|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Network Computing and The SANS Institute (sans+ZZ70239645506814681
sans.org)Date: Thu May 17 2001 - 15:56:39 CDT
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 097 (01.20)
Thursday, May 17, 2001
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below you
should find information pertaining only to the categories you requested.
If you have any problems or questions, please e-mail us at
<consensusnwc.com>.
----------------------------------------------------------------------
*** Sponsored by Internet Security Systems (ISS) ***
If you're searching for the right Security Services Partner, it's time
to evaluate your options. Download this ** FREE ** white paper from
leading market research firm Aberdeen, and learn about your choices in
Managed Intrusion Protection Solutions!
http://www.iss.net/mktg/sac51701/
----------------------------------------------------------------------
Monday left us with a Unicode vulnerability variant in IIS that once
again will put many servers at risk. If you've fixed the past Unicode
bug, you're still vulnerable. And worse, this bug has been proven to be
actively exploited on the Internet (it was even part of the recent
sadmind/IIS worm). Luckily, Microsoft has released a 'metapatch' for
IIS that acts, for all intents and purposes, like an IIS service pack.
This means if you've fallen behind on your IIS security hot fixes,
you'll be caught up by applying this one patch. More information is in
this issue under item {01.20.012} (in the Windows category). Those who
don't receive Windows items can view the item in the archive
(http://archives.neohapsis.com/archives/sac/).
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{01.20.010} Win - MS01-024: Kerberos service connection drop DoS
{01.20.011} Win - MS01-025: Index server search parameter buffer
overflow
{01.20.012} Win - MS01-026: IIS megapatch (Unicode 2, FTP DoS)
{01.20.016} Win - Jana Web server file retrieval and DoS
{01.20.024} Win - Apache on Windows DoS
{01.20.026} Win - Carello ISAPI application arbitrary command execution
{01.20.027} Win - Becky! large e-mail line buffer overflow
{01.20.029} Win - OmniHTTPd large POST DoS
{01.20.030} Win - NetProwler remote database tampering
{01.20.033} Win - Rumpus FTP server long directory name DoS
{01.20.034} Win - Incredimail file overwrite vulnerability
{01.20.035} Win - Denicomp rexecd/rshd DoS
{01.20.001} Linux - Update {00.56.027}: squid insecure temp file
handling
{01.20.002} Linux - Update {00.27.010}: Remote command execution in ISC
DHCP client
{01.20.003} Linux - Update {00.53.007}: dialog insecure temporary file
creation
{01.20.004} Linux - Update {01.08.021}: Analog ALIAS buffer overflow
{01.20.005} Linux - Update {01.15.001}: ntpd/xntpd control request
parsing buffer overflow
{01.20.006} Linux - Update {01.15.012}: Netscape GIF comment may
contain malicious JavaScript
{01.20.007} Linux - Update {01.17.009}: Nirvana editor (nedit) insecure
temp file handling
{01.20.009} Linux - Update {01.18.014}: gftp format string vulnerability
{01.20.013} Linux - Update {01.19.014}: Zope ZClasses permission
remapping
{01.20.018} Linux - man -S heap overflow
{01.20.020} Linux - Cron EDITOR executes files as root
{01.20.021} Linux - Update {01.19.020}: Format string vulnerabilities
in minicom
{01.20.025} Linux - Update {01.10.021}: Multiple CUPS vulnerabilities
{01.20.014} Sol - Update {01.08.006}: USER_LDT allows call gates to
execute protected kernel code
{01.20.015} SGI - rpc.espd remote buffer overflow
{01.20.019} NApps - 3Com OfficeConnect DSL router Web server
vulnerability
{01.20.023} NApps - Cisco BGP unknown attribute DoS
{01.20.008} Cross - Update {01.17.001}: Samba insecure temp file
handling
{01.20.017} Cross - PHProjekt reverse directory traversal
{01.20.028} Cross - iPlanet/Netscape Enterprise publishing extensions
buffer overflow
{01.20.031} Cross - DCForum user registration grants admin privileges
{01.20.032} Cross - PHPSlash admins can read arbitrary files
{01.20.022} Tools - HP releases Security Patch Check Tool for HP-UX
- --- Windows News -------------------------------------------------------
*** {01.20.010} Win - MS01-024: Kerberos service connection drop DoS
Microsoft has released MS01-024 ("Kerberos service connection drop
DoS"). The Kerberos service running on Windows 2000 domain controllers
contains a denial of service that allows a remote attacker to cause the
domain controller to become unresponsive by simply connecting to and
then immediately disconnecting from the Kerberos service.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-024.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0029.html
*** {01.20.011} Win - MS01-025: Index server search parameter buffer
overflow
Microsoft has released MS01-025 ("Index server search parameter buffer
overflow"). A vulnerability in the handling of the search query
parameter by Index Server version 2.0 results in a buffer overflow that
allows remote attackers to execute arbitrary code. The patch also fixes
a file disclosure bug that is similar to the 'malformed hit
highlighting' bug previously reported ({00.05.002}).
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-025.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0034.html
*** {01.20.012} Win - MS01-026: IIS megapatch (Unicode 2, FTP DoS)
Microsoft has released MS01-026 ("IIS megapatch (Unicode 2, FTP DoS)").
The Internet Information Server "megapatch" contains all the security
hot fixes to date for IIS 4.0 and 5.0 (you can think of it as a service
pack exclusively for IIS). It also corrects three new vulnerabilities:
a variant of Unicode that allows remote attackers to execute commands;
a denial of service in the FTP server's globbing support that causes
IIS to completely crash; and a bug that allows an attacker to
potentially log into FTP via Guest accounts.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q2/0035.html
*** {01.20.016} Win - Jana Web server file retrieval and DoS
Jana Web server versions 1.46 and prior contain a vulnerability that
allows a remote attacker to view arbitrary files outside the Web root
by using a URL-encoded form of the reverse directory traversal ('..')
notation in an HTTP request. Jana Web server also has a denial of
service that causes the server to become unresponsive when an attacker
makes an HTTP request for a DOS device.
The advisory indicates vendor confirmation and says that the
vulnerability will be fixed in the next version.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
*** {01.20.024} Win - Apache on Windows DoS
Apache has released an updated version of Apache 1.3.19 for Windows
users to fix a bug that would allow a remote attacker to crash the
service.
This vulnerability has been confirmed. Updated binaries are available
at:
http://www.apache.org/dist/httpd/patches/apply_to_1.3.19/win32/
Source: Apache
http://archives.neohapsis.com/archives/apache/2001/0009.html
*** {01.20.026} Win - Carello ISAPI application arbitrary command
execution
The Carello e-commerce ISAPI application for IIS, version 1.2.1,
contains a vulnerability that allows a remote attacker to execute
arbitrary commands under the privileges of the Web server.
This vulnerability has not been confirmed. No patches have been made
available.
Source: Win2KSecurityAdvice
http://archives.neohapsis.com/archives/win2ksecadvice/2001-q2/0057.html
*** {01.20.027} Win - Becky! large e-mail line buffer overflow
The Becky! mail server version 2.00.05 contains a buffer overflow in
the handling of e-mail messages with large lines. It's possible for a
malicious attacker to cause the mail service to execute arbitrary code.
The vendor has confirmed this vulnerability and released version
2.00.06, which is available at:
http://www.rimarts.co.jp/becky.htm
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html
*** {01.20.029} Win - OmniHTTPd large POST DoS
OmniHTTPd Web server version 2.08 has been found to crash when sent a
large POST request by a remote attacker.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html
*** {01.20.030} Win - NetProwler remote database tampering
NetProwler version 3.5.x uses an included MySQL database for storing
IDS information. As it turns out, the database uses a default password
and is accessible to remote users. This means it's possible for a remote
attacker to access the database and either tamper with the IDS data or
delete database tables causing a denial of service.
The vendor has confirmed this vulnerability and recommends configuration
changes. Please see:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0130.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0097.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0098.html
*** {01.20.033} Win - Rumpus FTP server long directory name DoS
Rumpus FTP server versions 1.3.3 and prior contain a denial of service
that causes the service (and potentially the whole system) to crash when
a remote user creates a directory with more than 64 characters.
The vendor has confirmed this vulnerability and released version 1.3.4.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0121.html
*** {01.20.034} Win - Incredimail file overwrite vulnerability
Incredimail e-mail client build 1400185 contains a vulnerability that
allows malicious e-mails to overwrite arbitrary files on the user's
system by creating a Trojan skin/theme for Incredimail, which is
downloaded automatically.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0078.html
*** {01.20.035} Win - Denicomp rexecd/rshd DoS
The Denicomp rexecd and rshd services, versions 1.05.00 and 2.18.00
respectively, contain a denial of service whereby a remote attacker
connects to either service, sends a large amount of random data and then
disconnects. This causes the service to crash.
The advisory indicates vendor confirmation. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0071.html
- --- Linux News ---------------------------------------------------------
*** {01.20.001} Linux - Update {00.56.027}: squid insecure temp file
handling
TurboLinux has released updated squid packages to fix the vulnerability
discussed in {00.56.027} ("squid insecure temp file handling").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2
/0005.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0005.html
*** {01.20.002} Linux - Update {00.27.010}: Remote command execution in
ISC DHCP client
TurboLinux has released updated dhcpd packages to fix the vulnerability
discussed in {00.27.010} ("Remote command execution in ISC DHCP
client").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0006.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0006.html
*** {01.20.003} Linux - Update {00.53.007}: dialog insecure temporary
file creation
TurboLinux has released updated dialog packages to fix the vulnerability
discussed in {00.53.007} ("Dialog insecure temporary file creation").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0008.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0008.html
*** {01.20.004} Linux - Update {01.08.021}: Analog ALIAS buffer overflow
TurboLinux has released updated analog packages to fix the vulnerability
discussed in {01.08.021} ("Analog ALIAS buffer overflow").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0009.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0009.html
*** {01.20.005} Linux - Update {01.15.001}: ntpd/xntpd control request
parsing buffer overflow
TurboLinux has released updated xntpd packages to fix the vulnerability
discussed in {01.15.001} ("ntpd/xntpd control request parsing buffer
overflow").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0011.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0011.html
*** {01.20.006} Linux - Update {01.15.012}: Netscape GIF comment may
contain malicious JavaScript
TurboLinux has released updated Netscape packages to fix the
vulnerability discussed in {01.15.012} ("Netscape GIF comment may
contain malicious JavaScript").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0012.html
Source: TurboLinux
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q2/
0012.html
*** {01.20.007} Linux - Update {01.17.009}: Nirvana editor (nedit)
insecure temp file handling
RedHat has released updated nedit packages to fix the vulnerability
discussed in {01.17.009} ("Nirvana editor (nedit) insecure temp file
handling").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0066.html
Source: RedHat
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0066.html
*** {01.20.009} Linux - Update {01.18.014}: gftp format string
vulnerability
Debian and Progeny have released updated gftp packages to fix the
vulnerability discussed in {01.18.014} ("gftp format string
vulnerability").
Updated Progeny DEBs:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0062.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/vendor/2001-q2/0028.html
Source: Progeny, Debian (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-05/0062.html
http://archives.neohapsis.com/archives/vendor/2001-q2/0028.html
*** {01.20.013} Linux - Update {01.19.014}: Zope ZClasses permission
remapping
RedHat and Mandrake have released updated Zope packages to fix the
vulnerability discussed in {01.19.014} ("Zope ZClasses permission
remapping").
Updated RedHat RPMs:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0105.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0080.html
Source: RedHat, Mandrake (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-05/0105.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0080.html
*** {01.20.018} Linux - man -S heap overflow
The -S parameter of the man application has been found to contain a heap
overflow that allows a local attacker to gain gid 'man.'
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html
*** {01.20.020} Linux - Cron EDITOR executes files as root
A patch for the cron security problem discussed in {00.44.011} does not
fix the problem completely. It's still possible to execute external
commands as root, given certain conditions.
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2001-q2/0847.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/vendor/2001-q2/0025.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0082.html
Source: SuSE, Debian, Mandrake (SF Bugtraq)
http://archives.neohapsis.com/archives/linux/suse/2001-q2/0847.html
http://archives.neohapsis.com/archives/vendor/2001-q2/0025.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0082.html
*** {01.20.021} Linux - Update {01.19.020}: Format string
vulnerabilities in minicom
Caldera has released updated minicom packages to fix the vulnerability
discussed in {01.19.020} ("Format string vulnerabilities in minicom").
Updated Caldera RPMs:
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0005.html
Source: Caldera
http://archives.neohapsis.com/archives/linux/caldera/2001-q2/0005.html
*** {01.20.025} Linux - Update {01.10.021}: Multiple CUPS
vulnerabilities
Mandrake has released updated cups packages to fix the vulnerability
discussed in {01.10.021} ("Multiple CUPS vulnerabilities").
Updated RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0081.html
Source: Mandrake (SF Bugtraq)
http://archives.neohapsis.com/archives/bugtraq/2001-05/0081.html
- --- Solaris News -------------------------------------------------------
*** {01.20.014} Sol - Update {01.08.006}: USER_LDT allows call gates to
execute protected kernel code
Sun has released patches for the vulnerability discussed in {01.08.006}
("USER_LDT allows call gates to execute protected kernel code"). The
vulnerability only affects x86 platforms.
The following patches are available:
Solaris 8: 108529-07
Solaris 7: 106542-16
Source: Sun
http://archives.neohapsis.com/archives/vendor/2001-q2/0038.html
- --- SGI News -----------------------------------------------------------
*** {01.20.015} SGI - rpc.espd remote buffer overflow
SGI has released an advisory and patch for a remote buffer overflow
found within rpc.espd. The vulnerability allows a remote attacker to
execute arbitrary code as root.
SGI has released patch 4123 for Irix 6.5.7 and 6.5.8.
Source: SGI
http://archives.neohapsis.com/archives/vendor/2001-q2/0032.html
- --- Network Appliances News --------------------------------------------
*** {01.20.019} NApps - 3Com OfficeConnect DSL router Web server
vulnerability
Two reports indicate that the 3Com OfficeConnect Remote 840 and 812 DSL
routers will crash when a malformed request is sent to the built-in HTTP
server.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0115.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0129.html
*** {01.20.023} NApps - Cisco BGP unknown attribute DoS
Cisco has released an advisory indicating a denial of service in Cisco
IOS found on various routers. The vulnerability causes an affected
device to crash when it receives a BGP packet with an unknown attribute.
This vulnerability has been confirmed by Cisco. For a complete list of
vulnerable IOS versions, devices and upgrade information, please go to:
http://archives.neohapsis.com/archives/cisco/2001-q2/0001.html
Source: Cisco
http://archives.neohapsis.com/archives/cisco/2001-q2/0001.html
- --- Cross-Platform News ------------------------------------------------
*** {01.20.008} Cross - Update {01.17.001}: Samba insecure temp file
handling
The Samba team has released version 2.0.9, which contains a (working)
fix for the vulnerability supposedly fixed in 2.0.8 (the vulnerability
was discussed in {01.17.001} "Samba insecure temp file handling").
Those of you running version 2.0.8 are still vulnerable and need to
update to version 2.0.9.
Version 2.0.9 source code is available at:
ftp://ftp.samba.org/pub/samba/samba-2.0.9.tar.gz
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0039.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/vendor/2001-q2/0030.html
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/
0005.html
Source: Immunix, Debian, Conectiva, SF Bugtraq
http://archives.neohapsis.com/archives/linux/immunix/2001-q2/0039.html
http://archives.neohapsis.com/archives/vendor/2001-q2/0030.html
http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/
0005.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0061.html
*** {01.20.017} Cross - PHProjekt reverse directory traversal
PHProjekt versions 2.1 and prior contain a file disclosure vulnerability
that allows a remote attacker to view files outside the Web root by
using reverse directory traversal ('..') notation in a URL request.
This vulnerability has been confirmed, and an updated version is
available at:
http://www.phprojekt.com/download/patch-2.1.tar.gz
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0085.html
*** {01.20.028} Cross - iPlanet/Netscape Enterprise publishing
extensions buffer overflow
The iPlanet/Netscape Enterprise server version 4.1 contains a buffer
overflow in the handling of HTTP requests to various publishing
extensions. This results in a remote attacker's ability to run arbitrary
code on the system.
The vendor has confirmed the vulnerability and released a fix, which is
available at:
http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0132.html
*** {01.20.031} Cross - DCForum user registration grants admin
privileges
The DCForum CGI application has been found to allow remote attackers to
grant themselves admin privileges by submitting a specific malformed
user registration request.
This vulnerability has not been confirmed. No patches have been made
available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html
*** {01.20.032} Cross - PHPSlash admins can read arbitrary files
PHPSlash version 0.6.1 allows users with admin privileges to read files
readable by the Web server using the blocks configuration menus.
This vulnerability has not been confirmed. The reference URL below
includes a potential source code fix for the problem.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html
- --- Tool Announcements News --------------------------------------------
*** {01.20.022} Tools - HP releases Security Patch Check Tool for HP-UX
HP has released a Security Patch Check Tool for keeping track of and
checking for installed security patches on HP-UX. It's written in Perl.
The tool can be downloaded freely at:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
displayProductInfo.pl?productNumber=B6834AA
Source: HP
http://archives.neohapsis.com/archives/hp/2001-q2/0029.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE7BDkC+LUG5KFpTkYRArdvAJ0eX0+PrYt0rlnzyLxA5UmexFpsRACeJcs4
9/J6KzgM9ruqbBP27aCzgpU=
=Ts9k
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
*** Sponsored by Internet Security Systems (ISS) ***
If you're searching for the right Security Services Partner, it's time
to evaluate your options. Download this ** FREE ** white paper from
leading market research firm Aberdeen, and learn about your choices in
Managed Intrusion Protection Solutions!
http://www.iss.net/mktg/sac51701/
----------------------------------------------------------------------
Become a Security Alert Consensus member! If this e-mail was passed to
you and you would like to begin receiving our security e-mail newsletter
on a weekly basis, we invite you to subscribe today.
http://www.networkcomputing.com/consensus/.
We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at:
http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46 and
can be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information, we will
no longer include personal URLs in our Consensus newsletter mailings.
Instead, we have created a new form (http://www.sans.org/sansurl). On
this form you can enter the SD number located near your name at the top
of the newsletter. When you submit this form, an e-mail containing a
URL will be sent to you at the e-mail address on record. With this URL
you can make changes to your account (edit the content of your Consensus
mailing, for example) without endangering the security of your personal
URL. If you'd like to change your e-mail address or other information,
or unsubscribe to this newsletter, please visit your new URL as
described above. If you have any problems or questions, e-mail us at
<consensusnwc.com>.
Missed an issue? You can find all back issues of Security Alert
Consensus (and Security Express) online.
http://archives.neohapsis.com/
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2001 Network Computing, a CMP Media LLC publication. All
Rights Reserved. Distributed by Network Computing
(http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]