Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FWD: SecurityFocus Newsletter #109
- From: Paul Howell
- Date: Mon Sep 10 14:44:28 2001
------- Forwarded Message
Date: Mon, 10 Sep 2001 11:35:29 -0600 (MDT)
From: John Boletta <jboletta@securityfocus.com>
X-Sender: <jboletta@mail>
To: <sf-news@securityfocus.com>
Subject: SecurityFocus Newsletter #109
Message-ID: <Pine.GSO.4.30.0109101132140.17068-100000@mail>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: sf-news-return-22-grue=merit.edu@securityfocus.com
Status:
SecurityFocus Newsletter #109
- --------------------------------
This newsletter is sponsored by: Lancope
Securing High Speed Networks
Today's corporate network requires intrusion detection solutions that can
reliably handle high throughput. StealthWatch, by Lancope, is the first
optical gigabit appliance that meets the requirements of today's busy data
center. This advanced threat management system monitors, detects and
responds to security breaches and internal misuse. But unlike traditional
intrusion detection systems, StealthWatch recognizes advanced attack
methods such as undocumented, encrypted and DoS attacks without relying on
signatures. Its unique flow-based architecture recognizes attacks at high
speeds (100 Mbps to 1 Gbps) while reducing the false positives commonly
associated with these tools.
To learn more about how StealthWatch can handle your high-speed network,
sign up to receive a Brief entitled "Securing High Speed Networks" at:
<http://www.stealthwatch.com/securityfocusgig>
-
---------------------------------------------------------------------------
-----
I. FRONT AND CENTER
1. An Introduction to OpenSSL, Part Two: Cryptographic Functions
Continued
2. Chasing the Wind, Episode Ten: The Road Less Traveled
3. Return to sender?
4. 'Good' viruses have a future
5. Virtual Private Networks: A Broken Dream?
II. BUGTRAQ SUMMARY
1. Solaris lpd Remote Command Execution Vulnerability
2. POP3Lite Input Validation Vulnerability
3. HP-UX SWVerify Buffer Overflow Vulnerability
4. PGP Invalid Key Display Vulnerability
5. Informix SQL Temporary Log File Symbolic Link Vulnerability
6. FreeBSD rmuser Password Hash Disclosure Vulnerability
7. Informix SQL ONSRVAPD Predictable Temporary File Creation...
8. Inter7 vpopmail MySQL Authentication Data Recovery Vulnerability
9. Marconi ForeThought 7.1 Telnet Administration Denial of Service...
10. Informix SQL SNMPDM Predictable Temporary File Creation...
11. Vibechild Directory Manager Command Execution Vulnerability
12. HP-UX login btmp Logging Failure Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
1. Security hole found in Gauntlet
IV.SECURITY FOCUS TOP 6 TOOLS
1. Webmin 0.83
2. Swatch v3.0.2
3. SMS spoof v1.1
4. Typhon
5. Samhain v1.1.14
6. Winfingerprint v0.3.0
V. SECURITYJOBS LIST SUMMARY
1. VP of Security - New York - #660 (Thread)
2. Instructors Positions (Thread)
3. Australia - (PD428) - Practice Manager - Security Consulting...
4. Start-up internet security firm seeks experienced Sales...
5. Security position in Oklahoma (Thread)
6. Availability (Thread)
7. Security Start-up looking for Financial Advisor (Thread)
8. First security role (Thread)
9. Experienced NSM/Security consultant with recent Secret...
10. Firewall Training and Consulting (Thread)
11. My Resume and Cover Letter (Thread)
12. Privacy (Thread)
13. Apologies on the list lag (Thread)
14. Seeking job/ currently with 7 yrs experience hold...
15. CV (Thread)
16. Boston network security architect position desired (Thread)
VI. INCIDENTS LIST SUMMARY
1. New Linux Trojan (Thread)
2. Lengthy probes of port 8500 (Thread)
3. Code red variants? (Thread)
4. Strange traffic (Thread)
5. New variant of Magistr virus discovered (Thread)
6. Multiple Vendor Telnetd Buffer Overflow Vulnerability Worm...
7. The x.c worm (Thread)
8. weird directories in /root [SOLVED] (Thread)
9. Backdoor.ccinvader Trojan (Thread)
10. ARIS Analyzer Version 1.5 (Thread)
11. Question (Thread)
12. FW: Wierd .ida request? What is it? (Thread)
13. weird directories in /root (Thread)
14. Scan of the Month - September (Thread)
15. formmail (Thread)
16. Win32.Invalid.A@mm (Thread)
17. Strange entries in Apache access_log (Thread)
18. Strange debug output (HTTP) (Thread)
19. Code Red - A Possible Origin? (Thread)
20. AIX writesrv on port 2401 (Thread)
21. new codered worm? (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. CodeGreen beta release (idq-patcher/antiCodeRed/etc.) (Thread)
2. http get (Thread)
3. Immune systems: some reading in the light of CodeGreen and...
4. Telnetd exploit for solaris (Thread)
5. coding (was: Re: CodeGreen beta release...
6. AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)...
7. Small win32 shellcode demo (Thread)
8. illegal cheer (was: Re: CodeGreen beta release...
9. codegreen, the problem. (Thread)
10. Multiple Vendor Telnetd Buffer Overflow Vulnerability Worm...
11. asm shellcode techniques (especially relevant for win32)...
12. How to compile CRclean (Thread)
13. SSH 2.4.0/3.0.1 usernames guessable ? (Thread)
14. OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER (Thread)
15. FW: verizon wireless website gaping privacy holes (Thread)
16. Web session tracking security prob. Vulnerable: IIS and ColdF...
17. Cobalt Cubes (was: Re: Fwd: Returned post for...
18. Fwd: Returned post for bugtraq@securityfocus.com (Thread)
19. solaris gdb screen mayhem (Thread)
20. Web session tracking security prob. Vulnerable: IIS and...
21. Email webbugs (Thread)
22. Outlook makes 99% CPU Usage with this message (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. What does 128-bit support for W2K give me? (Thread)
2. Insufficient port error (Thread)
3. All Services Disabled? (Thread)
4. Windowsupdate.microsoft.com / Wondering. (Thread)
5. %u encoding IDS bypass vulnerability (Thread)
6. alternate data stream... (Thread)
7. NT disk scanning ... (Thread)
8. Securing W2Kpro - ACLs? (Thread)
9. SecurityFocus Microsoft Newsletter #50 (Thread)
10. ARIS Analyzer Version 1.5 (Thread)
11. R: Windowsupdate.microsoft.com - getting updates manually...
12. Way to read Exchange 2000 database files (Thread)
13. Audit Tools (Thread)
IX. SUN FOCUS LIST SUMMARY
1. [FOCUS] `tcsh' a security risk? (Thread)
2. Security and Modems (Thread)
3. INCORRECT PATCH REVISIONS: Re: Sun Security Bulletin...
4. tcpwrapped rpcbind/portmap? (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Email and DMZs (iptables)? (Thread)
2. weird directories in /root [SOLVED] (Thread)
3. Passwd Change -> Email (Thread)
4. iptables (Thread)
5. weird directories in /root (Thread)
6. Security Patches to the Linux Kernel (Thread)
7. Blocking IM via DNS (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
- -------------------
1. An Introduction to OpenSSL, Part Two: Cryptographic Functions Continued
by Holt Sorenson
This is the second article in a series on OpenSSL, a library written in
the C programming language that provides routines for cryptographic
primitives utilized in implementing the Secure Sockets Layer (SSL)
protocol. In the first article in the series, we discussed some of the
basics of cryptography. This article will cover acquiring and compiling
OpenSSL and explore some commands that facilitate encryption and
decryption.
http://www.securityfocus.com/focus/sun/articles/openssl2.html
2. Chasing the Wind, Episode 10: the Road Less Traveled
by Robert G. Ferrell
This is the tenth installment of SecurityFocus's popular Chasing the Wind
series. In the last episode, we left Jake in the middle of his five-day
hacking seminar and Douglas continuied to forge ahead on the mysterious
Bellatrix Project. Meanwhile, unbeknownst to Douglas or to the United
States department of Defence, the shady figure known only as "Baseball
Cap" was successfully monitoring the Bellatrix project.
http://www.securityfocus.com/focus/ih/articles/chasing10.html
3. Return to sender?
by Jon Lasser
The new Sendmail hole sparks flashbacks to the program's insecure past. Is
it time to switch to an alternative?
http://www.securityfocus.com/templates/column.html?id=22
4. 'Good' viruses have a future
by Shane Coursen
Should we fight viruses with more viruses? Mad cyber-scientists have made
the moral question moot.
http://www.securityfocus.com/templates/column.html?id=23
5. Virtual Private Networks: A Broken Dream?
by Eric Hines
Virtual Private Networks allow organizations to establish secure links
with business partners and extend communications to regional and isolated
offices. In doing so, they significantly diminish the cost of
communications for an increasingly mobile workforce. While VPNs are
gaining widespread acceptance as security solutions, they are not a
panacea. This article will serve as a brief introduction to VPN
technology. It will also illustrate some vulnerabilities that have been
discovered in VPNs.
http://www.securityfocus.com/focus/basics/articles/vpn.html
II. BUGTRAQ SUMMARY
- -------------------
1. Solaris lpd Remote Command Execution Vulnerability
BugTraq ID: 3274
Remote: Yes
Date Published: 2001-08-31
Relevant URL:
http://www.securityfocus.com/bid/3274
Summary:
The print protocol daemon, 'in.lpd' (or 'lpd'), shipped with Solaris may
allow for remote attackers to execute arbitrary commands on target hosts
with superuser privileges.
This alleged vulnerability is not the buffer overflow discovered by ISS.
Lpd allows for clients to have email sent to a user when a job has
completed printing. The supplied email address is passed to sendmail at
the command line when it is invoked by lpd. Attackers may be able to
supply sendmail command-line options as the value of the email address
when using this functionality. It may be possible to force sendmail to
use an uploaded print job as a configuration file.
To do this, an attacker may have to supply the command-line option to use
a custom configuration file as the email address. The option must be
argumented with the location of the print job on the filesystem. If this
can be accomplished, arbitrary commands can be executed on the server as
root.
If this vulnerability is successfully exploited, remote attackers can
execute any command on the target host with superuser privileges.
This vulnerability is likely the same or closely related to one described
in NAI advisory NAI-0020.
NOTE: It has been reported that a valid printer does NOT need to be
configured to exploit this vulnerability.
2. POP3Lite Input Validation Vulnerability
BugTraq ID: 3278
Remote: Yes
Date Published: 2001-09-03
Relevant URL:
http://www.securityfocus.com/bid/3278
Summary:
POP3Lite is a free, open-source compact POP3 daemon for Linux and BSD
systems.
POP3Lite has an input validation problem which may be exploited by remote
attackers. POP3Lite will not escape leading dots('.') from e-mail it
transfers. POP3Lite will send lines with leading dots to the mail client,
causing them to be interpreted as an end-of-message. At the very least
this may cause unusual behavior to occur, but may be manipulated to
malicious effect.
For example, a message may be crafted by the attacker to a victim
receiving mail from POP3Lite which causes the victim's client to accept a
fake end-of-message followed by falsified arbitrary server responses.
Remote attackers may exploit this issue to inject messages or cause
messages to be lost. A potential for mail-spoofing attacks also exists as
message headers can be falsified. A denial of services may also result,
depending on how the client interprets the malicious input.
This issue may also be exploited in combination with input validation
vulnerabilities that exist in mail clients.
3. HP-UX SWVerify Buffer Overflow Vulnerability
BugTraq ID: 3279
Remote: No
Date Published: 2001-09-03
Relevant URL:
http://www.securityfocus.com/bid/3279
Summary:
HP-UX is the UNIX Operating System variant distributed by Hewlett-Packard,
available for use on systems of size varying from workgroup servers to
enterprise systems.
A problem has been discovered in HP-UX that could allow a local user to
gain elevated privileges. The vulnerability could result in complete
system compromise.
The problem is due to a buffer overflow in swverify. By supplying a
string of 6039 bytes, a buffer overflow occurs, allowing the user to
overwrite stack variables, including the return address.
As the swverify program is setuid root, this makes it possible for the
local user to gain an elevation of privileges to root.
4. PGP Invalid Key Display Vulnerability
BugTraq ID: 3280
Remote: Yes
Date Published: 2001-09-04
Relevant URL:
http://www.securityfocus.com/bid/3280
Summary:
PGP Security provides privacy and data confidentiality software.
There is a vulnerability in some of PGP's display of key validity which
could allow a user to be tricked into accepting a signature created by an
invalid user ID.
When there are two user ID's on the same key, PGP's display heuristically
communicates key validity to the user. The first strategy is to base the
validity display on the first user ID in the key. The second is to base
the validity display on the most valid key.
The key verification window's name field uses the first strategy, while
the validity light on this display uses the second strategy. Thus, when a
key having an invalid user ID as the primary name and a valid user ID as
the secondary name is displayed, it shows the primary user's name, but the
validity of the secondary name.
If such a key is sent to a user who relies on the affected validity
displays, the key may appear to be valid. If the key is imported into the
target user's keyring, attackers can forge signatures on documents sent to
the target user as the invalid user-id.
5. Informix SQL Temporary Log File Symbolic Link Vulnerability
BugTraq ID: 3281
Remote: No
Date Published: 2001-09-04
Relevant URL:
http://www.securityfocus.com/bid/3281
Summary:
Informix is an enterprise database software package designed for use on
multiple platforms. It is distributed and maintained by IBM.
A problem with Informix makes it possible for local users to overwrite
files, resulting in file corruption, and potentially in privilege
elevation.
The problem is due to the creation of predictable temporary files. When
either the onbar_d, ondblog, or onsmsync programs are executed, files
serving as temporary logs of activity are created in /tmp. These three
programs are installed with the default permissions of setuid root, and
setgid informix.
The execution of one of these three programs results in the creation of
the files bar_act.log and bar_dbug.log in the /tmp directory. This
vulnerability may be exploited only if these files do not exist or the
attacker is in the informix group, as they're created with permissions
660, and can not be removed by a user that either isn't root, or in the
group informix.
Successful exploitation of this vulnerability could lead to a denial of
service, or potentially an elevation of privileges to root, although the
latter is unproven.
6. FreeBSD rmuser Password Hash Disclosure Vulnerability
BugTraq ID: 3282
Remote: No
Date Published: 2001-09-04
Relevant URL:
http://www.securityfocus.com/bid/3282
Summary:
FreeBSD ships with a perl script called 'rmuser'. It can be used by
administrators to completely remove users from a system.
When rmuser is run, the 'passwd' and 'master.passwd' files must be
updated. The rmuser script creates copies of these files and then
modifies them. When complete, the original files are replaced with the
updated copies.
The script explicitly sets an insecure umask and the copy files are
created world readable. If an attacker can anticipate the use of rmuser
by an administrator, it may be possible to obtain the contents of
'master.passwd'. If successful, the attacker would obtain the password
hashes of other users on the system. This information may assist in a
brute-force password attack.
Exploitation of this vulnerability is extremely time dependent, as the
attack must be launched when rmuser is being used and while the
world-readable copy exists (it is deleted by the script after the original
files are overwritten).
Attacks against this utility may be more feasible on systems where
'rmuser' is run automatically at scheduled times (for example, on a server
where an automated script runs that removes ISP users with expired
accounts).
7. Informix SQL ONSRVAPD Predictable Temporary File Creation Vulnerability
BugTraq ID: 3283
Remote: No
Date Published: 2001-09-04
Relevant URL:
http://www.securityfocus.com/bid/3283
Summary:
Informix is an enterprise database distributed and maintained by IBM.
A problem in the Informix SQL package makes it possible for a local user
to overwrite root-owned files, and potentially gain elevated privileges.
The problem is in the onsrvapd program. Upon execution, the program
creates the predictable files onsrvapd.log (owned and group member
informix), and onsnmp.$HOSTNAME.log (owned by root, group member informix)
in the /tmp directory, where $HOSTNAME is the name of Informix SQL host.
The log files are created with world-writable permissions.
Since the onsrvapd program is setuid root, this makes it possible for a
user to create a symbolic link in place of the onsnmp.$HOSTNAME.log file,
and point the symbolic link to any file, existing or non-existing.
In the case of an existing file, this allows the attacker to overwrite the
file, leaving the file with permissions of 0666. If the file does not
exist, a file will be created at the end of the symbolic link with
permissions 0666.
This problem could result in a local user denying service to legitimate
users of the system, or potentially gaining local root access.
8. Inter7 vpopmail MySQL Authentication Data Recovery Vulnerability
BugTraq ID: 3284
Remote: No
Date Published: 2001-09-04
Relevant URL:
http://www.securityfocus.com/bid/3284
Summary:
Inter7 vpopmail is a freely-available software package that provides an
way for system administrators to manage virtual email domains and
non-system password based email accounts on Qmail or Postfix mail servers.
A vunerability exists in vpopmail that may result in the disclosure of
sensitive authentication information when the package is configured to use
a MySQL database. When the package is compiled, account information used
for database authentication is compiled into an object archive and
subsequently linked against the command-line programs included in the
package. Due to the non-interactive nature of the package, this
information is written in cleartext.
The programs are then installed with world-readable file access
permissions. As a result, it may be possible for an attacker with local
access to retrieve the authentication information by examining one of the
programs.
9. Marconi ForeThought 7.1 Telnet Administration Denial of Service
Vulnerability BugTraq ID: 3286
Remote: Yes
Date Published: 2001-09-04
Relevant URL:
http://www.securityfocus.com/bid/3286
Summary:
ForeThought is the internetworking software used by most of Marconi's
product line. The software incorporates remote administration through
telnet and web console interfaces.
The telnet administration interface allows up to two concurrent sessions.
When both sessions are locked, the only way to release the sessions is to
reboot the device. Until the device is rebooted, access to the telnet
interface is not possible.
It has been reported that some port scans may unintentionally trigger this
condition.
10. Informix SQL SNMPDM Predictable Temporary File Creation Vulnerability
BugTraq ID: 3287
Remote: No
Date Published: 2001-09-04
Relevant URL:
http://www.securityfocus.com/bid/3287
Summary:
Informix is an enterprise level database maintained and distributed by
IBM.
A problem with the Informix SQL database add-on package makes it possible
for a local user to exploit a symbolic link problem. This problem is in
the snmpdm package.
Upon execution of the setuid root application snmpdm, a file is created in
the /tmp directory using filename snmpd.log. This file is created with
world-writable permissions.
Since the snmpdm program is setuid root, this makes it possible for a user
to create a symbolic link in place of the snmpd.log file, and point the
symbolic link to any file, existing or non-existing.
In the case of an existing file, this allows the attacker to overwrite the
file, leaving the file with permissions of 0666. If the file does not
exist, a file will be created at the end of the symbolic link with
permissions 0666.
This problem could result in a local user denying service to legitimate
users of the system, or potentially gaining local root access.
11. Vibechild Directory Manager Command Execution Vulnerability
BugTraq ID: 3288
Remote: Yes
Date Published: 2001-09-04
Relevant URL:
http://www.securityfocus.com/bid/3288
Summary:
Directory Manager is an application used to maintain LDAP directory data.
It is maintained by Vibechild and hosted for download on Sourceforge.net.
An input validation error exists in Directory Manager that may enable
remote attackers to execute arbitrary code on a host running the software.
The flaw is due to a script in the package that fails to filter shell
metacharacters from a user-supplied value passed to PHP's passthru()
function.
Successful exploitation of this issue is achievable by submitting shell
metacharacters followed by a command in the 'userfile_name' field of a
HTTP request.
Exploitation of this vulnerability may lead to the disclosure of sensitive
data on or compromise of a vulnerable host.
12. HP-UX login btmp Logging Failure Vulnerability
BugTraq ID: 3289
Remote: Yes
Date Published: 2001-09-03
Relevant URL:
http://www.securityfocus.com/bid/3289
Summary:
The version of 'login' shipped with HP-UX 10.26 does not record
unsuccessful login attempts in 'btmp'. The btmp file is used to record
bad logins.
It may be possible for attackers to launch a brute force attack that is
not noticed by administrators who rely on btmp. As unsuccessful logins
would not be recorded in the file, administrators using 'lastb' to view
recent bad login attempts would not notice the attacker's attempts.
The attempts may still be visible in other logs (such as syslog).
III. SECURITYFOCUS.COM NEWS AND COMMENTARY
- ------------------------------------------
1. Security hole found in Gauntlet
By Kevin Poulsen
Experts are calling it a security manager's nightmare. For the second time
in as many years, a hole has been discovered in Network Associate's
Gauntlet firewall software that makes it possible for intruders to turn
the security system against the very networks it was designed to protect.
http://www.securityfocus.com/templates/article.html?id=248
IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------
1. Webmin 0.83
by jcameron@webmin.com
Relevant URL:
http://www.securityfocus.com/tools/1549
Platforms: Linux, Perl (any system supporting perl), Solaris and UNIX
Summary:
Webmin is a web-based interface for system administration for Unix. Using
any browser that supports tables and forms (and Java for the File Manager
module), you can setup user accounts, Apache, DNS, file sharing and so on.
Webmin consists of a simple web server, and a number of CGI programs which
directly update system files like /etc/inetd.conf and /etc/passwd. The web
server and all CGI programs are written in Perl version 5, and use no
external modules. This means that you only need a Perl binary to run
Webmin.
2. Swatch v3.0.2
by Todd Atkins
Relevant URL:
http://www.securityfocus.com/tools/70
Platforms: BSDI, Linux, Solaris and UNIX
Summary:
Swatch was originally written to actively monitor messages as they were
written to a log file via the UNIX syslog utility. It has multiple methods
of alarming, both visually and by triggering events. The perfect tools for
a master loghost. It is known to work flawlessly on Linux (RH5), BSDI, and
Solaris 2.6 (patched).
3. SMS spoof v1.1
by Terje Sannum
Relevant URL:
http://www.securityfocus.com/tools/2196
Platforms: PalmOS
Summary:
SMS spoof is a PalmOS application that allows you to send spoofed SMS
messages. It uses a dialup connection to an EMI/UCP-compatible SMSC. It
can be used with a modem connected to the Palm, such as an IR link to a
GSM phone with a built-in modem. SMS spoof has been tested with Telenor's
SMSC in Norway, but it should work with any SMSC that supports the EMI/UCP
protocol, as long as no authentication is required.
4. Typhon
by Next Generation Security Software Ltd
Relevant URL:
http://www.securityfocus.com/tools/2195
Platforms: Windows 2000 and Windows NT
Summary:
Typhon, an updated version of Cerberus Internet Scanner, is a
vulnerability assessment tool. It will scan a given host for known
security holes and vulnerabilities. It does this by looking at the
services offered by a host and each of these are examined for holes. For
example, Typhon will check for over 180 known vulnerabilities in the web
service or daemon offered by a server. Once a scan has been completed a
report in HTML is produced detailing what security holes were found, the
impact of those holes and how to fix them. Once these holes have been
removed then the host will be more secure against attacks. As new
vulnerabilities are discovered almost on a daily basis it is necessary to
ensure that the Typhon is kept upto date and hosts are scanned on a
regular basis.
5. Samhain v1.1.14
by Rainer Wichmann, rwichmann@la-samhna.de
Relevant URL:
http://www.securityfocus.com/tools/708
Platforms: AIX, Digital UNIX/Alpha, FreeBSD, HP-UX, Linux, Solaris and
Unixware
Summary:
samhain is a file system integrity checker that can optionally be used as
a client/server application for centralized monitoring of networked hosts.
Databases and configuration files can be stored on the server. In addition
to forwarding reports to the log server via authenticated TCP/IP
connections, several other logging facilities (e-mail, console,
tamper-resistant log file, and syslog) are available. samhain has been
tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
6. Winfingerprint v0.3.0
by Kirby Kuehl, vacuum@technotronic.com
Relevant URL:
http://www.securityfocus.com/tools/1291
Platforms: Windows 2000 and Windows NT
Summary:
Determines OS using SMB Queries, TCP Portscan, ICMP Scan, IP Address Range
support, Enumerates NetBIOS Shares, Users, Services, Transports, Sessions,
Service Pack and Hotfix Level, Groups and Disks.
V. SECURITY JOBS SUMMARY
- ------------------------
1. VP of Security - New York - #660 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d20010906135112.2997.qmai
l@securityfocus.com
2. Instructors Positions (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3dDEEALOGEOKINODALADLBKELE
CGAA.gary.porter@matcomcorp.com
3. Australia - (PD428) - Practice Manager - Security Consulting
(Asia/Pacific) (Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d5.1.0.14.2.2001090516221
0.00a835f0@bne011m.server-mail.com
4. Start-up internet security firm seeks experienced Sales Executive
(Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3dPOEJIEFGDGNKKMOLBILLIEBB
CCAA.ejohnson@cyber-security.com
5. Security position in Oklahoma (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d20010905160406.17098.qma
il@securityfocus.com
6. Availability (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3dFFEHIDELKGDHDJHNNNOCIEJH
DGAA.dunhamk@rmci.net
7. Security Start-up looking for Financial Advisor (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d20010905001342.15376.qma
il@securityfocus.com
8. First security role (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3dAMEELIGLAKNOMNBPFIKHAEJO
CIAA.rf@rf0.com
9. Experienced NSM/Security consultant with recent Secret Clearance
available... (Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d!~!UENERkVCMDkAAQACAAAAA
AAAAAAAAAAAABgAAAAAAAAAg0HFAqtv1BGF0wBgCN6%2fI8KAAAAQAAAAsbEQD7mPGk6rGVT4Gc
YC9AEAAAAA@hotmail.com
10. Firewall Training and Consulting (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d013201c13578$04227800$64
01000a@blackhawkcomm.com
11. My Resume and Cover Letter (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d20010904182336.4919.qmai
l@securityfocus.com
12. Privacy (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3dB4DFCB7CDE2DD4118F690008
C7869416650B88@tahoe.allegronetworks.com
13. Apologies on the list lag (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3dPine.GSO.4.30.0109041124
001.8936-100000@mail
14. Seeking job/ currently with 7 yrs experience holding management
position (Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d20010902141637.44073.qma
il@web14601.mail.yahoo.com
15. CV (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3d3563565.999341035140.Jav
aMail.root@172.16.100.50
16. Boston network security architect position desired (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d77%26date%3d2001-09-07%26thread%3dPine.LNX.4.10.1010831151
6180.18551-100000@orion.thinc.net
VI. INCIDENTS LIST SUMMARY
- -------------------------
1. New Linux Trojan (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d535B280C27E1D2119A790000
24C8B4BA09679B5A@vevics14.nestec.ch
2. Lengthy probes of port 8500 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d88KLvd9EaCB@robinton.gmx
.de
3. Code red variants? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3dSIMEON.10109061118.R1540
@bluebottle.itss
4. Strange traffic (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d017601c136da$c6bc8aa0$fb
4499aa@loki
5. New variant of Magistr virus discovered (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d4d.10d44f2a.28c90ec2@aol
.com
6. Multiple Vendor Telnetd Buffer Overflow Vulnerability Worm (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3dPine.GSO.4.30.0109051515
410.4984-100000@mail
7. The x.c worm (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d3B9640AB.18057357@source
fire.com
8. weird directories in /root [SOLVED] (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d5.1.0.14.2.2001090502422
0.00b1ec60@pop3.cyberia.net.lb
9. Backdoor.ccinvader Trojan (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d005901c1357f$fc194dc0$ab
1024cc@root
10. ARIS Analyzer Version 1.5 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d10786F3AE30CD4118FAC00A0
CC58F9F11A0872@MAIL
11. Question (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3dBB7FD4FF9E440648A731452E
5D341FB06544E0@hitsexchange01.advance-med.com
12. FW: Wierd .ida request? What is it? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d20010904014010.1283.qmai
l@ee.eee.metu.edu.tr
13. weird directories in /root (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d5.1.0.14.2.2001090404394
5.00abe7e8@pop3.cyberia.net.lb
14. Scan of the Month - September (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3dPine.LNX.4.30.0109020722
230.27144-100000@marge.spitzner.net
15. formmail (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3dPine.GSO.4.30.0109021442
170.25189-100000@mail
16. Win32.Invalid.A@mm (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d200109012321.LAA19074@fe
p4-orange.clear.net.nz
17. Strange entries in Apache access_log (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3dPine.LNX.4.33.0109012139
540.11539-100000@space.comunit.de
18. Strange debug output (HTTP) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3dPine.GSO.4.33.0109012003
120.23274-100000@atro.pine.nl
19. Code Red - A Possible Origin? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d200109012136.OAA28412@pr
ince.kattare.com
20. AIX writesrv on port 2401 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d20010831102647.A27336@au
stin.ibm.com
21. new codered worm? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d75%26date%3d2001-09-07%26thread%3d200108302040.IAA28633@fe
p4-orange.clear.net.nz
VII. VULN-DEV RESEARCH LIST SUMMARY
- ----------------------------------
1. CodeGreen beta release (idq-patcher/antiCodeRed/etc.) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d20010906234926.A32280@ha
genaars.com
2. http get (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d000301c13718$7fe8f1c0$01
00a8c0@number1
3. Immune systems: some reading in the light of CodeGreen and CleanCR
(Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d3B985EB3.FE8ECECA@nts.um
d.edu
4. Telnetd exploit for solaris (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3dPine.GSO.4.21.0109062126
520.226-100000@denali.ccs.neu.edu
5. coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)
(Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d20010906203001.V29333-10
0000@tasam.com
6. AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d3B97BF43.1F7C9C19@gmx.net
7. Small win32 shellcode demo (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d003001c13734$7aa70dc0$ab
06050a@none
8. illegal cheer (was: Re: CodeGreen beta release
(idq-patcher/antiCodeRed/etc.) (Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d3B9777EE.8818DBE2@bah.com
9. codegreen, the problem. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3djUsT.aNoTheR.mEsSaGe.iD.
99978174917552@www.hackersdigest.com
10. Multiple Vendor Telnetd Buffer Overflow Vulnerability Worm (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d4.1.20010906072416.0095b
500@pop3.norton.antivirus
11. asm shellcode techniques (especially relevant for win32) (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3dPine.LNX.4.33L2.01090601
19230.1461-100000@apolo
12. How to compile CRclean (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d3B965CD2.5A2DAE7E@gmx.net
13. SSH 2.4.0/3.0.1 usernames guessable ? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d3B95E327.B6960EC@obit.nl
14. OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d002701c13573$655decd0$cc
3290c3@intranetserver.local
15. FW: verizon wireless website gaping privacy holes (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d27B17B8B25A3D411B4580080
5FA7F01C012E2B02@mtvmail.merant.com
16. Web session tracking security prob. Vulnerable: IIS and ColdF usion
(maybe others) (Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3dA5EDA791B1C8D3119F8D0060
08CEC98F012C5E28@ITCHY
17. Cobalt Cubes (was: Re: Fwd: Returned post for
bugtraq@securityfocus.com) (Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d20010904101838.A20666@op
ennms.org
18. Fwd: Returned post for bugtraq@securityfocus.com (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d3B946234.A2A36BEF@thievc
o.com
19. solaris gdb screen mayhem (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d20010903191638.101EA469C
@notatla.demon.co.uk
20. Web session tracking security prob. Vulnerable: IIS and ColdFusion
(maybe others) (Thread) Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d00bc01c134ba$4bb81080$a6
00000a@Jancula.com
21. Email webbugs (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d20010831161851.6063.qmai
l@securityfocus.com
22. Outlook makes 99% CPU Usage with this message (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d82%26date%3d2001-09-07%26thread%3d000001c1323c$d46c04c0$5d
79fea9@mcs.drexel.edu
VIII. MICROSOFT FOCUS LIST SUMMARY
- ---------------------------------
1. What does 128-bit support for W2K give me? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3d004301c136f2$250ab9d0$f7
01fe0a@commtouch.com
2. Insufficient port error (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3dEX-20010906-084857-0001@
exchange.fiserv-missive1.fiserv.net
3. All Services Disabled? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3d3B9674A6.FE7C9716@direct
talk.com.br
4. Windowsupdate.microsoft.com / Wondering. (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3d002101c13641$ca9c4e60$64
00000a@internal.home.blockdev.net
5. %u encoding IDS bypass vulnerability (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3dEIEOJCKGEPCLJHGCNNOPOEKJ
ELAA.marc@eeye.com
6. alternate data stream... (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3dE087B1AAE943D511A6C40050
8BDF15E6CCB686@XCH5S
7. NT disk scanning ... (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3d001701c1358e$20c341e0$01
e05ea0@sprite
8. Securing W2Kpro - ACLs? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3d01c701c13581$583fbcf0$23
00a8c0@lauradominion.com
9. SecurityFocus Microsoft Newsletter #50 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3dPine.GSO.4.30.0109041543
430.2977-100000@mail
10. ARIS Analyzer Version 1.5 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3d10786F3AE30CD4118FAC00A0
CC58F9F11A0873@MAIL
11. R: Windowsupdate.microsoft.com - getting updates manually (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3dNDBBIEKBGLHLJPCLAJBJOEOL
DLAA.hacker-pschorr@libero.it
12. Way to read Exchange 2000 database files (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3d7AC047F37B68BD428B268562
2B996CDA046603@vj592.frnk.com
13. Audit Tools (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d88%26date%3d2001-09-07%26thread%3d001f01c1322c$d5e4dc60$01
00a8c0@DaemonLabs.com
IX. SUN FOCUS LIST SUMMARY
- ----------------------------
1. [FOCUS] `tcsh' a security risk? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d92%26date%3d2001-09-07%26thread%3d20010905142431.A30154@du
rden.besh.com
2. Security and Modems (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d92%26date%3d2001-09-07%26thread%3d3B9642BE.44DA2CED@cgen.c
om
3. INCORRECT PATCH REVISIONS: Re: Sun Security Bulletin #00207 (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d92%26date%3d2001-09-07%26thread%3d200109041352.PAA01541@ro
mulus.Holland.Sun.COM
4. tcpwrapped rpcbind/portmap? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d92%26date%3d2001-09-07%26thread%3d20010831134302.V23684@ca
lvin.ucsd.edu
X. LINUX FOCUS LIST SUMMARY
- ---------------------------
1. Email and DMZs (iptables)? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d91%26date%3d2001-09-07%26thread%3d3B964E5B.5030602@aaasgr.
it
2. weird directories in /root [SOLVED] (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d91%26date%3d2001-09-07%26thread%3d5.1.0.14.2.2001090502421
7.00b1e4e8@pop3.cyberia.net.lb
3. Passwd Change -> Email (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d91%26date%3d2001-09-07%26thread%3d20010904175717.H15319@wi
rex.com
4. iptables (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d91%26date%3d2001-09-07%26thread%3dF1E62975E475D311ACF90001
FA7E65CA0162D078@xcem-aztem-05.wellsfargo.com
5. weird directories in /root (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d91%26date%3d2001-09-07%26thread%3d5.1.0.14.2.2001090404380
0.00abe7e8@pop3.cyberia.net.lb
6. Security Patches to the Linux Kernel (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d91%26date%3d2001-09-07%26thread%3dPine.LNX.4.30.0109020715
380.17445-100000@gwyn.tux.org
7. Blocking IM via DNS (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchi
ve.pike%3flist%3d91%26date%3d2001-09-07%26thread%3dlywv3jc2od.fsf@gfn.org
XI. SPONSOR INFORMATION
- -----------------------
This newsletter is sponsored by: Lancope
Securing High Speed Networks
Today's corporate network requires intrusion detection solutions that can
reliably handle high throughput. StealthWatch, by Lancope, is the first
optical gigabit appliance that meets the requirements of today's busy data
center. This advanced threat management system monitors, detects and
responds to security breaches and internal misuse. But unlike traditional
intrusion detection systems, StealthWatch recognizes advanced attack
methods such as undocumented, encrypted and DoS attacks without relying on
signatures. Its unique flow-based architecture recognizes attacks at high
speeds (100 Mbps to 1 Gbps) while reducing the false positives commonly
associated with these tools.
To learn more about how StealthWatch can handle your high-speed network,
sign up to receive a Brief entitled "Securing High Speed Networks" at:
<http://www.stealthwatch.com/securityfocusgig>
------- End of Forwarded Message
---------- End Forwarded Message ----------
|
