OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Network Computing and The SANS Institute (sans+ZZ51349830940325134_at_sans.org)
Date: Thu Nov 07 2002 - 13:27:27 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


    Re: Your personalized newsletter

                     -- Security Alert Consensus --
                           Number 044 (02.44)
                      Thursday, November 7, 2002
                           Created for you by
                Network Computing and the SANS Institute
                          Powered by Neohapsis

    ----------------------------------------------------------------------

    Welcome to the latest edition of Security Alert Consensus! Below
    you should find information pertaining only to the categories you
    requested. Information on how to manage your subscription can be found
    at the bottom of the newsletter. If you have any problems or questions,
    please e-mail us at <consensusnwc.com>.

    ************************* Begin Advertisement ************************

    This issue sponsored by Network Computing's Tech Library and Bitpipe
    Inc.

    How secure are your Web-based applications?

    FREE Internet Security Systems White Paper: Web Application Protection
    - Using Existing Protection Solutions

    This paper highlights emerging threats specific to Web application
    security and provides guidance on effective approaches to Web
    application protection.

    http://techlibrary.networkcomputing.com/data/detail?id=1032958097_44&type=RES&x=1942521078&src=email

    ************************** End Advertisement *************************

    AIX admins will be busy this week; IBM released a batch of new
    security-related APARs. A few new bugs will let local attackers gain
    root privileges.

    Microsoft also released a few patches. This week's IIS cumulative patch
    isn't as critical as ones past, so there's no urgent rush to apply it
    (unless you're a Web hosting provider). A patch for the PPTP buffer
    overflow previously reported also was released.

    Until next week,
    --Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {02.44.017} Win - MS02-062: IIS cumulative patch 11/2002
    {02.44.018} Win - MS02-063: PPTP buffer overflow
    {02.44.019} Win - MS02-064: Win2K root folder improper permissions
    {02.44.029} Win - Pablo FTP server multiple format string
                vulnerabilities
    {02.44.031} Win - Xeneo HTTP server percent DoS
    {02.44.009} Linux - Update {01.45.013}: teTeX insecure temp file and
                dvips invocation
    {02.44.010} Linux - Update {02.29.004}: libpng progressive image
                loading overflows
    {02.44.011} Linux - Update {02.39.003}: GNU tar file extraction
                directory traversal
    {02.44.012} Linux - Update {02.43.007}: ypserv memory leak DoS
    {02.44.013} Linux - Update {02.41.008}: heartbeat daemon format string
                overflow
    {02.44.014} Linux - Update {02.42.013}: Apache mod_ssl host name CSS
    {02.44.015} Linux - Update {02.41.012}: syslog-ng macro expansion
                overflow
    {02.44.016} Linux - Update {02.30.003}: chfn /etc/ptmp lockfile
                vulnerability
    {02.44.020} Linux - Update {02.38.013}: Multiple Mozilla 1.0
                vulnerabilities
    {02.44.030} Linux - Update {02.40.013}: Apache host name CSS, ab
                overflow and shared memory vulnerabilities
    {02.44.001} AIX - autofs executable map command execution
    {02.44.002} AIX - Update {02.32.029}: rpc.ttdbserverd _TT_CREATE_FILE()
                heap overflow
    {02.44.003} AIX - Update {02.26.002}: DNS libresolve/resolver buffer
                overflow
    {02.44.004} AIX - Update {02.31.009}: RPC XDR array decoding overflow
    {02.44.005} AIX - dump_smutil.sh insecure temp file handling
    {02.44.006} AIX - nslookup local buffer overflow
    {02.44.007} AIX - AIX ypserv security vulnerability
    {02.44.022} NApps - Iomega NAS A300U multiple vulnerabilities
    {02.44.025} NApps - Linksys BEFSR41 Gozila.cgi DoS
    {02.44.026} NApps - NetScreen SSH DoS
    {02.44.033} NApps - Cisco ONS multiple vulnerabilities
    {02.44.036} Other - Tru64 TruCluster interconnect DoS
    {02.44.008} Cross - Update {02.42.020}: Heimdal kadmind multiple
                vulnerabilities
    {02.44.021} Cross - log2mail message overflow
    {02.44.023} Cross - PHPNuke account manager SQL injection
    {02.44.024} Cross - Prometheus CGI framework code execution
    {02.44.027} Cross - Abuse game -net parameter overflow
    {02.44.028} Cross - ion-p CGI page parameter file retrieval
    {02.44.032} Cross - gBook CGI admin login bypass
    {02.44.034} Cross - Oracle iSQLPlus user name overflow
    {02.44.035} Cross - IPFilter FTP module state tracking vulnerability
    {02.44.037} Cross - Perl Mail::Mailer command execution

    - --- Windows News -------------------------------------------------------

    *** {02.44.017} Win - MS02-062: IIS cumulative patch 11/2002

    Microsoft released MS02-062 ("IIS cumulative patch 10/2002"). The
    cumulative patch fixes four new vulnerabilities: local, out-of-process
    ISAPIs can gain system privileges; a WebDAV request memory exhaustion
    DoS; '.com' file upload bypasses script checking; and cross-site
    scripting in the administrative pages.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-062.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/microsoft/2002-q4/0010.html

    *** {02.44.018} Win - MS02-063: PPTP buffer overflow

    Microsoft released MS02-063 ("PPTP buffer overflow"). This patch
    fixes the vulnerability previously discussed in {02.39.012} ("PPTP
    preauthorization buffer overflow").

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-063.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/microsoft/2002-q4/0009.html

    *** {02.44.019} Win - MS02-064: Win2K root folder improper permissions

    Microsoft released MS02-064 ("Win2K root folder improper
    permissions"). The root drive folder (C:\) in all versions of Windows
    2000 gives 'everyone' full control. Since the root directory is
    automatically in the path under certain situations, this could let
    an attacker place a trojan on the system for execution.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-064.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/microsoft/2002-q4/0008.html

    *** {02.44.029} Win - Pablo FTP server multiple format string
                    vulnerabilities

    Pablo FTP Server versions 1.5 and prior contain format string
    vulnerabilities in the handling of various FTP commands, including the
    login prompt. This could allow a remote attacker to execute arbitrary
    code on the system.

    This vulnerability is confirmed and fixed in version 1.5.1.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html

    *** {02.44.031} Win - Xeneo HTTP server percent DoS

    The Xeneo HTTP server version 2.1.0.0 crashes when an attacker submits
    a URL request ending in a single percent sign ('%'). This leads to
    a denial of service attack.

    This vulnerability is confirmed and fixed in versions 2.1.5 and later.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0058.html

    - --- Linux News ---------------------------------------------------------

    *** {02.44.009} Linux - Update {01.45.013}: teTeX insecure temp file
                    and dvips invocation

    Conectiva released updated teTeX packages, which fix the vulnerability
    discussed in {01.45.013} ("teTeX insecure temp file and dvips
    invocation").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2002-q4/0007.html

    *** {02.44.010} Linux - Update {02.29.004}: libpng progressive image
                    loading overflows

    Conectiva released updated libpng packages, which fix the
    vulnerability discussed in {02.29.004} ("libpng progressive image
    loading overflows").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2002-q4/0008.html

    *** {02.44.011} Linux - Update {02.39.003}: GNU tar file extraction
                    directory traversal

    Conectiva released updated tar packages, which fix the vulnerability
    discussed in {02.39.003} ("GNU tar file extraction directory
    traversal").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2002-q4/0009.html

    *** {02.44.012} Linux - Update {02.43.007}: ypserv memory leak DoS

    Conectiva released updated ypserv packages, which fix the vulnerability
    discussed in {02.43.007} ("ypserv memory leak DoS").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2002-q4/0010.html

    *** {02.44.013} Linux - Update {02.41.008}: heartbeat daemon format
                    string overflow

    Conectiva released updated heartbeat packages, which fix the
    vulnerability discussed in {02.41.008} ("heartbeat daemon format
    string overflow").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2002-q4/0011.html

    *** {02.44.014} Linux - Update {02.42.013}: Apache mod_ssl host name CSS

    Conectiva released updated mod_ssl packages, which fix the
    vulnerability discussed in {02.42.013} ("Apache mod_ssl host name
    CSS").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2002-q4/0012.html

    *** {02.44.015} Linux - Update {02.41.012}: syslog-ng macro expansion
                    overflow

    SuSE released updated syslog-ng packages, which fix the vulnerability
    discussed in {02.41.012} ("syslog-ng macro expansion overflow").

    Updated RPMs are listed at the reference URL below.

    Source: SuSE
    http://archives.neohapsis.com/archives/linux/suse/2002-q4/0469.html

    *** {02.44.016} Linux - Update {02.30.003}: chfn /etc/ptmp lockfile
                    vulnerability

    Caldera released updated util-linux packages, which fix the
    vulnerability discussed in {02.30.003} ("chfn /etc/ptmp lockfile
    vulnerability").

    Updated RPMs are listed at the reference URL below.

    Source: Caldera
    http://archives.neohapsis.com/archives/linux/caldera/2002-q4/0008.html

    *** {02.44.020} Linux - Update {02.38.013}: Multiple Mozilla 1.0
                    vulnerabilities

    Mandrake released updated Mozilla packages, which fix the vulnerability
    discussed in {02.38.013} ("Multiple Mozilla 1.0 vulnerabilities").

    Updated RPMs are listed at the reference URL below.

    Source: Mandrake
    http://archives.neohapsis.com/archives/linux/mandrake/2002-q4/0083.html

    *** {02.44.030} Linux - Update {02.40.013}: Apache host name CSS, ab
                    overflow and shared memory vulnerabilities

    Debian released updated Apache packages, which fix the vulnerabilities
    discussed in {02.40.013} ("Apache host name CSS, ab overflow and
    shared memory vulnerabilities").

    Updated DEBs are listed at the reference URL below.

    Source: Debian
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0487.html
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0496.html

    - --- AIX News -----------------------------------------------------------

    *** {02.44.001} AIX - autofs executable map command execution

    IBM released APAR IY31934, which fixes a vulnerability in
    configurations using autofs and executable maps. The vulnerability
    lets local malicious attackers execute arbitrary commands under
    root privileges.

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

    *** {02.44.002} AIX - Update {02.32.029}: rpc.ttdbserverd
                    _TT_CREATE_FILE() heap overflow

    IBM released APARs IY32368 and IY32792, which fix the vulnerability
    discussed in {02.32.029} ("rpc.ttdbserverd _TT_CREATE_FILE() heap
    overflow") as well as other ttdbserverd vulnerabilities.

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

    *** {02.44.003} AIX - Update {02.26.002}: DNS libresolve/resolver
                    buffer overflow

    IBM released APARs IY32719 and IY34644, which fix the vulnerability
    discussed in {02.26.002} ("DNS libresolve/resolver buffer overflow").

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

    *** {02.44.004} AIX - Update {02.31.009}: RPC XDR array decoding
                    overflow

    IBM released APAR IY34194, which fixes the vulnerability discussed
    in {02.31.009} ("RPC XDR array decoding overflow").

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

    *** {02.44.005} AIX - dump_smutil.sh insecure temp file handling

    The dump_smutil.sh script insecurely handles temporary files, thereby
    allowing a local user to perform a symlink attack.

    IBM confirmed this problem and released APAR IY34617.

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

    *** {02.44.006} AIX - nslookup local buffer overflow

    IBM released APAR IY34670, which fixes a buffer overflow in
    nslookup. Further details were not provided.

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

    *** {02.44.007} AIX - AIX ypserv security vulnerability

    IBM released APAR IY34800, which fixes a 'security hole' in
    ypserv. Details were not provided, but the security hole may be the
    one reported in {02.43.007} ("ypserv memory leak DoS").

    Source: IBM
    http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

    - --- Network Appliances News --------------------------------------------

    *** {02.44.022} NApps - Iomega NAS A300U multiple vulnerabilities

    The Iomega NAS A300U reportedly sends the administrative user
    name/password in the clear to the administrative HTTP service. The
    advisory also notes a few other concerns, which may have security
    impact: inability to turn off the FTP service; plain text LANMAN SMB
    logins are allowed; and the device affects Windows network browsing.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html

    *** {02.44.025} NApps - Linksys BEFSR41 Gozila.cgi DoS

    The Linksys BEFSR41 cable/DSL router crashes when an empty HTTP
    request is made for Gozila.cgi to the built-in administrative Web
    server. Firmware versions prior to 1.42.7 are vulnerable.

    This vulnerability is confirmed and fixed in firmware version 1.42.7.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html

    *** {02.44.026} NApps - NetScreen SSH DoS

    A released advisory indicates that a denial of service exists in the
    various NetScreen devices, which could let a remote attacker cause
    the device to reset.

    The advisory indicates vendor confirmation.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0053.html
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0054.html

    *** {02.44.033} NApps - Cisco ONS multiple vulnerabilities

    The Cisco ONS15454 and ONS15327 with ONS software prior to version
    3.4 contains multiple vulnerabilities: FTP login with invalid user
    name/password; plain text storage of user names/passwords; the SNMP
    community is hard coded as 'public'; an invalid CORBA request causes
    reset; a malformed HTTP request causes reset; and a backdoor telnet
    account to the underlying OS.

    Cisco confirmed these vulnerabilities; software versions 3.4 and
    after contain the fixes.

    Source: Cisco
    http://archives.neohapsis.com/archives/cisco/2002-q4/0002.html

    - --- Other News ---------------------------------------------------------

    *** {02.44.036} Other - Tru64 TruCluster interconnect DoS

    A Compaq/HP advisory indicates that the Tru64 TruCluster server
    software contains a remote denial of service vulnerability. Details
    were not provided.

    Updated ERPs are listed at the reference URL below.

    Source: Compaq/HP
    http://archives.neohapsis.com/archives/tru64/2002-q4/0004.html

    - --- Cross-Platform News ------------------------------------------------

    *** {02.44.008} Cross - Update {02.42.020}: Heimdal kadmind multiple
                    vulnerabilities

    Multiple vendors released updates, which fix the vulnerability
    discussed in {02.42.020} ("Heimdal kadmind multiple vulnerabilities").

    IBM has released APAR IY36339.

    Updated Debian DEBs:
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0444.html
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0460.html
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0473.html

    Updated Mandrake RPMs:
    http://archives.neohapsis.com/archives/linux/mandrake/2002-q4/0060.html

    OpenBSD 3.2 patch information:
    http://archives.neohapsis.com/archives/openbsd/2002-11/0401.html

    Source: IBM, Debian, Mandrake, OpenBSD
    http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0444.html
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0460.html
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0473.html
    http://archives.neohapsis.com/archives/linux/mandrake/2002-q4/0060.html
    http://archives.neohapsis.com/archives/openbsd/2002-11/0401.html

    *** {02.44.021} Cross - log2mail message overflow

    A Debian advisory indicates that the log2mail utility contains a buffer
    overflow in the handling of particular log messages, which could allow
    an attacker to execute arbitrary code with root privileges. If the
    system accepts remote syslog messages, than this could be a remote
    vulnerability; otherwise it is limited to the local system.

    Updated DEBs are listed at the reference URL below.

    Source: Debian
    http://archives.neohapsis.com/archives/linux/debian/2002-q4/0474.html

    *** {02.44.023} Cross - PHPNuke account manager SQL injection

    PHPNuke version 5.6 reportedly contains a SQL injection vulnerability
    in the handling of parameters passed to the user account manager
    module, thereby allowing a malicious user to reset the password of
    all user accounts to a known value.

    The advisory indicates confirmation vendor, which states the problem
    is fixed in version 6.0.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html

    *** {02.44.024} Cross - Prometheus CGI framework code execution

    The Prometheus PHP CGI framework version 6.0 reportedly allows a
    remote attacker to execute arbitrary PHP code by submitting particular
    PROMETHEUS_LIB_PATH and PHP_AUTO_LOAD_LIB URL parameters.

    The advisory indicates vendor confirmation.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html

    *** {02.44.027} Cross - Abuse game -net parameter overflow

    The 'abuse' game version 2.0, included with some Debian distributions,
    contains a buffer overflow in the handling of the 'net' command-line
    parameter, thereby allowing a local attacker to gain elevated
    privileges. By default, abuse is setuid root and setgid games.

    The advisory indicates confirmation by the vendor, which also suggests
    that other vulnerabilities exist. The solution is to not install
    abuse on security-critical systems.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html

    *** {02.44.028} Cross - ion-p CGI page parameter file retrieval

    The ion-p CGI script for both Windows and Unix reportedly allows remote
    attackers to request arbitrary files via the 'page' URL parameter.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-10/0447.html
    http://archives.neohapsis.com/archives/bugtraq/2002-10/0448.html

    *** {02.44.032} Cross - gBook CGI admin login bypass

    The gBook PHP CGI suite has a flaw in its administrative login
    checking code, which allows a remote attacker to log in by appending
    'login=true' to the URL.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-10/0328.html

    *** {02.44.034} Cross - Oracle iSQLPlus user name overflow

    Oracle iSQLPlus included with Oracle 9i contains a buffer overflow in
    the handling of large login user names, thereby allowing a remote
    attacker to execute arbitrary code under the privileges of the
    Web server.

    The advisory indicates confirmation by the vendor, which released a
    patch via the Oracle Metalink Web site.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html

    *** {02.44.035} Cross - IPFilter FTP module state tracking vulnerability

    A NetBSD advisory indicates that the FTP module included with IPFilter
    does not properly track the state of the connection's commands and
    responses, potentially allowing a remote attacker to open arbitrary
    ports. All IPFilter versions prior to 3.4.29 are vulnerable.

    NetBSD-current as of Sept. 20, 2002, and -1.5 and -1.6 as of Oct. 19,
    2002, contain the fix.

    Source: NetBSD
    http://archives.neohapsis.com/archives/netbsd/2002-q4/0225.html

    *** {02.44.037} Cross - Perl Mail::Mailer command execution

    The SuSE team uncovered vulnerabilities in the Perl Mail::Mailer
    module that could execute arbitrary commands if they are passed
    untrusted data by unsuspecting parent applications. Exploitability
    will depend on the actual situation in which the module is used.

    Updated SuSE RPMs are listed at the reference URL below.

    Source: SuSE
    http://archives.neohapsis.com/archives/linux/suse/2002-q4/0531.html

    ************************************************************************

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (BSD/OS)
    Comment: For info see http://www.gnupg.org

    iD8DBQE9yryl+LUG5KFpTkYRAoRMAJ4iZ6UQKEMi3eF9vzm2UDTzljxTSwCfXIBH
    JP58OvEx/RzXb6wh4KVItBY=
    =1skt
    -----END PGP SIGNATURE-----
    ------------------------------------------------------------------------

    ************************* Begin Advertisement ************************

    This issue sponsored by Network Computing's Tech Library and Bitpipe
    Inc.

    How secure are your Web-based applications?

    FREE Internet Security Systems White Paper: Web Application Protection
    - Using Existing Protection Solutions

    This paper highlights emerging threats specific to Web application
    security and provides guidance on effective approaches to Web
    application protection.

    http://techlibrary.networkcomputing.com/data/detail?id=1032958097_44&type=RES&x=1942521078&src=email

    ************************** End Advertisement *************************

    Become a Security Alert Consensus member! If this e-mail was passed
    to you and you would like to begin receiving our security e-mail
    newsletter on a weekly basis, we invite you to subscribe today.
    http://www.networkcomputing.com/consensus/.

    We are signing the Consensus newsletter
    with PGP. The new SANS PGP key is posted at:
    http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
    also be accessed from the SANS Web site (http://www.sans.org).

    Special Note: To better secure your confidential information,
    we will no longer include personal URLs in our Consensus
    newsletter mailings. Instead, we have created a new form
    (http://www.sans.org/sansurl). On this form you can enter the SD
    number located near your name at the top of the newsletter. When you
    submit this form, an e-mail containing a URL will be sent to you at
    the e-mail address on record. With this URL you can make changes to
    your account (edit the content of your Consensus mailing, for example)
    without endangering the security of your personal URL. If you'd like
    to change your e-mail address or other information, please visit your
    new URL as described above. If you have any problems or questions,
    e-mail us at <consensusnwc.com>.

    If you would like to unsubscribe from this newsletter, grab your SD
    number (next to your name at the top of this message) and visit the
    URL below. You will be sent a personal URL via E-mail, from which
    you can unsubscribe. http://www.sans.org/sansurl

    Missed an issue? You can find all back issues of
    Security Alert Consensus (and Security Express) online.
    http://archives.neohapsis.com/

    Your opinion counts. We'd like to hear your thoughts on Security Alert
    Consensus. E-mail any questions or comments to <consensusnwc.com>.

    Copyright (c) 2002 Network Computing, a CMP Media LLC
    publication. All Rights Reserved. Distributed by Network
    Computing (http://www.networkcomputing.com) and The SANS Institute
    (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
    security assessment and integration services consulting group
    (infoneohapsis.com | http://www.neohapsis.com/).