|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #014
From: Network Computing and The SANS Institute (sans+ZZ50872807928705285
sans.org)
Date: Thu Apr 10 2003 - 16:03:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 014 (03.14)
Thursday, April 10, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below
you should find information pertaining only to the categories you
requested. Information on how to manage your subscription can be found
at the bottom of the newsletter. If you have any problems or questions,
please e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
This issue sponsored by SPI Dynamics.
ALERT: Test and assess your Web Applications - FREE!
Hackers are exploiting Web apps with attacks such as; SQL Injection,
XSS and Session Hijacking, all undetectable by Firewalls and IDS!
Are you vulnerable? Run a FREE Test of your Web Apps via our FREE
15 Day Product Trial that delivers a comprehensive Vulnerability Report
http://www.spidynamics.com/mktg/freewebinspect46
************************** End Advertisement *************************
All too often we encounter environments that have, in lieu of keeping
up to date on patches, made it policy to instead periodically
run vulnerability assessment scans and only fix what is ranked
higher than a certain predefined severity level. This method is not
recommended for many reasons. First, you're relying on the severity
ranks as assigned by your VA scanner vendor to determine what is
critical to your enterprise. Second, your VA scanner must be up to
date or you risk missing known critical vulnerabilities. Third, you
are subject to failings in how the VA scanner goes about looking
for a vulnerability. Many scanners still only use server banners
and other various informational messages to determine vulnerability
level. On top of that, a recent post to Bugtraq even points out that
scanners using this method often fail to handle non-English system
installations, thus causing a 'false negative' by not reporting a
system as vulnerable. You can read the details at:
http://archives.neohapsis.com/archives/bugtraq/2003-04/0127.html
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.14.019} Win - Broker FTP server ftproot escaping
{03.14.020} Win - BRS WebWeaver multiple vulnerabilities
{03.14.021} Win - PowerFTP large command parameter DoS
{03.14.024} Win - MS Terminal Services/RDP protocol MitM attack
{03.14.028} Win - Hyperion FTP server MKDIR overflow
{03.14.003} Linux - Update {03.04.005}: dhcprelay invalid BOOTP packet
flood/DoS
{03.14.004} Linux - Update {03.09.018}: file utility local overflow
{03.14.005} Linux - Update {03.11.010}: OpenSSL timing attack/private
key disclosure
{03.14.006} Linux - Update {03.11.005}: Linux 2.2/2.4 ptrace
vulnerability
{03.14.007} Linux - Update {03.10.025}: zlib gzprintf overflow
{03.14.008} Linux - Update {03.03.003}: CVS dir double-free
vulnerability
{03.14.009} Linux - Update {03.10.021}: man 'unsafe' command execution
{03.14.010} Linux - Update {03.11.024}: Kerberos v4 protocol weaknesses
{03.14.011} Linux - Update {03.13.028}: Eye of Gnome parameter format
string vulnerability
{03.14.012} Linux - Update {03.09.017}: NetPBM multiple vulnerabilities
{03.14.013} Linux - Update {03.12.020}: apcupsd multiple vulnerabilities
{03.14.015} Linux - Update {03.09.009}: Snort 1.8 RPC preprocessor
overflow
{03.14.016} Linux - Update {03.12.009}: Mutt IMAP client folder overflow
{03.14.018} Linux - Update {03.08.012}: moxftp server banner overflow
{03.14.001} Cross - metrics halstead/gather_stats insecure temp file use
{03.14.002} Cross - Samba call_trans2open() overflow
{03.14.014} Cross - Update {03.13.006}: Sendmail address parsing
extended character overflow
{03.14.017} Cross - Vulnerable PHP applications 04/08
{03.14.022} Cross - passlogd sl_parse() overflow
{03.14.023} Cross - OpenSSH 3.6.1 released
{03.14.025} Cross - Interbase ISC_LOCK_ENV environment variable overflow
{03.14.026} Cross - Progress DB PROSTARTUP variable file reading
{03.14.027} Cross - File exists timing attack
{03.14.029} Cross - Viewpoint Server arbitrary file reading
{03.14.030} Cross - ChiTeX insecure path during 'cat' execution
{03.14.031} Cross - Abyss Web server empty header DoS
{03.14.032} Cross - Interbase external table file manipulation
{03.14.033} Cross - SETIHome server response overflow
{03.14.034} Cross - Vignette Story Server stack dump vulnerability
{03.14.035} Cross - mgetty caller ID overflow
- --- Windows News -------------------------------------------------------
*** {03.14.019} Win - Broker FTP server ftproot escaping
Broker FTP server version 5.0 allows attackers to access files outside
the ftproot by using '..' style requests. The advisory also indicates
a buffer overflow in the CWD command.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0011.html
*** {03.14.020} Win - BRS WebWeaver multiple vulnerabilities
The BRS WebWeaver server suite version 1.03 contains multiple
vulnerabilities: DOS device name DoS in FTP service; long HTTP URL
request overflow; insecure password storage of FTP user account
information; file system path disclosure; and ftproot escaping via
'..' style requests to FTP service.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0014.html
*** {03.14.021} Win - PowerFTP large command parameter DoS
PowerFTP server version 2.25 crashes when a large parameter is
submitted to various FTP commands, thereby causing a denial of service.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0017.html
*** {03.14.024} Win - MS Terminal Services/RDP protocol MitM attack
The Microsoft Terminal Services/RDP protocol client does not verify
the identity of the server, potentially allowing for man-in-the-middle
attacks.
The advisory indicates vendor confirmation.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0035.html
*** {03.14.028} Win - Hyperion FTP server MKDIR overflow
Hyperion FTP Server versions 3.0 and prior reportedly contain a buffer
overflow in the handling of large MKDIR command parameters.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0070.html
- --- Linux News ---------------------------------------------------------
*** {03.14.003} Linux - Update {03.04.005}: dhcprelay invalid BOOTP
packet flood/DoS
Conectiva released updated dhcp packages, which fix the vulnerability
discussed in {03.04.005} ("dhcprelay invalid BOOTP packet flood/DoS").
Updated RPMs are listed at the reference URL below.
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0004.html
*** {03.14.004} Linux - Update {03.09.018}: file utility local overflow
Conectiva released updated file packages, which fix the vulnerability
discussed in {03.09.018} ("file utility local overflow").
Updated RPMs are listed at the reference URL below.
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0005.html
*** {03.14.005} Linux - Update {03.11.010}: OpenSSL timing
attack/private key disclosure
SuSE released updated OpenSSL packages, which fix the vulnerability
discussed in {03.11.010} ("OpenSSL timing attack/private key
disclosure").
Updated RPMs are listed at the reference URL below.
Source: SuSE
http://archives.neohapsis.com/archives/linux/suse/2003-q2/0077.html
*** {03.14.006} Linux - Update {03.11.005}: Linux 2.2/2.4 ptrace
vulnerability
Conectiva and Debian released updated kernel packages, which fix
the vulnerability discussed in {03.11.005} ("Linux 2.2/2.4 ptrace
vulnerability").
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0006.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0045.html
Source: Conectiva, Debian
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0006.html
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0045.html
*** {03.14.007} Linux - Update {03.10.025}: zlib gzprintf overflow
Conectiva released updated zlib packages, which fix the vulnerability
discussed in {03.10.025} ("zlib gzprintf overflow").
Updated RPMs are listed at the reference URL below.
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0007.html
*** {03.14.008} Linux - Update {03.03.003}: CVS dir double-free
vulnerability
Immunix released updated CVS packages, which fix the vulnerability
discussed in {03.03.003} ("CVS dir double-free vulnerability").
Updated RPMs are listed at the reference URL below.
Source: Immunix
http://archives.neohapsis.com/archives/linux/immunix/2003-q2/0002.html
*** {03.14.009} Linux - Update {03.10.021}: man 'unsafe' command
execution
Conectiva released updated man packages, which fix the vulnerability
discussed in {03.10.021} ("man 'unsafe' command execution").
Updated RPMs are listed at the reference URL below.
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0008.html
*** {03.14.010} Linux - Update {03.11.024}: Kerberos v4 protocol
weaknesses
Immunix released updated Kerberos packages, which fix the vulnerability
discussed in {03.11.024} ("Kerberos v4 protocol weaknesses").
Updated RPMs are listed at the reference URL below.
Source: Immunix
http://archives.neohapsis.com/archives/linux/immunix/2003-q2/0003.html
*** {03.14.011} Linux - Update {03.13.028}: Eye of Gnome parameter
format string vulnerability
Red Hat released updated eog packages, which fix the vulnerability
discussed in {03.13.028} ("Eye of Gnome parameter format string
vulnerability").
Updated RPMs are listed at the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0013.html
*** {03.14.012} Linux - Update {03.09.017}: NetPBM multiple
vulnerabilities
Red Hat released updated NetPBM packages, which fix the vulnerabilities
discussed in {03.09.017} ("NetPBM multiple vulnerabilities").
Updated RPMs are listed at the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0012.html
*** {03.14.013} Linux - Update {03.12.020}: apcupsd multiple
vulnerabilities
Debian released updated apcupsd packages, which fix the vulnerabilities
discussed in {03.12.020} ("apcupsd multiple vulnerabilities").
Updated RPMs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0046.html
*** {03.14.015} Linux - Update {03.09.009}: Snort 1.8 RPC preprocessor
overflow
Conectiva released updated Snort packages, which fix the vulnerability
discussed in {03.09.009} ("Snort 1.8 RPC preprocessor overflow").
Updated RPMs are listed at the reference URL below.
Source: Conectiva
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0001.html
*** {03.14.016} Linux - Update {03.12.009}: Mutt IMAP client folder
overflow
Red Hat released updated Mutt packages, which fix the vulnerability
discussed in {03.12.009} ("Mutt IMAP client folder overflow").
Updated RPMs are listed at the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0015.html
*** {03.14.018} Linux - Update {03.08.012}: moxftp server banner
overflow
Debian released updated moxftp packages, which fix the vulnerability
discussed in {03.08.012} ("moxftp server banner overflow").
Updated DEBs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0099.html
- --- Cross-Platform News ------------------------------------------------
*** {03.14.001} Cross - metrics halstead/gather_stats insecure temp
file use
The halstead and gather_stats scripts included in the metrics software
tool suite insecurely use temporary files, thereby allowing a local
attacker to potentially overwrite files writable by the user.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0084.html
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0084.html
*** {03.14.002} Cross - Samba call_trans2open() overflow
Samba versions prior to version 2.2.8a contain a remotely exploitable
buffer overflow in the call_trans2open() function, thereby allowing
a remote attacker to execute arbitrary code with root privileges.
This vulnerability is confirmed and fixed in version 2.2.8a. This
vulnerability is being exploited in the wild.
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0086.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2003-q2/0001.html
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2003-q2/0082.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0023.html
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0019.html
Updated Trustix RPMs:
http://archives.neohapsis.com/archives/bugtraq/2003-04/0118.html
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0010.html
Source: VulnWatch, Debian, Immunix, SuSE, Mandrake, Red Hat, Trustix,
Conectiva
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0008.html
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0086.html
http://archives.neohapsis.com/archives/linux/immunix/2003-q2/0001.html
http://archives.neohapsis.com/archives/linux/suse/2003-q2/0082.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0023.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0019.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0118.html
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0010.html
*** {03.14.014} Cross - Update {03.13.006}: Sendmail address parsing
extended character overflow
Multiple vendors released updated Sendmail packages, which fix the
vulnerability discussed in {03.13.006} ("Sendmail address parsing
extended character overflow").
Updated Conectiva RPMs:
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0002.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0054.html
NetBSD CVS as of Apr. 1, 2003, contains a fix.
Tru64 ERP information:
http://archives.neohapsis.com/archives/tru64/2003-q2/0003.html
Updated Caldera RPMs:
http://archives.neohapsis.com/archives/linux/caldera/2003-q2/0001.html
IRIX update information:
http://archives.neohapsis.com/archives/vendor/2003-q2/0003.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2003-q1/0075.html
Source: Conectiva, Debian, NetBSD, Compaq/HP, Caldera, SGI, Immunix
http://archives.neohapsis.com/archives/linux/conectiva/2003-q2/0002.html
http://archives.neohapsis.com/archives/linux/debian/2003-q2/0054.html
http://archives.neohapsis.com/archives/netbsd/2003-q2/0004.html
http://archives.neohapsis.com/archives/tru64/2003-q2/0003.html
http://archives.neohapsis.com/archives/linux/caldera/2003-q2/0001.html
http://archives.neohapsis.com/archives/vendor/2003-q2/0003.html
http://archives.neohapsis.com/archives/linux/immunix/2003-q1/0075.html
*** {03.14.017} Cross - Vulnerable PHP applications 04/08
The following third-party PHP CGI applications are reportedly
vulnerable. These vulnerabilities are not confirmed.
Phorum 3.4: cross-site scripting
http://archives.neohapsis.com/archives/bugtraq/2003-04/0020.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0041.html
Ikonboard 3.1.1: script execution
http://archives.neohapsis.com/archives/bugtraq/2003-04/0027.html
Xoops glossary 1.3.9: cross-site scripting
http://archives.neohapsis.com/archives/bugtraq/2003-04/0031.html
Invision Power Board 1.1.x: unspecified vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2003-04/0096.html
PY-Membres 4.0: SQL injection
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0006.html
Coppermine 1.0 RC3: file upload/script execution
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0010.html
Source: SecurityFocus Bugtraq, VulnWatch
http://archives.neohapsis.com/archives/bugtraq/2003-04/0020.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0041.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0027.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0031.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0096.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0006.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0010.html
*** {03.14.022} Cross - passlogd sl_parse() overflow
Passlogd version 0.1d reportedly contains a buffer overflow in the
sl_parse() function, thereby allowing a remote attacker to potentially
execute arbitrary code on the system running passlogd.
This vulnerability is not confirmed. A third-party patch is available
at the reference URL below.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0001.html
*** {03.14.023} Cross - OpenSSH 3.6.1 released
OpenSSH 3.6.1 was released. The3.6.x series contains changes that
enable RSA blinding to prevent any potential SSH timing attacks. The
3.6.1 version fixes bugs found in 3.6.0.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0029.html
*** {03.14.025} Cross - Interbase ISC_LOCK_ENV environment variable
overflow
Borland Interbase version 6.x does not properly handle large
ISC_LOCK_ENV environment variable values, thereby causing a buffer
overflow that allows a local attacker to execute arbitrary code with
elevated privileges.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html
*** {03.14.026} Cross - Progress DB PROSTARTUP variable file reading
Progress database versions 9 and prior allow a local attacker to read
partial contents of arbitrary files by placing the target file name
in the PROSTARTUP environment variable.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0052.html
*** {03.14.027} Cross - File exists timing attack
An interesting post indicates how various Unix systems are vulnerable
to a timing attack whereby local attackers can determine if a
file exists in a directory they otherwise don't have permission
to read/access.
This attack poses no immediate threat, although it could provide a
mild local information exposure.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0067.html
*** {03.14.029} Cross - Viewpoint Server arbitrary file reading
DS Ltd.'s Viewpoint Server reportedly allows remote attackers to view
arbitrary files on the system readable by the Viewpoint service.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0026.html
*** {03.14.030} Cross - ChiTeX insecure path during 'cat' execution
The ChiTeX Chinese TeX utility suite executes the 'cat' command
without using a secure path, thereby allowing a local attacker to
gain root privileges.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0002.html
*** {03.14.031} Cross - Abyss Web server empty header DoS
The Abyss Web server version 1.1.2 crashes when a remote attacker
submits an empty Range or Connection HTTP header, thereby leading to
a denial of service.
This vulnerability is not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0005.html
*** {03.14.032} Cross - Interbase external table file manipulation
Borland Interbase DB prior to version 7.0 allows attackers with SQL
access to create or modify arbitrary files on the system by using
the external table feature.
This vulnerability is confirmed and fixed in version 7.0.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-04/0098.html
*** {03.14.033} Cross - SETIHome server response overflow
The SETIHome client prior to version 3.08 contains a buffer overflow
in the parsing of server responses, potentially allowing a malicious
server or attacker capable of a man-in-the-middle attack to execute
arbitrary code on the host.
This vulnerability is confirmed and fixed in version 3.08.
Source: NTBugtraq
http://archives.neohapsis.com/archives/ntbugtraq/2003-q2/0005.html
*** {03.14.034} Cross - Vignette Story Server stack dump vulnerability
Vignette Story Server versions 4.1 and 6.0 disclose sensitive internal
server information when a remote attacker submits a particular invalid
HTTP request.
The vendor confirmed this vulnerability and released a patch.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0009.html
*** {03.14.035} Cross - mgetty caller ID overflow
mgetty prior to version 1.1.29 contains a buffer overflow in the
handling of large caller ID responses, which can lead to the execution
of arbitrary code.
This vulnerability is confirmed. Updated Red Hat RPMs are listed at
the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0021.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE+ldWB+LUG5KFpTkYRAmJxAKCg88/5ISFuGNMfdxc6O2OIKCHKWACfaUvs
eJkukymSQYYR7sqracsEKjs=
=kBgW
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue sponsored by SPI Dynamics.
ALERT: Test and assess your Web Applications - FREE!
Hackers are exploiting Web apps with attacks such as; SQL Injection,
XSS and Session Hijacking, all undetectable by Firewalls and IDS!
Are you vulnerable? Run a FREE Test of your Web Apps via our FREE
15 Day Product Trial that delivers a comprehensive Vulnerability Report
http://www.spidynamics.com/mktg/freewebinspect46
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed
to you and you would like to begin receiving our security e-mail
newsletter on a weekly basis, we invite you to subscribe today.
http://www.sans.org/sansnews
We are signing the Consensus newsletter
with PGP. The new SANS PGP key is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information,
we will no longer include personal URLs in our Consensus
newsletter mailings. Instead, we have created a new form
(http://www.sans.org/sansurl). On this form you can enter the SD
number located near your name at the top of the newsletter. When you
submit this form, an e-mail containing a URL will be sent to you at
the e-mail address on record. With this URL you can make changes to
your account (edit the content of your Consensus mailing, for example)
without endangering the security of your personal URL. If you'd like
to change your e-mail address or other information, please visit your
new URL as described above. If you have any problems or questions,
e-mail us at <consensusnwc.com>.
If you would like to unsubscribe from this newsletter, grab your SD
number (next to your name at the top of this message) and visit the
URL below. You will be sent a personal URL via E-mail, from which
you can unsubscribe. http://www.sans.org/sansurl
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC
publication. All Rights Reserved. Distributed by Network
Computing (http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]