[iwar] news

From: Fred Cohen (fc@all.net)
Date: 2001-07-14 07:19:27


Return-Path: <sentto-279987-1427-995120368-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 14 Jul 2001 07:20:08 -0700 (PDT)
Received: (qmail 1605 invoked by uid 510); 14 Jul 2001 13:21:41 -0000
Received: from ci.egroups.com (64.211.240.235) by 204.181.12.215 with SMTP; 14 Jul 2001 13:21:41 -0000
X-eGroups-Return: sentto-279987-1427-995120368-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by ci.egroups.com with NNFMP; 14 Jul 2001 14:19:28 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_2_0); 14 Jul 2001 14:19:27 -0000
Received: (qmail 92397 invoked from network); 14 Jul 2001 14:19:27 -0000
Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 14 Jul 2001 14:19:27 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 14 Jul 2001 14:19:27 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA04494 for iwar@onelist.com; Sat, 14 Jul 2001 07:19:27 -0700
Message-Id: <200107141419.HAA04494@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Sat, 14 Jul 2001 07:19:27 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

July 11, 2001

Lashkar web site hacked
The website of the Pakistan based militant outfit
Lashkar-e-Tayiba has been hacked. As you open the site
www.lashkar-e-toiba.org, the home page has a banner
stating 'Mera Bharath Mahan (India is great)' and he
right corner has the Indian national flag flying. The
hacker who calls himself 'True Indian' said that the
site has been Domain Name Server hacked by him as it
contained inflammatory details about India and Kashmir.
Adding that he decided to deface it in order to counter
the Pakistani hacker group G-force, which reportedly
has the support of the Pakistani government.
http://www.rediff.com/news/2001/jul/10hack1.htm

Watch Your Back
Thousands of Internet users could be the victims of
a mass computer crime by the end of 2002. Research
by Gartner Inc., shows that at least one incident
of economic mass victimization may disrupt not just
America, but the entire world in just a year's time.
"Converging technology trends are creating economies
of scale that enable a new class of cybercrimes aimed
at mass victimization," said Richard Hunter, research
fellow at Gartner. What this boils down to is that
computer masterminds have, through the Internet, the
power to steal millions from thousands of people.
http://www.shopguide.com/news/article_report1_07-11-01.asp

DoS risk from Zip of death attacks on AV software?
Claims that anti-virus and content filtering packages
may be vulnerable to a denial of service attacks
through maliciously constructed compressed archives
have generated a heated debate in the security
industry. A discussion thread on BugTraq on the
subject has prompted security consultants MIS
Corporate Defence to issue an alert warning its
customers of what it describes as an easy way of
bringing networks to their knees. Files are
available on the Internet which are as little as
42KB in size but when fully decompressed have a
total size of 16GB. The exploit works by sending
an email containing such a maliciously formed
compressed archive to an intended victim.
http://www.theregister.co.uk/content/56/20322.html

Worms evolving into complex beasts
The next generation of computer worms will be
stealthier, more targeted and harder to defend
against, a security expert predicted at the Black
Hat Security Briefings Wednesday. "They are
adaptive; they are evolving," Jose Nazario, a
researcher for computer-security group Crimelabs,
said of worms, malicious, self-replicating programs
that have become a favorite tool of online vandals.
Nazario, who is doing doctoral work in biochemistry
at Case Western University, called today's viral
code the equivalent of "primordial ooze."
http://www.zdnet.com/zdnn/stories/news/0,4586,5094015,00.html
http://news.cnet.com/news/0-1003-200-6548363.html

ISS warns of security flaw in RADIUS servers
Internet Security Systems Inc. has spotted what's
believed to be the first known buffer-overflow
vulnerability associated with remote-access servers,
which could allow a hacker to gain control of an
ISP's network.  The flaw is linked to the remote-
access servers used by ISPs to authenticate users
logging on to gain access to Internet services.
Hackers craft all kinds of buffer-overflow exploits
as strings of commands that can be used to try and
gain control of a server when its buffer doesn't
filter the attack strings through bound-checking
measures.
http://www.itworld.com/Sec/2290/NWW010710radius/

Security Flaw Found With Outlook VCards
Security consulting and research firm @Stake Inc.
has discovered a security flaw within Microsoft's
ubiquitous Outlook and Outlook Express E-mail
applications. The vulnerability concerns the use
of Outlook's vCards, or virtual business cards,
which can fall victim to a buffer overflow attack
or contain code that can attack a user's system.
VCards can be created with malicious code that
can either cause Outlook to crash, or even allow
the E-mail application to run damaging code on a
targeted victim's system.
http://www.informationweek.com/story/IWK20010223S0002

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:37 PDT