Copy Link
Add to Bookmark
Report

Net-Sec Issue 006

eZine's profile picture
Published in 
Net Sec newsletter
 · 5 years ago

  

Net-Sec mini letter
Issue 6 - 02.04.2000
http://net-security.org


1) Security news
2) Security issues
3) HNS and Default


1) Security news


MEANING OF THE WORD "HACKER"
"For many, the term "hacker" conjures up images of a precocious troublemaker smirking as he toys with the technologically challenged. Indeed, sometimes what the hacker underground sees as exploring, companies call trespassing. But hackers see a difference between their love of exploration and computer showmanship and recent attempts to shut down Web sites and steal credit-card information". - Simple Nomad speaks.
Link: http://www.nandotimes.com/technology/story/0,1643,500185952-500248285-501250243-0,00.html


REPORT ON CURADOR
Securitywatch.com has filtered through the news to deliver a summary of the important facts and rumors reported on Curador to date.
Link: http://www.securitywatch.com/scripts/news/list.asp?AID=2353


PROTEST
About 20 Washington-area Linux users and administrators showed up Tuesday morning in front of the Capitol building to protest a controversial federal law called the Digital Millennium Copyright Act.
Link: http://www.wired.com/news/politics/0,1283,35178,00.html


HACKING SCHOOL
More than 20 students recently sat in a room on the 12th floor of a New York office building to learn how to hack into Microsoft Windows NT and Linux systems. But it wasn't an underground session run by computer criminals; instead, these students hoped to learn how to protect their computer systems and E-commerce Web sites from attack.
Link: http://www.techweb.com/se/directlink.cgi?IWK20000327S0051


US PRIVACY PLAN
The U.S. has become the first country outside of the European Union to have its data-privacy rules based on safe-harbor principles accepted by the European Commission as providing "adequate" standards of protection for personal data, the commission announced in a statement today.
Link: http://www.computerworld.com/home/print.nsf/all/000329CF76


PIRATED STEVEN KING
The Stephen King novella "Riding the Bullet" may have been even more popular online than was previously thought. Len Kawell, president of Glassbook Inc., one of the e-book publishers distributing the story, confirmed that attackers had attacked the encryption technology used to protect the story from copyright violations.
Link: http://www.zdnet.com/intweek/stories/news/0,4164,2487101,00.html


EUROPEANS AND ECHELON
The European Parliament has decided to put off until April 6 a decision on whether to set up a special Committee of Inquiry into allegations that Echelon, the U.S.-backed satellite surveillance system, is spying on European industry.
Link: http://www.idg.net/idgns/2000/03/30/EuropeanParliamentDelaysDecisionOnEchelo.shtml


DEMON SETTLES NET LIBEL CASE
Laurence Godfrey will be paid L15,000 plus legal costs - which could top L200,000 - by Demon Internet after allegedly defamatory postings about him appeared in newsgroups
Link: http://news.bbc.co.uk/hi/english/sci/tech/newsid_695000/695596.stm



2) Security Issues (as posted to BugTraq mailing list)


Cobalt apache configuration exposes .htaccess
Posted @ April 1, 2000
Following some discussion on the cobalt-users list, it seems that this problem affects both the Raq2 and Raq3. It likely affects other cobalt products.
Link: http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid954542016,12913,


Ircii buffer overflow
Posted @ April 1, 2000
A buffer overflow exists in ircii's dcc chat capability. An attacker could use this overflow to execute code as the user of ircii.
Link: http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid954541779,50943,


Microsoft Security bulletin #21
Posted @ March 31, 2000
Microsoft has released a patch that eliminates a security vulnerability in the TCP/IP Printing Services for Microsoft(r) Windows NT(r) 4.0 and Windows(r) 2000. If this service is installed,the vulnerability could allow a malicious user to disrupt printingservices.
Link: http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid954457601,96671,


USSR Advisory #37
Posted @ March 31, 2000
Ussr Labs found a heap memory problem in TCP/IP Print Server, if anyone perform a atack with specially-malformed information to port (515 Print Server), could cause the process containing the service to crash.
Link: http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid954457423,412,


Microsoft Security bulletin #19
Posted @ March 31, 2000
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Internet Information Server and products based on it. Under certain fairly unusual conditions, the vulnerability could cause a web server to send the source code of .ASP and other files to a visiting user .
Link: http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid954457215,28986,


Citrix ICA Basic Encryption
Posted @ March 29, 2000
The ICA (Independent Computing Architecture) protocol used in various Citrix products (Winframe, Metaframe) relies on a trivially cracked encryption scheme to protect user authentication.
Link: http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid954358482,31446,


Privacy problems with HTTP cache-control
Posted @ March 29, 2000
HTTP cache-control headers such as If-Modified-Since allow servers to track individual users in a manner similar to cookies, but with less constraints. This is a problem for user privacy against which browsers currently provide little protection.
Link: http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid954358199,31758,

S&P ComStock multiCSP security issue
Posted @ March 28, 2000
Standard & Poor's ComStock provides stock quotes and news as a real-time feed on dedicated circuits (ISDN, 56K, T1). ComStock offers a 'Client Site Processor' as a means of receiving their data feed, the MultiCSP I tested against is shipped as a PC running Red Hat Linux 5.1, with version 4.2.4 of 'mcsp', the MultiCSP application software.
Link: http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid954250881,88440,



3) HNS and Default

New forum:
http://www.net-security.org/various/discussion

#Security:
http://www.net-security.org/various/irc

Bookstore:
http://www.net-security.org/various/bookstore

Misc:
http://www.net-security.org/text/misc/


HNS Staff
staff@net-security.org

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT