release of Goner worm raises eyebrows. Read more cryptome.org: The MS DRM Patent and Freedom to Speak and Think. Read more www.computeruser.com: Windows XP down and dirty. Read more www.idg.net: Microsoft top security officer expected to join U.S. cybersecurity team. Read more www.zawya.com: Shanghai hails success of new cyber crime task force. Read more news.bbc.co.uk: Paving the way for 'uncrackable' codes. Read more

16 December 2001 New trojan(s): Theef 1.35 RTB 666 1.65 www.pbs.org: Interview: Curador is a 18-year old hacker from rural Wales who in the winter of 2000 stole an estimated 26,000 credit cards numbers from a group of e-commerce web sites and posted the numbers on the web. Read more www.securityfocus.com: HTML2WML Scheme File Arbitrary Access Vulnerability. Read more www.securityfocus.com: IBM WebSphere JSP Root Password Disclosure Vulnerability. Read more www.securityfocus.com: EFTP Directory Traversal Vulnerability. Read more www.securiteam.com: Axis Network Camera Requires No Authentication to Access Sensitive Information. Read more www.securiteam.com: Another IE Denial of Service Attack (Box Value). Read more www.securiteam.com: APMd Vulnerable to Symlink Attack (RedHat). Read more www.securiteam.com: LDAP Authentication Brute Forcing. Read more www.securiteam.com: MHW, Macintosh Hacker's Workshop. Read more www.vnunet.com: DoS attacks could soon meet their match. Read more www.theregister.co.uk: IDS users swamped with false alerts. Read more www.nandotimes.com: Russian encryption hacker will testify to avoid prosecution. Read more www.vnunet.com: Dmitri deal is struck. Read more www.vnunet.com: Hackers blinded by the light. Read more www.eweek.com: 5 Steps to Enterprise Security. Read more www.federaltimes.com: Agencies In Market To Block Hackers. Read more

15 December 2001 New trojan: NeuroticKat 1.2 www.securiteam.com: Mail Essentials Reveals Identity of First BCC Recipient. Read more www.securiteam.com: "Spammers Delights" (Mailto.exe). Read more www.securiteam.com: IE Denial of Service (Bad IMG Tag). Read more www.securiteam.com: Ettercap Local Root Exploit. Read more www.securiteam.com: OpenSSH UseLogin Directive Vulnerability Leads to Remote Root Compromise. Read more www.securiteam.com: CSVForm (Perl CGI) Remote Execution Vulnerability. Read more linuxtoday.com: Caldera Security Advisory: Linux - Local vulerability in OpenSSH. Read more www.thestar.com: `Microsoft ignored our warning'. Read more www.zdnet.com: Poetic Goker disables antivirus protection. Read more www.newsfactor.com: Antivirus Protection Under Fire from Latest Worms. Read more www.theregister.co.uk: MS releases mother of all IE security patches. Read more www.theregister.co.uk: Microsoft, terrorism, and computer security. Read more www.securityfocus.com: Bill Would Toughen Cybercrime Penalties. Read more www.theregister.co.uk: White House CyberSecurity ignores bad (MS) software. Read more www.hackinthebox.org: Master hackers can be crime busters too. Read more www.nandotimes.com: Security hole leaves some Unix servers wide open. Read more www.law.com: Anatomy of a Virus. Read more www.ananova.com: Scientists hope diode discovery will frustrate hackers. Read more

14 December 2001 New trojan: G-Spot 2.0 by J3NtiL and xMs Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. Ettercap 0.6.3.1 RELEASED. Read more www.securiteam.com: Microsoft IIS/5.0 Content-Length DoS Exploit Code. Read more www.securiteam.com: Lucent ORiNOCO Registry Decryption. Read more www.securityfocus.com: Kebi WebMail Unauthenticated Administration Vulnerability. Read more www.securityfocus.com: XTerm Title Bar Buffer Overflow Vulnerability. Read more www.securityfocus.com: Lotus Domino bad URL database Denial of Service Vulnerability. Read more www.securityfocus.com: GFI Mail Essentials BCC Information Disclosure Vulnerability. Read more www.securiteam.com: Cross-Frame Security Zone Spoofing in Internet Explorer Using the 'About' Protocol. Read more www.securiteam.com: Vulnerabilities in PGPMail.pl Lead to Remote Code Execution. Read more www.securiteam.com: Hardlink Vulnerability in 'script' Command. Read more CERT� Advisory CA-2001-35 Recent Activity Against Secure Shell Daemons. Read more news.cnet.com: E-mail worm Gokar spreading. Read more www.zdnet.com: Sweet-talking worm overcomes defenses. Read more www.computeruser.com: Antivirus firms warn about Gokar self-disguising worm. Read more www.infoworld.com: IE hole can become a 'back door' for hackers. Read more www.computing.vnunet.com: Small bug found in IE - not many dead. Read more www.computing.vnunet.com: French hacker uncovers email holes. Read more www.computing.vnunet.com: Sun logs in buffer vulnerability. Read more news.com.au: Yahoo coy on security breach. Read more news.cnet.com: IBM, Sun scramble to fix security hole. Read more www.zdnet.com: Scary Solaris, AIX hole unearthed. Read more cultdeadcow.com: THE CULT OF THE DEAD COW OFFERS A HELPING HAND IN AMERICA'S TIME OF NEED. Read more www.cnn.com: FBI confirms 'Magic Lantern' spy project. Read more www.eff.org: Government Agrees to Defer Prosecution of Dmitry Sklyarov. Read more news.cnet.com: U.S. to free Russian hacker on testimony. Read more www.wired.com: Russian Hacker Charges Dropped. Read more www.theregister.co.uk: Microsoft Hotmail still runs on U**x. Read more www.cnn.com: Hacker posts nudity on Mandela Web site. Read more news.24.com: Mandela fund website hacked. Read more www.newsday.com: Slamming Windows Shut on Hackers. Read more www.eetimes.com: U.S. moves to tighten network security. Read more www.wired.com: Cerf Disses Bush's Patch Plan. Read more www.varbusiness.com: Concern Over Cyber Security Grows, But Online Behavior Remains the Same. Read more Amnesty International Defaced. On December 8, a group known as "BL4F" compromised and defaced the Amnesty International (www.amnesty.org) web page. The message put up questions United States activity in Afghanistan as well as those who compare hackers to terrorists. Mirror URL www.theregister.co.uk: MS rolls out security obscurity bribe program. Read more

13 December 2001 New trojan: Asylum 0.1.4 CERT� Advisory CA-2001-34 Buffer Overflow in System V Derived Login. Read more www.securityfocus.com: Microsoft IIS False Content-Length Field DoS Vulnerability. Read more www.securityfocus.com: CSVForm Remote Arbitrary Command Execution Vulnerability. Read more www.securityfocus.com: Denicomp Winsock RSHD/NT Standard Error Denial of Service Vulnerability. Read more www.securiteam.com: Flawed Outbound Packet Filtering in Various Personal Firewalls. Read more www.securiteam.com: IPRoute Fragmentation Denial of Service Vulnerability. Read more www.securiteam.com: Microsoft IIS/5 Bogus Content-Length Memory Bug. Read more www.securiteam.com: Winsock RSHD/NT DoS. Read more www.securiteam.com: Buffer Overflow in /bin/login. Read more www.securiteam.com: Large Form Text Fields in konqueror Causes X to Crash (DoS). Read more www.securiteam.com: LSF Contains Multiple Security Vulnerabilities. Read more reuters.com: FBI Confirms 'Magic Lantern' Project Exists. Read more www.computing.vnunet.com: Infamous hacker group helps the Feds. Read more www.computing.vnunet.com: FBI Trojan goes underground. Read more www.nma.co.uk: The Web: Security through Obscurity. Read more reuters.com: Solaris, AIX Hole Said to Leave Computers Wide Open. Read more sns.chicagotribune.com: Internet Founder Warns on Security. Read more www.reuters.co.uk: Microsoft slams Oracle claim on not using Windows. Read more www.softwarewire.com: Computer Virus Spread Due to Lack of Education. Read more www.bday.co.za: Smarter hacker a threat. Read more www.linuxdevices.com: Hacking the TCSX-1 for fun and profit. Read more www.codecon.org: CodeCon 2002 CFP is the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community. Read more www.businessweek.com: Is Open-Source Security Software Safe? Read more www.computing.vnunet.com: Blind man's buff. Read more www3.gartner.com: Tax Breaks for Internet Security Will Increase Vulnerabilities. Read more www.usdoj.gov: FEDERAL LAW ENFORCEMENT TARGETS INTERNATIONAL INTERNET PIRACY SYNDICATES. Read more www.idg.net: UPDATE - Raids crack down on pirated software. Read more www.newsbytes.com: Lawmaker: Net Security Bill Will Pass This Year. Read more www.zdnet.com: Feds: Warez crackdown's just begun. Read more timesofindia.indiatimes.com: 'Goner' suspects under house arrest in Israel. Read more enquirer.com: Identity thieves make messes of victims' lives. Read more www.zdnet.com: Oracle paints a bull's-eye for hackers. Read more www.zdnet.com: Hackers, programmers tear apart Xbox. Read more news.cnet.com: Hackers, programmers "improve" Xbox. Read more

12 December 2001 New trojan: Nerte 7.7 www.securiteam.com: Race Condition in FreeBSD AIO Implementation. Read more www.securiteam.com: Microsoft Outlook Express 6 "E-mail Attachment Security" Flawed. Read more www.securiteam.com: Weak Encryption in Pathways Homecare. Read more www.securiteam.com: UDP DoS Attack on Windows 2000 IKE. Read more www.securiteam.com: Lotus Domino Web Server DoS Vulnerability (DB Lock). Read more www.securiteam.com: Workaround Addresses JRun Server SSIFilter Security Issue. Read more www.securiteam.com: NSI RWhoisd Remote Format String Vulnerability. Read more www.reuters.co.uk: Antivirus Firms Say They Won't Create FBI Loophole. Read more www.zdnet.com: Antivirus firms: FBI loophole is out of line. Read more www.securityfocus.com: Memo to Oracle: Nothing is 'Unbreakable'. Read more www.ciac.org: IRIX NEdit Vulnerability. Read more www.cisco.com: Cisco IOS ARP Table Overwrite Vulnerability. Read more stage.caldera.com: OpenServer: setcontext and sysi86 vulnerabilities. Read more stage.caldera.com: Open UNIX, UnixWare 7: timed does not enforce nulls. Read more www.computeruser.com: Microsoft to plug devastating browser download hole. Read more www.bangkokpost.com: Viruses are a symptom of change. Read more www.eweek.com: GAO Site Hackers Were Protesting Afghan War. Read more www.computeruser.com: Anti-India hackers turn attacks on U.S. systems. Read more www.thestar.com: MD, patient privacy may be at risk. Read more www.zdnet.com: Web makes ICQ mobile. Read more www.lasvegassun.com: Cybercrime in Clark County is growing problem, say experts. Read more www.osopinion.com: The True Online Security Story. Read more www.newsbytes.com: Consumers Concerned About Internet Security - Poll. Read more www.nwc.com: Fireproofing Against DoS Attacks. Read more www.computeruser.com: 'Multi-billion dollar� net software piracy ring busted. Read more www.reuters.co.uk: Police arrest six in global cyberpiracy probe. Read more www.computeruser.com: Senators to quiz government, Microsoft on settlement. Read more www.computeruser.com: Eye in the sky will track California parolees. Read more

11 December 2001 New trojan: Mini-Gift 0.1 www.securityfocus.com: Allaire JRun JSP Source Disclosure Vulnerability. Read more www.securityfocus.com: Allaire JRun Duplicate Session ID Vulnerability. Read more www.securityfocus.com: Allaire JRun 3.0 Directory Disclosure Vulnerability. Read more www.securiteam.com: OpenBSD Local DoS (Bad Syscalls Releases). Read more www.securiteam.com: UUCP Family Exploit (uucp / uuparams / uuname). Read more linux.oreillynet.com: New Vulnerability in OpenSSH. Read more www.securiteam.com: CFEXECUTE Tag Security Vulnerability in ColdFusion. Read more www.securiteam.com: Kebi Webmail Solution Security Vulnerability. Read more www.securiteam.com: Runas Vulnerable to Format String Attack. Read more www.securiteam.com: PHPNuke Vulnerable to Cross Site Scripting. Read more www.vnunet.com: Linux supporter challenges virus claim. Read more www.vnunet.com: DoS attacks defeat oldest IRC server. Read more www.thestandard.com.au: DoS attack cripples BigPond network. Read more www.theglobeandmail.com: Tests find medical files open to hackers. Read more timesofindia.indiatimes.com: The murky world of cyber-criminals. Read more www.newsbytes.com: Anti-India Hackers Turn Attacks on US Systems. Read more www.eweek.com: GAO Site Defaced by "Alqaeda" Hackers. Read more www.pcworld.com Bank Closes Web Security Hole. Read more www.internetworld.com: Would You Hire a Hacker? Read more www.zdnet.com: Oracle paints a bull's-eye for hackers. Read more www.vnunet.com: Cisco a Goner after email slip-up. Read more www.vnunet.com: Israeli teenagers behind Goner virus. Read more www.computerworld.com: Brief: Israeli youths admit to creating 'Goner' worm. Read more timesofindia.indiatimes.com: 'Goner' suspects under house arrest in Israel. Read more www.computeruser.com: Chat volunteers block worm's channel of attack. Read more www.computerworld.com: No Magic Bullet. Read more www.informationweek.com: Relaxen Und Watchen Das Blinkenlights. Read more www.osopinion.com: The True Online Security Story. Read more www.computerworld.com: FBI streamlines operations. Read more www.informationweek.com: Not everyone wants the government involved in IT security. Read more www.zdnet.com: Federal government beefs up security. Read more www.2600.com: 2600 IRC NETWORK RETURNS. Read more www.informationweek.com: MicronPC Boosts Security With Biometrics. Read more www.zdnet.com: Users find hole in PocketPC upgrade. Read more www.zdnet.com: Microsoft: Antitrust talks all aboveboard. Read more www.eweek.com: Microsoft Offers Settlement Changes. Read more

10 December 2001 New trojan: Fragglerock 2.0 lite by Gobo. Server has the option to become a worm spreading through Outlook to all contacts in the Windows Address Book (WAB) www.securityfocus.com: Lotus Domino bad URL database Denial of Service Vulnerability. Read more www.securityfocus.com: Kebi WebMail Unauthenticated Administration Vulnerability. Read more security-protocols.com: MS OWA Server Embedded Script Execution Vulnerability. Read more www.securiteam.com: Specially Malformed Script in HTML Mail Can Execute in Exchange 5.5 OWA. Read more www.securiteam.com: Goner/Pentagone Mass-Mailer Worm. Read more www.securiteam.com: Duplicate Session IDs Cause JRun Security Vulnerability (Hotfix). Read more www.securiteam.com: Buffer Overflow Found in Outlook Express for Macintosh. Read more www.securiteam.com: mIRC DDE Permissions Security Bug. Read more www.linuxsecurity.com: Fireproofing Against DoS Attacks. Read more www.ireland.com: Four Israeli�s arrested for creating computer virus. Read more www.theregister.co.uk: Israeli kids fess up to stupid worm attack. Read more news.com.au: Customs admit worm to network. Read more www.guardcentral.com: Computer viruses take turn for worse. Read more www.wired.com: Guess Who's Hacking to Dinner? Read more www.siliconvalley.com: Oracle's `unbreakable' boast attracting hackers. Read more www.thetimes.co.uk: Hackers 'siphoned off handouts from State'. Read more www.theregister.co.uk: Spam out, cookies tolerated, data retention remains: EU. Read more www.guardcentral.com: Feds To Draw 'Map' of Internet. Read more www.theregister.co.uk: Windows hack for Web-surfing privacy. Read more www.theregister.co.uk: Online bank fraudsters jailed for eight years. Read more www.theregister.co.uk: SMS phone crash exploit a risk for older Nokias. Read more

09 December 2001 New trojan: Guptachar www.pbs.org: Interview: breaking into NASA's computers. Read more www.anticrack.de: Winzip Self-Extractor 2.1 - Tutorial. Read more www.securityfocus.com: Microsoft OWA Server Embedded Script Execution Vulnerability. Read more www.securiteam.com: November Changelog Madness. Read more www.securiteam.com: Axis Network Camera Default Password Vulnerability. Read more www.securiteam.com: AudioGalaxy Username and Password Saved in Cleartext. Read more www.securiteam.com: Multiple ValiCert Security Problems. Read more www.securiteam.com: Using public proxies to spoof user clicks on banners. Read more www.securiteam.com: ICQr Information - password, contact lists, and personal information recovery. Read more www.securiteam.com: libgtop_daemon Remote Format String and Buffer Overflow Vulnerabilities. Read more www.securiteam.com: Sendpage (Perl CGI) Remote Execution Vulnerability. Read more security-protocols.com: MS OWA Server Embedded Script Execution Vulnerability. Read more security-protocols.com: Another IE denial of service attack. Read more www.windowsitsecurity.com: Outlook Web Access Script Execution Vulnerability in Microsoft Exchange. Read more www.guardcentral.com: Teens say they created the computer worm Goner. Read more www.nandotimes.com: Israeli teens admit unleashing computer worm attack. Read more www.hackinthebox.org: Hackers 'siphoned off handouts from State'. Read more www.guardcentral.com: Compaq site exposes customer details. Read more www.computeruser.com: Antivirus vendors wary of FBI's magic lantern. Read more www.computeruser.com: IT's darkest hour. Read more www.cnn.com: States demand Microsoft restrictions. Read more www.computeruser.com: Governors outline how states would use homeland security funds. Read more www.infoanarchy.org: KaZaA Goes the Way of Napster. Read more

08 December 2001 New trojan: Sensive 5.1 Karmaz 1.0 Microsoft Security Bulletin MS01-057(version 2.0) Specially Formed Script in HTML Mail can Execute in Exchange 5.5 OWA. Read more www.securityfocus.com: Apache Possible Directory Index Disclosure Vulnerability. Read more www.securityfocus.com: SCO OpenServer lpstat Buffer Overflow Vulnerability. Read more www.securityfocus.com: OpenSSH UseLogin Environment Variable Passing Vulnerability. Read more www.securityfocus.com: RHSA-2001:164-08: Updated secureweb packages available. Read more www.computerworld.com: Hacker explains recent exploits inside WorldCom network. Read more www.informationweek.com: Another Week, Another Outlook Flaw. Read more www.computerworld.com: Microsoft warns of another hole in Outlook Web Access. Read more www.silicon.com: 1,000 patches per year. Read more scripts.ireland.com: Corporate secrets at mercy of hackers. Read more www.it-director.com: Linux lined up as virus target. Read more www.guardcentral.com: Past lessons limit 'Goner' worm's spread. Read more rtnews.globetechnology.com: Goner worm less costly than recent computer viruses. Read more www.newsbytes.com: Chat Volunteers Block Worm's Channel Of Attack. Read more www.pcadvisor.co.uk: Spam is can of worms. Read more www.guardcentral.com: Nevada Cyber Crime Task Force goes on line with forensics lab. Read more www.siliconvalley.com: Valley to make security pitch. Read more www.businessweek.com: A New Twist in Computer Security Tools. Read more www.onlamp.com: Procmail Basics. Read more www.infoanarchy.org: Anonymity under Windows. Read more

07 December 2001 New trojan: Duddie 3.1 Penrox server Microsoft Security Bulletin MS01-057 Specially Formed Script in HMTL Mail can Execute in Exchange 5.5 OWA. Read more www.securityfocus.com: Multiple CDE Vendor ToolTalk Database Server Format String Vulnerability. Read more www.securityfocus.com: Viralator CGI Input Validation Remote Shell Command Vulnerability. Read more www.securityfocus.com: Linux Ptrace/Setuid Exec Vulnerability. Read more www.gcn.com: Antivirus vendors are wary of FBI�s Magic Lantern. Read more seattletimes.nwsource.com: E-mail virus causes mess for Boeing computers. Read more news.cnet.com: Hacker had WorldCom in his hands. Read more www.businessweek.com: A New Twist in Computer Security Tools. Read more www.newsbytes.com: New Tool Defuses Attacks On Microsoft Outlook. Read more www.nzherald.co.nz: UK police bid to spy on calls, e-mails. Read more www.wired.com: 'Goner' Today, and Forgotten. Read more www.starnews.com: 'Friendly' worm infests area computer systems. Read more www.infoworld.com: Changing security landscape on view at InfoSecurity 2001. Read more news.cnet.com: FBI builds cybercrime division. Read more www.miami.com: House passes initiative to widen eavesdropping powers. Read more seattlep-i.nwsource.com: Security is a top Web issue, Bush aide says. Read more www.newsfind.com: EU Dispute Delays Data Protection Bill. Read more www.newsforge.com: Secured against disaster: Governments look to Linux to avoid viruses. Read more msn.vnunet.com: Linux lined up as virus target. Read more www.eweek.com: 5 Steps to Enterprise Security - Step 4: Response. Read more news.cnet.com: Apple: Microsoft should pay $1 billion--cash. Read more

06 December 2001 New trojan: Mantis 0.3 Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. Snort 1.8.3 Bugfix release. Read more www.securityfocus.com: Icecast Server Slash File Name Denial Of Service Vulnerability. Read more www.securityfocus.com: Icecast Directory Traversal Vulnerability. Read more www.securityfocus.com: OpenBSD lpd Remote File Creation By Trusted Root User Vulnerability. Read more security-protocols.com: Small flaw in Outlook Express. Read more security-protocols.com: Many vulnerabilities in LSF 4.0. Read more www.windowsitsecurity.com: Disclosure Vulnerability in Allaire JRun for Microsoft Internet Information Server. Read more sns.chicagotribune.com: Worldcom Security Hole Risked Computers. Read more www.newsbytes.com: MCI Security Hole Put AOL, Others, In Hacker's Crosshairs. Read more www.zdnet.com: CERT: Hacker-tracking site attacked. Read more www.zdnet.com: Warning: We know what you're typing (and so does the FBI). Read more www.nzherald.co.nz: UK police bid to spy on calls, e-mails. Read more www.securityfocus.com: Lamo's Adventures in WorldCom. Read more it.mycareer.com.au: Worm turns into nightmare for computer users. Read more rtnews.globetechnology.com: Timing of virus worries experts. Read more www.stuff.co.nz: Worm not a goner yet. Read more www.zdnet.com: Goner: Social viruses still a threat. Read more sns.chicagotribune.com: 'Goner' e-mail virus hits thousands of PCs. Read more investor.cnet.com: "Pentagone" virus tours Europe. Read more www.nzherald.co.nz: Hacker arrest prompts warning. Read more www.idg.net: Germany Privacy Trends Disturbing. Read more www.eetimes.com: U.S. unveils advanced encryption standard. Read more www.theregister.co.uk: Internet anonymity for Windows power users. Read more

05 December 2001 New trojan: SmallBigBrother 0.2 beta 1 Sepro server Win32/Badtrans.B Decryption Utility A program which is able to decrypt the keylog protocol (passwords) of the Win32/Badtrans.B worm. Download www.securityfocus.com: Allaire JRun Web Root Directory Disclosure Vulnerability. Read more www.securityfocus.com: BSD/OS UUCP Argument Buffer Overflow Vulnerability. Read more www.securityfocus.com: PHPNuke Cross-Site Scripting Vulnerability. Read more xforce.iss.net: Goner/Pentagone Mass-Mailer Worm. Read more www.newsfactor.com: 'Goner' Worm Takes Out Firewalls, Antivirus Protection. Read more www.computeruser.com: Goner worm causing problems for Outlook, ICQ users. Read more www.zdnet.com: 'Goner' worm spreading fast. Read more www.newsbytes.com: Goner Worm Goes To Top Of Virus Charts In Just One Day. Read more news.com.au: Australia braces for Goner virus. Read more www.newsfind.com: 'Goner' Virus Infects Businesses. Read more news.cnet.com: "Pentagone" virus still spreading. Read more www.nzherald.co.nz: Hacker arrest prompts warning. Read more www.usdoj.gov: Information on the United States v. Microsoft Settlement. Read more www.csmonitor.com: Paris school offers primer for cyberpirates. Read more www.newsbytes.com: Computer Security Advisory Site Suffers Attack. Read more www.zdnet.com: Rebel states ready to hit Microsoft hard. Read more www.zdnet.com: Could XP allow hackers into your fridge? Read more www.washingtonpost.com: Counterterrorism, Cybercrime Are Focus of FBI's Overhaul. Read more news.cnet.com: FBI builds cybercrime division. Read more www.nandotimes.com: White House computer security adviser wants home computers secured. Read more www.computerworld.com: Feds pick next-generation encryption standard. Read more www.osopinion.com: U.S. Awards $86.9M Cybercrime Training Contract. Read more www.cnn.com: July 3, 2000: Are cyberterrorists for real? Read more www.computeruser.com: Porn directory isn't only master of 'link-o-rama' domain. Read more

04 December 2001 New trojan: TriRat 1.1 www.securityfocus.com: BSD/OS UUCP Argument Buffer Overflow Vulnerability. Read more www.securityfocus.com: WhitSoft SlimServe FTPd Directory Traversal Vulnerability. Read more www.securiteam.com: Security Vulnerability in Cisco's IOS Firewall Feature Set. Read more www.securityfocus.com: Allaire JRun Web Root Directory Disclosure Vulnerability. Read more www.securiteam.com: Allaire JRun Directory Browsing Vulnerability. Read more www.securiteam.com: JRun SSI Request Body Parsing. Read more www.securiteam.com: Cray UNICOS NQSD Format String Security Vulnerability. Read more www.securiteam.com: Mailman Email Archive Cross Site Scripting Vulnerability. Read more www.securityfocus.com: 'Magic Lantern' Rubs the Wrong Way. Read more www.theregister.co.uk: FBI 'Magic Lantern' reality check. Read more www.connected.telegraph.co.uk: Snooping on behalf of national security. Read more www.vnunet.com: Checking out hacking tools. Read more www.computing.vnunet.com: Wireless hacking kits cheap to compile. Read more www.computeruser.com: BadTrans has AOL written all over it. Read more www.theregister.co.uk: BadTrans surges past SirCam as most infectious virus. Read more www.computeruser.com: Sega Dreamcast game infected with Kriz virus. Read more www.vnunet.com: Fluffi Bunni on rampage. Read more www.silicon.com: Nokia phones at risk from hacker shutdown. Read more www.vnunet.com: French hackers' school claims aim is good. Read more abcnews.go.com: How Computer Encryption Works to Protect Online Secrets. Read more www.techtv.com: A Simple Explanation of Encryption. Read more www.computing.vnunet.com: UK ministries hacked five times this year. Read more www.siliconvalley.com: College student refutes charges he is high-level hacker. Read more www.vnunet.com: Open source mounts IDS challenge. Read more www.vnunet.com: Common sense key to beating hackers. Read more www.washingtonpost.com: Microsoft Parries Foe In AT&T Bidding. Read more www.newsbytes.com: Bills Would Boost Electronic Security Research Funding. Read more www.siliconvalley.com: Hewlett-Packard launches `blade' network computers. Read more

03 December 2001 New trojan: Skyfiree Spy 1.09 www.securiteam.com: NAI WebShield SMTP for WinNT MIME Header Vulnerability Allows BadTrans Virus to Pass. Read more www.securiteam.com: Compaq Insight Manager Remote SYSTEM Shell (Exploit). Read more www.securiteam.com: IIS Server Side Include Buffer Overflow (Exploit). Read more www.securiteam.com: TWIG Default Configurations May Lead to Insecure Auth-cookie Password Storage. Read more www.newsforge.com: Reader-submitted tutorial: Linux password policies. Read more news.bbc.co.uk: Learning to hack. Read more www.silicon.com: Snooping virus could backfire on men in black. Read more it.mycareer.com.au: Spy virus. Read more www.computeruser.com: 'Mujihadeen' hackers take out U.S. government sites. Read more www.newsfind.com: World Governments Choosing Linux. Read more www.computerworld.com: Study: Constant security fixes overwhelming IT managers. Read more www.eweek.com: Windows Gets Security Boost. Read More web.lexis-nexis.com: GP's reward to catch hackers. Read more www.latimes.com: Your Privacy Is a Disappearing Act. Read more www.foxnews.com: Industry Looks for State High Court Review of DVD Hacker Ruling. Read more www.nzherald.co.nz: Burning issue: the high cost of CD piracy. Read more www.reuters.co.uk: DMCA Seen Denying Free Speech Rights in Cyberspace. Read more

02 December 2001 New trojan: Kilo 0.16 ettercap.sourceforge.net: Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Read more www.securiteam.com: UUCP Command Line Arguments Buffer Overflow. Read more otn.oracle.com: Oracle Home Environment Variable Validation Vulnerability. Read more (pdf) www.bugtraq.org: INADEQUATE LOGGING IN OPENSSH SFTP ALLOWS ATTACKER TRANSPARENT ACCESS TO VICTIM FILESYSTEM. Read more www.pbs.org: Reid and Count Zero are members of the Cult of the Dead Cow, a hacker organization which developed "Back Orifice. Read more neworder.box.sk: My First Actual Hack. Read more www.securityfocus.com: Black Hats Prefer Linux. Read more news.zdnet.co.uk: Christmas cheer brings virus fear. Read more www.federaltimes.com: Agencies In Market To Block Hackers. Read more www.newsbytes.com: 'Mujihadeen' Hackers Take Out US Government Sites. Read more www.reuters.com: NetTrends: Instant Messaging - Hackers Like It, Too. Read more news.zdnet.co.uk: Security services check for intruders. Read more www.nzherald.co.nz: Burning issue: the high cost of CD piracy. Read more news.zdnet.co.uk: Intel terahertz transistor breaks speed limits. Read more

01 December 2001 New trojan: CyberSpy 8.2 www.securiteam.com: Anonymizer.com Might Reveal Your IP (Double Proxy). Read more www.securiteam.com: PowerFTP Directory Traversal and DoS Vulnerabilities. Read more www.securiteam.com: Firewall-1 Remote SYSTEM Shell Buffer Overflow. Read more www.securityfocus.com: Redhat 7.0 local root (via uucp) (attempt 2). Read more www.securityfocus.com: Network Associates WebShield SMTP Malformed Mime Header Vulnerability. Read more www.securityfocus.com: Multiple Vendor CDE TTSession Buffer Overflow Vulnerability. Read more www.securityfocus.com: CDE dtspcd Overflow Vulnerability. Read more www.securiteam.com: Wu-Ftpd File Globbing Heap Corruption Vulnerability. Read more security-protocols.com: Alchemy Eye Remote Unauthenticated Log Viewing. Read more www.bugtraq.org: FORMAT STRING VULNERABILITY IN RUNAS. Read more www.blackhat.com: The Black Hat Windows Security Briefings 2002. Read more www.wired.com: DOJ's Already Monitoring Modems. Read more www.itworld.com: Microsoft design to blame for virus load, says expert. Read more www.theregister.co.uk: US assumes global cyber-police authority. Read more www.theregister.co.uk: Dreamcast game spreads virus. Read more abcnews.go.com: 'Badtrans' Worm Continues Spread. Read more www.computeruser.com: BadTrans' teeth proving hard to pull. Read more www.newsfactor.com: Alpha Force on Voyage to Hack Web Servers. Read more www.federaltimes.com: Agencies In Market To Block Hackers. Read more www.newsfactor.com: Hack Attacks Become Deadlier: Is There a Defense? Read more www.newsbytes.com: 'Mujihadeen' Hackers Take Out US Government Sites. Read more www.zdnet.com: Hackers put IM in their sights. Read more www.newsbytes.com: Fluffi Bunni Places Ads At Security Site. Read more www.theregister.co.uk: The Google attack engine. Read more www.zdnet.com: Got hacked? Blame it on the software. Read more www.infosecuritymag.com: From the L0pht to the West Wing. Read more www.securityfocus.com: R.I.P. Cypherpunks. Read more web.lexis-nexis.com: NEW SERVER WORM SECURITY ALLOWS REMOTE ADMINISTRATION. Read more

Copyright� MegaSecurity.org