|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Stephen Entwisle (se
SECURITYFOCUS.COM)Date: Mon May 07 2001 - 12:53:26 CDT
SecurityFocus Newsletter #91
--------------------------------
This issue sponsored by: Network Ice
High-speed Network Intrusion Detection from Network ICE
Network ICE is the leading provider of intrusion detection for
high-speed and distributed networks. As verified by independent tests,
Network ICE's BlackICE Sentry was the only IDS product that detected
attacks on a fully loaded 100Mb Ethernet segment without dropping any
packets. BlackICE Sentry is available for single segment, full-duplex,
and is the only single package IDS for Gigabit speeds.
For more information, please visit: http://www.networkice.com/securityfocus
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Diseas'd Ventures: A Critique of Media Reportage of Viruses
2. Chasing the Wind, Episode Six: The Gathering Storm
3. New guest feature: Securing Wireless Networks
II. BUGTRAQ SUMMARY
1. DataWizard WebXQ Directory Traversal Vulnerability
2. SAP Web Application Server for Linux Arbitrary Command ...
3. PerlCal Directory Traversal Vulnerability
4. Mirabilis ICQ Web Front Plug-In DoS Vulnerability
5. NEdit Incremental Backup File Symbolic Link Vulnerability
6. Alex Linde Alex's Ftp Server Directory Traversal Vulnerability
7. Bugzilla Remote Arbitrary Command Execution Vulnerability
8. Bugzilla Sensitive Information Disclosure Vulnerability
9. Free Peers BearShare Directory Traversal Vulnerability.
10. Microsoft Windows 2000 IIS 5.0 IPP ISAPI 'Host:' Buffer ...
11. BRS WebWeaver Directory Traversal Vulnerability
12. BRS WebWeaver FTP Root Path Disclosure Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
1. Record 'National Security' surveillance in 2000
2. Microsoft IIS hole gives System-level access
3. My first RSA Conference
IV.SECURITY FOCUS TOP 6 TOOLS
1. FileManager v0.93
2. Shoki v0.9.2
3. tcpspy v1.6
4. Tech Tracker v.85000
5. TCFS v3.0b2
6. Prelude v0.3
V. SECURITYJOBS LIST SUMMARY
1. Senior Technical Consultant (Thread)
2. Technical Consultant - Australia (Thread)
3. Systems Engineer - Australia (Thread)
4. Senior Software Engineer, Security - Silicon Valley (Thread)
5. Free Unqualified Advice (was RE: Changes in the ...
6. Senior Security Engineer (Houston, TX) (Thread)
7. Changes to the Info Sec Marketplace ?? (Thread)
8. Seeking Security Position - Australia (Thread)
9. Security Focused Lotus Notes Developer Required (Thread)
10. Tech Support Manager - Australia (Thread)
11. Security Technology Developer (Thread)
12. Looking for an opportunity in the New England Area (Thread)
13. Security professional, Washington, DC (Thread)
14. Network Security Operations Manager/Boston (Thread)
15. Information Security Operations Officer (London, City) (Thread)
16. Information Security Consultant (Thread)
17. Vacation Troller, Please Ignore. (Thread)
18. Seeking Employment - Relocation? (Thread)
19. Seeking Penetration and IDS Personnel (Thread)
20. Seeking Security Position in NY (Thread)
21. Security Analyst Needed. (Thread)
22. Security Officer Needed. (Thread)
23. Seeking Employment (Thread)
24. Information Security Architect (Thread)
25. SecurityFocus Is Hiring (Thread)
26. Account Manager NY/NJ (Thread)
27. Professional Services Account Manager, Western US, NY,...
28. Managed Services Consultant (Thread)
29. Sr SWE - Security designer/developer position Sunnyval...
30. Senior IT Auditor. (Thread)
31. Channel Sales Manager. (Thread)
32. Network Security Specialist. (Thread)
33. Network Security, degree or not degree (Thread)
34. Developer position available (Thread)
35. How to get the job of your dreams (Thread)
36. pilot.net people... (Thread)
37. Network Security (Thread)
VI. INCIDENTS LIST SUMMARY
1. What "methods" are being used (Thread)
2. Backdoor Q access? (Thread)
3. SV: bizzare NULL scan (Thread)
4. DNS servers!! (Thread)
5. /.SeCuRiTy# (Thread)
6. Strange Activity (Thread)
7. IIS exploit attempt? (Thread)
8. bizzare NULL scan (Thread)
9. Found this in my logs (Thread)
10. IP 1.2.3.4 (Thread)
11. Administrivia - Thanks (Thread)
12. Vacation Troller, Please Ignore. (Thread)
13. My Mysterious Message (Thread)
14. Mysterious message (Thread)
15. slow scans to random IPs on port 53 (and other ports0 (Thread)
16. Port 1981 UDP trojan/worm? (Thread)
17. Another new worm ? (Thread)
18. Weird traffic (Thread)
19. Have you seen this in your logs? (Thread)
20. High load average and much suspicion (Thread)
21. Backdoor scans ? (Thread)
22. 198.202.195.254:35817 (Thread)
23. Packets originating at port 23 (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. How I turned my cable modem into a sniffer - WAS: Hijack...
2. How I turned my cable modem into a sniffer (Thread)
3. Hijack IP Address using cable modem (Thread)
4. some ftpd implementations mishandle CWD ~{ (Thread)
5. PayPal DOS (Thread)
6. ssh crc32 exploit on Linux (Thread)
7. Winamp 2.73 buffer overflow (Thread)
8. [Fwd: heres how to exploit gftp] (Thread)
9. Hijack IP Address using cable modem (fwd) (Thread)
10. iScouter PHP Web Portal System, MySQL Password in clear...
11. Passing (poison) nulls in cookies (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. quarantine attachments per user (Thread)
2. Question re:Microsoft and 128-bit security (Thread)
3. Port 135 (Thread)
4. Patching NT/2k (Thread)
5. Intrusion Detection (Thread)
6. Deny Internet mail acces from MS Exchange (Thread)
7. IIS Compromise (Thread)
8. Port 1081 (Thread)
9. Gracefull NT Logoff - Summary (Thread)
10. FrontPage Extensions (Thread)
11. Info in W2K Pro Event viewer (Thread)
12. W2K High Encryption Pack Installation (Thread)
13. Windows Update and Hot fixes (Thread)
14. Transaction Server Error (Thread)
15. Batch Netmon? (Thread)
16. SecurityFocus.com Microsoft Newsletter #32 (Thread)
17. SV: IE content advisor (Thread)
18. Terminal Server Under Attack? (Thread)
19. IE content advisor (Thread)
20. MS01-015 (Thread)
21. Possible hack? (Thread)
22. Rif. : Possible hack? (Thread)
23. dial up security (Thread)
24. Domain questions (Thread)
25. Installing hotfixes (Thread)
26. Vulnerability scanner run against us (Thread)
27. v3.0 Cisco IPSec client on W2K (Thread)
28. Administrivia (Thread)
29. Gracefull NT Logoff (Thread)
IX. SUN FOCUS LIST SUMMARY
1. kerberos nfs on Solaris8 (Thread)
2. Xwindows and password expiration (Thread)
3. NTP vulnerability (Thread)
4. Solaris 8 IPSEC interoperability (Thread)
5. chroot (Thread)
6. Gauntlet on solaris (Thread)
X. LINUX FOCUS LIST SUMMARY
1. lpt (Thread)
2. secure temporary files (Thread)
3. blocking access (Thread)
4. SecurityFocus.com Linux Newsletter #26 (Thread)
XI. SPONSOR INFORMATION
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
I. FRONT AND CENTER
-------------------
1. Diseas'd Ventures: A Critique of Media Reportage of Viruses
In this article, George Smith takes a critical look at the way the media
reports viruses. Specifically, he critiques the shortcomings of the
'crisis' mode used by the media to report virus threats and virus-writing
competitions and examines the effects of that school of reportage on the
public's reaction to viruses.
http://www.securityfocus.com/focus/virus/articles/diseased.html
2. Chasing the Wind, Part Six: The Gathering Storm
This is the sixth installment of Robert G. Ferrell's series, Chasing the
Wind. As we left off in the last episode, our aspiring hacker Ian was on
his way home from a hacker's convention, eager to test his new knowledge.
Bob, Acme Ailerons' CIO, was alerted to a possible virus infection in the
company's systems, one which Jake, the company's systems Administrator
would spend his day quashing. Douglas, Acme's Systems Engineer, looked on
as an Air Force captain unveiled a frightening project. Meanwhile a group
of mysterious men seemed to be hatching a shady scheme...
http://www.securityfocus.com/focus/ih/articles/chasing6.html
3. New guest feature: Securing Wireless Networks
Many companies make attempts to embrace new technologies; unfortunately,
many of these new technologies are not mature enough to provide adequate
security mechasnisms to prevent unauthorized access to such services.
Wireless connectivity is no exception. This article by Joe Klemencic will
offer an overview of some of the options that are available to enhance the
security of wireless networks, including: MAC address filtering, vendor
specific authentication, SSID/Network ID, Wired Equivalent Privacy (WEP)
and emerging IEEE 802.11x.
http://www.securityfocus.com/templates/forum_message.html?forum=2&head=5479&id=5479
II. BUGTRAQ SUMMARY
-------------------
1. DataWizard WebXQ Directory Traversal Vulnerability
BugTraq ID: 2660
Remote: Yes
Date Published: 2001-04-27
Relevant URL:
http://www.securityfocus.com/bid/2660
Summary:
WebXQ server is a web server maintained and distributed by DataWizard
Technologies. A host running WebXQ can be led to traverse the normal
directory structure and return files from outside of the web root.
By including '/../' sequences along with a known file or directory in
requested URLs, a remote user could gain read access to the requested
directory and files outside the web root, potentially compromising the
privacy of user data and/or obtaining information which could be used to
further compromise the host's security.
If successfully exploited this vulnerability could lead to the disclosure
of sensitive information assisting in further attacks against the host.
2. SAP Web Application Server for Linux Arbitrary Command Execution
Vulnerability
BugTraq ID: 2662
Remote: No
Date Published: 2001-04-29
Relevant URL:
http://www.securityfocus.com/bid/2662
Summary:
The SAP TestDrive Web Application Server for Linux is distributed as part
of a SAP LinuxLab evaluation CD.
An input validation error exists in the SAP Operating System Collector
(saposcol) included with the CD which could allow a local user to execute
arbitrary code with elevated privileges.
The problem exists as the result of a call to popen(). Since popen()
relies on /bin/sh to execute programs and no checking is done on
environment variables, an attacker could modify their own environment
variables such that saposcol executes unintended programs.
Note: The original report detailing this vulnerability was based on
analysis of an evaluation version of the SAP Web Application Server for
Linux. While it is likely that the vulnerability is present in commercial
versions, it has not been confirmed.
3. PerlCal Directory Traversal Vulnerability
BugTraq ID: 2663
Remote: Yes
Date Published: 2001-04-27
Relevant URL:
http://www.securityfocus.com/bid/2663
Summary:
PerlCal is a CGI script written by Acme Software that allows web-based
calendar functions.
A PerlCal component, cal_make.pl, contains an input validation flaw that
can lead to the disclosure of arbitrary files to an attacker. During
operation, cal_make.pl uses HTML variables to construct a filename to
open. The script fails to check for '../' sequences in the HTML variable.
As a result, sequences such as
http://www.example.com/cgi-bin/cal_make.pl?
p0=../../../../../../../../../../../../etc/passwd%00
will, when supplied to the script, cause the server to display the
contents of the file /etc/passwd. It should be noted that the files will
be read with the privileges of the webserver process, which are usually
those of user 'nobody'.
This attack may lead to the disclosure of sensitive information and may
aid in the assistance of future attacks.
4. Mirabilis ICQ Web Front Plug-In DoS Vulnerability
BugTraq ID: 2664
Remote: Yes
Date Published: 2001-04-28
Relevant URL:
http://www.securityfocus.com/bid/2664
Summary:
ICQ is a internet instant messaging application by Mirabilis. The ICQ Web
Front plug-in assists a user in designing, creating and hosting a personal
web site. Once the user is online, Web Front plug-in will serve requested
web pages residing on the user's local machine to remote users.
Due to the handling of unusual input in a GET request, ICQ Web Front
plug-in is subject to a denial of service.
Submitting a GET request composed of approx 86 metacharacters (ie. %, ..,
\, and various ascii encoded characters) will cause the server to consume
all available system memory. This consumption of available resources will
eventually cause the service to crash and possibly other applications
depending on it.
A restart of the service is required in order to gain normal
functionality.
5. NEdit Incremental Backup File Symbolic Link Vulnerability
BugTraq ID: 2667
Remote: No
Date Published: 2001-04-28
Relevant URL:
http://www.securityfocus.com/bid/2667
Summary:
NEdit is the Nirvana editor, a freely availabe text editor included with
various implementations of the UNIX Operating system. It provides a
graphic front end, and features designed to emulate the functions of text
editors for Microsoft Windows and Macintosh Operating Systems.
A problem with NEdit could make it possible for local users to launch
symbolic link attacks against users of the editor. This problem is due to
insufficient checking of the incremental backup file prior to attempting
to write to it.
When a file is being edited by a user of NEdit, the file is periodically
backed up to a file with bearing the name of the original file edited, and
prefixed with a tilde. Prior to performing this function, the existance
of the file with a tilde prefix is not checked for. If a user of the
NEdit editor were to use the program in a world-writable directory such as
/tmp, a local user that observed the user of the editor and created a
symbolic link prior to the first incremental backup by the editor could
overwrite any file owned by the user of NEdit with the contents of the
incremental backup.
This problem also affects files created by the editor using the .bck file
name, which is also used for file backups.
6. Alex Linde Alex's Ftp Server Directory Traversal Vulnerability
BugTraq ID: 2668
Remote: Yes
Date Published: 2001-04-28
Relevant URL:
http://www.securityfocus.com/bid/2668
Summary:
Alex's Ftp Server is a freeware FTP server by Alex Linde.
By including relative path references (ie '/.../' sequences) in an FTP GET
command, an attacker can obtain read access to directories and files
outside the FTP root.
The GET request will traverse to the directory above the current working
directory without restriction, and retrieve the specified file. Depending
on the files obtained, this can supply an attacker with sensitive system
data including directory information, password files or other exploitable
data which could be used to further undermine the security of the system.
7. Bugzilla Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 2670
Remote: Yes
Date Published: 2001-04-30
Relevant URL:
http://www.securityfocus.com/bid/2670
Summary:
Bugzilla is a web-based bug-tracking system based on Perl and MySQL.
Bugzilla contains a vulnerability which may allow remote users to execute
arbitrary commands on the target webserver. User email addresses are not
checked for shell metacharacters before they are included in an argument
to the perl system() function.
As a result, it may be possible for users to execute arbitrary commands on
the webserver if they register with malicious e-mail addresses. The
system() function is a quick way for one program to execute another. It
relies on '/bin/sh' to process the command string. As a result, any shell
metacharacters that are not escaped will be interpreted by and acted upon
by '/bin/sh'.
If the user-supplied e-mail address contains a character such as ';', the
rest of the e-mail address will be executed as a separate command by the
shell because the semicolon delimits commands.
It is therefore possible for a user who has registered with a malicious
e-mail address to execute arbitrary commands on the webserver (with the
privileges of the webserver process).
8. Bugzilla Sensitive Information Disclosure Vulnerability
BugTraq ID: 2671
Remote: Yes
Date Published: 2001-04-30
Relevant URL:
http://www.securityfocus.com/bid/2671
Summary:
Bugzilla is a web-based bug-tracking system based on Perl and MySQL.
Bugzilla ships with a a file called 'globals.pl', containing global
variables and other information used by various Bugzilla components.
Among the more sensitive variables stored in this file are the database
username and password.
Many webservers are not configured by default to interpret files with the
extension '.pl' as CGI executables. As a result, if 'globals.pl' is
requested explicitly by a client from one of these webservers, it will be
disclosed as plaintext. This would reveal the sensitive information to
the attacker.
With a database username and password, it may be possible to compromise
the system further.
9. Free Peers BearShare Directory Traversal Vulnerability.
BugTraq ID: 2672
Remote: Yes
Date Published: 2001-04-30
Relevant URL:
http://www.securityfocus.com/bid/2672
Summary:
Free Peers Inc. BearShare is a Windows-based file-sharing utility.
Under certain configurations, versions of BearShare are susceptible to
directory traversal attacks.
Although the product's Web Site feature does filter '/../' sequences
(which are commonly effective in traversal attacks), it is possible to
construct a path expression which is not detected by the product's input
validation.
Long sequences of '.' characters are not correctly filtered, and can be
used to express a relative path beyond the permitted directory scope.
As a result, BearShare's Web Site feature, if enabled, can permit a remote
attacker to traverse the webserver's directory structure and request files
from outside the web root.
This vulnerability may only be exploitable for a limited set of filetypes.
For example, files of type .avi and .mpg are reportedly not obtainable by
this method, whereas files matching *.ini may be disclosed.
Other filetypes are thought to be secure from this attack; further details
were not made available in the original advisory.
It has also been noted that this vulnerability does not appear to affect
Windows 2000 installations of BearShare
10. Microsoft Windows 2000 IIS 5.0 IPP ISAPI 'Host:' Buffer Overflow Vulnerability
BugTraq ID: 2674
Remote: Yes
Date Published: 2001-05-01
Relevant URL:
http://www.securityfocus.com/bid/2674
Summary:
Internet Printing Protocol (IPP) enables remote users to submit various
print related jobs over the internet via the HTTP protocol (.print).
An unchecked buffer exists in the Internet printing ISAPI extension in
Windows 2000 that handles user requests (C:\WINNT\System32\msw3prt.dll).
The Internet Printing Protocol (IPP) is dependant on msw3prt.dll for
functionality.
A host running Windows 2000 with IIS 5.0 is susceptible to the execution
of arbitrary code via an unchecked buffer in msw3prt.dll. If a HTTP .print
request containing approx 420 bytes in the 'Host:' field is sent to the
target, IIS will experience a buffer overflow and allow the execution of
arbitrary code. Unfortunately, the Internet printing ISAPI extension runs
in the LOCAL SYSTEM context; therefore, the attacker can specify arbitrary
code to be run at SYSTEM privileges.
Typically a web server would stop responding in a buffer overflow
condition; however, once Windows 2000 detects an unresponsive web server
it automatically performs a restart. Therefore, the administrator will be
unaware of this attack.
Successful exploitation of this vulnerability could lead to complete
compromise of the target host.
11. BRS WebWeaver Directory Traversal Vulnerability
BugTraq ID: 2675
Remote: Yes
Date Published: 2001-04-28
Relevant URL:
http://www.securityfocus.com/bid/2675
Summary:
BRS WebWeaver is an FTPD and webserver by Blaine Southam.
WebWeaver is vulnerable to directory traversal techniques, by which a
remote user may request and obtain files from outside the normal webroot.
By submitting a URL to the webserver which contains a user-defined path
alias, followed by a number of '/..' sequences, an attacker can traverse
the webserver's directory structure and request files from outside the web
root.
Properly exploited, this could permit an attacker to obtain private uer
data or sensitive system-related information which could be used to
further undermine system security.
12. BRS WebWeaver FTP Root Path Disclosure Vulnerability
BugTraq ID: 2676
Remote: Yes
Date Published: 2001-04-28
Relevant URL:
http://www.securityfocus.com/bid/2676
Summary:
BRS WebWeaver is an ftpd and webserver from Blaine Southam.
WebWeaver's FTP component has a flaw which can permit a remote user to
learn the physcial path to the FTP service's root directory.
By submitting the FTP command CD argumented by an asterisk character, the
attacker can cause an error message to be generated by WebWeaver which
includes the path for the ftp root.
Properly exploited, this information could assist a hostile user in
carrying out other attacks on the system.
III. SECURITYFOCUS.COM NEWS AND COMMENTARY
------------------------------------------
1. Record 'National Security' surveillance in 2000
By Kevin Poulsen
Federal agents filed a record 1,005 applications to perform electronic
surveillance and covert physical burglaries in supposed terrorism and
espionage investigations last year, all of which were granted, according
to Justice Department figures made public Wednesday.
The FBI's national security wiretapping in 2000 shattered the previous
record of 886 applications in 1999, and took up the slack from an overall
decrease in surveillance in conventional criminal investigations during
the same period, according to figures the Department of Justice reported
to Congress last week, obtained by the Federation of American Scientists
(FAS) under the Freedom of Information Act.
http://www.securityfocus.com/templates/article.html?id=201
2. Microsoft IIS hole gives System-level access
By Thomas C. Greene, The Register
Strong words from the official voice of Redmond today, urging admins to
patch a recently-discovered buffer overflow vulnerability in servers
running IIS 5.0 on Windows 2000 Server, Windows 2000 Advanced Server and
Windows 2000 Datacenter Server, make it clear how serious a security
problem Microsoft has on its hands.
"Microsoft strongly urges all IIS 5.0 server administrators to install the
patch immediately," a company security bulletin says.
http://www.securityfocus.com/templates/article.html?id=200
3. My first RSA Conference
By Kevin Mitnick, special to SecurityFocus.com
The annual RSA Conference is noted for being the largest data security and
cryptography conference in the world. It's the place the most respected
cryptographers and security professionals in the industry gather to share
their knowledge and experience. But I still found it incomplete.
The 2001 conference, held earlier this month in San Francisco, was my
first RSA -- I was there as a guest of the fine security vendor
Authentify, Inc. My first impression of the conference was made at the
opening session, where rocker Pat Benatar belted out a live parody of her
hit song "Heartbreaker." The title of the new song: "Codebreaker."
http://www.securityfocus.com/templates/article.html?id=199
IV.SECURITY FOCUS TOP 6 TOOLS
-----------------------------
1. FileManager v0.93
by horsburgh
Platforms: Linux and UNIX
Relevant URL:
http://www.securityfocus.com/tools/2034
Summary:
FileManager is a secure (SSL), multi-user, and web- based program for
file, directory, and remote command management. It is written in Perl, for
Linux and Unix-like operating systems. It displays full directory
information; allows file viewing, deleting, renaming, uploading,
downloading, etc.; assists in directory navigation; and can execute any
command for which the user account has privilege. FileManager also comes
with a built-in text editor for quick editing and file updates.
2. Shoki v0.9.2
by shokimeshuggeneh.net
Platforms: FreeBSD, Linux, NetBSD and OpenBSD
Relevant URL:
http://www.securityfocus.com/tools/1793
Summary:
Shoki is a collection of IDS tools, scripts, and so forth. All the bits
together can collect data from sensors, schlep it to a central location
for storage, run signature-based and statistical analysis on the data, and
load the data into a SQL database.
3. tcpspy v1.6
by Tim J Robbins, fyreeryf.net
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/tools/1819
Summary:
tcpspy is an administrator's tool that logs information about incoming and
outgoing TCP/IP connections including local address, remote address, and
the username of the user responsible for the connection.
4. Tech Tracker v.85000
by Anyah
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/tools/2031
Summary:
Tech Tracker is a Web-based IT tracking system that strives to be
simple-to-administrate and use, yet powerful. Its features include problem
tracking, hardware asset tracking, customizable lookup lists, varying
levels of access, user management from the Web interface, and and the
ability to import data.
5. TCFS v3.0b2
by TCFS Group - University of Salerno <tcfstcfs.it>
Platforms: AIX, BSDI, DG-UX, FreeBSD, HP-UX, Linux, NetBSD, OpenBSD, SCO,
Solaris, SunOS, True64 UNIX and UNIX
Relevant URL:
http://www.securityfocus.com/tools/291
Summary:
TCFS is a Transparent Cryptographic File System that is a suitable
solution to the problem of privacy for distributed file system. By a
deeper integration between the encryption service and the file system, it
results in a complete trasparency of use to the user applications. Files
are stored in encrypted form and are decrypted before they are read. The
encryption/decryption process takes place on the client machine and thus
the encryption/decryption key never travels on the network.
6. Prelude v0.3
by Yoann Vandoorselaere <yoannmandrakesoft.com>
Platforms: Linux, OpenBSD, Solaris and SunOS
Relevant URL:
http://www.securityfocus.com/tools/2035
Summary:
Prelude is a Network Intrusion Detection system. It is composed of the
Prelude and Prelude Report programs. The first is for packet capture and
data analysis, the second, for reporting attacks in a user readable form.
Other important and current features of Prelude are an IP defragmentation
stack and detection plugins with persistant state.
V. SECURITY JOBS SUMMARY
------------------------
1. Senior Technical Consultant (Thread)
Relevant URL:
2. Technical Consultant - Australia (Thread)
Relevant URL:
3. Systems Engineer - Australia (Thread)
Relevant URL:
4. Senior Software Engineer, Security - Silicon Valley (Thread)
Relevant URL:
5. Free Unqualified Advice (was RE: Changes in the security marketplace) (Thread)
Relevant URL:
6. Senior Security Engineer (Houston, TX) (Thread)
Relevant URL:
7. Changes to the Info Sec Marketplace ?? (Thread)
Relevant URL:
8. Seeking Security Position - Australia (Thread)
Relevant URL:
9. Security Focused Lotus Notes Developer Required (Thread)
Relevant URL:
10. Tech Support Manager - Australia (Thread)
Relevant URL:
11. Security Technology Developer (Thread)
Relevant URL:
12. Looking for an opportunity in the New England Area (Thread)
Relevant URL:
13. Security professional, Washington, DC (Thread)
Relevant URL:
14. Network Security Operations Manager/Boston (Thread)
Relevant URL:
15. Information Security Operations Officer (London, City) (Thread)
Relevant URL:
16. Information Security Consultant (Thread)
Relevant URL:
17. Vacation Troller, Please Ignore. (Thread)
Relevant URL:
18. Seeking Employment - Relocation? (Thread)
Relevant URL:
19. Seeking Penetration and IDS Personnel (Thread)
Relevant URL:
20. Seeking Security Position in NY (Thread)
Relevant URL:
21. Security Analyst Needed. (Thread)
Relevant URL:
22. Security Officer Needed. (Thread)
Relevant URL:
23. Seeking Employment (Thread)
Relevant URL:
24. Information Security Architect (Thread)
Relevant URL:
25. SecurityFocus Is Hiring (Thread)
Relevant URL:
26. Account Manager NY/NJ (Thread)
Relevant URL:
27. Professional Services Account Manager, Western US, NY, Great Lakes (Thread)
Relevant URL:
28. Managed Services Consultant (Thread)
Relevant URL:
29. Sr SWE - Security designer/developer position Sunnyvale (Thread)
Relevant URL:
piconetworks.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-05-04%26thread%3d003001c0d18c$66ed2ca0$fc64a8c0piconetworks.com
30. Senior IT Auditor. (Thread)
Relevant URL:
31. Channel Sales Manager. (Thread)
Relevant URL:
32. Network Security Specialist. (Thread)
Relevant URL:
33. Network Security, degree or not degree (Thread)
Relevant URL:
34. Developer position available (Thread)
Relevant URL:
35. How to get the job of your dreams (Thread)
Relevant URL:
36. pilot.net people... (Thread)
Relevant URL:
37. Network Security (Thread)
Relevant URL:
VI. INCIDENTS LIST SUMMARY
-------------------------
1. What "methods" are being used (Thread)
Relevant URL:
2. Backdoor Q access? (Thread)
Relevant URL:
3. SV: bizzare NULL scan (Thread)
Relevant URL:
4. DNS servers!! (Thread)
Relevant URL:
5. /.SeCuRiTy# (Thread)
Relevant URL:
6. Strange Activity (Thread)
Relevant URL:
7. IIS exploit attempt? (Thread)
Relevant URL:
8. bizzare NULL scan (Thread)
Relevant URL:
9. Found this in my logs (Thread)
Relevant URL:
10. IP 1.2.3.4 (Thread)
Relevant URL:
11. Administrivia - Thanks (Thread)
Relevant URL:
12. Vacation Troller, Please Ignore. (Thread)
Relevant URL:
13. My Mysterious Message (Thread)
Relevant URL:
14. Mysterious message (Thread)
Relevant URL:
15. slow scans to random IPs on port 53 (and other ports0 (Thread)
Relevant URL:
16. Port 1981 UDP trojan/worm? (Thread)
Relevant URL:
http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2001-05-04%26thread%3dv03007838b7136a07850e[212.151.189.102]
17. Another new worm ? (Thread)
Relevant URL:
18. Weird traffic (Thread)
Relevant URL:
19. Have you seen this in your logs? (Thread)
Relevant URL:
20. High load average and much suspicion (Thread)
Relevant URL:
21. Backdoor scans ? (Thread)
Relevant URL:
22. 198.202.195.254:35817 (Thread)
Relevant URL:
23. Packets originating at port 23 (Thread)
Relevant URL:
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. How I turned my cable modem into a sniffer - WAS: Hijack IP Address using cable modem (Thread)
Relevant URL:
marshallengines.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-05-04%26thread%3d009a01c0d244$0f844670$0703a8c0marshallengines.com
2. How I turned my cable modem into a sniffer (Thread)
Relevant URL:
3. Hijack IP Address using cable modem (Thread)
Relevant URL:
4. some ftpd implementations mishandle CWD ~{ (Thread)
Relevant URL:
5. PayPal DOS (Thread)
Relevant URL:
6. ssh crc32 exploit on Linux (Thread)
Relevant URL:
7. Winamp 2.73 buffer overflow (Thread)
Relevant URL:
8. [Fwd: heres how to exploit gftp] (Thread)
Relevant URL:
9. Hijack IP Address using cable modem (fwd) (Thread)
Relevant URL:
belrs1.nsw.optushome.com.au">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-05-04%26thread%3d001401c0cee8$db615ee0$31fca4cbbelrs1.nsw.optushome.com.au
10. iScouter PHP Web Portal System, MySQL Password in clear text (Thread)
Relevant URL:
11. Passing (poison) nulls in cookies (Thread)
Relevant URL:
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. quarantine attachments per user (Thread)
Relevant URL:
2. Question re:Microsoft and 128-bit security (Thread)
Relevant URL:
3. Port 135 (Thread)
Relevant URL:
4. Patching NT/2k (Thread)
Relevant URL:
5. Intrusion Detection (Thread)
Relevant URL:
6. Deny Internet mail acces from MS Exchange (Thread)
Relevant URL:
7. IIS Compromise (Thread)
Relevant URL:
8. Port 1081 (Thread)
Relevant URL:
firstcodings.org">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-05-04%26thread%3d000501c0d1b8$fc9d0370$7afcc6d4firstcodings.org
9. Gracefull NT Logoff - Summary (Thread)
Relevant URL:
10. FrontPage Extensions (Thread)
Relevant URL:
11. Info in W2K Pro Event viewer (Thread)
Relevant URL:
12. W2K High Encryption Pack Installation (Thread)
Relevant URL:
13. Windows Update and Hot fixes (Thread)
Relevant URL:
14. Transaction Server Error (Thread)
Relevant URL:
15. Batch Netmon? (Thread)
Relevant URL:
16. SecurityFocus.com Microsoft Newsletter #32 (Thread)
Relevant URL:
17. SV: IE content advisor (Thread)
Relevant URL:
18. Terminal Server Under Attack? (Thread)
Relevant URL:
19. IE content advisor (Thread)
Relevant URL:
20. MS01-015 (Thread)
Relevant URL:
21. Possible hack? (Thread)
Relevant URL:
22. Rif. : Possible hack? (Thread)
Relevant URL:
23. dial up security (Thread)
Relevant URL:
24. Domain questions (Thread)
Relevant URL:
25. Installing hotfixes (Thread)
Relevant URL:
26. Vulnerability scanner run against us (Thread)
Relevant URL:
27. v3.0 Cisco IPSec client on W2K (Thread)
Relevant URL:
28. Administrivia (Thread)
Relevant URL:
29. Gracefull NT Logoff (Thread)
Relevant URL:
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. kerberos nfs on Solaris8 (Thread)
Relevant URL:
2. Xwindows and password expiration (Thread)
Relevant URL:
3. NTP vulnerability (Thread)
Relevant URL:
4. Solaris 8 IPSEC interoperability (Thread)
Relevant URL:
5. chroot (Thread)
Relevant URL:
6. Gauntlet on solaris (Thread)
Relevant URL:
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. lpt (Thread)
Relevant URL:
2. secure temporary files (Thread)
Relevant URL:
3. blocking access (Thread)
Relevant URL:
4. SecurityFocus.com Linux Newsletter #26 (Thread)
Relevant URL:
XI. SPONSOR INFORMATION
----------------------------------
This issue sponsored by: Network Ice
High-speed Network Intrusion Detection from Network ICE
Network ICE is the leading provider of intrusion detection for
high-speed and distributed networks. As verified by independent tests,
Network ICE's BlackICE Sentry was the only IDS product that detected
attacks on a fully loaded 100Mb Ethernet segment without dropping any
packets. BlackICE Sentry is available for single segment, full-duplex,
and is the only single package IDS for Gigabit speeds.
For more information, please visit: http://www.networkice.com/securityfocus
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
-------------------------------------
1. How do I subscribe?
Send an e-mail message to LISTSERVSECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname
You will receive a confirmation request message to which you will have
to respond.
2. How do I unsubscribe?
Send an e-mail message to LISTSERVSECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE SF-NEWS
If your e-mail address has changed email aleph1securityfocus.com and I
will manually remove you.
3. How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET SF-NEWS NOMAIL
To turn back on e-mail delivery use the command:
SET SF-NEWS MAIL
4. Is the list available in a digest format?
Yes. The digest generated once a day.
5. How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERVSECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST
6. How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send e-mail from
the appropiate address or e-mail the moderator to be unsubscribed
manually.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]