Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: SecurityFocus Newsletter #124
- From: Howell, Paul
- Date: Wed Dec 26 08:44:03 2001
-----Original Message-----
From: John Boletta
To: sf-news@securityfocus.com
Sent: 12/24/01 1:03 PM
Subject: SecurityFocus Newsletter #124
SecurityFocus Newsletter #124
--------------------------------
Announcing The Security eMarketing Report
SecurityFocus is proud to introduce the Security eMarketing Report, the
monthly electronic publication tailored specifically to the security
professionals who market security products and services on-line.
Along with monthly SecurityFocus Web site traffic statistics, this
publication will feature content written by industry experts on a
variety
of topics including, but not limited to:
**Case Studies
**Industry News
**Columnists
**Guest Interviews
**Success Stories
**Techniques
To subscribe this free HTML email publication, please send a blank email
to smr-html-subscribe@securityfocus.com. To contact the editor, please
email smr@securityfocus.com
------------------------------------------------------------------------
-------
I. FRONT AND CENTER
1. Advertising Information
2. Palm OS: a Platform for Malicious Code? Part Two
3. Using IPSec in Windows and XP, Part Two
4. Network Intrusion Detection Signatures, Part 1
5. Social Engineering Fundamentals, Part I: Hacker Tactics
6. Detecting the Software Switcheroo
II. BUGTRAQ SUMMARY
1. Zyxel Prestige SDSL Router IP Packet Length Remote Denial Of...
2. Novell Groupwise Servlet Gateway Default Authentication...
3. Microsoft Internet Explorer XMLHTTP File Disclosure
Vulnerability
4. Webmin Directory Traversal Vulnerability
5. KDE2 KDEUtils KLPRFax_Filter Insecure Temporary File Creation...
6. HP-UX RLPDaemon Arbitrary Log File Creation Vulnerability
7. Agora.CGI Cross-Site Scripting Vulnerability
8. xSANE Insecure Temporary File Creation Vulnerability
9. Microsoft Windows XP Unauthorized Hotkey Program Execution...
10. WMCube/GDK Object File Buffer Overflow Vulnerability
11. Zyxel Prestige SDSL Router IP Fragment Reassembly Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. The Littlest Security Pro
2. Is Distributed Computing A Crime?
IV.SECURITYFOCUS TOP 6 TOOLS
1. Shoreline Firewall v1.2.0
2. XCmail v1.5beta4-2001-12-21
3. pcInternet Patrol
4. SysOrb v2.0.1
5. MacAnalysis 2.0b8
6. IPFC v1.0
V. SECURITYJOBS LIST SUMMARY
1. Senior Network Security Manager / Security Architect Vacancy...
2. Information Security Senior Account Executive ($350k+...
3. NY/NJ Security firm (IDS, VA, FW audits, CP, Nokia) short...
4. Article: 10 Hottest Certifications for 2002 (Thread)
5. WAN Architect/Engineer (requires VPN background and Security...
6. Looking Security Position, STL, MO area (Thread)
7. Sales Director Vacancy, UK (Thread)
8. In search of security position in DFW, Austin, or Houston TX...
9. PA Security Position (Thread)
10. Security Clearance (UK) (Thread)
11. I am seeking a security position in the NoVA area (Thread)
VI. INCIDENTS LIST SUMMARY
1. DDoS Attacks to several Networks (Switzerland) (Thread)
2. *MAJOR SECURITY BREACH AT CCBILL** (Thread)
3. sshd brake-in attempts (Thread)
4. Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} (Thread)
5. FTP scans from wanadoo.fr (Thread)
6. NT Compromise (Thread)
7. Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? (Thread)
8. SSH Attempts: Link to RedHat? (Thread)
9. UDP DoS attack in Win2k via IKE (Thread)
10. FTP scans from wanadoo.fr - MOre info (Thread)
11. wanadoo.fr's ip blocks (Thread)
12. a BIG Thank-You! (Thread)
13. Voluminous SSHd scanning; possible worm activity? (Thread)
14. MSIE may download and run progams automatically (Thread)
15. Weird Scan (Thread)
16. Voluminous SSHd scanning; possible worm activity ? (Thread)
17. CERT CA-2001-034 (Thread)
18. Seen any DDoS coming from 208.184.109.166? (Thread)
19. Gokar Worm? (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Linux Firewalls (Thread)
2. RunAs weirdness... (Thread)
3. How to trace system level call in AIX (Thread)
4. yet another fake exploit making rounds (Thread)
5. Re[2]: RunAs weirdness... (Thread)
6. Windows 2000 Runas weirdness (Thread)
7. 1 last CSS hole in PHPNuke :) (Thread)
8. sometimes IIS 4.0 don't write logs. (Thread)
9. 4 news CSS holes in PHP-Nuke (Thread)
10. Serious Hole in IMessenger ( php-nuke ) (Thread)
11. cross site scripting vulnerability on ebay.com (Thread)
12. IE goes boom on OSX (Thread)
13. A Strang bug using Ctrl-N, perhaps a way to deny service on...
14. CSS in DMOZGateway ( php-nuke ) (Thread)
15. Serious bug in IMessenger ( php-nuke ) (Thread)
16. proxy tool (Thread)
17. Security hole in IMessenger ( PHP-Nuke ) (Thread)
18. Win XP IP address hijack? (Thread)
19. PHPNuke Cross Scripting... (Thread)
20. JScript bugs in Internet Explorer 5 & 6 create stack faults...
21. iptables 'syn but not new' packets (Thread)
22. iptables 'new but not syn' packets (Thread)
23. Again: Possible DoS attack against Sun Ray Servers? (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. question regarding SAM file / l0phtcrack / pwdump2 (Thread)
2. MS01-058 patch (Thread)
3. Taking control of ones machine (Thread)
4. NT4 Phantom user after rename (Thread)
5. urlscan configuration question (Thread)
6. Windows XP Update possible BUG [ Was: RE: RE: MS01-058 patch
]...
7. NTLM v2 implementation (Thread)
8. assigning folder rights (Thread)
9. Password complexity question in Win2k/AD (Thread)
10. VNC over SSH (Thread)
11. Multiple Remote Windows XP/ME/98 Vulnerabilities (Thread)
12. MS01-058/IE patch - why is it rated critical on servers?...
13. mac client password changes (Thread)
14. secure files (Thread)
15. SmoothWall 0.9.9 Problem (Thread)
16. ISAPI answer to "Microsoft IIS False Content-Length Field
DoS...
17. Microsoft Security Bulletin MS01-058 (Thread)
18. Active Directory+IIS (Thread)
19. Print Queue (Thread)
20. Re : Microsoft IIS False Content-Length Field DoS Vulner...
21. FW: PC NETLINK (Thread)
22. Automating URLScan installation (Thread)
23. Re : Microsoft IIS False Content-Length Field DoS Vuln...
24. IIS Password Administration without IISADMPWD directory...
25. FW: Microsoft Security Notification Service (Thread)
26. SecurityFocus Microsoft Newsletter #65 (Thread)
27. Administrivia: Possible Infection (Thread)
28. rant on a Friday (Thread)
29. Blind penetration testing (Thread)
30. MSIE may download and run progams automatically - NOT SO
FAST...
31. Antwort: AW: RE: strange exploit in Win2K server (Thread)
32. HFNetChk 3.3 Beta now available (Thread)
33. SQL Agent privileges (Thread)
34. Security software produced outside the US (Thread)
35. [RE: Microsoft .NET, ASP.NET, and IIS - any opinions?]...
36. Microsoft .NET, ASP.NET, and IIS - any opinions? (Thread)
37. Outlook + X-Mailer header ? (Thread)
38. strange exploit in Win2K server (Thread)
39. vpn woes (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Sun Solaris login bug patches out (Thread)
2. Door Files (Thread)
3. Holiday Update (Thread)
4. Mounting dd images question (Thread)
5. Announcing: new Cluster / Sec Policy security BluePrint
OnLine...
6. /bin/login overflow in SunOS 4.x? (Thread)
7. Machine authentication (Thread)
8. login bug and Solaris 9 (Thread)
9. Openssh rollout on solaris 7 (Thread)
10. exploit signature - /bin/login (Thread)
11. chroot'ing ftpd (Thread)
12. login security bug (Thread)
X. LINUX FOCUS LIST SUMMARY
1. aide or tripwire (Thread)
2. Holiday update (Thread)
3. Suggestioned updates (Thread)
4. Logcheck entries (Thread)
5. loging user's commands (Thread)
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Advertising Information
Reach the LARGEST audience of security professionals with SecurityFocus
direct e-marketing NOW!
SecurityFocus is the Web's most successful security intelligence site,
with more than 200,000 unique monthly visitors (September 2001), and
growing rapidly each week. Leverage the security portal of unrivaled
credibility and influence in your next direct marketing campaign.
To find out how SecurityFocus Web marketing and opt-in email newsletter
sponsorships can drive your company's success, contact us at
adsales@securityfocus.com, or download the Advertising Kit at
http://www.securityfocus.com/about/press/adverts.shtml. To speak
directly
with a customer service representative, please call +1(650) 655-6350.
2. Palm OS: a Platform for Malicious Code? Part Two
by Markus Schmall
This is the second of a two-part series that will attempt to establish
to
what degree Palm OS-based systems represent a suitable platform for
malicious code. The first article examined the operating system in
general, as well some of the types of malicious code that could be used
to infect Palm OS platforms. This installment will look at file system
viruses, non-overwriting link viruses, compressing link viruses,
existing
Palm OS malware, and virus scanners for Palm OS.
http://www.securityfocus.com/infocus/1530
3. Using IPSec in Windows and XP, Part Two
by Chris Weber
This is the second part of a three-part series devoted to discussing the
technical details of using Internet Protocol Security (IPSec) in a
Windows
2000 and XP environment. This article will discuss Security
Associations,
main mode authentication and IKE, Quick Mode Authentication Headers and
ESP. We will also discuss some of the tools available in 2000 and XP.
http://www.securityfocus.com/infocus/1526
4. Network Intrusion Detection Signatures, Part 1
by Karen Frederick
This is the first in a series of articles on understanding and
developing
signatures for network intrusion detection systems. In this article we
will discuss the basics of network IDS signatures and then take a closer
look at signatures that focus on IP, TCP, UDP and ICMP header values.
Such
signatures ignore packet payloads and instead look for certain header
field values or combinations of values. By learning about network IDS
signatures, you'll have more knowledge of how intrusion detection
systems
operate, and you'll have a better foundation to write your own IDS
signatures.
http://www.securityfocus.com/infocus/1524
5. Social Engineering Fundamentals, Part I: Hacker Tactics
by Sarah Granger
One morning a few years back, a group of strangers walked into a large
shipping firm and walked out with access to the firm's entire corporate
network. How did they do it? By obtaining small amounts of access, bit
by
bit, from a number of different employees in that firm. First, they did
research about the company for two days before even attempting to set
foot
on the premises. For example, they learned key employees' names by
calling
HR. Next, they pretended to lose their key to the front door, and a man
let them in. Then they "lost" their identity badges when entering the
third floor secured area, smiled, and a friendly employee opened the
door
for them.
http://www.securityfocus.com/infocus/1527
6. Detecting the Software Switcheroo
by Jon Lasser
It may be the next big thing in Trojan horse attacks: swapping bad code
for good code in transit. Fortunately, there's a defense
http://www.securityfocus.com/columnists/48
II. BUGTRAQ SUMMARY
-------------------
1. Zyxel Prestige SDSL Router IP Packet Length Remote Denial Of Service
Vulnerability
BugTraq ID: 3695
Remote: Yes
Date Published: Dec 14 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3695
Summary:
Prestige is a product line of DSL routers produced and distributed by
Zyxel.
A problem with Zyxel routers has been discovered that could lead to a
remote denial of service attack. The problem is in the receipt of
malformed packets.
When a Zyxel router receives malformed packets crafted with an IP length
shorter than the actual size of the packet, the router becomes unstable
and drops connectivity. This loss of connectivity can last up to three
minutes. This could lead to a remote user denying service to a
legitimate
user of the router. The router is affected only by malformed packets
received through the DSL interface. Malformed packets sent through the
LAN interface have no affect on the system.
The router is affected only by malformed packets received through the
DSL
interface. Malformed packets sent through the LAN interface have no
affect on the system.
This problem has been reported in the model 681 routers, and may affect
others in the Prestige product line as well.
2. Novell Groupwise Servlet Gateway Default Authentication Vulnerability
BugTraq ID: 3697
Remote: Yes
Date Published: Dec 15 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3697
Summary:
Novell Groupwise Servlet Gateway is a product that allows Java servlets
to
be run with NetWare, using Novell JVM for NetWare v1.1.7b and NetWare
Enterprise Web Server.
A configuration issue exists in Novell Groupwise Servlet Gateway which
may
allow a remote attacker to gain unauthorized access to the Servlet
Manager
interface.
A remote attacker may gain access to the Servlet Manager interface by
entering the default username/password. The default username is
"servlet"
and the default password is "manager".
It is possible to change the default values for the username/password.
3. Microsoft Internet Explorer XMLHTTP File Disclosure Vulnerability
BugTraq ID: 3699
Remote: Yes
Date Published: Dec 15 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3699
Summary:
An issue exists in handling of HTTP redirects in the Microsoft XMLHTTP
ActiveX component.
When a server responds to a XMLHTTP request with a redirect, the XMLHTTP
method will access the content at the location of the redirect without
considering the URL protocol. If the redirect is to a file on the
user's
filesystem, the contents of the file will become available to the script
code that invoked the ActiveX object.
The vulnerability is present when a request is made to a server via the
XMLHTTP methods 'XMLHTTP.Open()' and 'XMLHTTP.Send()', and the response
is
a redirect such as this:
The URL has moved <a href="file:///c:/filename.txt">here</a>
XMLHTTP will automatically follow the redirect, and read the contents of
the file in. The file contents are then accessible by the rest of the
script code as the request response property, and may be transmitted to
another website.
This could lead to a disclosure of sensitive information to remote
attackers.
4. Webmin Directory Traversal Vulnerability
BugTraq ID: 3698
Remote: Yes
Date Published: Dec 17 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3698
Summary:
Webmin is a web-based interface for system administration for Unix.
Using
any browser that supports tables and forms, you can setup user accounts,
Apache, DNS, file sharing and so on. Webmin will run on most Unix
variants, providing it has been properly configured.
A vulnerability has been discovered in Webmin 0.91(and possibly other
versions) which may allow a remote attacker to view the contents of
arbitrary files.
Webmin does not adequately filter '../' sequences from web requests,
making it prone to directory traversal attacks. Furthermore, since
Webmin
is a facility for remote web-based administration of Unix systems, it
requires root privileges. This vulnerability could be exploited to
effectively disclose any file on a host running the affected software.
This issue is known to exist in the edit_action.cgi script.
It may also be possible to edit files or place files on the server.
This
may lead to a remote root compromise.
5. KDE2 KDEUtils KLPRFax_Filter Insecure Temporary File Creation
Vulnerability
BugTraq ID: 3694
Remote: No
Date Published: Dec 14 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3694
Summary:
KDE2 is a freely available, open source X Window System manager. It is
maintained by the KDE Project.
A problem with a program included with the KDE Utils package could make
it
possible for a local user to launch a symbolic link attack. The problem
is in the klprfax_filter program.
klprfax_filter is a program included with KDE2 for fax functionality.
klprfax_filter works by adding a printer as a fax system, then putting
the
output of a print job through a filter to fax.
The problem is in the creation of files in the temporary directory. The
program uses the following code:
cat >/tmp/klprfax.$$ /opt/kde/bin/klprfax --fax /tmp/klprfax.$$
>/tmp/klprfax.filter 2>&1 rm -f /tmp/klprfax.$$
The program does not check for the existance of the klprfax.filter file
prior to attempting to send input to it. This makes it possible for a
local user to create a symbolic link to any file that is
write-accessible
by the user executing klprfax_filter, and overwrite the contents of the
file.
This could result in a local user overwriting files owned by other
users,
and potentially elevated privileges.
6. HP-UX RLPDaemon Arbitrary Log File Creation Vulnerability
BugTraq ID: 3701
Remote: No
Date Published: Dec 15 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3701
Summary:
HP-UX is the Unix Operating System developed and distributed by Hewlett
Packard.
A problem within the operating system could make it possible for a local
user to gain elevated privileges. The problem is in the creation of log
files by the rlpdaemon.
The rlpdaemon is the daemon designed to manage print facilities. It is
included with default installations of the operating system. There are
three supported options that can be invoked by command line flags with
the
program. The -i option causes the daemon to quit after a request is
processed (in the case that it is run via inetd). The -l option
instructs
the program to log transaction data, default to /var/adm/lp/lpd.log.
The
-L option allows the executing user to specify the location in which the
data should be logged if a place other than /var/adm/lp/lpd.log is
desired.
The problem manifests itself when the program is invoked with all three
supported flags (-i, -l, and -L). The rlpdaemon program is setuid root.
When executed with all three flags, the program can be used to create a
file in any place on the file system. With carefully crafted requests,
a
local user could generate a log file in a specific place with any file
name, and could allow the user to gain elevated privileges.
This problem could result in a user gaining elevated privileges,
including
administrative access.
7. Agora.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 3702
Remote: Yes
Date Published: Dec 17 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3702
Summary:
Agora.cgi is a freely available, open source shopping cart system.
An input validation error exists in the Agora.cgi e-commerce system
which
may enable an attacker to perform cross-site scripting attacks.
The Agora.cgi script does not adequately filter HTML tags. As a result,
it
is possible for an attacker to construct a link to the script that
includes maliciously constructed script code. When the link is clicked
by
a web user, the script code will be executed on the user in the context
of
the site running Agora.cgi.
This issue may be exploited to by an attacker to steal cookie-based
authentication credentials, permitting the attacker to hijack an
Agora.cgi
session and perform actions as a legitimate user. A number of other
cross-site scripting attacks are also possible.
Agora.cgi 3.3e(and possibly other versions) is prone to this issue.
8. xSANE Insecure Temporary File Creation Vulnerability
BugTraq ID: 3700
Remote: No
Date Published: Dec 17 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3700
Summary:
xSANE is a graphical program used to communicate with scanners and
digital
video devices. It uses the SANE library to communicate with physical
devices.
xSANE creates temporary files in the /tmp directory during the scanning
process. Temporary files are also used to communicate with the SANE
processes when images are previewed or saved.
xSANE uses the mktemp(3) library call, which creates files with
predictable names. It is possible for a local attacker to create
symbolic
links with these file names. When a local user executes xSANE,
arbitrary
files may be overwritten.
Earlier versions of xSANE may also be vulnerable.
9. Microsoft Windows XP Unauthorized Hotkey Program Execution
Vulnerability
BugTraq ID: 3703
Remote: No
Date Published: Dec 17 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3703
Summary:
An issue exists on Windows XP which could allow for unauthorized users
to
execute arbitrary programs on a locked workstation.
When a Windows XP system is left idle for a certain amount of time, by
design, the system locks requiring the user to enter authentication
information in order to unlock the workstation.
Reportedly, when a workstation is locked it is possible to initiate
programs residing on the system. This is accomplished through the use of
Hotkeys, depending on the Hotkey associated with a program, it can be
initiated by selecting the appropriate Hotkey combination.
Successful exploitation of this vulnerability will allow an unauthorized
user to utilize programs with the permissions of the originally logged
in
user despite the console being 'locked'.
10. WMCube/GDK Object File Buffer Overflow Vulnerability
BugTraq ID: 3706
Remote: No
Date Published: Dec 17 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3706
Summary:
WMCube/GDK is a freely available, open source application for monitoring
CPU load. It can be used with one, or multiple CPU's.
A problem with WMCube/GDK could make it possible for a local user to
gain
elevated privileges. The problem is in the handling of object files.
WMCube/GDK allows the loading of object files by executing users. A
user
may specify their own object file to be loaded by the program using the
-o
flag.
WMCube/GDK does not properly impose the limit of 64 byte object files
hard-coded into the program. Because of this, it is possible for a
local
user to load an object file greater than 64 bytes, creating a buffer
overflow. This overflow could be used to overwrite stack variables,
including the return address, and execute arbitrary code.
A local attacker may gain egid 'kmem', which allows for reading of
kernel
memory. Elevation to root is imminent when attackers can read kmem.
11. Zyxel Prestige SDSL Router IP Fragment Reassembly Vulnerability
BugTraq ID: 3711
Remote: Yes
Date Published: Dec 18 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3711
Summary:
Prestige is a product line of DSL routers produced and distributed by
Zyxel.
A problem with Zyxel routers has been discovered that could lead to a
remote denial of service attack. The problem is in the receipt of
fragmented packets.
When a Zyxel router receives fragmented packets that after reassembly is
greater than 64 kilobytes in length, the router crashes. The router
must
be power cycled to resume normal operation. This could lead to a remote
user denying service to a legitimate user of the router.
The router is affected only by fragmented packets received through the
DSL
interface. Fragmented packets sent through the LAN interface have no
affect on the system.
This problem has been reported in the model 681 routers, and may affect
others in the Prestige product line as well.
III. SECURITYFOCUS.COM NEWS AND COMMENTARY
------------------------------------------
1. The Littlest Security Pro
By Kevin Poulsen
A teenaged computer prodigy in India becomes the youngest CISSP in the
certification's twelve-year history
http://www.securityfocus.com/news/301
2. Is Distributed Computing A Crime?
By Ann Harrison
A computer network administrator faces multiple felony charges and years
in a Georgia prison for allegedly installing Distributed.net clients
without permission. Prosecutors say its justice, others aren't so sure
http://www.securityfocus.com/news/300
IV.SECURITY FOCUS TOP 6 TOOLS
-----------------------------
1. Shoreline Firewall v1.2.0
by Tom Eastep
Relevant URL:
http://www.shorewall.net/
Platforms: Linux
Summary:
Shorewall is an iptables-based firewall for Linux Systems. Its
configuration is very flexible, allowing it to be used in a wide range
of
firewall/gateway/router environments.
2. XCmail v1.5beta4-2001-12-21
by JS
Relevant URL:
http://www.js-home.org/XCmail/download/index.php
Platforms: IRIX, UNIX
Summary:
XCmail is a MIME and multi POP3 capable mailtool for X11 using the
Xclasses X11 layout library. Its main purpose is to read and write mail,
allowing any kind of data to be attached. It can handle MIME types, has
helpers to show different types, and can encode and decode binary data
into ASCII to allow it to be transported as mail over the Internet. It
has
many built-in functions such as 2 vCards, unlimited POP3 servers, SMTP,
SMTP after POP3, addressbook, encoders, filters, a special spam filter,
spell checker, xface, and a new "virtual folder" concept. It also uses
external programs to enhance its feature set. XCmail can be extended
through a plugin interface.
3. pcInternet Patrol
by Internet Security Alliance
Relevant URL:
http://www.isa-llc.com/downloads/pcip.php
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
pcInternet Patrol maximizes protection with minimum user involvement
This
product finds 6 times more potentially dangerous programs/modules than
other leading personal firewalls. Other features are:
- Stops all intruder programs both known and unknown;
- Users always have the latest programs definition without the need for
an
update;
- Keeps you and your computer out of harms way, without getting in your
way;
- Cannot be disabled by an intruder without alerting user or
administrator;
- Activates Intruder tracking to trace IP address of intruder for
possible
apprehension;
- Continuously monitors the state of the NETBIOS ports, the first entry
target for intruders;
- Help with security issues in real time!
4. SysOrb v2.0.1
by oestergaard
Relevant URL:
http://www.sysorb.com/
Platforms: FreeBSD, Linux, Solaris, SunOS, Windows 2000, Windows NT
Summary:
SysOrb is a client/server package that can monitor servers remotely
(such
as Web servers), or monitor devices on servers (such as disks, memory,
load, etc.). It will alert the administrators via e-mail or pager if a
server is entering a critical condition, and has its own database
backend,
allowing for massive collection of system statistics.
5. MacAnalysis 2.0b8
by Lagoon-Software
Relevant URL:
http://www.macanalysis.com
Platforms: MacOS
Summary:
MacAnalysis is a security auditing suite for your Macintosh to perform
and
help implement a security standard for your computer/network by
performing
a full security check of network protocols, open services, port scans,
vulnerable CGI scripts and much more. This will scan your Macintosh,
Unix,
Windows, and Hardware for any vulnerable security holes!
6. IPFC v1.0
by Tycho Fruru
Relevant URL:
http://www.conostix.com/ipfc/
Platforms: UNIX, Windows 2000, Windows NT, Windows XP
Summary:
IPFC is software and a framework to manage and monitor multiple types of
security modules across a global network. Security modules can be as
diverse as packet filters (like netfilter, pf, ipfw, IP Filter,
checkpoint
FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general
devices (from servers to embedded devices). It features log collection
for
different security "agents", dynamic log correlation possibilities, and
easy extensibility due to the generic database and XML message formats
used.
V. SECURITY JOBS SUMMARY
------------------------
1. Senior Network Security Manager / Security Architect Vacancy, UK
(Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=20011219175818
.16487.qmail@mail.securityfocus.com&threads=1
2. Information Security Senior Account Executive ($350k+ Potential!)
(Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=3C210559.9E387
C71@TSIT.com&threads=1
3. NY/NJ Security firm (IDS, VA, FW audits, CP, Nokia) short term
contracts (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=OFAA06888A.E0B
71C29-ON85256B25.0078580B@interliant.com&threads=1
4. Article: 10 Hottest Certifications for 2002 (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=73839EE85D27D4
118703000629383540023CE55C@cmh0401xcn01.isg.stercomm.com&threads=1
5. WAN Architect/Engineer (requires VPN background and Security
Clearance) (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=NCBBLNPMHFBGKO
MJOGILCEIBBAAC.sgoldsby@integrate-u.com&threads=1
6. Looking Security Position, STL, MO area (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=Pine.GSO.4.33.
0112171201340.12302-100000@goolosh.icephyre.net&threads=1
7. Sales Director Vacancy, UK (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=NFBBIBNDCLFOHG
FCKFFBEEENCJAA.Julie.Holmwood@Eton-Mai.co.uk&threads=1
8. In search of security position in DFW, Austin, or Houston TX
(Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=20011215023151
.72816.qmail@web14901.mail.yahoo.com&threads=1
9. PA Security Position (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=20011214151108
.558.qmail@mail.securityfocus.com&threads=1
10. Security Clearance (UK) (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=AF01A5642552D2
119C9400606DD5EE0608289994@melds1nt03.nor.bt.com&threads=1
11. I am seeking a security position in the NoVA area (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=77&mid=20011214025425
.4695.qmail@mail.securityfocus.com&threads=1
VI. INCIDENTS LIST SUMMARY
-------------------------
1. DDoS Attacks to several Networks (Switzerland) (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=002801c189ae$7
064bed0$0b0a0a0a@softplus.baar&threads=1
2. *MAJOR SECURITY BREACH AT CCBILL** (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=3C226584.B29E8
AA7@completeweb.net&threads=1
3. sshd brake-in attempts (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011220172149
.B3370@faui02&threads=1
4. Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011220120134
.A10221@obelix.frop.org&threads=1
5. FTP scans from wanadoo.fr (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011220112617
.B7883@ds.primasoft.bg&threads=1
6. NT Compromise (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011220125708
.61099.qmail@web20506.mail.yahoo.com&threads=1
7. Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011220124417
.9028.qmail@web20504.mail.yahoo.com&threads=1
8. SSH Attempts: Link to RedHat? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011219135453
.L17607@bh.conectiva.com.br&threads=1
9. UDP DoS attack in Win2k via IKE (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=C45045CDF565D5
119F1E00E01804283B774F@server.cd.jackies.com.au&threads=1
10. FTP scans from wanadoo.fr - MOre info (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=071a01c1887e$8
9e4bad0$6400a8c0@coffee&threads=1
11. wanadoo.fr's ip blocks (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011218140659
.G25712@obfuscation.org&threads=1
12. a BIG Thank-You! (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=5.1.0.14.2.200
11217220006.00a79cf8@stormie.glsrms.com&threads=1
13. Voluminous SSHd scanning; possible worm activity? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=qzjlmg1a7kl.fs
f@aravis.argfrp.us.uu.net&threads=1
14. MSIE may download and run progams automatically (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011217215311
.83531.qmail@web11507.mail.yahoo.com&threads=1
15. Weird Scan (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=3C1CEF6F.50905
00@netvision.net.il&threads=1
16. Voluminous SSHd scanning; possible worm activity ? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=20011216010344
.7f062d55.dr@kyx.net&threads=1
17. CERT CA-2001-034 (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=OF26D6326F.76B
78BD4-ON86256B22.0066C0DB@symantec.com&threads=1
18. Seen any DDoS coming from 208.184.109.166? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=Pine.LNX.4.21.
0112141122430.3201-100000@omega.net&threads=1
19. Gokar Worm? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=200112132135.K
AA01751@fep3-orange.clear.net.nz&threads=1
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. Linux Firewalls (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=200112210717.f
BL7HbE60463@mail.ncircle.com&threads=1
2. RunAs weirdness... (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=01122022422601
.00897@localhost.localdomain&threads=1
3. How to trace system level call in AIX (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=JUjKmrAwVmI8Ew
Jt@peterfinnigan.demon.co.uk&threads=1
4. yet another fake exploit making rounds (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=Pine.LNX.4.42.
0112202139180.18953-100000@nimue.bos.bindview.com&threads=1
5. Re[2]: RunAs weirdness... (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=331309729741.2
0011220171346@SECURITY.NNOV.RU&threads=1
6. Windows 2000 Runas weirdness (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=Pine.BSO.4.40.
0112201706210.10083-100000@zorn.home.com&threads=1
7. 1 last CSS hole in PHPNuke :) (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011220150650
.22721.qmail@mail.securityfocus.com&threads=1
8. sometimes IIS 4.0 don't write logs. (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=5.1.0.14.0.200
11220144125.00b1b160@mail.350cc.com&threads=1
9. 4 news CSS holes in PHP-Nuke (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011219100544
.15498.qmail@mail.securityfocus.com&threads=1
10. Serious Hole in IMessenger ( php-nuke ) (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011219100205
.6578.qmail@mail.securityfocus.com&threads=1
11. cross site scripting vulnerability on ebay.com (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=200112190304.f
BJ34g319745@mail14.bigmailbox.com&threads=1
12. IE goes boom on OSX (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=FAFB9ECD-F30C-
11D5-ADDC-003065D6440E@babcockbrown.com&threads=1
13. A Strang bug using Ctrl-N, perhaps a way to deny service on a shell
(Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011216192517
.A7302@unternet.org&threads=1
14. CSS in DMOZGateway ( php-nuke ) (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011216104825
.26964.qmail@mail.securityfocus.com&threads=1
15. Serious bug in IMessenger ( php-nuke ) (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011216030001
.13413.qmail@mail.securityfocus.com&threads=1
16. proxy tool (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011215144209
.11946.qmail@web11206.mail.yahoo.com&threads=1
17. Security hole in IMessenger ( PHP-Nuke ) (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011215134529
.30929.qmail@mail.securityfocus.com&threads=1
18. Win XP IP address hijack? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=2238343825.200
11215001609@xs4all.nl&threads=1
19. PHPNuke Cross Scripting... (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011214213046
.1228.qmail@mail.securityfocus.com&threads=1
20. JScript bugs in Internet Explorer 5 & 6 create stack faults &
invalid page faults in various DLL's. (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=20011214155739
.8625.qmail@mail.securityfocus.com&threads=1
21. iptables 'syn but not new' packets (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=1008325558.616
.3.camel@elendil&threads=1
22. iptables 'new but not syn' packets (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=1008324783.616
.0.camel@elendil&threads=1
23. Again: Possible DoS attack against Sun Ray Servers? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=82&mid=9BA3D59770C1D5
1196DB00508B63B97C059A2D@corona.wipp.carlsbad.nm.us&threads=1
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. question regarding SAM file / l0phtcrack / pwdump2 (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=3.0.6.32.20011
221005513.0081e6f0@mailandnews.com&threads=1
2. MS01-058 patch (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=aa.3c61acd.295
4ac0c@aol.com&threads=1
3. Taking control of ones machine (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=000401c189cc$c
e58e2f0$fdfea8c0@dellydoo&threads=1
4. NT4 Phantom user after rename (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5833B98BD25CB5
4B9896FFAE74780B244642@server1.Home.KnobbeITS.com&threads=1
5. urlscan configuration question (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011220204903
.26624.qmail@mail.securityfocus.com&threads=1
6. Windows XP Update possible BUG [ Was: RE: RE: MS01-058 patch ]
(Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=!~!UENERkVCMDk
AAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAWCgHqRA%2b%2f0S4RTIdGDuMgcKAAAAQAAAAUvW
OG6K6SU%2blN374xZhyhwEAAAAA@sotagus.pt&threads=1
7. NTLM v2 implementation (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5.1.0.14.0.200
11220171855.00bbc408@192.168.3.190&threads=1
8. assigning folder rights (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=002c01c1899a$7
320c1a0$5500005b@inteclp00887&threads=1
9. Password complexity question in Win2k/AD (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=DBC363EA37C5D3
11823A00508BCF2A6A09699931@seamail.ssofa.com&threads=1
10. VNC over SSH (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011220102026
.31623.qmail@mail.securityfocus.com&threads=1
11. Multiple Remote Windows XP/ME/98 Vulnerabilities (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=MKEAIJIPCGAHEF
EJGDOCMEOBDEAA.marc@eeye.com&threads=1
12. MS01-058/IE patch - why is it rated critical on servers? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=005001c18936$d
0b3d410$c503a8c0@waw.getin.pl&threads=1
13. mac client password changes (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=A186CEEEC0C2D3
1193640008C71E61350FAECF@mailhost.lacewood.co.uk&threads=1
14. secure files (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=006901c1889a$3
153ef50$be01070a@admin2002&threads=1
15. SmoothWall 0.9.9 Problem (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=EBEKIPJCIAPMGA
MINGHHIEAADCAA.andrewk@spray-quip.com&threads=1
16. ISAPI answer to "Microsoft IIS False Content-Length Field DoS
Vulnerability" ? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=243C47087E9A9E
4A86A2650B4E454EC198DD@globalsis1.globalsis.com.ar&threads=1
17. Microsoft Security Bulletin MS01-058 (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=029f01c187bd$0
ab9ec10$c503a8c0@waw.getin.pl&threads=1
18. Active Directory+IIS (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=0393D629EEDEC2
46956A0F2CEBF8F83B01E24D@njmail1.dbma.com&threads=1
19. Print Queue (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=MPBBJJHAAKGMHB
NIPKGFOEKODHAA.sysadmin@fortune800.com&threads=1
20. Re : Microsoft IIS False Content-Length Field DoS Vulnerability
(Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=00d001c187b1$4
520e770$11415fd4@testix.sdv&threads=1
21. FW: PC NETLINK (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=A75A9D66A134D3
11B9BC0001FA7E36CB03B03CF2@APDEXCHANGE2&threads=1
22. Automating URLScan installation (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5DFDA65A902AD4
11B5C80020352A82980503552C@se001031.rbc1.royalbank.com&threads=1
23. Re : Microsoft IIS False Content-Length Field DoS Vulnerabili ty
(Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=E08944D8C6CCD2
118E830008C709F4B301D8A136@corpmail&threads=1
24. IIS Password Administration without IISADMPWD directory (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011217162016
.18227.qmail@mail.securityfocus.com&threads=1
25. FW: Microsoft Security Notification Service (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=BB7FD4FF9E4406
48A731452E5D341FB0C66235@hitsexchange01.advance-med.com&threads=1
26. SecurityFocus Microsoft Newsletter #65 (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.
0112171525290.23418-100000@mail.securityfocus.com&threads=1
27. Administrivia: Possible Infection (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.
0112171340560.21315-100000@mail.securityfocus.com&threads=1
28. rant on a Friday (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.
0112171053250.3348-100000@mail.securityfocus.com&threads=1
29. Blind penetration testing (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=NEBBJAILALHBJP
GFGKEPAECDCFAA.marty@kesem.net&threads=1
30. MSIE may download and run progams automatically - NOT SO FAST
(Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=6832350.100851
3561447.JavaMail.imail@slippery&threads=1
31. Antwort: AW: RE: strange exploit in Win2K server (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=000801c18503$8
31d0dc0$0a01a8c0@visp&threads=1
32. HFNetChk 3.3 Beta now available (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=C3729BBB6099B3
44834634EC67DE4AE10382307E@red-msg-01.redmond.corp.microsoft.com&threads
=1
33. SQL Agent privileges (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=GHEGKEPDEHBCJC
AIIMKAEEBBCEAA.sypox@swip.net&threads=1
34. Security software produced outside the US (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=6517C958AA87D1
11979E00A0C955A6870137A805@tidalwave.nrlssc.navy.mil&threads=1
35. [RE: Microsoft .NET, ASP.NET, and IIS - any opinions?] (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=EFA9044969BFD1
11BFBE00805F0D78060445C24B@ral-po01.bbtnet.com&threads=1
36. Microsoft .NET, ASP.NET, and IIS - any opinions? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=CDEBAB5BBFE002
4AABEAF438FB2A4D07013801AA@exgau100qsm00.oceania.corp.anz.com&threads=1
37. Outlook + X-Mailer header ? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=001401c184ca$5
89cdd20$5b824e40@david&threads=1
38. strange exploit in Win2K server (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=F153LcjTOYEU19
TelvJ000039e7@hotmail.com&threads=1
39. vpn woes (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=MJEDJGHGDPCEOO
BMAFJOAECCCDAA.c.vittek@home.com&threads=1
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. Sun Solaris login bug patches out (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=200112201926.U
AA29990@romulus.Holland.Sun.COM&threads=1
2. Door Files (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=Pine.GSO.4.33P
.0112201531330.2526-100000@mahogany.ns.pitt.edu&threads=1
3. Holiday Update (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=Pine.GSO.4.30.
0112201326290.17587-100000@mail.securityfocus.com&threads=1
4. Mounting dd images question (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=1011220120637.
ZM12423@ratbert.oucs.ox.ac.uk&threads=1
5. Announcing: new Cluster / Sec Policy security BluePrint OnLine
articles (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=3C20A13B.DC666
B54@sun.com&threads=1
6. /bin/login overflow in SunOS 4.x? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=200112181917.U
AA25636@romulus.Holland.Sun.COM&threads=1
7. Machine authentication (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=3C1F15A5.60106
@Sun.COM&threads=1
8. login bug and Solaris 9 (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=200112171853.T
AA22769@romulus.Holland.Sun.COM&threads=1
9. Openssh rollout on solaris 7 (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=20011217192907
.A15083@nsk.yi.org&threads=1
10. exploit signature - /bin/login (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=Pine.GSO.4.33.
0112171331220.20323-100000@enterprise.home.net&threads=1
11. chroot'ing ftpd (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=Pine.SOL.4.10.
10112171326420.693-100000@goodall.eng.auburn.edu&threads=1
12. login security bug (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=92&mid=20011215060833
.A5709@milliways.doc.net.au&threads=1
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. aide or tripwire (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=A1EE9D28FFA3D4
11929E0050DA8BDAA4337D2F@mona.citadel.com.au&threads=1
2. Holiday update (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.GSO.4.30.
0112201311010.17587-100000@mail.securityfocus.com&threads=1
3. Suggestioned updates (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=F9B05628BAE241
4A99980964199E954A01CFD2@VOYAGER.brisbane.hatfields.com.au&threads=1
4. Logcheck entries (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=20011220090714
.A7076@magellan.gnb.talc.fr&threads=1
5. loging user's commands (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=200112200035.Q
AA08111@smtp-1.llnl.gov&threads=1
XI. SPONSOR INFORMATION
-----------------------
Announcing The Security eMarketing Report
SecurityFocus is proud to introduce the Security eMarketing Report, the
monthly electronic publication tailored specifically to the security
professionals who market security products and services on-line.
Along with monthly SecurityFocus Web site traffic statistics, this
publication will feature content written by industry experts on a
variety
of topics including, but not limited to:
**Case Studies
**Industry News
**Columnists
**Guest Interviews
**Success Stories
**Techniques
To subscribe this free HTML email publication, please send a blank email
to smr-html-subscribe@securityfocus.com. To contact the editor, please
email smr@securityfocus.com
------------------------------------------------------------------------
-------
|
