Copy Link
Add to Bookmark
Report

Net-Sec Issue 002

eZine's profile picture
Published in 
Net Sec newsletter
 · 5 years ago

  

Net-Sec mini letter
Issue 2 - 28.02.2000


1) Security news roundup
2) Security issues
3) HNS and Default

1) Security news roundup

Internet Security Alliance started [22.02.2000]
The Alliance for Internet Security, founded by ICSA.net, is an organization of Internet service providers (ISPs), industry professionals and corporations committed to the widespread adoption of security measures to address recent Distributed Denial of Service Attacks (DDoS).

Link: http://www.icsa.net/html/press_related/2000/02_22_00_alliance.shtml


Microsoft attacked [23.02.2000]
Microsoft said on that cyber vandals had tried to topple its corporate Web site, but the they said the assault, the latest in a string of crippling attacks on major Internet operations, had done little damage.

Link: http://www.wired.com/news/business/0,1367,34540,00.html


NDB.com attacked [24.02.2000]
National Discount Brokers Group said its stock trading Web site was down for more than an hour today, due to an apparent computer hacker attack. National Discount, a brokerage and share dealer, said its NDB.com's Web site froze early in the afternoon after it was flooded with information requests from two Internet addresses.

Link: http://news.cnet.com/news/0-1007-200-1557619.html?tag=st.ne.ron.lthd.1007-200-1557619


FBI was also attacked [25.02.2000]
The FBI acknowledged that electronic vandals shut down its own Internet site for hours last week in the same type of attack that disrupted some of the Web's major commercial sites. The bureau's Web site, www.fbi.gov, remained inaccessible for more than three hours Feb. 18.

Link: http://www.apbnews.com/newscenter/internetcrime/2000/02/25/fbihack0225_01.html


Smart cards [26.02.2000]
Serge Humpich, the 36 year-old engineer who discovered flaws in the chip-based security of French credit cards, was sentenced yesterday in Paris. Under the ruling issued by the 13th correctional chamber, he was sentenced to a suspended prison sentence of 10 months, 12,000 francs (approx. L1,200) in fines, and one symbolic franc in damages to the Groupement des Cartes Bancaires. His computer equipment has been seized, as well as the document that he had filed with the INPI (France's patents and trademarks office), detailing his findings

Link: http://www.theregister.co.uk/000226-000001.html


Japan tightens up security [27.02.2000]
Japan's science chiefs vowed Monday to tighten security on government Internet sites amid reports that a Chinese group is waging a cyber war. "What is imperative for us with regard to security is to do away with security holes to fight further attacks and that is what we are doing," said Science and Technology Agency official Yuichi Sakamoto

Link: http://www.insidechina.com/news.php3?id=134051



2) Security issues

Outblaze problems
By using authentication strings in the URL after logging in to a mailbox,
Outblaze-powered e-mail accounts are left vulnerable to unauthorized access.
Anyone who discovers that string before a login session expires can gain full
access to any Outblaze-powered e-mail account.

Link: http://www.net-security.org/misc/bugtraq/2402outblaze.txt


Georgi Guninski advisory #7
There is a vulnerability in Wordpad which allows executing arbitrary
programs without warning the user after activating an embedded or linked
object. This may be also exploited in IE for Win9x

Link: http://www.net-security.org/misc/bugtraq/2402guninski.txt


MS back door?
MS signed software seems to have very special privileges with regard to software signed by other publishers.
This demo is intended to demonstrate that MS signed code has the power of override IE security settings .
I have only tested IE 5.01 , IE 4.01 and IE 5 with all the security fixes . Note that the back door I am describing can also be used by HTML e-mail messages.

Link: http://www.angelfire.com/ab/juan123/iengine.html



3) HNS and Default

You could expect compiled articles from Default newsletter in a day or two.
Last article submitted was :

"A guide to backdooring Unix systems" by airwalk [28.02.2000 -- Default 08-08]
http://net-security.org/default/08/default-08-08.txt

Older copies could be fetched from:
http://net-security.org/default/issues

Current active mirrors:

http://www.nwo.net/default
http://www.attrition.org/~modify/texts/zines/default
http://www.projectgamma.com/archives/zines/default
http://www.dark-e.com/default
http://ech0.zort.org/default
http://www.deepquest.pf/default
http://hns.crolink.net/default
http://packetstorm.securify.com/mag/default

If you are mirroring Default newsletter or if you want to write for it please do e-mail me at bhz@net-security.org


HNS backend - http://www.net-security.org/backend
HNS forum - http://net-security.org/webboard.htm
HNS mailing list - http://net-security.org/info/list


Berislav Kucan - BHZ
bhz@net-security.org
http://net-security.org

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT