HNS Newsletter
Issue 154 - 24.03.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


--------------------------------------------------------------------
ALERT: How a Hacker Launches a SQL Injection Attack - Step-by-Step!
--------------------------------------------------------------------
It's as simple as placing additional SQL commands into an input 
box on a web form giving hackers complete access to all your 
backend data! Firewalls and IDS will not stop SQL Injection 
attempts because they are NOT seen as intrusions.

Download this *FREE* white paper from SPI Dynamics for a complete 
guide to protection! 
http://www.spidynamics.com/mktg/sqlinjection29 
--------------------------------------------------------------------

------------------------------------------------------
Accurate Anti-Spam Software - Download a Free Trial
>> http://www.surfcontrol.com/go/zhnsppl
------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Security world
7) Security software
8) Virus news


[ Security news ]

 
----------------------------------------------------------------

NETWORK GUARDIANS FACE THORNY JOB
Problems multiply and network administrators can hardly keep up 
with security patches. Executives from the telecom, wireless, 
cable and satellite industries gather to brainstorm solutions.
>> http://www.net-security.org/news.php?id=2182


CYBER TERRORISM 'OVERHYPED'
The threat posed by cyber-terrorism has been overhyped and 
the net is unlikely to become a launch pad for terror attacks.
>> http://www.net-security.org/news.php?id=2183


HIGH INSECURITY
We feel physically threatened by possibilities of terrorist 
attacks and all of our personal information—much of it stored 
in digital form—seems to be vulnerable too...
>> http://www.net-security.org/news.php?id=2184


ID THEFT LOGS ON TO THE NET
The smuggling of artifacts, drugs, ancient coins, rare stamps, 
wildlife trophies... they're passe now. Identity theft is the 
latest criminal click on the block in the world of the Internet.
>> http://www.net-security.org/news.php?id=2185


WHO'S WINNING PRIVACY TUG OF WAR?
Businesses want customers to give it up. The government can't 
make up its mind. And consumers just want e-mail inboxes free 
of junk. The battle over electronic privacy is as hot as ever.
>> http://www.net-security.org/news.php?id=2190


REDESIGNING THE NET TO SAVE IT FROM SPAM
To stem the unrelenting tidal wave of unsolicited, unwanted 
e-mail, people and companies are going to extraordinary 
lengths - at considerable expense.
>> http://www.net-security.org/news.php?id=2191


SURVEILLANCE NATION
Tracking devices, and interlinked databases are leading to the 
elimination of unmonitored public space. Are we prepared for 
the consequences of the intelligence-gathering network we're 
unintentionally building?
>> http://www.net-security.org/news.php?id=2192


WIRELESS MAC HAS SECURITY STANDARDS COVERED
The SiS160 driver offers support for the latest 802.1x security 
standards, including TKIP (temporal key integrity protocol) 
and WPA (Wi-Fi protected access).
>> http://www.net-security.org/news.php?id=2193


INITIAL SETUP FOR COMMON FUNCTIONALITY WITH ASTARO SECURITY LINUX 4.0
This workshop explains how to use Astaro Security Linux and the 
main functions like HTTP- and DNS-Proxy, but also how to reach 
the webserver in your internal network from the Internet.
>> http://www.net-security.org/news.php?id=2194


COMPANIES THROW SECURITY OUT WITH THE GARBAGE
Identity theft is now the largest form of white-collar crime 
in the western world, but not because the Internet has made 
it easier to steal personal information.
>> http://www.net-security.org/news.php?id=2195


DIVERSE GROUPS OPPOSE SECURITY PROPOSAL
A coalition of nearly 70 groups is attempting to block a Bush 
administration proposal that would grant police more surveillance 
authority and sweeping powers to target computer crime and 
terrorist activities.
>> http://www.net-security.org/news.php?id=2196


USERS EXPLOIT LAN SWITCH SECURITY FEATURES
While some hurdles exist, deploying intelligent Ethernet gear 
at the LAN edge is becoming popular as users seek to tap 
multilayer switching features to boost security and 
application bandwidth control.
>> http://www.net-security.org/news.php?id=2198


LEAKED BUG ALERTS CAUSE A STIR
Confidential security alerts made their way to a mailing list, 
prompting speculation about the culprit and causing a new 
flurry in the debate over how and when details about 
software bugs are made public.
>> http://www.net-security.org/news.php?id=2199


SMARTCARDS 'PUSHING CREDIT CARD CRIME TO AUSTRALIA'
The introduction of security-protected credit cards in Europe 
and Asia-Pacific could lead to rising fraud activity down 
under, according to new research.
>> http://www.net-security.org/news.php?id=2200


WE'D LOVE TO GO WIRELESS BUT WHAT ABOUT SECURITY?
European businesses are keen to embrace wireless technologies, 
in all their flavours, but doubts about security are continuing 
to act as a brake on wider usage of wireless LANs.
>> http://www.net-security.org/news.php?id=2201


WORM TURNS ON IRAQ CONFLICT FEARS
Home PC users have been warned to be on the lookout for a new 
worm that feeds on fears over the impending invasion of Iraq.
>> http://www.net-security.org/news.php?id=2202


WHEN COMPUTING WAS RELIABLE
The latest brouhaha over software patches shows how far we've 
regressed since the days of the mainframe.
>> http://www.net-security.org/news.php?id=2203


NMAP 3.20 IS OUT - A TON OF IMPROVEMENTS
The new stable version on the popular open source utility for 
network exploration or security auditing has been released. 
This version has hundreds of improvements over 3.00.
>> http://www.net-security.org/news.php?id=2204


LOOKING INTO THE MIND OF A VIRUS WRITER
Male. Obsessed with computers. Lacking a girlfriend. Aged 14 
to 34. Capable of sowing chaos worldwide. That is the profile 
of the average computer-virus writer, according to an 
industry expert.
>> http://www.net-security.org/news.php?id=2207


'EXTERNAL ATTACK' UNDER CONTROL - TISCALI UK
Tiscali UK is prepared to take legal action against those 
behind yesterday's "external attack" that knocked out the ISP.
>> http://www.net-security.org/news.php?id=2208


POINT, CLICK, GET ROOT ON YAHOO
A simple scan for unpublished websites within Yahoo's Internet 
address space gave an IT worker access to several of the portal 
company's internal systems, including root access inside the 
company firewall.
>> http://www.net-security.org/news.php?id=2209


CANADA IN HACKTIVIST CROSSHAIRS
Figures from a European cyber-security watchdog indicate that 
Canadian as well as U.S. servers are in the crosshairs as 
attackers around the world express their disapproval of U.S. 
activity in the Middle East.
>> http://www.net-security.org/news.php?id=2210


CISCO UPDATES FIREWALL APPLIANCES
Cisco is introducing software upgrades that boost speed and 
allow more concurrent users on some of its low-end PIX 
firewall appliances.
>> http://www.net-security.org/news.php?id=2211


HIDING IS THE BEST WAY TO BEAT SPAM
Want to stop spammers from clogging your in-box with 
get-rich-quick schemes, invitations from hot girls and 
Nigerian money-laundering antics?
>> http://www.net-security.org/news.php?id=2212


PEOPLE ARE THE BIGGEST SECURITY RISK
Human error - not technical malfunction - is the most significant 
cause of IT security breaches in the public and private sectors.
>> http://www.net-security.org/news.php?id=2213


WILL WAR SWAP PRIVACY FOR SECURITY?
The challenge of balancing security and privacy is taking a new 
turn with battles in progress in Iraq.
>> http://www.net-security.org/news.php?id=2216


DDOS ATTACK CRIPPLES UECOMM'S AU LINKS
A crippling distributed denial of service attack battered the 
Internet last evening, knocking several Uecomm links offline.
>> http://www.net-security.org/news.php?id=2217


"HACKERS" CLAIM NSA BREACH
Hackers claim to have compromised a computer at the National 
Security Agency. But their target was the least secretive 
organization imaginable within the massive intelligence 
agency: the public affairs office.
>> http://www.net-security.org/news.php?id=2218


Q&A: MICROSOFT'S SCOTT CHARNEY ON SECURITY IN A TIME OF WAR
Scott Charney, chief security strategist at Microsoft, spoke 
with Computerworld about areas of concern for IT professionals 
during a time of war.
>> http://www.net-security.org/news.php?id=2219


FEDS ALERT TO WEB SECURITY THREAT
The Department of Homeland Security advises Americans to brace 
themselves for acts of cyberterror. But computer security 
experts say Internet users probably aren't much more 
vulnerable than usual.
>> http://www.net-security.org/news.php?id=2220


TEN SECURITY CHECKS FOR PHP, PART 1
This article provides five steps to help identify or avoid 
security holes in applications written using PHP.
>> http://www.net-security.org/news.php?id=2221


AN ANALYSIS OF A COMPROMISED HONEYPOT
This paper will deconstruct the steps taken to conduct a full 
analysis of a compromised machine.
>> http://www.net-security.org/news.php?id=2222

----------------------------------------------------------------


-------------------------------------------------------
Stop Spam Now - Free SurfControl E-mail Filter Trial
>> http://www.surfcontrol.com/go/zhnsppl
-------------------------------------------------------


[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

osCommerce Multiple Cross Site Scripting Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2541


IBM Tivoli Firewall Security Toolbox Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2540


Mutt Mail User Agent Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2539


Safeboot PC Security User Emuneration Vulnerability
>> http://www.net-security.org/vuln.php?id=2538


XOOPS Path Disclosure Vulnerability
>> http://www.net-security.org/vuln.php?id=2537


Windows Script Engine Heap Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2536


Kaspersky Anti-Hacker Denial of Service Vulnerability
>> http://www.net-security.org/vuln.php?id=2535


XDR Integer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2534


WF-Chat Acount Viewing Vulnerability
>> http://www.net-security.org/vuln.php?id=2533


Outblaze Web based E-mail Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2532


DCP-Portal Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2531


BEA WebLogic Server Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2530


MyABraCaDaWeb Path Disclosure and Cross Site Scripting 
Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2529


SIPS Acount Viewing Vulnerability
>> http://www.net-security.org/vuln.php?id=2528


Cross Site Scripting Vulnerabilities Combo: ezPublish, DCP-Portal, 
Nuked-Klan, SiteFrame, Mambo Site Server and Basit CMS
>> http://www.net-security.org/vuln.php?id=2527


ePolicy Orchestrator Format String Vulnerability
>> http://www.net-security.org/vuln.php?id=2526


BEA WebLogic Server and Express Remote Administration Vulnerability
>> http://www.net-security.org/vuln.php?id=2525


Kebi Academy 2001 Web Solution Directory Traversal Vulnerability
>> http://www.net-security.org/vuln.php?id=2524


Texis Information Leakage Vulnerability
>> http://www.net-security.org/vuln.php?id=2523


Filebased Guestbook Cross Site Scripting Vulnerability
>> http://www.net-security.org/vuln.php?id=2522


GiantRat Mailer POP Password Disclosure Vulnerability
>> http://www.net-security.org/vuln.php?id=2521


Win32 Postmessage API Security Vulnerability
>> http://www.net-security.org/vuln.php?id=2520

----------------------------------------------------------------


-----------------------------------------------------------
SurfControl E-mail Filter Stops Spam - Free 30-Day Trial
>> http://www.surfcontrol.com/go/zhnsppl
-----------------------------------------------------------


[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Red Hat Security Advisory - Updated Evolution packages 
fix multiple vulnerabilities
>> http://www.net-security.org/advisory.php?id=1767


OpenPKG Security Advisory - openssl
>> http://www.net-security.org/advisory.php?id=1766


OpenPKG Security Advisory - mutt
>> http://www.net-security.org/advisory.php?id=1765


Gentoo Linux Security Announcement - kernel
>> http://www.net-security.org/advisory.php?id=1764


FreeBSD Security Advisory - remote denial-of-service 
in XDR encoder/decoder
>> http://www.net-security.org/advisory.php?id=1763


SGI Security Advisory - Java Security Fixes
>> http://www.net-security.org/advisory.php?id=1762


SCO Security Advisory - Linux: integer overflow 
vulnerability in XDR/RPC routines
>> http://www.net-security.org/advisory.php?id=1761


SCO Security Advisory - UnixWare 7.1.1 Open UNIX 8.0.0: 
Several vulnerabilities in XDR/RPC routines
>> http://www.net-security.org/advisory.php?id=1760


Red Hat Security Advisory - New kernel 2.2 packages 
fix vulnerabilities
>> http://www.net-security.org/advisory.php?id=1759


Red Hat Security Advisory - Updated glibc packages 
fix vulnerabilities in RPC XDR decoder
>> http://www.net-security.org/advisory.php?id=1758


Red Hat Security Advisory - New samba packages fix 
security vulnerabilities
>> http://www.net-security.org/advisory.php?id=1757


MIT krb5 Security Advisory - Buffer overrun and 
underrun in principal name handling
>> http://www.net-security.org/advisory.php?id=1756


MIT krb5 Security Advisory - faulty length checks 
in xdrmem_getbytes
>> http://www.net-security.org/advisory.php?id=1755


Microsoft Security Bulletin MS03-009 - Flaw In ISA Server 
DNS Intrusion Detection Filter Can Cause Denial Of Service
>> http://www.net-security.org/advisory.php?id=1754


Gentoo Linux Security Announcement - rxvt
>> http://www.net-security.org/advisory.php?id=1753


Gentoo Linux Security Announcement - openssl
>> http://www.net-security.org/advisory.php?id=1752


EnGarde Secure Linux Advisory - Several vulnerabilities 
in the OpenSSL toolkit
>> http://www.net-security.org/advisory.php?id=1751


CERT Advisory CA-2003-10 - Integer overflow in Sun RPC 
XDR library routines
>> http://www.net-security.org/advisory.php?id=1750


Microsoft Security Bulletin MS03-008 - Flaw in Windows 
Script Engine Could Allow Code Execution
>> http://www.net-security.org/advisory.php?id=1749


SGI Security Advisory - SMB/CIFS Security Vulnerability in Samba
>> http://www.net-security.org/advisory.php?id=1748


MIT krb5 Security Advisory - faulty length checks in 
xdrmem_getbytes
>> http://www.net-security.org/advisory.php?id=1747


OpenPKG Security Advisory - ircii
>> http://www.net-security.org/advisory.php?id=1746


MIT krb5 Security Advisory - Cryptographic weaknesses 
in Kerberos v4 protocol (update)
>> http://www.net-security.org/advisory.php?id=1745


Mandrake Linux Security Advisory - zlib
>> http://www.net-security.org/advisory.php?id=1744


Gentoo Linux Security Announcement - man
>> http://www.net-security.org/advisory.php?id=1743


Debian Security Advisory - New lxr packages fix 
information disclosure
>> http://www.net-security.org/advisory.php?id=1742


EnGarde Secure Linux Advisory - several kernel vulnerabilities
>> http://www.net-security.org/advisory.php?id=1741


Gentoo Linux Security Announcement - mysql
>> http://www.net-security.org/advisory.php?id=1740


OpenPKG Security Advisory - delegate
>> http://www.net-security.org/advisory.php?id=1739


OpenPKG Security Advisory - mysql
>> http://www.net-security.org/advisory.php?id=1738


OpenPKG Security Advisory - samba
>> http://www.net-security.org/advisory.php?id=1737


OpenPKG Security Advisory - apache (option "with_mod_ssl" only)
>> http://www.net-security.org/advisory.php?id=1736


OpenPKG Security Advisory - openssl
>> http://www.net-security.org/advisory.php?id=1735


SuSE Security Announcement - samba, samba-client
>> http://www.net-security.org/advisory.php?id=1734


SuSE Security Announcement - lprold (update)
>> http://www.net-security.org/advisory.php?id=1733


Trustix Secure Linux Security Advisory - samba
>> http://www.net-security.org/advisory.php?id=1732


Trustix Secure Linux Security Advisory - openssl
>> http://www.net-security.org/advisory.php?id=1731


Trustix Secure Linux Security Advisory - kernel
>> http://www.net-security.org/advisory.php?id=1730


Trustix Secure Linux Security Advisory - mysql
>> http://www.net-security.org/advisory.php?id=1729


Compaq Security Bulletin - HP Tru64 UNIX, HP-UX stdio 
Potential Security Vulnerability
>> http://www.net-security.org/advisory.php?id=1728


Microsoft Security Bulletin MS03-007 - Unchecked Buffer 
In Windows Component Could Cause Web Server Compromise
>> http://www.net-security.org/advisory.php?id=1727


Red Hat Security Advisory - Updated 2.4 kernel fixes vulnerability
>> http://www.net-security.org/advisory.php?id=1726


CERT Advisory CA-2003-09 - Buffer Overflow in Microsoft IIS 5.0
>> http://www.net-security.org/advisory.php?id=1725


Debian Security Advisory - New tcpdump packages fix 
denial of service vulnerability
>> http://www.net-security.org/advisory.php?id=1724


Red Hat Security Advisory - Updated rxvt packages fix 
various vulnerabilites
>> http://www.net-security.org/advisory.php?id=1723


Red Hat Security Advisory - Updated Gnome-lokkit 
packages fix vulnerability
>> http://www.net-security.org/advisory.php?id=1722


Gentoo Linux Security Announcement - qpopper
>> http://www.net-security.org/advisory.php?id=1721


Gentoo Linux Security Announcement - samba
>> http://www.net-security.org/advisory.php?id=1720


MIT krb5 Security Advisory - Cryptographic weaknesses 
in Kerberos v4 protocol
>> http://www.net-security.org/advisory.php?id=1719


Mandrake Linux Security Advisory - samba
>> http://www.net-security.org/advisory.php?id=1718


Slackware Security Advisory - Samba buffer overflow fixed
>> http://www.net-security.org/advisory.php?id=1717


Debian Security Advisory - samba security fix
>> http://www.net-security.org/advisory.php?id=1716


Mandrake Linux Security Advisory - usermode
>> http://www.net-security.org/advisory.php?id=1715

----------------------------------------------------------------


---------------------------------------------------------------
SurfControl E-mail Filter - Try the Enterprise Spam Solution
>> http://www.surfcontrol.com/go/zhnsppl
---------------------------------------------------------------


[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

INTERVIEW WITH STEVE KALMAN
The Managing Director for Esquire Micro Consultants and author of
the "Web Security Field Guide" talks about his book and computer
security in general.
>> http://www.net-security.org/article.php?id=410


LARGE SCALE NETWORK FORENSICS - IT'S NOT JUST FOR 
LAW ENFORCEMENT ANYMORE
Computer forensics are being injected into the corporate world 
to fulfill a large gap in IT capabilities and a greater need 
for comprehensive security. There are many common misconceptions 
about what the technology can and cannot do. Single solutions 
and cutting edge tools can accomplish their goals at the hands 
of trained examiners employing investigative mindsets and 
utilizing proper methodologies.
>> http://www.net-security.org/article.php?id=411

----------------------------------------------------------------


----------------------------------------------------------
Stop Spam & Controls E-mail Risks - Download Free Trial
>> http://www.surfcontrol.com/go/zhnsppl
----------------------------------------------------------


[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

NETWORK SECURITY PRINCIPLES AND PRACTICES
you are working with Cisco products, this book and all the 
Cisco Press security titles will be of a great use for 
expanding your knowledge or just introducing yourself with 
the power of Cisco's security infrastructure.
>> http://www.net-security.org/review.php?id=42


MAXIMUM SECURITY 4/E
When you're about to read a book that already reached its 
fourth edition, you know you're about to embark on an interesting 
journey. Since it's debut in 1997, the Maximum Security series 
has reached a worldwide audience and has been translated into 
five languages. What does this edition bring? Read on to find out.
>> http://www.net-security.org/review.php?id=43


AD-AWARE 6.0 PROFESSIONAL
What a great piece of software Ad-aware is. It provides some 
great functionalities and I'm really impressed with the state 
of the Ad-watch and Proc-watch modules which make Ad-ware a 
complete Desktop security solution, rather than just a 
spyware remover tool.
>> http://www.net-security.org/review.php?id=44


RED HAT LINUX 8 BIBLE
As Linux gains more and more popularity we have books on the 
subject being published frequently. This is one of the latest 
books on Red Hat Linux 8 that, as all books do, promises to 
give you a wealth of knowledge. Does it? Read on to find out.
>> http://www.net-security.org/review.php?id=45

----------------------------------------------------------------


--------------------------------------------------------------
Try the Most Accurate Anti-Spam Solution for the Enterprise
>> http://www.surfcontrol.com/go/zhnsppl
--------------------------------------------------------------


[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

ActivCard Selected by Northrop Grumman IT to Provide 
Identity Management
>> http://www.net-security.org/press.php?id=1301


Ubizen Security Intelligence Lab Uncovers Vulnerability 
In Tivoli Firewall Toolbox
>> http://www.net-security.org/press.php?id=1300


ActivCard Launches 'Smart Upgrade' Campaign to Reduce 
Remote Access Budgets
>> http://www.net-security.org/press.php?id=1299


Port80 Software Launches PageXchanger, the First Windows Web 
Server Tool that Eliminates File Extensions for More Secure, 
User-Friendly and Maintainable Web Applications
>> http://www.net-security.org/press.php?id=1298


ActivCard Launches Advanced Remote Access Solution for 
Secure Identity Management
>> http://www.net-security.org/press.php?id=1297


Snapgear Announces Revolutionary Enterprise Security Technology 
For Defense-In-Depth - PCI630 Stateful Firewall NIC
>> http://www.net-security.org/press.php?id=1296


Trend Micro Offers Taxpayer Aid: Buy PC-cillin 2003 and 
Get Free Tax Preparation Software
>> http://www.net-security.org/press.php?id=1295


ActivCard S.A. Announces Intent to Repurchase 
Non-Tendered ActivCard
>> http://www.net-security.org/press.php?id=1294


Panda Software adds Info DMI as National Distributor to Meet 
Increasing Demand for Antivirus Products in the United States
>> http://www.net-security.org/press.php?id=1293


Antivirus Integrated in Security Solution - a First for Novell
>> http://www.net-security.org/press.php?id=1292

----------------------------------------------------------------

------------------------------------------------------------
Stay One Step Ahead of Spam - Download SurfControl E-mail
Filter Free for 30 Days
>> http://www.surfcontrol.com/go/zhnsppl
------------------------------------------------------------


[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

SMAC 1.1
SMAC is a Windows MAC Address Modifying Utility which allows 
users to change MAC address for almost any Network Interface 
Cards (NIC) on the Windows 2000 and XP systems, regardless 
of whether the manufactures allow this option or not.
>> http://www.net-security.org/software.php?id=470


PSNIFF 1.0
Psniff is a scriptable TCP packet analyzer. Its output is 
similar to tcpdump except that it features color.
>> http://www.net-security.org/software.php?id=471


S-TERMINAL 0.5
S-terminal collects the user's authentication information 
locally, then creates an encrypted tunnel to the remote 
host using ssh and starts an X session.
>> http://www.net-security.org/software.php?id=472

----------------------------------------------------------------


-------------------------------------------------------
Stop Spam Now - Free SurfControl E-mail Filter Trial
>> http://www.surfcontrol.com/go/zhnsppl
-------------------------------------------------------


[ Virus News ] 


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Weekly Virus Report: Axatak, Ganda.A, Bibrog.C and Lentin.Q Worms
>> http://www.net-security.org/virus_news.php?id=203


Central Command Predicts Linux Viruses To Increase
>> http://www.net-security.org/virus_news.php?id=202


Panda Software Reports the Appearance of Densux Worm
>> http://www.net-security.org/virus_news.php?id=201


Ganda Worm Lures in Victims and Fends off Antivirus Programs
>> http://www.net-security.org/virus_news.php?id=200 

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending your e-mail address to:
info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


--------------------------------------------------------------------
ALERT: How a Hacker Launches a SQL Injection Attack - Step-by-Step!
--------------------------------------------------------------------
It's as simple as placing additional SQL commands into an input 
box on a web form giving hackers complete access to all your 
backend data! Firewalls and IDS will not stop SQL Injection 
attempts because they are NOT seen as intrusions.

Download this *FREE* white paper from SPI Dynamics for a complete 
guide to protection! 
http://www.spidynamics.com/mktg/sqlinjection29 
--------------------------------------------------------------------