OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Network Computing and The SANS Institute (sanssans.org)
Date: Thu Mar 01 2001 - 13:14:38 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


    Re: Your personalized newsletter

                          -- Security Alert Consensus --
                                 Number 086 (00.62)
                            Thursday, March 1, 2001
                                 Created for you by
                    Network Computing and the SANS Institute
                              Powered by Neohapsis

    ----------------------------------------------------------------------

    Welcome to the latest edition of Security Alert Consensus! Below you
    should find information pertaining only to the categories you requested.
    If you have any problems or questions, please e-mail us at
    <consensusnwc.com>.

    ----------------------------------------------------------------------

    ----------------------------------------------------------------------

    Over the past few days we've received numerous queries about last week's
    commentary on the Anna Kournijova virus. We'd like to clear the air by
    stating that although our comments were not meant as product
    endorsements, the SANS GIAC (Global Incident Analysis Center, one of
    our sister efforts) did field numerous reports concerning antivirus
    vendors' responses, and the lack there of. On the Monday the "Anna"
    virus hit most organizations, it became obvious that some antivirus
    vendors were prepared, some were not and worse, some claimed they were,
    but still failed to catch the culprit. In short, we were simply trying
    to reiterate what many of you wrote in and told us.

    In other news, there was an interesting thread on the Security Focus'
    BUGTRAQ mailing list last week concerning the use and abuse of SNMP.
    The authors posted a number of interesting brute-forcing tools, and made
    further comment on the potentially dangerous abuses of SNMP. Readers
    are reminded that not only are there myriad security concerns
    surrounding the use of SNMP, but if organizations are forced to use it
    they should try to limit its accessibility. If possible, organizations
    forced to use SNMP should look to limit its use to Read-Only (RO) and
    implement proper ACLs (access control lists) on infrastructure devices
    to limit its exposure.

    The thread can be found at the following URL, if anyone is interested
    in reading more:
    http://archives.neohapsis.com/archives/bugtraq/2000-02/0152.html

    Until next week,
    - Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {01.09.016} Win - MS01-012: Outlook (Express) vcard handler contains
                unchecked buffer
    {01.09.017} Win - MS01-013: Windows 2000 Event Viewer contains
                unchecked buffer
    {01.09.019} Win - My Getright file download/custom skin vulnerabilities
    {01.09.021} Win - MERCUR SMTP server EXPN command buffer overflow
    {01.09.023} Win - Windows driver DbgPrint() format string potential
                insecurities
    {01.09.024} Win - SEDUM HTTP server large URL DoS
    {01.09.006} Linux - Update {01.08.021}: Analog ALIAS buffer overflow
    {01.09.007} Linux - Update {00.42.011}: lpr remote syslog format bug
    {01.09.008} Linux - Update {00.45.019}: Dump executes arbitrary
                commands as root
    {01.09.009} Linux - Update {00.43.003}: PHP logging format bug overflow
    {01.09.012} Linux - Discontinued support for old SuSE distributions
    {01.09.022} Linux - Update {00.51.014}: apcupsd world writable
                /var/run/apcupsd.pid file
    {01.09.027} Linux - Update {00.54.001}: Sendmail 8.11.2 released
    {01.09.025} HPUX - Update {00.53.028}: kermit buffer overflow
    {01.09.028} NApps - APC HTTP/SNMP/telnet connection timeout DoS
    {01.09.029} NApps - Nortel CES switch DES key-length downgrade
    {01.09.001} Other - Update {00.50.003}: Sun Java runtime environment
                allows untrusted calls between classes
    {01.09.002} Other - MPE/ix linkeditor grants administration capabilities
    {01.09.003} Other - MPE/ix NM debug breakpoint mishandling/privilege
                elevation
    {01.09.011} Other - Update {01.05.022}: inetd open socket DoS
    {01.09.004} Cross - Update {01.08.007}: Vixie cron long user name
                buffer overflow
    {01.09.005} Cross - Sudo command line parameter buffer overflow
    {01.09.010} Cross - Update {01.05.001}: Multiple Bind buffer overflows
                (TSIG/infoleak)
    {01.09.013} Cross - Chili!Soft ASP default admin account/sample
                scripts/improper file permissions
    {01.09.014} Cross - Sun JRE unauthorized command execution
    {01.09.015} Cross - Infopop UBB IMG tag embedded JavaScript and
                authentication bypass
    {01.09.018} Cross - FirstClass InternetGateway local address spoofing
    {01.09.020} Cross - PHP-Nuke file disclosure/authentication bypass
    {01.09.026} Cross - Multiple Zope vulnerabilities

    - --- Windows News -------------------------------------------------------

    *** {01.09.016} Win - MS01-012: Outlook (Express) vcard handler
                    contains unchecked buffer

    Microsoft has released MS01-012 ("Outlook (Express) vcard handler
    contains unchecked buffer"). Outlook and Outlook Express contain a
    buffer overflow when a user attempts to import a maliciously crafted
    vcard attachment. The buffer overflow can be used to execute arbitrary
    code on a user's system.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS01-012.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/vendor/2001-q1/0055.html

    *** {01.09.017} Win - MS01-013: Windows 2000 Event Viewer contains
                    unchecked buffer

    Microsoft has released MS01-013 ("Windows 2000 Event Viewer contains
    unchecked buffer"). There is an exploitable buffer overflow in the
    handling of event records when viewed with the Event Viewer. Since
    unprivileged applications can log events to the System and Application
    logs, it's possible for an attacker to insert an event record into the
    log that executes arbitrary code under the privileges of the person who
    later views that event record.

    Windows 2000 is affected.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS01-013.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/vendor/2001-q1/0057.html

    *** {01.09.019} Win - My Getright file download/custom skin
                    vulnerabilities

    The My Getright application, version 1.0, contains two vulnerabilities
    that allow a malicious Web site to crash the My Getright application
    and possibly to force the download of files to arbitrary locations on
    a user's hard drive, possibly overwriting files in the process.

    The vendor has confirmed the vulnerability and released version 1.0b,
    which contains the fixes. It can be downloaded at:
    http://www.mygetright.com/

    Source: Win2KSecurityAdvice
    http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0080.html

    *** {01.09.021} Win - MERCUR SMTP server EXPN command buffer overflow

    MERCUR SMTP server version 3.30.3.0 contains a remotely exploitable
    buffer overflow in the handling of the EXPN command, which allows an
    attacker to execute arbitrary code.

    This vulnerability has not been confirmed, but an exploit has been
    published.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html

    *** {01.09.023} Win - Windows driver DbgPrint() format string potential
                    insecurities

    An advisory was released detailing potential problems in Windows drivers
    calling the DbgPrint() command. It may be possible to perform a format
    string attack on the drivers, allowing a local attacker to execute code
    under local system privileges.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0379.html

    *** {01.09.024} Win - SEDUM HTTP server large URL DoS

    SEDUM HTTP server version 2.1 has been found to contain a denial of
    service. It's possible for a remote attacker to send an overly long URL
    request, which will cause the service to crash.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0419.html

    - --- Linux News ---------------------------------------------------------

    *** {01.09.006} Linux - Update {01.08.021}: Analog ALIAS buffer overflow

    RedHat has released updated packages to fix the vulnerability discussed
    in {01.08.021} ("Analog ALIAS buffer overflow").

    Updated RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html

    Source: RedHat
    http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html

    *** {01.09.007} Linux - Update {00.42.011}: lpr remote syslog format bug

    Immunix has released updated lpr packages to fix the vulnerability
    discussed in {00.42.011} ("lpr remote syslog format bug").

    Updated RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0069.html

    Source: Immunix
    http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0069.html

    *** {01.09.008} Linux - Update {00.45.019}: Dump executes arbitrary
                    commands as root

    Immunix has released updated dump packages to fix the vulnerability
    discussed in {00.45.019} ("Dump executes arbitrary commands as root").

    Updated RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0069.html

    Source: Immunix
    http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0069.html

    *** {01.09.009} Linux - Update {00.43.003}: PHP logging format bug
                    overflow

    Immunix has released updated PHP packages to fix the vulnerability
    discussed in {00.43.003} ("PHP logging format bug overflow").

    Updated RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0069.html

    Source: Immunix
    http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0069.html

    *** {01.09.012} Linux - Discontinued support for old SuSE distributions

    SuSE has officially closed support for SuSE distribution versions 6.0,
    6.1 and 6.2. Versions 6.3, 6.4, 7.0 and 7.1 will still be supported.
    Users of discontinued distributions should consider upgrading, since
    security patches will no longer be released for the discontinued
    versions.

    Source: SuSE
    http://archives.neohapsis.com/archives/linux/suse/2001-q1/1064.html

    *** {01.09.022} Linux - Update {00.51.014}: apcupsd world writable
                    /var/run/apcupsd.pid file

    Mandrake has released an updated cups package to fix the vulnerability
    discussed in {00.51.014} ("apcupsd world writable /var/run/apcupsd.pid
    file").

    Updated RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/mandrake/2001-q1/0070.html

    Source: Mandrake
    http://archives.neohapsis.com/archives/linux/mandrake/2001-q1/0070.html

    *** {01.09.027} Linux - Update {00.54.001}: Sendmail 8.11.2 released

    TurboLinux has released an updated Sendmail package to fix the various
    general problems discussed in {00.54.001} ("Sendmail 8.11.2 released").

    Update RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/
    0006.html

    Source: TurboLinux
    http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/
    0006.html

    - --- HP-UX News ---------------------------------------------------------

    *** {01.09.025} HPUX - Update {00.53.028}: kermit buffer overflow

    HP bundled the wrong version of kermit into the patches meant to fix
    the vulnerability discussed in {00.53.028} ("kermit buffer overflow").
    It has re-released correct versions of the patches:

    HP-UX 10.20: PHCO_23319
    HP-UX 10.10: PHCO_23320
    HP-UX 10.01: PHCO_23321

    Source: HP
    http://archives.neohapsis.com/archives/hp/2001-q1/0060.html

    - --- Network Appliances News --------------------------------------------

    *** {01.09.028} NApps - APC HTTP/SNMP/telnet connection timeout DoS

    APC's network management card (used in Symmetra and other APC products)
    contains a denial of service in the handling of failed logins--three
    incorrect logins cause the services to temporarily timeout and become
    unavailable. It's possible for a malicious attacker to induce this
    behavior, causing the management features to become unavailable.

    The advisory indicates vendor confirmation. No fixes have been made
    available.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html

    *** {01.09.029} NApps - Nortel CES switch DES key-length downgrade

    Nortel's Contivity Extranet Switch (CES) contains a vulnerability
    whereby the ISAKMP agent negotiates 3DES VPN connections using only
    single DES to exchange keys, regardless of encryption security level
    setting. This means the VPN is only as strong as single DES, which is
    considered weak by today's standards.

    Nortel has confirmed the problem and released CES software version 3.50
    and Extranet Client Access software version 2.62, which fix the problem.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0439.html

    - --- Other News ---------------------------------------------------------

    *** {01.09.001} Other - Update {00.50.003}: Sun Java runtime
                    environment allows untrusted calls between classes

    HP has released updated JRE patches for MPE/ix to fix the vulnerability
    discussed in {00.50.003} ("Sun Java runtime environment allows untrusted
    calls between classes").

    MPE/ix releases 6.0, 6.5 and 7.0 should update to JDK 1.2.2, which is
    available at:
    http://jazz.external.hp.com/src/java/jdks/JDK1.2.2.html

    Source: HP
    http://archives.neohapsis.com/archives/hp/2001-q1/0050.html

    *** {01.09.002} Other - MPE/ix linkeditor grants administration
                    capabilities

    HP has released patches for MPE/ix releases 5.5, 6.0 and 6.5, which
    allow a local user to potentially gain administrative capabilities
    normally limited to a system administrator.

    The vendor has confirmed this vulnerability.

    HP has released the following patches:
    MPE/iX 6.5: LNKLXG1A
    MPE/iX 6.0: LNKLXG1B
    MPE/iX 5.5: LNKLXG1C

    Source: HP
    http://archives.neohapsis.com/archives/hp/2001-q1/0050.html

    *** {01.09.003} Other - MPE/ix NM debug breakpoint
                    mishandling/privilege elevation

    HP has released patches for MPE/ix 5.5, 6.0 and 6.5 to fix a
    vulnerability in NM debug. The vulnerability allows local users to
    elevate their privileges due to the mishandling of breakpoints.

    The vendor has confirmed this vulnerability.

    HP has released the following patches:
    MPE/iX 5.5: MPELX89D
    MPE/iX 6.0: MPELX89E
    MPE/iX 6.5: MPELX89F

    Source: HP
    http://archives.neohapsis.com/archives/hp/2001-q1/0050.html

    *** {01.09.011} Other - Update {01.05.022}: inetd open socket DoS

    Compaq has released a patch for Tru64 release 5.1 to fix the
    vulnerability discussed in {01.05.022} ("inetd open socket DoS").

    Those needing the patch will have to contact Compaq support and request
    patch SSRT0708U.

    Source: Compaq
    http://archives.neohapsis.com/archives/compaq/2001-q1/0071.html

    - --- Cross-Platform News ------------------------------------------------

    *** {01.09.004} Cross - Update {01.08.007}: Vixie cron long user name
                    buffer overflow

    Mandrake has released updated vixie-cron packages to fix the
    vulnerability discussed in {01.08.007} ("Vixie cron long user name
    buffer overflow"). HP has also released updated cron patches, which the
    Security Alert Consensus staff believes may correct the mentioned
    vulnerability (HP hasn't indicate whether the vulnerability has been
    fixed).

    Updated Mandrake RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/mandrake/2001-q1/
    0064.html

    Updated HP-UX cron patches:
    HP-UX 10.20: PHCO_22768
    HP-UX 11.00: PHCO_22767

    Source: Mandrake, HP
    http://archives.neohapsis.com/archives/linux/mandrake/2001-q1/0064.html
    http://archives.neohapsis.com/archives/hp/2001-q1/0054.html
    http://archives.neohapsis.com/archives/hp/2001-q1/0055.html

    *** {01.09.005} Cross - Sudo command line parameter buffer overflow

    Sudo versions prior to 1.6.3p6 contain a buffer overflow in the handling
    of long command line parameters. It is unknown at this time whether it
    is possible to execute arbitrary code.

    The vendor has confirmed this vulnerability.

    Locations for download are listed at:
    http://www.courtesan.com/sudo/

    Updated Conectiva RPMs:
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q1/
    0012.html

    Updated Trustix RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html

    Updated Mandrake RPMs:
    http://archives.neohapsis.com/archives/linux/mandrake/2001-q1/
    0073.html

    Updated Slackware tarballs:
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html

    Updated Immunix RPMs:
    http://archives.neohapsis.com/archives/linux/immunix/2001-q1/
    0070.html

    Available OpenBSD patches:
    http://archives.neohapsis.com/archives/openbsd/2001-02/2539.html

    FreeBSD ports collection as of February 22, 2001, contains an updated
    version.

    Source: Conectiva, Trustix, Mandrake, Slackware, Immunix, OpenBSD,
    FreeBSD, SF Bugtraq
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q1/
    0012.html
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html
    http://archives.neohapsis.com/archives/linux/mandrake/2001-q1/
    0073.html
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html
    http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0070.html
    http://archives.neohapsis.com/archives/openbsd/2001-02/2539.html
    http://archives.neohapsis.com/archives/freebsd/2001-02/0501.html

    *** {01.09.010} Cross - Update {01.05.001}: Multiple Bind buffer
                    overflows (TSIG/infoleak)

    Compaq and TurboLinux have released updated bind packages to fix the
    vulnerability discussed in {01.05.001} ("Multiple Bind buffer overflows
    (TSIG/infoleak)").

    A complete list of released Compaq Tru64 patches is available at:
    http://archives.neohapsis.com/archives/compaq/2001-q1/0074.html

    Updated TurboLinux RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/
    0005.html

    Source: Compaq, TurboLinux
    http://archives.neohapsis.com/archives/compaq/2001-q1/0074.html
    http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/
    0005.html

    *** {01.09.013} Cross - Chili!Soft ASP default admin account/sample
                    scripts/improper file permissions

    Chili!Soft ASP version 3.5.2 (and possibly prior) contains multiple
    vulnerabilities. First, a default administrative account with static
    password is created. This could allow a remote attacker to administer
    the application if the account password wasn't changed or
    removed/disabled. Next, there is a particular sample script,
    codebrws.asp, which allows a remote attacker to view the source of files
    readable by the Web server. Lastly, various configuration files are
    created world-readable; these configuration files could hold ODBC
    authentication information.

    The vendor has confirmed all of the above problems and offered
    workarounds, which are listed at the URLs referenced below.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html

    *** {01.09.014} Cross - Sun JRE unauthorized command execution

    Sun has released updated versions of its Java Development Kit (JDK),
    which have been found to contain a vulnerability that would allow
    unauthorized commands to be executed. JDK versions 1.2.2_005(a) and
    prior are vulnerable.

    The vendor has confirmed this vulnerability.

    A list of updated JDK versions available for download are listed at:
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0383.html

    Source: Sun (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0383.html

    *** {01.09.015} Cross - Infopop UBB IMG tag embedded JavaScript and
                    authentication bypass

    A vulnerability has been found in Infopop's Ultimate Bulletin Board
    prior to version 5.47e. The vulnerability allows a malicious user to
    embed JavaScript in an IMG tag, which could then possibly be used to
    gain access to authentication information stored in a user's cookie.
    Version 6.0 beta 7.8 also does not properly check authentication
    credentials. This allows a malicious user with a valid UBB account to
    assume the identity of any other user, including the administrator.

    The vendor has confirmed both problems. The first problem has been fixed
    in version 5.47e. The second problem, which only appears in the 6.0 beta
    series, has been fixed in 6.0 beta 7.9. All versions are available for
    download at: http://www.infopop.com/

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0384.html
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0388.html
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0390.html
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0411.html

    *** {01.09.018} Cross - FirstClass InternetGateway local address
                    spoofing

    FirstClass InternetGateway version 5.50 does not properly disallow the
    spoofing of local e-mail addresses, allowing an outside attacker to
    compose an e-mail that appears to originate from an arbitrary internal
    user.

    The vendor has confirmed the problem and will fix it in the upcoming
    release.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html

    *** {01.09.020} Cross - PHP-Nuke file disclosure/authentication bypass

    A vulnerability has been found in PHP-Nuke version 4.4. that allows a
    remote attacker to view arbitrary files (readable by the Web server) on
    the system by sending a particular malformed URL parameter. The advisory
    also indicates that it's possible to gain administrative privileges to
    the application.

    The vendor has confirmed this vulnerability and released version 4.4.1.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html

    *** {01.09.026} Cross - Multiple Zope vulnerabilities

    Zope has released a hotfix to correct multiple vulnerabilities found in
    Zope versions 2.3.1b1 and prior. The vulnerabilities allow a user with
    through-the-Web scripting capabilities to possibly modify Zclass
    instances. There is also a problem with the return values of
    ObjectManager, PropertyManager and PropertySheet class methods.

    The hotfix is available at:
    http://www.zope.org/

    RedHat has released updated RPMs:
    http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0059.html

    Mandrake has released updated RPMs:
    http://archives.neohapsis.com/archives/linux/mandrake/2001-q1/0074.html

    Source: RedHat, Mandrake
    http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0059.html
    http://archives.neohapsis.com/archives/linux/mandrake/2001-q1/0074.html

    ************************************************************************

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (BSD/OS)
    Comment: For info see http://www.gnupg.org

    iD8DBQE6npy1+LUG5KFpTkYRAjeKAJ430auWjkSOkkTkZymLJGk1ULOm2gCfVCiW
    BzH+U4C5JfhbK8kZWLCB3us=
    =ONfg
    -----END PGP SIGNATURE-----
    ------------------------------------------------------------------------

    ----------------------------------------------------------------------

    Become a Security Alert Consensus member! If this e-mail was passed to
    you and you would like to begin receiving our security e-mail newsletter
    on a weekly basis, we invite you to subscribe today at:
    http://www.networkcomputing.com/consensus/.

    We are signing the Consensus newsletter with PGP. The new SANS PGP key
    is posted at:
    http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46 and
    can be accessed from the SANS Web site: http://www.sans.org.

    Special Note: To better secure your confidential information, we will
    no longer include personal URLs in our Consensus newsletter mailings.
    Instead, we have created a new form, located at:
    http://www.sans.org/sansurl. On this form you can enter the SD number
    located near your name at the top of the newsletter. When you submit
    this form, an e-mail containing a URL will be sent to you at the e-mail
    address on record. With this URL you can make changes to your account
    (edit the content of your Consensus mailing, for example) without
    endangering the security of your personal URL. If you'd like to change
    your e-mail address or other information, or unsubscribe to this
    newsletter, please visit your new URL as described above. If you have
    any problems or questions, e-mail us at <consensusnwc.com>.

    Missed an issue? You can find all back issues of Security Alert
    Consensus (and Security Express) online at:
    http://archives.neohapsis.com/.

    Your opinion counts. We'd like to hear your thoughts on Security Alert
    Consensus. E-mail any questions or comments to <consensusnwc.com>.

    Copyright (c) 2001 CMP Media Inc. A service of Network Computing. All
    Rights Reserved. Distributed by Network Computing
    (http://www.networkcomputing.com) and The SANS Institute
    (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
    security assessment and integration services consulting group
    (infoneohapsis.com | http://www.neohapsis.com/).