HNS NewsletterIssue 271 - 27.06.2005.http://net-security.orgThis is a newsletter delivered to you by Help Net Security. Itcovers weekly roundups of security events that were in thenews the past week.----------------------------------------------------------------ALERT: Hackers New Trick: Search Engine Hacking/Web App Worms----------------------------------------------------------------Web Application Worms utilize a known exploit, apply wormmethodology and then leverage the power of search engines toaccelerate effectiveness. These attacks mark the beginning ofa new generation of worms targeted at web applications. Areyour web apps vulnerable? Easily test your applications forover 5,100 web app vulnerabilities and attack methodologieswith our complimentary WebInspect 15-day product trial,which delivers a comprehensive risk report!----------------------------------------------------------------http://www.net-security.org/v/spidyn5----------------------------------------------------------------


Table of contents:1) Security news2) Vulnerabilities3) Advisories4) Articles5) Software6) Webcasts7) Conferences8) Security World9) Virus News[ Security news ]----------------------------------------------------------------SECURITY BREACH HITS 40 MILLION CREDIT CARD HOLDERSMasterCard International has reported what could the word's biggestever identity theft.http://www.net-security.org/news.php?id=8070SECURITY'S STARRING ROLE IN ORACLE'S 10G DBEighteen months after its grid computing Database 10g product took tothe streets with a fervor, Oracle is pounding the pavement again withthe second release of the software.http://www.net-security.org/news.php?id=8071MICROSOFT: ONLINE SECURITY NEEDS GLOBAL COOPERATIONA Microsoft security expert is calling for greater internationalcollaboration, including increased technical and training support forlaw enforcement agencies, to seriously combat cyber crime.http://www.net-security.org/news.php?id=8072MOST IDENTITY THEFT CASES NEVER GET RESOLVEDOnce a fairly infrequent occurrence, assaults on identities arecoming now in waves, and from all corners.http://www.net-security.org/news.php?id=8073THE DESKTOP IS THE BEST PLACE TO STOP SPYWAREToday, companies face a major challenge in deciphering which of thelatest anti-spyware solutions truly offers protection.http://www.net-security.org/news.php?id=8074IT AND PHYSICAL SECURITY JOINING HANDSDepartments must work together to secure enterprises, executives tellconference.http://www.net-security.org/news.php?id=8075PHISHING AND PHARMING THE FEDSGAO report says more needs to be done to protect government fromcybersecurity risks, but most agencies fail to report threatsconsistently.http://www.net-security.org/news.php?id=8076HACKERS FOR HIREBringing in ethical hacker consultants is the latest in securitydefense.http://www.net-security.org/news.php?id=8077VISA IT UNIT CTO DISCUSSES OPEN SYSTEMS AND SECURITYDavid Allen, chief technology officer at Visa International Inc.'s ITunit, has recently overseen the opening of a new 70,000-square-footdata center and the rollout of an upgrade to its global antifraudsystem.http://www.net-security.org/news.php?id=8078NEW SECURITY MEASURES COMING ONLINE TO SAFEGUARD ACCOUNTSMoving beyond usernames and passwords, banks consider betterauthentication software, physical tokens.http://www.net-security.org/news.php?id=8079SECURITY RISKS ASSOCIATED WITH PORTABLE STORAGE DEVICESThere is no question that USB Flash Drives and their electroniccounterparts are a valuable addition to the road warrior's toolbox.They have also created a nightmare for data security managers andhave spawned an entire sub industry that is aimed squarely atportable data storage security.http://www.net-security.org/news.php?id=8080STANDARDS GROUP RAISES BAR ON VOIP SECURITYThe Voice over IP Security Alliance (VoIPSA) has formed a workinggroup to set security standards for new VoIP products.http://www.net-security.org/news.php?id=8081BANKS TO SPEND MORE ON IT SECURITY, SURVEY SAYSInvestment in security has topped the banking sector's IT spendingpriority list for 2005, a study by the Info-Tech Research Grouprevealed.http://www.net-security.org/news.php?id=8082HACKERS THINKING SMALLA recent computer security breach that left 40 million credit cardsvulnerable to fraud shows how online criminals are scoring big bythinking small, experts say.http://www.net-security.org/news.php?id=8083SECURITY PRODUCTS 'RIDDLED' WITH BUGSThe number of flaws in computer security products is rising sharplyand threatens to become more of a problem than vulnerabilities in theproducts they are designed to protect, a study by Yankee Group outMonday warns.http://www.net-security.org/news.php?id=8084CARDSYSTEMS: SHOULDN'T HAVE KEPT RECORDSThe head of the credit card processing company whose computer systemwas breached by hackers, exposing millions of credit card accounts,has acknowledged that his firm should not have been keeping theconsumer records in the first place.http://www.net-security.org/news.php?id=8085E-MAIL SECURITY VENDORS LOOK BEYOND SPAMWith spam blocking becoming a checklist item for network managers,anti-spam companies are developing complementary features and turningto new ways to deliver their technology with hopes of distinguishingthemselves in this heavily crowded market.http://www.net-security.org/news.php?id=8086DENIAL OF SERVICE (DOS) ATTACKSDoS attacks are performed for fun, pleasure, or even financial gain.http://www.net-security.org/news.php?id=8087SEAGATE PREPS HARD-DISK ENCRYPTION TECHNOLOGYNext year Seagate will start shipping a security technology for someof its hard-disk drives that will make life more difficult fornotebook PC thieves to read stolen data.http://www.net-security.org/news.php?id=8088PATCH AND PATCH AGAIN TO BEAT NEW WAVE OF TROJANSBanks have moved to strengthen their perimeter security followinggovernment warnings that businesses are at risk from a new wave ofe-mail Trojans.http://www.net-security.org/news.php?id=8089COMPANIES NOT KEEPING UP WITH NETWORK SECURITY NEEDSVernier President and CEO Simon Khalaf said that the survey revealedsome "shocking" findings about companies' knowledge level aboutinternal network security.http://www.net-security.org/news.php?id=8090ADOBE FALLS THROUGH XML FLAWBug could allow hacker to find files held locally on a PC.http://www.net-security.org/news.php?id=8091UNAUTHORISED RESEARCH OPENED DOOR TO MASTERCARD BREACHThe head of the card processing firm blamed for a security breachaffecting anything up to 40m credit card numbers has admitted itwasn't supposed to hold the compromised data.http://www.net-security.org/news.php?id=8092EVALUATING A NEW SECURITY POLICYIn this article, I will explain how to evaluate a new security policyin a safe and responsible manner.http://www.net-security.org/news.php?id=8093DRIVING BIG BROTHERThe government plans to release new rules for controversial car blackboxes this summer, according to a spokesman for the National HighwayTraffic Safety Administration.http://www.net-security.org/news.php?id=8094MICROSOFT ISSUES WINDOWS SERVER 2003 UPDATE BLOCKING TOOLAutomatic downloads of service pack to be prevented.http://www.net-security.org/news.php?id=8095MOBILE WORMS WON'T SHOW UNTIL 2007Mobile phone and PDA users have more than two years to get ready fora quick-spreading worm, security research analysts said as they pokedholes in anti-virus vendors' hype about the immediate need fordefenses.http://www.net-security.org/news.php?id=8096MICROSOFT TO SELL ANTIVIRUS SOFTWARE SEPARATELYMicrosoft Tuesday completed its acquisition of antivirus softwarevendor Sybari Software with the decision to continue selling Sybari'sproducts on a stand-alone basis.http://www.net-security.org/news.php?id=8097THE SECURE WAY TO BEAT CYBER CRIMEIT security must be an everyday activity.http://www.net-security.org/news.php?id=8098PHISHING: AN INTERESTING TWIST ON A COMMON SCAMDuring this penetration test, there were several interestingfindings, but we are going to focus on one that would knock the windout of anyone responsible for the security of online systems.Particularly if you are in the business of money.http://www.net-security.org/news.php?id=8099INTERNAL SECURITY ATTACKS AFFECTING BANKSInternal security breaches at the world's banks are growing fasterthan external attacks, as institutions invest in technology, insteadof employee training.http://www.net-security.org/news.php?id=8100HOW MUCH ENCRYPTION IS 'ENOUGH' FOR VOIP?While we agree that there is doubtlessly a need for an extremelysecure infrastructure when implementing VoIP, we remain a bit puzzledas to why people think they need to encrypt the content of theconversation itself.http://www.net-security.org/news.php?id=8101THE LATEST HACKER CHALLENGE: SECURITY SOFTWAREBored hackers plus complacent vendors equal a recipe for trouble, assecurity software exploits continue to mount.http://www.net-security.org/news.php?id=81027 SECURITY MISTAKES COMPANIES MAKEThis article presents seven of the most significant ones.http://www.net-security.org/news.php?id=8103UK BECOMING ÔA HAVEN FOR E-CRIMINALSÕResearch revealed to Times Online accuses the Government of failingto address computer crime.http://www.net-security.org/news.php?id=8104ID THIEVES SEARCH ULTIMATE POT OF GOLD Ñ DATABASESThieves who supply online criminals with stolen IDs are increasinglygoing for the big score: stealing directly from banking-transactiondatabases.http://www.net-security.org/news.php?id=8105DSHIELD - A COMMUNITY APPROACH TO INTRUSION DETECTIONAnalyzing firewall logs is key to understanding the threats yourservers face.http://www.net-security.org/news.php?id=8106MICROSOFT WON'T PATCH IE SPOOFING BUG (OR IS IT A FEATURE?)Hours after word broke that most browsers were vulnerable to aspoofing flaw that phishers could use to pilfer confidential data,Microsoft has declined to issue a security update.http://www.net-security.org/news.php?id=8107REVIEW: PGP'S PGP DESKTOP PROFESSIONAL 9.0The latest version of PGP Desktop lets you encrypt an entire harddisk, create secured virtual disks and work with select smart cards.http://www.net-security.org/news.php?id=8108CALIF. LAWMAKERS BACK TOUGHER ID THEFT LAWThe new bill focuses on paper and backup tape records.http://www.net-security.org/news.php?id=810910 TOP TIPS FOR MOBILE SECURITYWe explore 10 on-the-road scenarios to test your security savvy, thenprovide tips for each one to be sure your mobile data is safe.http://www.net-security.org/news.php?id=8110ADVERTISING FOR HELP CAN SHOWCASE SECURITY WEAKNESSESWonder how hackers know where your company's network is vulnerable?http://www.net-security.org/news.php?id=8111COMMON SECURITY PROBLEMS IN THE CODE OF DYNAMIC WEB APPLICATIONSThe majority of occurring software security holes in web applicationsmay be sorted into just two categories: Failure to deal withmetacharacters, and authorization problems due to giving too muchtrust in input. This article gives several examples from bothcategories, and then adds some from other categories as well.http://www.net-security.org/news.php?id=8112HACKERS ARE REAL-TIME. ARE YOU?To meet the SOX general IT security requirements, organizations needto deploy multiple security point solutions such as firewalls,intrusion detection systems, anti-virus systems and others.http://www.net-security.org/news.php?id=8113BOOK REVIEW: SILENCE ON THE WIREWhile looking for some interesting read for the summer, IÕve stumbledacross a book written by Michal Zalewski named ÒSilence on the wire: afield guide to passive reconnaissance and indirect attacksÓ, from NoStarch Press.http://www.net-security.org/news.php?id=8114INTERNAL HACKERS POSE THE GREATEST THREATBeware the enemy within.http://www.net-security.org/news.php?id=8115HACKER BOOT CAMP HELPS GOOD GUYS OUTSMART TROUBLEMAKERSThe number of IT security professionals is expected to grow to nearly800,000 by 2008, and more of them need to think like hackers to beeffective.http://www.net-security.org/news.php?id=8116BANKS URGED TO CHECK UP ON OFFSHORE SECURITYFinancial institutions must make sure their offshore outsourcesuppliers are free of criminal gangs working in them.http://www.net-security.org/news.php?id=8117PHISHING THREATENS ONLINE CONFIDENCEPhishing attacks have increased by 28 per cent in the past 12 months,according to research published this week.http://www.net-security.org/news.php?id=8118MOVING AHEAD WITH DATA SECURITYVendors at all levels begin to focus on storage-specific dataprotection.http://www.net-security.org/news.php?id=8119JAPAN NUCLEAR DATA LEAK RAISES SECURITY CONCERNSJapanese officials scrambled on Thursday to contain the publicrelations fallout from reports that confidential information aboutJapan's nuclear plants had leaked onto the Internet through a viruson a personal computer.http://www.net-security.org/news.php?id=8120US SECURITY ALLIANCE COMES TO EUROPEThe Cyber Security Industry Alliance (CSIA), a US lobby group of ITsecurity firms, is opening European operations today.http://www.net-security.org/news.php?id=8121AT&T PLANS CNN-SYLE SECURITY CHANNELVideo streaming service will carry Internet security news 24/7.http://www.net-security.org/news.php?id=8122PULLING THE COVERS OFF LINUX PAMA hidden jewel -- or pain in the rear, depending on your perspective-- is Linux PAM (Pluggable Authentication Module).http://www.net-security.org/news.php?id=8123HOTMAIL TAKES A TOUGHER STANCE ON SPAMMicrosoft sidelining incoming mail when it fails to pass Sender IDcheck.http://www.net-security.org/news.php?id=8124MOVING AHEAD WITH DATA SECURITYHow does your company enforce data security? I bet most of youranswers will involve procedures based on host applications that havevarying degrees of sophistication, depending on how much is at stakewith a security breach.http://www.net-security.org/news.php?id=8125BUSINESSES AND CIVIL SERVANTS PUT ON SECURITY ALERTGovernment security chief issues warning over Trojan email attacks.http://www.net-security.org/news.php?id=8126----------------------------------------------------------------[ Vulnerabilities ]All vulnerabilities are located here:http://www.net-security.org/vulnerabilities.php----------------------------------------------------------------BisonWare FTP Server Traversal Arbitrary File/Directory Accesshttp://www.net-security.org/vulnerability.php?id=17482Whois.Cart language Variable Traversal Arbitrary File Accesshttp://www.net-security.org/vulnerability.php?id=17460FusionBB Invisible User Online Status Disclosurehttp://www.net-security.org/vulnerability.php?id=17430FusionBB Category Permission Weakness Invisible Forum Disclosurehttp://www.net-security.org/vulnerability.php?id=17431Ruby XMLRPC Server Unspecified Arbitrary Command Executionhttp://www.net-security.org/vulnerability.php?id=17407NanoBlogger Unspecified Traversal Arbitrary Weblog Directory Creationhttp://www.net-security.org/vulnerability.php?id=17393NanoBlogger Unspecified Plugins Arbitrary Command Executionhttp://www.net-security.org/vulnerability.php?id=17392Multiple Browser Javascript Dialog Origin Spoofinghttp://www.net-security.org/vulnerability.php?id=17397Trac id Variable Arbitrary File Upload / Accesshttp://www.net-security.org/vulnerability.php?id=17398Bitrix Site Manager dbquery_error.php Path Disclosurehttp://www.net-security.org/vulnerability.php?id=17376----------------------------------------------------------------[ Advisories ]All advisories are located at:http://www.net-security.org/archive_advi.php----------------------------------------------------------------Mandriva Linux Security Update Advisory - dbus (MDKSA-2005:105)http://www.net-security.org/advisory.php?id=4922Mandriva Linux Security Update Advisory - squid (MDKSA-2005:104)http://www.net-security.org/advisory.php?id=4921Cisco Security Advisory - Cisco IPSec VPN Implementation Group Name(1.0)http://www.net-security.org/advisory.php?id=4920Trustix Secure Linux Security Advisory - cpio, razor-agents, sudo,telnet (#2005-0030)http://www.net-security.org/advisory.php?id=4919OpenPKG Security Advisory - shtool (OpenPKG-SA-2005.011)http://www.net-security.org/advisory.php?id=4918SUSE Security Announcement - sudo (SUSE-SA:2005:036)http://www.net-security.org/advisory.php?id=4917OpenPKG Security Advisory - sudo (OpenPKG-SA-2005.012)http://www.net-security.org/advisory.php?id=4916SUSE Security Announcement - razor-agents (SUSE-SA:2005:035)http://www.net-security.org/advisory.php?id=4915SUSE Security Announcement - opera (SUSE-SA:2005:034)http://www.net-security.org/advisory.php?id=4914Mandriva Linux Security Update Advisory - sudo (MDKSA-2005:103)http://www.net-security.org/advisory.php?id=4913SUSE Security Announcement - spamassassin (SUSE-SA:2005:033)http://www.net-security.org/advisory.php?id=4912SUSE Security Announcement - java2 (SUSE-SA:2005:032)http://www.net-security.org/advisory.php?id=4911Slackware Security Advisory - sudo (SSA:2005-172-01)http://www.net-security.org/advisory.php?id=4910Turbolinux Security Announcement - openssl, gdb, tcpdump, gedit(22/Jun/2005)http://www.net-security.org/advisory.php?id=4909Ubuntu Security Notice - sudo vulnerability (USN-142-1)http://www.net-security.org/advisory.php?id=4908Ubuntu Security Notice - tcpdump vulnerability (USN-141-1)http://www.net-security.org/advisory.php?id=4907java (jre, j2sdk) (SSA:2005-170-01)http://www.net-security.org/advisory.php?id=4906----------------------------------------------------------------[ Articles ]All articles are located at:http://www.net-security.org/articles_main.phpArticles can be contributed to articles@net-security.org----------------------------------------------------------------SNORT ON WINDOW SERVER 2003The setup the author is discussing is running Snort 2.3.3 on WindowsServer 2003 with PHP5 and SQL 2000 SP4. All other components are alsothe latest available for public use.http://www.net-security.org/article.php?id=799SECURITY RISKS ASSOCIATED WITH PORTABLE STORAGE DEVICESThere is no question that USB Flash Drives and their electroniccounterparts are a valuable addition to the road warrior's toolbox.They have also created a nightmare for data security managers andhave spawned an entire sub industry that is aimed squarely atportable data storage security.http://www.net-security.org/article.php?id=798----------------------------------------------------------------[ Software ]Windows software is located at:http://net-security.org/software_main.php?cat=1Linux software is located at:http://net-security.org/software_main.php?cat=2Pocket PC software is located at:http://net-security.org/software_main.php?cat=3----------------------------------------------------------------EMAILTRACKERPRO 2005 (Windows)Identify the sender of email messages, trace and report spammers,identify ÔphishingÕ emails and other scammers trying to steal yourconfidential information.http://www.net-security.org/software.php?id=294FREERADIUS 1.0.3 (Linux)The FreeRADIUS Server Project is a high-performance and highlyconfigurable RADIUS server.http://www.net-security.org/software.php?id=193HENWEN 2.1.2 (Mac OS X)HenWen is a network security package for Mac OS X that makes it easyto configure and run Snort.http://www.net-security.org/software.php?id=614KISMET 2005-06-R1 (Linux)Kismet is a 802.11b wireless network sniffer.http://www.net-security.org/software.php?id=218LE PUTTY 2005-06-20 (Windows)Le Putty is a ssh suite for Windows based on the very popular Puttyproject.http://www.net-security.org/software.php?id=416LITTLE SNITCH 1.2b5 (Mac OS X)Little Snitch alerts you on outgoing network connections.http://www.net-security.org/software.php?id=626MARADNS 1.1.42 (Linux)MaraDNS is a DNS server that strives to be secure and fullyopen-sourced.http://www.net-security.org/software.php?id=84WEBSCARAB 20050222-2220 (Windows)WebScarab is a framework for analysing applications that communicateusing the HTTP and HTTPS protocols.http://www.net-security.org/software.php?id=504----------------------------------------------------------------[ Webcasts ]All webcasts are located at:http://net-security.org/webcasts.php----------------------------------------------------------------The Future of AuthenticationOrganized by RSA Security on 29 June 2005, 2:00 PMhttp://www.net-security.org/webcast.php?id=380Securing the Development Phase of the Application DevelopmentLifecycleOrganized by Symantec on 7 July 2005, 9:00 AMhttp://www.net-security.org/webcast.php?id=382Email Security and Availability - How to Maximize Availability andMinimize Risk for your Critical Messaging EnvironmentOrganized by Symantec on 12 July 2005, 9:00 AMhttp://www.net-security.org/webcast.php?id=381eEye and IIS Ð Implementing a Multi-Layered Security Solution to BestAddress Spyware, Phishing and Zero Day AttacksOrganized by eEye on 14 July 2005, 2:00 PMhttp://www.net-security.org/webcast.php?id=376----------------------------------------------------------------[ Conferences ]All conferences are located at:http://net-security.org/conferences.php----------------------------------------------------------------Second European PKI WorkshopOrganized by University of Salford - 30 June-1 July 2005http://www.net-security.org/conference.php?id=118SIG SIDAR Conference on Detection of Intrusions and Malware &Vulnerability Assessment (DIMVA 2005)Organized by German Informatics Society - 7 July-8 July 2005http://www.net-security.org/conference.php?id=119The 4th European Conference on Information Warfare and Security (ECIW2005)Organized by Academic Conferences International - 11 July-15 July2005http://www.net-security.org/conference.php?id=120The 32nd International Colloquium on Automata, Languages andProgramming (ICALP'05)Organized by European Association for Theoretical Computer Science -11 July-15 July 2005http://www.net-security.org/conference.php?id=121Black Hat Briefings & Training USA 2005Organized by Black Hat - 23 July-28 July 2005http://www.net-security.org/conference.php?id=13814th USENIX Security SymposiumOrganized by USENIX - 31 July-5 August 2005http://www.net-security.org/conference.php?id=1363rd Annual Midwest Network Security ForumOrganized by The Institute for Applied Network Security - 3 August-4August 2005http://www.net-security.org/conference.php?id=139Crypto 2005Organized by International Association for Cryptologic Research - 14August-18 August 2005http://www.net-security.org/conference.php?id=1228th Information Security Conference(ISC'05)Organized by Institute for Infocomm Research - 21 September-23September 2005http://www.net-security.org/conference.php?id=123The 4th International Workshop for Applied PKI (IWAP'05)Organized by Institute for Infocomm Research - 21 September-23September 2005http://www.net-security.org/conference.php?id=124RSA Conference Europe 2005Organized by RSA Conference - 17 October-19 October 2005http://www.net-security.org/conference.php?id=133CNIS 2005: IASTED International Conference on Communication, Networkand Information SecurityOrganized by IASTED - 14 November-16 November 2005http://www.net-security.org/conference.php?id=137Asiacrypt 2005Organized by International Association for Cryptologic Research - 1December-4 December 2005http://www.net-security.org/conference.php?id=125----------------------------------------------------------------[ Security World ]All press releases are located at:http://www.net-security.org/press_main.phpSend your press releases to press@net-security.org----------------------------------------------------------------Theft of Outsourced Customer Data Growing Challenge for Corporationshttp://www.net-security.org/press.php?id=3260Survey Reveals Security Executives Least Prepared to PreventInadvertent Loss of Data and Social Engineering Attackshttp://www.net-security.org/press.php?id=3259O'Reilly Releases "Essential Mac OS X Panther Server Administration"http://www.net-security.org/press.php?id=3258Stay One Step Ahead of Hackers with Advanced Administrative Tools5.80http://www.net-security.org/press.php?id=3257Comodo Ð Innovators of SSL Certificate private labellinghttp://www.net-security.org/press.php?id=3256CyberGuard Announces New Desktop Security Appliance to Protect Smalland Mid-Sized Enterprises from Internal and External Attackhttp://www.net-security.org/press.php?id=3255Vordel debuts latest version of hardened XML security appliance -with on-board acceleration developed in association with Dajeilhttp://www.net-security.org/press.php?id=3254SSH Celebrates Secure Shell Tenth Anniversaryhttp://www.net-security.org/press.php?id=3253Trend Micro Offers Three New Anti-Spyware Solutions, Continuing ItsMomentum in Stopping Spywarehttp://www.net-security.org/press.php?id=3252Anonymizer and Carahsoft Enter Into Reseller Agreementhttp://www.net-security.org/press.php?id=3251Elemental Raises Third Round Of Funding To Grow Security ComplianceManagement Product Market Expansionhttp://www.net-security.org/press.php?id=3250----------------------------------------------------------------[ Virus News ]All virus news are located at:http://www.net-security.org/viruses.php----------------------------------------------------------------Weekly Report on Viruses and Intruders - 32.Semapi.A, W32.Codbot.AL,and W32.Mytob.GV Wormshttp://www.net-security.org/virus_news.php?id=558----------------------------------------------------------------Questions, contributions, comments or ideas go to:Help Net Security staffstaff@net-security.orghttp://net-security.org----------------------Unsubscribe from this weekly digest on:http://www.net-security.org/subscribe.phpThe archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------ALERT: Hackers New Trick: Search Engine Hacking/Web App Worms----------------------------------------------------------------Web Application Worms utilize a known exploit, apply wormmethodology and then leverage the power of search engines toaccelerate effectiveness. These attacks mark the beginning ofa new generation of worms targeted at web applications. Areyour web apps vulnerable? Easily test your applications forover 5,100 web app vulnerabilities and attack methodologieswith our complimentary WebInspect 15-day product trial,which delivers a comprehensive risk report!----------------------------------------------------------------http://www.net-security.org/v/spidyn5----------------------------------------------------------------