0blivion nº1:(NEWS-1.txt):15/03/2000 << Back To 0blivion nº 1
+------------------------------------------------------+ ▌ Oblivion Underground Magazine - Issue 1 - 15/03/2000 ▌ ▌ This Months News 1 by Slider ▌ ▌ E-Mail : SlideR_100@hotmail.com ▌ +------------------------------------------------------+ Here are a list of headlines that would be of some intrest to people from Febuary 2000 : ------------------------------------------------------------------------------ ComputerWorld: Visa acknowledges cracker break-ins <http://www.computerworld.com/home/print.nsf/all/000128E45A> Visa International Inc. acknowledged this week that computer crackers broke into several servers in its global network last July and stole information. ------------------------------------------------------------------------------ Sophos: Virus: VBS/Kakworm <http://www.sophos.com/virusinfo/analyses/vbskakworm.html> VBS/Kakworm is a worm that exploits security vulnerabilities in Microsoft Internet Explorer and Microsoft Outlook in a way similar to VBS/BubbleBoy-A. ------------------------------------------------------------------------------ CNN: Meet the kid behind the DVD hack <http://www.cnn.com/2000/TECH/computing/01/31/johansen.interview.idg/index.h tml> On Monday, January 24, authorities in Norway searched the home of Jon Johansen, a 16-year-old Norwegian member of the Masters of Reverse Engineering (MoRE) -- the group which created the DeCSS DVD playback utility for Linux. ------------------------------------------------------------------------------ Cobalt Networking siteUserMod.cgi Security Advisory <http://www.cobalt.com/support/security/notice.000131.html> Through improper permissions checking in /.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can change the password of the admin (root) account on the system. ------------------------------------------------------------------------------ Linux.com: Why Linux Security Will Succeed <http://www.linux.com/newsitem.phtml?sid=1&aid=6702> There is no subtlety in the race to gain the exalted title of having the most secure operating system. Both sides of the virtual fence argue their preferred operating system is more secure by default installation. ------------------------------------------------------------------------------ PCWorld: McAfee to Introduce Personal Firewall <http://www.pcworld.com/pcwtoday/article/0,1510,15071,00.html> McAfee announced that it is adding a firewall to McAfee.com, the online suite of diagnostic and antivirus utilities available by subscription for $14.95 a year. (The service offers a 90-day free trial.) McAfee Personal Firewall will be available later this quarter, according to the company, and will be an 800KB downloadable utility available to McAfee.com subscribers at no extra charge. ------------------------------------------------------------------------------ Cert: 1999 Annual Report <http://www.cert.org/annual_rpts/cert_rpt_99.html> From January through December 1999, the CERT/CC received 32,967 email messages and 2,099 hotline calls reporting computer security incidents or requesting information. We received 419 vulnerability reports and handled 8,268 computer security incidents during this period. More than 4,387,088 hosts were affected by these incidents. ------------------------------------------------------------------------------ Caldera: Advisory- CSSA-2000-001.0 MySQL password handling <ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-001.0.txt> Anyone with access to a running MySQL server and GRANT privilege for any database or table in the MySQL server, can change any MySQL-password he wishes, including the MySQL superuser's. ------------------------------------------------------------------------------ NTShop: Outlook Scripting <http://www.ntsecurity.net/scripts/loader.asp?iD=/security/outlook3.htm> Outlook Express 5.01 and Internet Explorer 5.01 under Windows 95 ,and possibly other versions, allow reading subsequently opened email messages after a hostile message is opened. ------------------------------------------------------------------------------ ISS Security Alert: Form Tampering Vulnerabilities in Shopping Cart Apps <http://xforce.iss.net/alerts/advise42.php3> ISS X-Force has identified eleven shopping cart applications that are vulnerable to price changing using form tampering. It is possible for an attacker to take advantage of the form tampering vulnerabilities and order items at a reduced price on an e-commerce site. ------------------------------------------------------------------------------ Microsoft Bulletin: Recycle Bin Creation Vulnerability <http://securityportal.com/topnews/ms00-007.html> Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows NT 4.0. Under a very daunting set of conditions, a malicious user could create, delete or modify files in the Recycle Bin of another user who shared the machine. ------------------------------------------------------------------------------ InternetNews: Another Cracker Posts Stolen Cards Online <http://www.internetnews.com/ec-news/article/0,1087,4_298021,00.html> Another e-commerce site has been turned inside out by a cracker. Someone calling himself "Curador" claims to have stolen the entire sales database of an unidentified online site, including more than 5,000 credit card numbers. ------------------------------------------------------------------------------ Sophos: New Variants of Laroux and Melissa viruses reported <http://www.sophos.com/downloads/ide/index.html> Word and Excel macro viruses reported in the wild, not believed to be widespread. ------------------------------------------------------------------------------ Kurt's Closet: Future Denial of Service Attacks <http://securityportal.com/direct.cgi?/closet/closet20000202.html> The CPU overhead required for decrypting data packets opens up several possibilities for devastating denial of service attacks. ------------------------------------------------------------------------------ CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests <http://www.cert.org/advisories/CA-2000-02.html> A web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input is not validated to prevent malicious HTML from being presented to the user. ------------------------------------------------------------------------------ Debian: symlink attack in apcd <http://www.debian.org/security/2000/20000201> The apcd package as shipped in Debian GNULinux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to tmp upsstat. However this file is not opened safely, which makes it a good target for a symlink attack. ------------------------------------------------------------------------------ ZDNet: Bug found in MS Java machine <http://www.zdnet.com/zdnn/stories/news/0,4586,2431555,00.html?chkpt=zdhpnew s01> The potential security hole may allow an attacker to steal files from Web surfers who are using certain versions of Microsoft's Internet Explorer. ------------------------------------------------------------------------------ CERT: FAQ About Malicious Web Scripts Redirected by Web Sites <http://www.cert.org/tech_tips/malicious_code_FAQ.html> This FAQ supplements advisory CA-2000-02.html. It provides information for general web users and includes step-by-step instructions for turning off options in the web browser that allow malicious scripts to run. ------------------------------------------------------------------------------ CERT: Understanding Malicious Content Mitigation for Web Developers <http://www.cert.org/tech_tips/malicious_code_mitigation.html> This tech tip supplements advisory CA-2000-02.html. It provides a technical overview of the problem and describes steps web developers can take to protect their web pages from being used by developers of malicious scripts. ------------------------------------------------------------------------------ Apbnews: Was Bill Gates Credit Card Number Online? <http://www.apbnews.com:80/newscenter/internetcrime/2000/02/01/hack0201_01.h tml> A self-proclaimed teenage cracker who claims to have gotten into the database of an e-commerce site has posted hundreds of credit card numbers online -- including one he says belongs to Microsoft Chairman Bill Gates. ------------------------------------------------------------------------------ ZDNet: Corporate users get more control over e-mail security <http://www.zdnet.com/pcweek/stories/news/0,4153,2433233,00.html> It's been said that e-mail is more like a postcard than a registered letter. So it's not surprising that IT administrators would welcome new tools to help manage corporate messaging security and usage policies. ------------------------------------------------------------------------------ Sophos: Virus: WM97/Db-A alias DocBombing <http://www.sophos.com/virusinfo/analyses/wm97dba.html> A is a relatively simple macro virus that seems to have originated in France. From the 6th to the end of both November and December in any year from 2000 onwards, the virus edits the Document Comments. ------------------------------------------------------------------------------ Caldera: CSSA-2000-002.0: Buffer overflow in mount/umount <ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-002.0.txt> A buffer overflow has been found in the mount and umount commands, which are setuid root on Caldera OpenLinux. The overflow does not appear to be exploitable easily if at all, but we advise you to upgrade to the fixed package nevertheless. ------------------------------------------------------------------------------ Microsoft Security Bulletin MS00-004 <http://www.microsoft.com/technet/security/bulletin/fq00-004.asp> This vulnerability could cause administrative information on a Windows NT 4.0 system to be divulged to unprivileged users. A tool that allows administrators to recover from catastrophic system errors creates a temporary file containing the names and values of registry entries, but assigns it permissions that allow normal users to read it while the tool is creating it. ------------------------------------------------------------------------------ USAToday: Experts warn of serious new Web risk <http://www.usatoday.com/life/cyber/tech/cth270.htm> The nation's top computer experts warned Internet users Wednesday about a serious new security threat that allows hackers to launch malicious programs on a victim's computer or capture information a person volunteers on a Web site, such as credit card numbers. ------------------------------------------------------------------------------ FCW: Hackers tampering with Internet, e-mail links <http://www.fcw.com/fcw/articles/2000/0131/web-hackers-02-04-00.asp> Federal and industry security teams are warning agencies about malicious code embedded in Internet links on World Wide Web sites and in e-mails that could allow hackers to capture any information entered by the user. ------------------------------------------------------------------------------ Microsoft Bulletin: Patch Available for RDISK Registry Enumeration File Vulnerability <http://securityportal.com/topnews/ms00-004upd.html> The RDISK utility is used to create an Emergency Repair Disk (ERD) in order to record machine state information as a contingency against system failure. During execution, RDISK creates a temporary file containing an enumeration of the registry. The ACLs on the file allow global read permission, and as a result, a malicious user who knew that the administrator was running RDISK could open the file and read the registry enumeration information as it was being created. ------------------------------------------------------------------------------ ZDNet: 'Real' hackers fight crackers <http://www.zdnet.com/zdnn/stories/news/0,4586,2433629,00.html> Businesses are hiring hackers from Defcom to break into their systems and close any potential security hazards. ------------------------------------------------------------------------------ Updates to CERT Advisory CA-2000-02 <http://securityportal.com/topnews/ca-2000-02-upd.html> The CERT Coordination Center has released updates to CERT Advisory CA-2000-02 and the FAQ About Malicious Web Scripts Redirected by Web Sites which clarifies the impact this vulnerability has on Java. ------------------------------------------------------------------------------ Security Portal Top Ten Viruses <http://securityportal.com/virus/virustopten.html> Consolidated Report of Current Top Ten Viruses as reported to major Anti-Virus vendors. ------------------------------------------------------------------------------ Currents: 128-Bit Encrypted WAP Browser <http://www.currents.net/newstoday/00/02/07/news16.html> Phone.com has unveiled version 4.1 of its wireless application protocol ,WAP microbrowser. The browser is notable for its support of a full 128-bit encryption technology. ------------------------------------------------------------------------------ ZDNet: Cookies Are Good, Bad, Good... <http://www.zdnet.com/zdnn/stories/comment/0,5859,2425975,00.html> Few topics have caused as much confusion or spawned as many utility programs as cookies. The buzz about them has gone from ignorance to fear to relief to loathing to resigned acceptance. Now the pendulum is swinging back to loathing. ------------------------------------------------------------------------------ Currents: Government Security - Encryption Upgraded <http://www.currents.net/newstoday/00/02/05/news1.html> The National Institute of Standards and Technology has issued a draft revision of the government's systems security and encryption validation standard that streamlines the standard and addresses new technological threats. ------------------------------------------------------------------------------ SCO Security Bulletin: snmpd <http://securityportal.com/topnews/sco20000208.html> Default configuration of SCO OpenServer 5.0.5 allows local users read/write access to SNMPD provided information via a default writable community string. ------------------------------------------------------------------------------ Forbes: What to do if you are hacked <http://www.forbes.com/forbes/00/0221/6504068s1.htm> It doesn't take a master-cracker to take down your Web site. The technology changes so quickly, it's challenging for even top-flight e-commerce sites, with a staff of computer security professionals, to keep up with the latest exploits. ------------------------------------------------------------------------------ Yahoo! - Why denial of service (DOS) attacks work <http://securityportal.com/direct.cgi?/topnews/yahoo20000208.html> On Monday, Yahoo! was partially knocked offline when one of their routers at a California data center was hammered into the ground by a denial of service attack. We take a look at why the attack was successful and why even the mighty are vulnerable. ------------------------------------------------------------------------------ NAI: W32/WinExt.worm <http://vil.nai.com/vil/MPI10544.asp> This is an Internet worm which can autoreply to unread email messages of MAPI installed email clients. Discovered in France in January, now reported to be in the wild. ------------------------------------------------------------------------------ ZDNet: Massive attack knocks Yahoo! offline <http://www.zdnet.com/zdnn/stories/news/0,4586,2434394,00.html?chkpt=zdnntop> Yahoo was the victim of the Web's largest successful denial-of-service attack. Three-hour outage could cost millions. The FBI has contacted Yahoo! to discuss opening an investigation into Monday's denial of service attack against the popular Web portal. ------------------------------------------------------------------------------ RedHat: Advisory, RHSA-2000:001-03 <http://www.redhat.com/support/errata/RHSA2000001-03.html> A security bug has been discovered and fixed in the userhelper program. The bug can be exploited to provide local users with root access. The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been modified to help prevent similar attacks on other software in the future. ------------------------------------------------------------------------------ RedHat: Advisory, RHSA-2000:002-01 <http://www.redhat.com/support/errata/RHSA2000002-01.html> New lpr packages are available to fix two security problems in lpd. Two security vulnerabilities exist in the lpd shipped with the lpr package. First, authentication was not thorough enough. If a remote user was able to control their own DNS so that their IP address resolved to the hostname of the print server, access would be granted, when it should not be. Secondly, it was possible in the control file of a print job to specify arguments to sendmail. By careful manipulation of control and data files, this could cause sendmail to be executed with a user-specified configuration file. This could lead very easily to a root compromise. ------------------------------------------------------------------------------ Kurt's Closet: OpenBSD 2.6 - new features <http://securityportal.com/direct.cgi?/closet/closet20000209.html> Coverage of some of the new features and improvements of the latest version. OpenBSD is a flavor of UNIX based on BSD, with one main goal in mind. Security. The entire purpose of OpenBSD is to provide a fast, stable, and above all, secure computing platform. ------------------------------------------------------------------------------ Currents: Privacy for the Masses - Using PGP without tears <http://www.currents.net/magazine/national/1803/intb1803.html> Privacy software has never caught on with everyday users. Somehow it seems too esoteric, too complicated, too ... well ... nerdy. And, to be honest, early encryption programs did take a rocket scientist to understand. ------------------------------------------------------------------------------ TechnologyPost: Beijing slammed over encryption <http://www.technologypost.com/enterprise/DAILY/20000209104156615.asp?Sectio n=Main> A United States Congressman has criticised new encryption regulations released by Beijing, calling them a major invasion of privacy against computer users worldwide, including US citizens. ------------------------------------------------------------------------------ Currents: Yahoo Attack Maybe "Tribal Flood" <http://www.currents.net/newstoday/00/02/09/news1.html> Patrick Taylor, vice president of risk assessment business unit of Atlanta-based Internet Security Systems said he suspects that Monday's outage was caused by a relatively new version of denial-of-service known as "tribe flood" or "tribal flood" which has popped onto the scene in just the last six months. He said that tribe flood involves someone building a virus program that automatically goes out and infects many computers at once - typically computers at a university or government installation that have broadband Internet access and are constantly powered up. "They call that turning the machine into a 'zombie'" he said. ------------------------------------------------------------------------------ ABC News: Reno, FBI Vow Action <http://abcnews.go.com/sections/tech/DailyNews/yahoo000209.html> Investigation of the distributed denial of service attacks turn criminal, with the FBI's National Infrastructure Protection Center is heading up the federal efforts. ------------------------------------------------------------------------------ Fox News: Add ZDNet, E*Trade, and Datek to DoS Hit List <http://www.foxnews.com/vtech/020900/hack.sml> ZDNet, E*Trade, and Datek are the latest targets in the rash of "denial of service" attacks that have plagued major web sites in the past three days. All reported disrupted traffic until about 9:30 a.m. ET Wednesday morning. ------------------------------------------------------------------------------ BBC: UK publishes impossible decryption law <http://news.bbc.co.uk/hi/english/sci/tech/newsid_638000/638041.stm> The UK Government came under fire on Thursday from the internet community after it published a Bill to regulate covert surveillance. The critics say the legislation, if passed, could lead to innocent people being sent to jail simply because they have lost their data encryption codes. ------------------------------------------------------------------------------ Sophos: WM97/Thursday-F <http://www.sophos.com/virusinfo/analyses/wm97thursdayf.html> This virus has been reported in the wild. WM97/Thursday-F is a variant of the WM97/Thursday Word macro virus. ------------------------------------------------------------------------------ NAI: W95/Haiku.worm <http://vil.nai.com/vil/MPI98485.asp> This is an Internet aware worm which travels via email from the host system. ------------------------------------------------------------------------------ Wired: Hacker Havoc Reveals Risks <http://www.wired.com/news/business/0,1367,34229,00.html> The string of recent attacks on major Web sites is drawing attention to the fact that few Net companies have financial safeguards to withstand prolonged service disruptions. Although insurance companies have recently begun offering policies protecting Web sites against lost traffic, few companies have signed up. ------------------------------------------------------------------------------ FCW: Dot-com attacks seen as wake-up call for feds <http://www.fcw.com/fcw/articles/2000/0207/web-attacks-02-10-00.asp> Following a series of cyberattacks that shut down several popular commercial sites this week, government officials Wednesday emphasized the need to protect critical private systems, and the future implications for federal agencies. ------------------------------------------------------------------------------ InfoWorld: Analyst puts hacker damage at $1.2 billion and rising <http://www.infoworld.com/articles/ic/xml/00/02/10/000210icyankees.xml> The Yankee Group arrived at the $1.2 billion figure by estimating revenue losses at the affected Web sites, losses in market capitalization, and the amount that will be spent on upgrading security infrastructures as a result of the attacks, the research firm said in a statement issued Thursday. ------------------------------------------------------------------------------ TechWeb: Market Grows For Web Defensive Tools <http://www.techweb.com/wire/story/TWB20000210S0013> Tool vendors in this sector said Thursday they are seeing increasing interest in their products. But while they appreciate the business opportunities, they stress that they don't have a one-size-fits-all cure. ------------------------------------------------------------------------------ FBI: NATIONAL INFRASTRUCTURE PROTECTION CENTER - TRINOO/Tribal Flood Net/tfn2k <http://www.fbi.gov/nipc/trinoo.htm> During the past few weeks the NIPC has seen multiple reports of intruders installing distributed denial of service tools on various computer systems, to create large networks of hosts capable of launching significant coordinated packet flooding denial of service attacks. Installation has been accomplished primarily through compromises exploiting known sun rpc vulnerabilities. These multiple denial of service tools include TRINOO, and Tribe Flood Network (or TFN & tfn2k), and has been reported on many systems. ------------------------------------------------------------------------------ TheTimes: French to sue US and Britain over network of spies <http://www.the-times.co.uk/news/pages/tim/2000/02/10/timfgneur01007.html?999> THE British and US Governments are to be sued in France after claims that they have spied on French companies, diplomats and Cabinet ministers. Lawyers are planning a class action after confirmation last week that a global anglophone spy network exists. ------------------------------------------------------------------------------ Denial of Service Resource Center <http://securityportal.com/research/center.cgi?Category=dos> Collection of Links and articles related to Denial of Service attacks. ------------------------------------------------------------------------------ SecureMac: Macs and Cable Modem Security <http://www.securemac.com/Cmacscable.cfm> An issue has surfaced which has been ignored and avoided for a long time. In the past, people thought of Macintosh computers as being so secure that you didn't even need to talk about security. Since the early 90's, there have been a few web sites dedicated to Macintosh security or hacking, all of which have surfaced, dissolved and expired. ------------------------------------------------------------------------------ SuSE Security Advisory: make-3.77-44 and earlier <http://securityportal.com/list-archive/bugtraq/2000/Feb/0169.html> If GNU make is fed with Makefiles via stdin it creates temporary files in /tmp without checking for links. A malicious user could execute commands with the privileges of the user executing make, a possible root compromise. ------------------------------------------------------------------------------ CNet: RealNames customer DB hacked <http://news.cnet.com/news/0-1005-200-1547688.html?dtn.head> RealNames, a company that substitutes complicated Web addresses with simple keywords, is warning its users that its customer database has been hacked, and that user credit card numbers and passwords may have been accessed. ------------------------------------------------------------------------------ ZDNet: Win2000 has 63,000 'defects' <http://www.zdnet.com/zdnn/stories/news/0,4586,2436920,00.html?chkpt=zdhpnews 01> According to an internal Microsoft memo viewed by Sm@rt Reseller, the company needs to fix tens of thousands of bugs contained in the final Win2000 release code. ------------------------------------------------------------------------------ CNet: Hack leads point to California university <http://cnet.com/news/0-1005-200-1548087.html?tag=st.cn.1.lthdne> Authorities probing the source of this week's attacks on Yahoo, eBay, CNN and other Web sites are pursuing some new leads--and at least one of them points to a university in Southern California. ------------------------------------------------------------------------------ CNet: FBI reportedly seeks German programmer <http://cnet.com/news/0-1005-200-1548566.html?tag=st.cn.1.lthdne> The FBI, working with the National Infrastructure Protection Center, is trying to track down a programmer known only as "Mixter", the German newspaper Die Welt reported. In an interview with CNET News.com on Wednesday, Mixter acknowledged that he had written programs that appear similar to those used in the "denial of service" attacks but said he was not involved in the incidents, which brought down Yahoo, eBay, Amazon.com and other online giants. ------------------------------------------------------------------------------ Currents: Windows 2000 Meets Crypto Standard <http://www.currents.net/newstoday/00/02/13/news5.html> Microsoft Corp's [NASDAQ:MSFT] Windows 2000 may be new, but its cryptography isn't. That's a bonus for federal users because Microsoft received swift approval of the new operating system as compliant with Federal Information Processing Standard 140-1. ------------------------------------------------------------------------------ FCW: Washington county meets Melissa <http://www.fcw.com/civic/articles/2000/0214/web-melissa-02-14-00.asp> The Snohomish County, Wash., government's e-mail system was shut down last week after becoming infested with the Melissa virus, the same bug that caused more than 80 million in damage nationwide last year. ------------------------------------------------------------------------------ TheRegister: DDos degrades the Net <http://www.theregister.co.uk/000214-000019.html> Whether pesky kids -- or the CIA -- are to blame for last week's high profile distributed denial of service attacks, it seems all Net users were affected by the online mischief-making. ------------------------------------------------------------------------------ Analysis of recent Denial of Service attacks is focus of TISC Insight Newsletter <http://securityportal.com/topnews/tiscrelease20000214.html> TISC Insight, the Newsletter of The Internet Security Conference (TISC) provides expert reaction and insight into the recent barrage of "Denial of Service (DOS)" attacks that inundated top Internet sites this week including eBay, Buy.com, eTrade, ZDNet, Yahoo, and others. The e-mail newsletter (Volume 2 number 3), published Friday, Feb. 11, is available online at http://tisc.corecom.com/insight.html. ------------------------------------------------------------------------------ Well thats this month's news events, i have tried to list everything of intrest. Check out News File 2 for the rest of the news - Cyber0ptix Slider.