HNS Newsletter Issue 158 - 21.04.2003. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. -------------------------------------------------------------------- ALERT: How a Hacker Launches a SQL Injection Attack - Step-by-Step! -------------------------------------------------------------------- It's as simple as placing additional SQL commands into an input box on a web form giving hackers complete access to all your backend data! Firewalls and IDS will not stop SQL Injection attempts because they are NOT seen as intrusions. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! http://www.spidynamics.com/mktg/sqlinjection29 -------------------------------------------------------------------- ------------------------------------------------------ Accurate Anti-Spam Software - Download a Free Trial >> http://www.surfcontrol.com/go/zhnsppl ------------------------------------------------------ Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Reviews 6) Security world 7) Security software 8) Virus news [ Security news ] ---------------------------------------------------------------- WANT TO FOIL HACKERS? PICK A BETTER PASSWORD Here are some guidelines for making your passwords as secure as possible. >> http://net-security.org/news.php?id=2382 SOFTWARE SECURITY FIRM WINS FUNDING Intellitactics Inc., a software-security company, announced a $6.8 million round of venture capital funding and the relocation of its Canadian headquarters to Bethesda as the company pursues more government business. >> http://net-security.org/news.php?id=2383 CRYPTOGRAPHIC FILE SYSTEMS, PART TWO: IMPLEMENTATION This article will cover implementation. The focus will be on implementing the Microsoft's EFS under Windows 2000 and the Linux CryptoAPI. >> http://net-security.org/news.php?id=2384 OPEN SOURCE ALTERNATIVE: NETBSD NetBSD's main claim to fame, so to speak, is its portability. Although ports of Linux are available for several platforms, NetBSD blows the penguin's doors off when it comes to platform support. >> http://net-security.org/news.php?id=2385 SECURITY OUTFITS UNLEASH OFFERINGS AT RSA Vulnerability management, integration, and authentication technologies will dominate the discussion as a host of security vendors descend on the RSA Conference in San Francisco this week. >> http://net-security.org/news.php?id=2386 CHECK YOUR VIRAL LOAD FOR BUGS Is your computer stuck in first gear? Does it cough and sputter and crash more often than usual? And, by chance, are you seeing an unusually high number of pop-up ads? >> http://net-security.org/news.php?id=2387 SOFTWARE TWEAK MAY MAKE OPERATING SYSTEMS SAFER The OpenBSD project is making changes in its latest operating system release that it believes could eliminate a class of security bugs that has plagued computers for decades. >> http://net-security.org/news.php?id=2388 AU FEDS PRAISE "ALTERNATIVE" SECURITY CONFERENCE The Australian Federal Police are taking firm steps toward forging closer ties with the underground hacking community as evidenced at a recent security conference. >> http://net-security.org/news.php?id=2389 RADICAL SECURITY DEVELOPMENT RETHINK URGED Traditional methods for security projects are inadequate, warns expert. >> http://net-security.org/news.php?id=2390 HP ADVANCES ITS SECURITY AGENDA Indicating a strong bent toward ramping up security offerings for adaptable corporate computing environments, the company unveiled a cluster of new security products and services at the RSA Conference. >> http://net-security.org/news.php?id=2392 WI-FI SECURITY START-UP: 'TOOLS NOT TOYS' Trapeze Networks, whose wireless LAN products launch on Monday, joins a crowd of established network vendors and start-ups pitching for the business-grade Wi-Fi market. >> http://net-security.org/news.php?id=2393 CA WORKS ON SECURITY STANDARDS Computer Associates International (CA) threw its hat into the ring of companies and industry organizations that are advocating security open standards and best practices on Monday. >> http://net-security.org/news.php?id=2394 OWNERS MUST ENSURE SECURITY REMAINS FUNDAMENTAL Security in business has never been as crucial as it is now. The risks from both outside and inside the company seem to multiply at an enormous rate and require diligence and understanding on the part of the owner. >> http://net-security.org/news.php?id=2395 MS MAPS SECURE, SPAM-FREE WINDOWS Microsoft will detail a future version of Windows that will make it easier to detect and isolate viruses. >> http://net-security.org/news.php?id=2396 IT CONFIDENTIAL: IF PRIVACY'S A CONTRACT, WHO'S THE WINNER? Italian retailer Benetton Group appears to be backing off its ambitious plan to implement radio-frequency identification technology. >> http://net-security.org/news.php?id=2397 HOW TO AUTOMATE A DOS ATTACK USING THE POST OFFICE Fancy taking revenge on someone you don't like by deluging someone with junk mail? >> http://net-security.org/news.php?id=2398 RSA UNVEILS NIGHTINGALE TECHNOLOGY RSA Security unveiled a new technology for protecting sensitive corporate data. >> http://net-security.org/news.php?id=2399 IMPROVE LINUX PERFORMANCE Cameron Laird presents a collection of useful examples that are apt models for the sorts of performance problems likely to arise in your own application development. >> http://net-security.org/news.php?id=2400 ECONOMIC WORRIES SLOW SECURITY EFFORTS Better attendance and more exhibitors than last year are evident at the annual RSA conference on security here this week, demonstrating the priority of this topic. >> http://net-security.org/news.php?id=2401 TUNING AND OPTIMIZING RED HAT LINUX ADVANCED SERVER FOR ORACLE9I DATABASE The following procedure is a step-by-step guide with tips and information for tuning and optimizing Red Hat Linux Advanced Server for Oracle9i. >> http://net-security.org/news.php?id=2404 CYBERSECURITY GETS AUDITING PUSH AT RSA Auditing firms Deloitte and Touche, KPMG, PricewaterhouseCoopers, and Ernst and Young joined White House Cyber Security Advisor Howard Schmidt at the RSA Conference to drum up support for stepped up public and private efforts to help secure the nation’s information infrastructure. >> http://net-security.org/news.php?id=2405 WHAT'S THE BIGGEST SECURITY PROBLEM? Experts, hackers debate cyberterror, digital teens, and holey software. >> http://net-security.org/news.php?id=2406 DEBATE: SHOULD YOU HIRE A HACKER? Should corporations hire known hackers with criminal records to test and secure their networks? >> http://net-security.org/news.php?id=2407 DA VINCI: FATHER OF CRYPTOGRAPHY? Ever looked at the Mona Lisa and wondered why he's got such a goofy grin? Yes, we do mean he. >> http://net-security.org/news.php?id=2408 SECURITY BIZ THRIVES ON FEAR One of the peculiar traits of the computer security industry is that, generally speaking, no one takes much interest in it unless they are actually feeling insecure. >> http://net-security.org/news.php?id=2409 US COURT BARS SECURITY SPEAKERS A pair of students were blocked by a federal court from presenting information at a Georgia security and hackers' conference on how to break into and modify a university electronic transactions system. >> http://net-security.org/news.php?id=2410 THE VIRUS THREAT TO LINUX DesktopLinux.com talks with CEO Keith Peer of top Linux antivirus vendor Central Command to discover where vulnerabilities exist, the cost to companies, and the growing interest in Linux from virus writers. >> http://net-security.org/news.php?id=2411 EVOLVING STANDARDS DRIVE WIRELESS SECURITY The WLAN industry has been dogged by too many security standards and this has led to a proliferation of solutions, a new study by international consulting firm Frost and Sullivan has found. >> http://net-security.org/news.php?id=2412 CRYPTOGRAPHERS SOUND WARNINGS ON MICROSOFT SECURITY PLAN Just three weeks before Microsoft Corp. publicly details plans to create a secure operating mode for Windows PCs, two top cryptographers have raised concerns about Microsoft's approach. >> http://net-security.org/news.php?id=2413 AUSTRALIA MULLS GLOBAL ANTISPAM EFFORT Australia should work aggressively with international organizations and other nations to curb spam, a new report from the country's technology agency recommends. >> http://net-security.org/news.php?id=2414 SUN POLISHES NETWORK COMPUTER SECURITY Sun Microsystems has introduced two improved Sun Crypto Accelerator (SCA) boards. >> http://net-security.org/news.php?id=2415 LITTLE ACTION IN WAR ON CYBER TERRORISM At a time when war in Iraq has heightened fears of terrorism, the technology industry is not moving quickly enough to guard against intrusions from hackers, identity thieves and more concerted attacks by rogue governments, computer experts said. >> http://net-security.org/news.php?id=2416 FEDS MULL IT DISCLOSURE Momentum is building in Washington to require all public companies to annually report the performance of their IT security initiatives, not just the financial services and health care industries that face scrutiny now. >> http://net-security.org/news.php?id=2417 USE A HONEYPOT, GO TO PRISON? Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap. >> http://net-security.org/news.php?id=2418 TRUSTED COMPUTING COMES WITH A WARNING Cryptographers and security firms took opposite sides over the potential privacy dangers of trusted computing, an initiative to use encryption to secure information from hackers and, in some cases, the PC's user. >> http://net-security.org/news.php?id=2419 NSA TURNS TO CANADA FOR WIRELESS SECURITY Candadian firm Certicom is working with NSA to research and develop advanced encryption technology and tools for protecting classified information. >> http://net-security.org/news.php?id=2420 NECESSARY CENSORSHIP: WEB FILTERING WITH OPEN SOURCE In some cases and for some audiences, relying on the human safeguard isn't facing reality. Here are some tools you can use in those cases. >> http://net-security.org/news.php?id=2425 CAN INSTANT MESSAGING REALLY BE SAFE? As IM fever engulfs business, pricey products promise to secure it. >> http://net-security.org/news.php?id=2426 STATISTICAL-BASED INTRUSION DETECTION This article will examine statistical-based intrusion detection systems, which alert on anomalous network behaviour, thus providing better monitoring for zero-day exploits than traditional IDS. >> http://net-security.org/news.php?id=2427 GETTING REALISTIC IN THE WAR ON HACKERS Give up on the notion that computer security can be improved by putting more people in prison, argues Jon Lasser, SecurityFocus columnist. >> http://net-security.org/news.php?id=2428 NO SECURITY SECRETS The secret to managing your company's security is that there is no secret - it all comes down to your employees. >> http://net-security.org/news.php?id=2429 WIRELESS SECURITY GRABS SPOTLIGHT Companies offering products to secure content stored on wireless devices are out in force at this year's RSA Security Conference, underscoring companies' increased urgency in addressing the security threats posed by mobile workers. >> http://net-security.org/news.php?id=2430 BLACKBOARD GETS GAG ORDER AGAINST SMART-CARD HACKERS A D.C.-based company that sells a "smart card" network used on more than 200 college campuses has blocked two students from publicly describing how to override the system to circumvent building security, obtain free soft drinks and avoid paying for laundry. >> http://net-security.org/news.php?id=2431 SECURING YOUR DIGITAL RIGHTS Think digital rights management is an issue just for the entertainment industry? Think again. Any enterprise that has gone online with its intellectual property needs to worry about DRM. >> http://net-security.org/news.php?id=2432 LINUX ANTIVIRUS SOFTWARE? There are probably hundreds, if not thousands, of viruses that affect Windows systems. As far as I know, there are no viruses in the wild that attack Linux desktop software. >> http://net-security.org/news.php?id=2433 ---------------------------------------------------------------- ------------------------------------------------------- Stop Spam Now - Free SurfControl E-mail Filter Trial >> http://www.surfcontrol.com/go/zhnsppl ------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Rinetd Denial of Service Vulnerability >> http://net-security.org/vuln.php?id=2625 Xinetd 2.3.10 Memory Leaks >> http://net-security.org/vuln.php?id=2624 Snitz Forums 2000 Cross Site Scripting Vulnerability >> http://net-security.org/vuln.php?id=2623 Microsoft Internet Explorer 6.0 OBJECT Tag Denial of Service Vulnerability >> http://net-security.org/vuln.php?id=2622 Web Wiz Forums Database Retrieval Vulnerability >> http://net-security.org/vuln.php?id=2621 Netgear Logging Vulnerability >> http://net-security.org/vuln.php?id=2620 iWeb Mini Web Server Remote Directory Traversal Vulnerability >> http://net-security.org/vuln.php?id=2619 Snort TCP Stream Reassembly Integer Overflow Vulnerability >> http://net-security.org/vuln.php?id=2617 Progress Database BINPATHX Overflow >> http://net-security.org/vuln.php?id=2616 Netcomm NB1300 Router FTP server Vulnerability >> http://net-security.org/vuln.php?id=2615 Instaboard 1.3 Multiple SQL Injection Vulnerabilities >> http://net-security.org/vuln.php?id=2614 Web Wiz Site News Administration Access Vulnerability >> http://net-security.org/vuln.php?id=2613 Oracle Applications FNDFS Vulnerability >> http://net-security.org/vuln.php?id=2612 Progress DLC Overflow Vulnerabilities >> http://net-security.org/vuln.php?id=2611 MailMax Version 5 Buffer Overflow Vulnerability >> http://net-security.org/vuln.php?id=2610 Ocean12 ASP Guestbook Manager v1.00 Database Retrieval Vulnerability >> http://net-security.org/vuln.php?id=2609 Linsys BEFVP41 SNMP Vulnerability >> http://net-security.org/vuln.php?id=2608 MacOS X DirectoryService Privilege Escalation and Denial of Service Vulnerabilities >> http://net-security.org/vuln.php?id=2607 Gaim-Encryption Plugin Heap Corruption >> http://net-security.org/vuln.php?id=2606 ---------------------------------------------------------------- ----------------------------------------------------------- SurfControl E-mail Filter Stops Spam - Free 30-Day Trial >> http://www.surfcontrol.com/go/zhnsppl ----------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Slackware Security Advisory - Updated KDE packages available >> http://net-security.org/advisory.php?id=1934 Mandrake Linux Security Update Advisory - file >> http://net-security.org/advisory.php?id=1933 Mandrake Linux Security Update Advisory - kde3 >> http://net-security.org/advisory.php?id=1932 Debian Security Advisory - New sendmail-wide packages fix DoS and arbitrary code execution >> http://net-security.org/advisory.php?id=1931 Debian Security Advisory - New rinetd packages fix denial of service >> http://net-security.org/advisory.php?id=1930 Conectiva Linux Security Announcement - vixie-cron >> http://net-security.org/advisory.php?id=1929 CERT Advisory CA-2003-13 - Multiple Vulnerabilities in Snort Preprocessors >> http://net-security.org/advisory.php?id=1928 Microsoft Security Bulletin MS03-013 - Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges >> http://net-security.org/advisory.php?id=1927 Mandrake Linux Security Update Advisory - eog >> http://net-security.org/advisory.php?id=1926 Mandrake Linux Security Update Advisory - xfsdump >> http://net-security.org/advisory.php?id=1925 Debian Security Advisory - New OpenSSL packages fix decipher vulnerability >> http://net-security.org/advisory.php?id=1924 Conectiva Linux Security Announcement - ethereal >> http://net-security.org/advisory.php?id=1923 Immunix Secured OS Security Advisory - glibc >> http://net-security.org/advisory.php?id=1922 Mandrake Linux Security Update Advisory - gtkhtml >> http://net-security.org/advisory.php?id=1921 Mandrake Linux Security Update Advisory - evolution >> http://net-security.org/advisory.php?id=1920 Debian Security Advisory - New EPIC packages fix DoS and arbitrary code execution >> http://net-security.org/advisory.php?id=1919 Debian Security Advisory - New lpr packages fix local root exploit (potato) >> http://net-security.org/advisory.php?id=1918 Debian Security Advisory - New gs-common packages fix insecure temporary file creation >> http://net-security.org/advisory.php?id=1917 Conectiva Linux Security Announcement - mutt >> http://net-security.org/advisory.php?id=1916 Gentoo Linux Security Announcement - kdegraphics-3.1.x >> http://net-security.org/advisory.php?id=1915 Debian Security Advisory - New EPIC packages fix DoS and arbitrary code execution >> http://net-security.org/advisory.php?id=1914 SGI Security Advisory - Multiple Vulnerabilities in BSD LPR Subsystem >> http://net-security.org/advisory.php?id=1913 Debian Security Advisory - New lprng packages fix insecure temporary file creation >> http://net-security.org/advisory.php?id=1912 Gentoo Linux Security Announcement - kde-2.x >> http://net-security.org/advisory.php?id=1911 Debian Security Advisory - New kdegraphics packages fix arbitrary command execution >> http://net-security.org/advisory.php?id=1910 SGI Security Advisory - ToolTalk Vulnerabilities Update >> http://net-security.org/advisory.php?id=1909 SGI Security Advisory - ToolTalk Vulnerabilities Update >> http://net-security.org/advisory.php?id=1908 ---------------------------------------------------------------- --------------------------------------------------------------- SurfControl E-mail Filter - Try the Enterprise Spam Solution >> http://www.surfcontrol.com/go/zhnsppl --------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- IMPLEMENTING BASIC SECURITY MEASURES This article points out some of the steps you need to take if you want to do good for your company by implementing a serious and comprehensive security process. The article does not focus on one operating system, but points out general information on the subject. >> http://net-security.org/article.php?id=458 INTERVIEW WITH SCOTT HAWKINS The author of "Essential Apache for Web Professionals" talks about his book and general Apache security issues. >> http://www.net-security.org/article.php?id=459 PKI... WHY GO THROUGH THE HASSLE? If the web is to achieve its true potential, it is important that the right technological infrastructure is in place. Public Key Infrastructure enabled by cryptography provides a secure basis. Digital signatures use public key infrastructure. >> http://www.net-security.org/article.php?id=460 LINUX SECURITY: KINDS OF ENCRYPTION This excerpt from Mark Sobell's book "A Practical Guide to Red Hat Linux 8" provides an overview of the complexity of setting up and maintaining a secure system. >> http://www.net-security.org/article.php?id=461 ONLINE CREDIT AND DEBIT CARD SECURITY REPORT Independent market analyst Datamonitor, released a new report focused on the situation of online credit and debit card security. The report covers the past, present and future of the card scheme security initiatives. >> http://www.net-security.org/article.php?id=462 ADOBE ACROBAT 6.0 STRENGTHENS ELECTRONIC DOCUMENT SECURITY Besides the standard password protection schemes, users now have the ability to encrypt a document using both Public Key Infrastructure (PKI) and Lightweight Directory Access Protocol (LDAP). >> http://www.net-security.org/article.php?id=463 FUNK SOFTWARE ANNOUNCED ODYSSEY SECURE 802.11 CLIENT FOR POCKET PC Wireless LAN security solutions provider Funk Software, recently announced Odyssey Client for Pocket PC. This new version of their 802.1x access client, gives the handheld users a possibility to connect to the wireless links in a secure manner. >> http://net-security.org/article.php?id=464 CORE SECURITY ANNOUNCES IMPACT 3.0 PENETRATION TESTING FRAMEWORK Strategic security solutions developer Core Security Technologies, announced CORE IMPACT 3.0 - the new release of their penetration testing framework. >> http://net-security.org/article.php?id=465 CENTRALLY MANAGED NETWORK SECURITY: HOPE OR REALITY? The best hope for a security solution that protects enterprise wide networks while allowing for centralized management is the emergence of standards. Security standards like DCE, Kerberos, SAML, elements of IPv6 and others continue to be the Holy Grail for which we wait. >> http://www.net-security.org/article.php?id=466 ---------------------------------------------------------------- ---------------------------------------------------------- Stop Spam & Controls E-mail Risks - Download Free Trial >> http://www.surfcontrol.com/go/zhnsppl ---------------------------------------------------------- [ Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- CISCO SECURE INTERNET SECURITY SOLUTIONS Cisco Systems is a huge organization and their products are used in a huge number of companies around the globe. Besides the general networking equipment, Cisco is well known for their line of security products. This book gives an overview of the complete Cisco security solutions product line. >> http://www.net-security.org/review.php?id=54 SECURITY IN COMPUTING 3/E This senior/graduate level textbook will give you a good foundation in computer security. The targeted audiences of this book are computer scientists, college students, software engineers and managers that want to broader their knowledge. >> http://www.net-security.org/review.php?id=53 FUNDAMENTALS OF UNIX COMPANION GUIDE As mentioned on the book's front cover, this is the only authorized textbook for the UNIX curriculum of the Cisco Networking Academy Program. >> http://www.net-security.org/review.php?id=52 ---------------------------------------------------------------- -------------------------------------------------------------- Try the Most Accurate Anti-Spam Solution for the Enterprise >> http://www.surfcontrol.com/go/zhnsppl -------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- StarForce Increases The Level Of Security For PDF Documents >> http://net-security.org/press.php?id=1352 Grampian Police to Use Biometric Facial Recognition to Identify Suspects in Seconds >> http://net-security.org/press.php?id=1351 nCipher hardware selected to support newly announced VeriSign Trust Gateway Solution for Secure Web Services >> http://net-security.org/press.php?id=1350 VeriSign Selects Chrysalis-ITS Hardware Security Server to Support New Trust Gateway Web Services Solution >> http://net-security.org/press.php?id=1349 nCipher Delivers End-To-End Encryption to Protect Sensitive PIN and Password Data >> http://net-security.org/press.php?id=1348 Adobe Strengthens Electronic Document Security With Adobe Acrobat 6.0 >> http://net-security.org/press.php?id=1347 Panda Software Launches Pre-emptive Strike With Panda Antivirus for Microsoft's Windows Server 2003 >> http://net-security.org/press.php?id=1346 Intrusion, Inc., Announces Intrusion SecureHost 2.0 >> http://net-security.org/press.php?id=1345 SafeNet Teams with AMDwith AMD to offer SafeXcel-1741 Reference Design Kit >> http://net-security.org/press.php?id=1344 Neoteris Announces Partnership With Netegrity, Interoperability With Leading Authentication And Access Control Solution >> http://net-security.org/press.php?id=1343 NetScreen Intrusion Detection and Prevention Solution Protects Against File Sharing and Instant Messaging Exploits >> http://net-security.org/press.php?id=1342 Datapower Adds Former Cisco Executive as CEO & President To its Stellar Senior Management Team; Formally Announces VP Of Sales >> http://net-security.org/press.php?id=1341 Aventail Achieves Leader Quadrant Position in First SSL VPN Magic Quadrant >> http://net-security.org/press.php?id=1340 Network Research Lab Ltd. Will Provide A Secure United Platform for Email and Storage Through S-Mail.com and S-Disk.com Integration >> http://net-security.org/press.php?id=1339 ---------------------------------------------------------------- ------------------------------------------------------ Accurate Anti-Spam Software - Download a Free Trial >> http://www.surfcontrol.com/go/zhnsppl ------------------------------------------------------ [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- GFI DOWNLOADSECURITY FOR ISA SERVER 5 This program enables you to assert control over what files your users download from HTTP & FTP sites. Downloaded files are content checked for viruses, malicious content and objectionable material, and can be quarantined based on file type and which user downloaded them. >> http://www.net-security.org/software.php?id=482 GFI LANGUARD SYSTEM INTEGRITY MONITOR 3.0 This utility provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. If this happens, it alerts the administrator by email. >> http://www.net-security.org/software.php?id=483 ---------------------------------------------------------------- ------------------------------------------------------ Accurate Anti-Spam Software - Download a Free Trial >> http://www.surfcontrol.com/go/zhnsppl ------------------------------------------------------ [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Weekly Virus Report - VBS/Lisa and Refoav Worms and Dialer.AF Trojan >> http://net-security.org/virus_news.php?id=219 Sophos MailMonitor Protects Against Mass-Mailing Viruses >> http://net-security.org/virus_news.php?id=218 The Barisada Virus Activates on April 24 >> http://net-security.org/virus_news.php?id=217 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php -------------------------------------------------------------------- ALERT: How a Hacker Launches a SQL Injection Attack - Step-by-Step! -------------------------------------------------------------------- It's as simple as placing additional SQL commands into an input box on a web form giving hackers complete access to all your backend data! Firewalls and IDS will not stop SQL Injection attempts because they are NOT seen as intrusions. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! http://www.spidynamics.com/mktg/sqlinjection29 --------------------------------------------------------------------