Return-Path: owner-sf-news@SECURITYFOCUS.COM Delivered-To: sf-news@securityfocus.com Received: (qmail 18540 invoked by uid 1028); 26 Feb 2001 17:23:15 -0000 X-Sender: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: Date: Mon, 26 Feb 2001 10:23:15 -0700 Reply-To: Stephen Entwisle Sender: SF-NEWS Mailing List From: Stephen Entwisle Subject: SecurityFocus.com Newsletter #81 To: SF-NEWS@SECURITYFOCUS.COM SecurityFocus.com Newsletter #81 -------------------------------- This issue sponsored by: PentaSafe Secure Technologies You know what your security policies are and what they are meant to do. Does everyone else? VigilEnt Policy Center will put an end to the confusion by automating each step of policy management: creation, editing, review, distribution, education, compliance reporting, and maintenance. With VPC you'll not only create a more secure work environment, you'll develop a culture of information security awareness. Visit http://www.pentasafe.com/products/policyoverview.htm to learn more. ------------------------------------------------------------------------- I. FRONT AND CENTER 1. The Field Guide for Investigating Computer Crime, Part 7: Information Discovery - Basics and Planning 2. Studying Normal Traffic, Part Two: Studying FTP Traffic II. BUGTRAQ SUMMARY 1. Working Resources BadBlue Path Disclosure Vulnerability 2. Working Resources BadBlue DoS Vulnerability 3. Adcycle AdLibrary.pm Session Access Vulnerability 4. Microsoft Windows 2000 Domain Controller DoS Vulnerability 5. Marconi ASX-1000 Administration Denial Of Service Vulnerability III. SECURITYFOCUS.COM NEWS ARTICLES 1. Napster alternative: other people's hard drives 2. Lookout for Outlook bug 3. Spy suspect had skillz 4. Zimmerman leaves NAI IV.SECURITY FOCUS TOP 6 TOOLS 1. Snort 1.7 Win32 Source 2. BUGS 4.0.1 3. Lcrzo 4. Syslog-ng (Next Generation) 1.4.11 5. OutGuess 6. twwwscan 1.2 V. SECURITYJOBS LIST SUMMARY 1. Business Development Analyst, SingleSignOn.Net, Inc., Reston,VA,(Thread) 2. Checkpoint for NT engineer for short engagement (Thread) 3. Common Criteria Security Evaluation Lab Director - TX - #213(Thread) 4. Security Consultant - UK based (Thread) 5. Senior Security Sales Executive -UK (Thread) 6. New York City-Security Specialist (Thread) 7. Information Security Analysts - CT, DE, MD, NJ, NY, PA, DC (Thread) 8. Information Security Engineers - Mid-Atlantic (Thread) 9. Product Manager, Security Software....San Jose, Ca (Thread) 10. Latin America Hackers (Thread) 11. [No Subject] 12. looking for security consultants (Thread) 13. Any Security Jobs in West Houston Area? (Thread) 14. Channel Sales Manager--East Coast (Thread) 15. SENIOR SECURITY CONSULTANT - Boston, MA, San Jose,CA,Dallas,TX (Thread) 16. PRODUCT MARKETING MANAGER - San Jose, CA (Thread) 17. NETWORK SECURITY ENGINEER - Boston, MA (Thread) 18. SENIOR PRODUCT MANAGER - Boston, MA, San Jose, CA, Dallas, TX(Thread) 19. PROJECT MANAGER - San Jose, CA (Thread) 20. PKI ENGINEER - SAn Jose, CA (Thread) 21. SOFTWARE ENGINEER - San Jose, CA (Thread) 22. Administrivia (Thread) 23. Information Security roles in Australia (Thread) 24. Business/Disaster Recovery Specialist - OH - #272 (Thread) 25. Security Analyst/Information Systems - NJ - #517 (Thread) VI. INCIDENTS LIST SUMMARY 1. Some details in a recent NT hack we encountered (Thread) 2. Probes from Microsoft (Thread) 3. anyone seen this before (Thread) 4. Sub-Seven and NetBus port scans from HK and KR (Thread) 5. ddos-stacheldraht server-spoof alerts ( Was: What is this?)(Thread) 6. (MSRC HES) RE: Probes from Microsoft (fwd) (Thread) 7. Strange Traffic from 213.8.52.189 (Thread) 8. Port 784 (Thread) 9. RedHat compromise (Thread) 10. Analysing a rooted Irix 6.5 box (Thread) 11. IIS & CGI Attacks from AOL cache sites (Thread) 12. DOS (Thread) 13. DoS/exploit affecting ipop3d??? [Revised with new info] (Thread) 14. How to determined which rootkit is using? (Thread) 15. Strange Activity -- Help (Thread) 16. Win2K Honeypot (Thread) 17. Administrivia (Thread) 18. Several DNS probes coming from HALOA-NETS (fr.clara.net) (Thread) 19. UDP port scan orginating from hpux 11.0 internal server(Thread) 20. Weird Packet (Thread) 21. bind breakin? (Thread) 22. FYI: Bind compromise (Thread) 23. Bind compromise (Thread) 24. Interesting scan (Thread) 25. More DNS scans (Thread) 26. Type 8 Overload (Thread) 27. A rise (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY 1. Sniffer for ADSL (Thread) 2. URGENT--Vulnerability Assessment Market (Thread) 3. Bad Bug in XFree86 4.0.2 (Thread) 4. Serv-U 2.5i DoS (Thread) 5. ping-i (TTL) Vulnerability (Thread) 6. DoS Alcatel ADSL Modem Speed Touch Home (Thread) 7. win2k console bug (Thread) 8. icq 2000 ads (Thread) 9. Remote vs Local vulnerabilities (Was: Re: [VULN-DEV]... (Thread) 10. [Helios Security and Administration::another bug in m4](Thread) 11. Bind 9.1.0 (Thread) 12. ping -i (TTL) Vulnerability (Thread) 13. Potential overflow in Internet Explorer (Thread) 14. Windows Explorer still vulnerable to ftp request buffer...(Thread) 15. kiss from [HeliSec] : htdigest core dumps (apache 1.3.14)(Thread) 16. Windows Explorer still vulnerable to ftp request buffer...(Thread) 17. man -K input validation (Thread) 18. FW: Icq 2000 ads (Thread) 19. Multi format string bugs in IPAD x.x ftp server (Thread) 20. man -K overflow (Thread) 21. Another ie5 bug ? (Thread) 22. shared folder icon?? (Thread) 23. WIN2K security bug with FTP. Bug allows any file to be... (Thread) 24. Buffer overflow in BitchX-75p3 (Local) (Thread) 25. Naptha's code finally released (was: Re: [kiss from Helisec]...(Thread) VIII. MICROSOFT FOCUS LIST SUMMARY 1. Details on a hacked NT server (possible kit?) (Thread) 2. TO WHOM IT MAY CONSERN Registry entrys regarding... (Thread) 3. OT: P*rn Site Urls (Thread) 4. Outlook Text Preview option (Thread) 5. NT 4 with IIS 4 install checklist (Thread) 6. pcAnywhere (Thread) 7. iis unicode bug... (Thread) 8. Possible FTP Site DDoS (Thread) 9. P*rn Site Urls (Thread) 10. Laptop Security (Thread) 11. Troubleshooting disk permission schemes ... (Thread) 12. Win2K Terminal Service as Web Server Admin Tool (Thread) 13. FW: Outlook Text Preview option (Thread) 14. NT/w2k kiosk or hardening software? (Thread) 15. NT: Restrict Users from Installing Software? (Thread) 16. Win2k Telnet Service (Thread) 17. VNCViewer (Thread) 18. MS Security Issue (Thread) 19. Is my IIS proxying for people? (Thread) 20. SecurityFocus.com Microsoft Newsletter #22 (Thread) IX. SUN FOCUS LIST SUMMARY 1. OpenSSH and passwords (Thread) 2. Solaris with MD5 crypted passwords ? (Thread) 3. NFS over ssh (Thread) 4. CDE daemons (Thread) 5. AW: Solaris with MD5 crypted passwords ? (Thread) 6. sources of randomness (Thread) 7. FW: ipf.rules (Thread) 8. Solaris 7 patch behavior (Thread) 9. New Article: Auditing in the Solaris 8 OE BluePrint Published (Thread) X. LINUX FOCUS LIST SUMMARY 1. FTP (Thread) 2. SecurityFocus.com Linux Newsletter #17 (Thread) XI. SPONSOR INFORMATION XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION I. FRONT AND CENTER ------------------- 1. The Field Guide for Investigating Computer Crime, Part 7: Information Discovery - Basics and Planning by Timothy E. Wright This is the seventh installment in SecurityFocus.com's Field Guide for Investigating Computer Crime. The previous installment in this series, "Search and Seizure, Evidence Retrieval and Processing", concluded the overview of search and seizure with a discussion of the retrieval and processing of computer crime scene evidence. In this installment, we will begin our discussion of information discovery, the process of viewing log files, databases, and other data sources on un-seized equipment, in order to find and analyze information that may be of importance to a computer crime investigation. http://www.securityfocus.com/focus/ih/articles/crimeguide7.html 2. Studying Normal Traffic, Part Two: Studying FTP Traffic by Karen Frederick This is the second article in a three-part series devoted to studying normal traffic. Many intrusion detection analysts concentrate on identifying the characteristics of suspicious packets. However, it is also important to be familiar with what normal traffic looks like. A great way to do this is to generate some normal traffic, capture the packets and examine them. The first article in this series explained how to capture packets using WinDump and reviewed some simple examples of normal TCP/IP traffic. In this article, we will be examining FTP traffic, which, from a traffic flow standpoint, is more complicated than many other protocols. http://www.securityfocus.com/focus/ids/articles/normaltraf2.html II. BUGTRAQ SUMMARY ------------------- 1. Working Resources BadBlue Path Disclosure Vulnerability BugTraq ID: 2390 Remote: Yes Date Published: 2001-02-20 Relevant URL: http://www.securityfocus.com/bid/2390 Summary: Working Resources BadBlue is a webserver intended to share various resources. Shared files specifically, are served through a library called 'ext.dll'. It is possible for a remote attacker to disclose the physical path to the root directory on a machine where BadBlue resides. Requesting a specially crafted URL appended with 'ext.dll', will disclose an error message with the physical path to the root. Successful exploitation of this vulnerability could enable a remote user to gain access to confidential information, which may assist in further attacks against the host. 2. Working Resources BadBlue DoS Vulnerability BugTraq ID: 2392 Remote: Yes Date Published: 2001-02-20 Relevant URL: http://www.securityfocus.com/bid/2392 Summary: Working Resources BadBlue is a webserver intended to share various resources. Shared files specifically, are served through a library called 'ext.dll'. It is possible for a remote attacker to cause a denial of service condition in a BadBlue server. Requesting a specially crafted URL composed of 'ext.dll' and appended with 284 or more bytes, will cause the server to crash. A restart of the server is required in order to gain normal functionality. Successful exploitation of this vulnerability could assist in further attacks against the victim host. 3. Adcycle AdLibrary.pm Session Access Vulnerability BugTraq ID: 2393 Remote: Yes Date Published: 2001-02-19 Relevant URL: http://www.securityfocus.com/bid/2393 Summary: Adcycle is a package of perl scripts available from Adcycle.com. The scripts are designed to manage banner ad rotation through a web interface, backended with a MySQL database. This is done by using adcycle as the intermediary software between the HTTP interface, and the MySQL database. A problem with the Adcycle software could allow remote users to execute arbitrary commands on the SQL database. It may also be possible for a remote user to gain local and possibly administrative access. The problem occurs in the handling of input by the Adcycle software. Authentication is validated by the AdLibrary.pm script, which accepts input from remote users and compares it against the authentication tables in the database, and currently active users in the database. The scripts, however, do not compare the contents of each transaction with other information that is client/server specific, such as cookie or PID. Due to the lack of authentication of session specific information, it is possible for a malicious user to create a custom crafted URL, allowing access to the database, the ability to execute SQL commands, and the possibility of gaining local access and elevated privileges on the database. 4. Microsoft Windows 2000 Domain Controller DoS Vulnerability BugTraq ID: 2394 Remote: Yes Date Published: 2001-02-20 Relevant URL: http://www.securityfocus.com/bid/2394 Summary: Domain controllers in a Windows 2000 network handle user authentication and various other required tasks. Microsoft Windows 2000 domain controllers are subject to a denial of service condition. Unfortunately Windows 2000 domain controllers do not properly validate a user request before attempting to process it. Submitting numerous specially crafted invalid requests to a domain controller, could initiate the domain controllers attempt to carry out the request. This constant processing attempt will eventually exhaust nearly all available system resources, preventing the domain controller from handling various mandatory tasks. A restart of the server is required in order to gain normal functionality. Successful exploitation of this vulnerability could assist in further attacks against the victim host. 5. Marconi ASX-1000 Administration Denial Of Service Vulnerability BugTraq ID: 2400 Remote: Yes Date Published: 2001-02-19 Relevant URL: http://www.securityfocus.com/bid/2400 Summary: ASX-1000 Switches are hardware packages developed by Marconi Corporation. ASX-1000 Switches can be used to regulate ATM networks, performing layer-3 switching. These switches are designed for maximum availability and high performance network switching, handling speeds between 2.5 Gbps and 10 Gbps. A problem with these switches can create a situation which allows for Denial of Server of the Administrative interface, and potentially a network traffic interruption. The problem is the result of the administrative services incorrectly handling some types of traffic, and entering a state that does not allow remote communication. Under normal circumstances, the services on the switch function normally, allowing users to connect remotely, and administrate the system through either a web interface, or telnet session. However, upon the receipt of fragments of packets with the SYN-FIN bits set, the daemon listening sends the port to the CLOSE_WAIT state. The entry of the service into CLOSE_WAIT state is terminal, and the service does not function again until the port is either reset, or the switch is power cycled. This problem affects Fore/Marconi firmware Forethought 6.2. III. SECURITYFOCUS.COM NEWS AND COMMENTARY ------------------------------------------ 1. Napster alternative: other people's hard drives By Kevin Poulsen With the future of music-swapping site Napster looking grim, on Friday a tiny Nashville-based startup began touting an even more controversial milieu for peer-to-peer file sharing: random, unprotected hard drives on the Internet. ShareSniffer Inc.'s newly-launched software, also called ShareSniffer, allows people to hunt for exposed Windows file systems with the ease of a Napster-user searching for a favorite track. "Right now... there are tens of thousands of computers worldwide that have their files deliberately shared with the Internet with no password required," reads the ShareSniffer web site. The site goes on to encourage netizens to rummage through strangers' music files, digital movies, Microsoft Word documents and spreadsheets. The company motto: "Because it's there." http://www.securityfocus.com/templates/article.html?id=159 2. Lookout for Outlook bug By John Leyden, The Register Microsoft has warned of a potentially devastating security vulnerability involving its popular Outlook and Outlook Express email clients. It could allow attackers to trick users into running malicious code so giving them control of a victim's machine. The security bug concerns the vCard, or virtual business cards, component of Outlook, which has been found by @Stake, a firm of security researchers and consultants, to contain a buffer overflow vulnerability. http://www.securityfocus.com/templates/article.html?id=158 3. Spy suspect had skillz By Kevin Poulsen The veteran FBI counterintelligence agent accused this week of spying for Russia is a talented computer programmer who once penetrated a senior agent's office computer to demonstrate the Bureau's vulnerability to hackers, according to newspaper reports Thursday. In 1992 or 1993 Robert Hanssen openly hacked into the office computer of fellow agent Raymond Mislock, then section chief for counterintelligence operations against Russia, according to a story in Thursday's USA Today. The paper, citing unnamed former senior intelligence officials, reported that Hanssen didn't attempt to conceal the penetration, but rather brought the computer's vulnerability to the attention of the FBI, which immediately disconnected some systems housing classified information. http://www.securityfocus.com/templates/article.html?id=157 4. Zimmerman leaves NAI By John Leyden, The Register Encryption guru Phil Zimmerman has left Network Associates citing differences with the security giant about publishing the full source code for the latest version of the widely used encryption program, PGP. Zimmerman, the creator of PGP (Pretty Good Privacy), is leaving Network Associates (NAI) after three years as a senior fellow to work with security firm Hush Communications in developing encryption products based on the OpenPGP standard. He is also launching the OpenPGP Consortium to further interoperability of different vendors' implementations of the standard, embodied in IETF RFC 2440. http://www.securityfocus.com/templates/article.html?id=156 IV.SECURITY FOCUS TOP 6 TOOLS ----------------------------- 1. Snort 1.7 Win32 Source Platforms: Windows 95/98 and Windows NT by Michael Davis (mike@eeye.com) and Martin Roesch (roesch@clark.net) Relevant URL: http://www.datanerds.net/~mike/snort.html Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. 2. BUGS 4.0.1 Platforms: FreeBSD, HP-UX, Linux, NetBSD, OpenBSD, Solaris, SunOS, UNIX, Windows 2000, Windows 3.x, Windows 95/98 and Windows NT by Sylvain Martinez (martinez@encryptsolutions.com) Relevant URL: http://www.encryptsolutions.com BUGS is a strong private key encryption algorithm and applications. It is easy to use, and includes sample applications and documentation. The cryptography library can also be used with your own programs. It is multi platform, open source and the package offers: An encryption file application, a secure chat, a secure "more", a login application, etc. 3. Lcrzo Platforms: FreeBSD, Linux and Solaris by Laurent Constantin Relevant URL: http://www.laurentconstantin.com/lcrzo/v3/index_us.html Network library lcrzo to sniff, spoof, create decode and display packets, convert adresses, create clients and servers, etc. 4. Syslog-ng (Next Generation) 1.4.11 Platforms: BSDI, Linux and Solaris by Balazs Scheidler (bazsi@balabit.hu) Relevant URL: http://www.balabit.hu/products/syslog-ng/ syslog-ng, as the name shows, is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pairs; syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Forwarding logs over TCP and remembering all forwarding hops makes it ideal for firewalled environments. 5. OutGuess Platforms: BSDI, BeOS, FreeBSD, Linux, NetBSD, OpenBSD and UNIX by Niels Provos Relevant URL: http://www.outguess.org/ OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources. The nature of the data source is irrelevant to the core of OutGuess. The program relies on data specific handlers that will extract redundant bits and write them back after modification. In this version the PNM and JPEG image formats are supported. In the next paragraphs, images will be used as concrete example of data objects, though OutGuess can use any kind of data, as long as a handler is provided. 6. twwwscan 1.2 Platforms: Windows 2000, Windows 95/98 and Windows NT by pilot Relevant URL: http://search.iland.co.kr/twwwscan/ Updated version of twwwscan with added -v option support html type report support CVE information included completed NT/2000 IIS detail patch information. Last(~2000/12/23) WWW Vulnerabilities 300 over bugs check V. SECURITY JOBS SUMMARY ------------------------ 1. Business Development Analyst, SingleSignOn.Net, Inc., Reston, VA (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d002501c09f9b$e2bdf120$aa7cc897@bizdev1 2. Checkpoint for NT engineer for short engagement (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3dJMEBKADCEPOBNPHGKNNDOEDPCCAA.sgoldsby@integrate-u.com 3. Common Criteria Security Evaluation Lab Director - TX - #213 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010223182515.2721.qmail@securityfocus.com 4. Security Consultant - UK based (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010223175241.2681.qmail@securityfocus.com 5. Senior Security Sales Executive -UK (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010223174727.2672.qmail@securityfocus.com 6. New York City-Security Specialist (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3dLPBBJOCKHGJGCKCLFANPEEPFCBAA.ben@kandidates.com 7. Information Security Analysts - CT, DE, MD, NJ, NY, PA, DC (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010223143105.25796.qmail@securityfocus.com 8. Information Security Engineers - Mid-Atlantic (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010223142547.25766.qmail@securityfocus.com 9. Product Manager, Security Software....San Jose, Ca (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d1F5336352971D4118402009027B0C1C84E18DA@MAIL 10. Latin America Hackers (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d059f01c09d3e$cef06c90$11b44e0c@dcdave 11. [No Subject] 12. looking for security consultants (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222200313.531.qmail@securityfocus.com 13. Any Security Jobs in West Houston Area? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3dIBEKKDBBAFHEJFHKEBCECECFCAAA.rayw@rayw.org 14. Channel Sales Manager--East Coast (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d1F5336352971D4118402009027B0C1C849D835@MAIL 15. SENIOR SECURITY CONSULTANT - Boston, MA - San Jose, CA - Dallas, TX (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222213506.14396.cpmta@c001.snv.cp.net 16. PRODUCT MARKETING MANAGER - San Jose, CA (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222213227.13535.cpmta@c001.snv.cp.net 17. NETWORK SECURITY ENGINEER - Boston, MA (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222213041.13210.cpmta@c001.snv.cp.net 18. SENIOR PRODUCT MANAGER - Boston, MA, San Jose, CA, Dallas, TX (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222211329.1593.cpmta@c001.snv.cp.net 19. PROJECT MANAGER - San Jose, CA (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222211018.1033.cpmta@c001.snv.cp.net 20. PKI ENGINEER - SAn Jose, CA (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222210716.364.cpmta@c001.snv.cp.net 21. SOFTWARE ENGINEER - San Jose, CA (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222210426.29683.cpmta@c001.snv.cp.net 22. Administrivia (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3dPine.GSO.4.30.0102220747570.9567-100000@mail 23. Information Security roles in Australia (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010222033446.29040.qmail@securityfocus.com 24. Business/Disaster Recovery Specialist - OH - #272 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010221204246.15854.qmail@securityfocus.com 25. Security Analyst/Information Systems - NJ - #517 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-26%26thread%3d20010221152431.27004.qmail@securityfocus.com VI. INCIDENTS LIST SUMMARY ------------------------- 1. Some details in a recent NT hack we encountered (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dF237LX2wEGBssyRSEZu0000d4d0@hotmail.com 2. Probes from Microsoft (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dPine.LNX.4.30.0102241914050.21005-100000@biocserver.BIOC.CWRU.Edu 3. anyone seen this before (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d003e01c09e75$784dc9e0$c89e63d5@windows 4. Sub-Seven and NetBus port scans from HK and KR (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dE14WZg3-0008Eh-00@ADSL-Bergs.RZ.RWTH-Aachen.DE 5. ddos-stacheldraht server-spoof alerts ( Was: What is this?) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d20010224051359.2B381106FC@schadenfreude.meshuggeneh.net 6. (MSRC HES) RE: Probes from Microsoft (fwd) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dPine.LNX.4.10.10102232006160.7006-100000@mastermind.inside.guardiandigital.com 7. Strange Traffic from 213.8.52.189 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dFD82D0F2346CD4119F86000102566513FBAD72@exchange.firstcom.com.pe 8. Port 784 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dD58D3E1961C58043BD828065D12E49950FADBB@foxserver.local 9. RedHat compromise (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d01022315304106.21448@nitzer.it.su.se 10. Analysing a rooted Irix 6.5 box (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dPine.BSF.4.21.0102231353540.28735-100000@tma1.cchem.berkeley.edu 11. IIS & CGI Attacks from AOL cache sites (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d008d01c09dc9$e16e1850$71e4830a@netsol.com 12. DOS (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d3A9699E6.9B055093@fire-eyes.yi.org 13. DoS/exploit affecting ipop3d??? [Revised with new info] (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d006001c09d76$df6fed10$0a00a8c0@MFORS 14. How to determined which rootkit is using? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d034501c09d3e$e8d21870$0b6cffc8@infolink.com.br 15. Strange Activity -- Help (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d032b01c09d3e$1db7c590$0b6cffc8@infolink.com.br 16. Win2K Honeypot (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dPine.GSO.4.30.0102221351080.14202-100000@mail 17. Administrivia (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dPine.GSO.4.30.0102220747570.9567-100000@mail 18. Several DNS probes coming from HALOA-NETS (fr.clara.net) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d10062257234.20010221194033@safenetworks.com 19. UDP port scan orginating from hpux 11.0 internal server (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d11196307.982803424238.JavaMail.imail@tiptoe 20. Weird Packet (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d0a9701c09c44$d28f4dd0$e1f210ac@Intertel.com 21. bind breakin? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d79461DFAFEFFD31186D8009027EE6E9C3F74DF@gorgon.displaytech.com 22. FYI: Bind compromise (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d20010221091338.D27056@eclipsed.net 23. Bind compromise (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d003a01c09b98$c7d82760$4d14a8c0@jasonlewis.net 24. Interesting scan (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d3A928BCC.9000602@carlson.com 25. More DNS scans (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d002a01c09afd$01719c00$c9a92041@tampabay.rr.com 26. Type 8 Overload (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3d001c01c09afc$4a02afa0$c9a92041@tampabay.rr.com 27. A rise (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-02-26%26thread%3dPine.GSO.4.30.0102192130240.9464-100000@mail VII. VULN-DEV RESEARCH LIST SUMMARY ---------------------------------- 1. Sniffer for ADSL (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d001d01c09f79$ac0f0aa0$019da8c0@dummy.net 2. URGENT--Vulnerability Assessment Market (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3dMABBJDIDMBIJBJOLOGJEIEKDCCAA.sailor1535@netzero.net 3. Bad Bug in XFree86 4.0.2 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d01022511415101.00361@enigma 4. Serv-U 2.5i DoS (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d20010225145529.B1C6224C414@lists.securityfocus.com 5. ping-i (TTL) Vulnerability (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d005b01c09e96$9cfe5310$ae1beed4@unit909 6. DoS Alcatel ADSL Modem Speed Touch Home (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d000d01c09e7c$ccb32640$019da8c0@dummy.net 7. win2k console bug (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d009c01c09dfa$933ce400$b934d8c1@mahuja 8. icq 2000 ads (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3dPine.GSO.4.05.10102231959120.29994-100000@tundra.winternet.com 9. Remote vs Local vulnerabilities (Was: Re: [VULN-DEV] ping -i (TTL) Vulnerability) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d3A968518.559352C9@dds.nl 10. [Helios Security and Administration::another bug in m4] (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3dMMEEJPEPBPAOHOAFGCKPCEEACIAA.kain@perker.dk 11. Bind 9.1.0 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d20010223024039.30713.qmail@rt.fm 12. ping -i (TTL) Vulnerability (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d00a901c09d2a$21c85be0$ae1beed4@unit909 13. Potential overflow in Internet Explorer (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d3A9584FE.A836D724@matchmail.com 14. Windows Explorer still vulnerable to ftp request buffer overflow (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d001601c09d2d$37247840$7efafea9@rad.net.id 15. kiss from [HeliSec] : htdigest core dumps (apache 1.3.14) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d001101c09c7a$cc3914d0$aa220518@cx988357a 16. Windows Explorer still vulnerable to ftp request buffer overflow (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d20010221184915.15395.qmail@web3201.mail.yahoo.com 17. man -K input validation (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3dNEBBLGGFLKNKHJLFDGMIKEOBCGAA.reb@openrecords.org 18. FW: Icq 2000 ads (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3dCFELJOHDNACGODJCAGNKAEAOCOAA.vhaaren@xs4all.nl 19. Multi format string bugs in IPAD x.x ftp server (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d471ADE9820DCD411A46E00B0D079F2830AB1FD@Xnetexch 20. man -K overflow (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d380510595.982703203273.JavaMail.root@web628-mc 21. Another ie5 bug ? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d002301c09b96$a2d2d660$a1b2cbc8@cyb 22. shared folder icon?? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d20010219220224.A4823@att.net 23. WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3d002001c09aee$0eb01a90$269292d4@entera 24. Buffer overflow in BitchX-75p3 (Local) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3dPine.LNX.4.10.10102191922240.394-100000@ebola.chinatown.org 25. Naptha's code finally released (was: Re: [kiss from Helisec] : testing sinn) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-26%26thread%3dPine.666.4.33.0102190805460.802-100000@blackhole.nmrc.org VIII. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Details on a hacked NT server (possible kit?) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dF221C7Mzx6ClF6OuyyF0000955e@hotmail.com 2. TO WHOM IT MAY CONSERN Registry entrys regarding Denial of Service Attacks (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d001601c09e58$df026280$8401a8c0@tricompc 3. OT: P*rn Site Urls (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d006001c09dde$d634f7f0$b6079818@ndr113 4. Outlook Text Preview option (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d006201c09de3$78b579b0$37866a3f@ssternw2kw 5. NT 4 with IIS 4 install checklist (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dGLEFJOAAJFENFGKOJPBGIELLCDAA.patrick@whitefrog.com 6. pcAnywhere (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dDAEIJNEKMPIGLADFMEICMEAODBAA.smoulec@cuisinesolutions.com 7. iis unicode bug... (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d3A96CCA5.1E9B0197@moquijo.com 8. Possible FTP Site DDoS (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d200102232145.f1NLjFA54681@robin.cts.com 9. P*rn Site Urls (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dNDBBJLMHNCGAJNMCLPHFIEMIEDAA.karl@lovink.net 10. Laptop Security (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dPine.LNX.4.10.10102221221490.11153-100000@KWAN.ca 11. Troubleshooting disk permission schemes ... (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d01F1E3781779D411B63B00D0B7B0E0D03824EE@atv-ga4b-213.rasserver.net 12. Win2K Terminal Service as Web Server Admin Tool (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d31ACC2D3E8B4D411BC4A00306E0061EF016207@IGHMSG01 13. FW: Outlook Text Preview option (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d49EFF2B5759ED2118F0F00805FE67FE0039F2F03@dasmttayz026.army.pentagon.mil 14. NT/w2k kiosk or hardening software? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dDJEGKFFMGLMAKALIEECAOENOCDAA.judy@colorado.edu 15. NT: Restrict Users from Installing Software? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d3A936B60.F4CFC954@ifi.uib.no 16. Win2k Telnet Service (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d00b901c09bd1$69578f30$af05a8c0@anchorsign.com 17. VNCViewer (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d000b01c09bab$5415c680$1fef0b18@truckee1.ca.home.com 18. MS Security Issue (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d4.3.2.7.2.20010220122932.00faa890@pop.qut.edu.au 19. Is my IIS proxying for people? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d603D8EA4BB33D31197600006290532CE06AEEC03@Server1b.office.isaserver.be 20. SecurityFocus.com Microsoft Newsletter #22 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dPine.GSO.4.30.0102191038510.13831-100000@mail IX. SUN FOCUS LIST SUMMARY ---------------------------- 1. OpenSSH and passwords (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3d20010223184929.B24197@euforia.homeip.net 2. Solaris with MD5 crypted passwords ? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3dDPEGIGDHOMGELLPBDNHCOEHGCEAA.nelson@magna.com.au 3. NFS over ssh (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3d200102230921.KAA13581@romulus.Holland.Sun.COM 4. CDE daemons (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3d3A968C13.591DDFF4@colltech.com 5. AW: Solaris with MD5 crypted passwords ? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3dNEBBLBJNKLGJPBAECNGLEEAAEDAA.mirko.schlottke@4content.de 6. sources of randomness (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3d20010221222937.A15431@thelma.ing.umu.se 7. FW: ipf.rules (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3dF7D9F911EBADD4119A9400A0C9C5329645C909@mail.aperian.com 8. Solaris 7 patch behavior (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3d200102202035.VAA02365@romulus.Holland.Sun.COM 9. New Article: Auditing in the Solaris 8 OE BluePrint Published (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d92%26date%3d2001-02-26%26thread%3d3A92A840.C8059919@sun.com X. LINUX FOCUS LIST SUMMARY --------------------------- 1. FTP (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-02-26%26thread%3dPine.LNX.4.21.0102221101340.14713-100000@hellhead.hardcoders.org 2. SecurityFocus.com Linux Newsletter #17 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-02-26%26thread%3dPine.GSO.4.30.0102191042000.13831-100000@mail XI. SPONSOR INFORMATION ----------------------- This issue sponsored by: PentaSafe Secure Technologies You know what your security policies are and what they are meant to do. Does everyone else? VigilEnt Policy Center will put an end to the confusion by automating each step of policy management: creation, editing, review, distribution, education, compliance reporting, and maintenance. With VPC you'll not only create a more secure work environment, you'll develop a culture of information security awareness. Visit http://www.pentasafe.com/products/policyoverview.htm to learn more. XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION ------------------------------------- 1. How do I subscribe? Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body of: SUBSCRIBE SF-NEWS Lastname, Firstname You will receive a confirmation request message to which you will have to anwser. 2. How do I unsubscribe? Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed address with a message body of: UNSUBSCRIBE SF-NEWS If your email address has changed email aleph1@securityfocus.com and I will manualy remove you. 3. How do I disable mail delivery temporarily? If you will are simply going in vacation you can turn off mail delivery without unsubscribing by sending LISTSERV the command: SET SF-NEWS NOMAIL To turn back on e-mail delivery use the command: SET SF-NEWS MAIL 4. Is the list available in a digest format? Yes. The digest generated once a day. 5. How do I subscribe to the digest? To subscribe to the digest join the list normally (see section 0.2.1) and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message body of: SET SF-NEWS DIGEST 6. How do I unsubscribe from the digest? To turn the digest off send a message to LISTSERV with a message body of: SET SF-NEWS NODIGEST If you want to unsubscribe from the list completely follow the instructions of section 0.2.2 next. 7. I seem to not be able to unsubscribe. What is going on? You are probably subscribed from a different address than that from which you are sending commands to LISTSERV from. Either send email from the appropiate address or email the moderator to be unsubscribed manually.