Andrea Costantino is reporting that there seems to be an attack in progress against all Alcatel ASDL modem/router users. Using the EXPERT mode vulnerability and the Shimomura's challenge/response EXPERT mode password calculator, someone has upgraded the firmware of all Alcatel modem in Italy and maybe elsewhere.
eEye.com have done an analysis of the new worm that calls itself CodeRedII ( which is actually Code Red III - because there was already a Code Red two variant on the Code Red I worm ) - it is 3.8k in size and contains a 1.6k trojan saved to d:explorer.exe, as well as copying cmd.exe to two cgi directories! I have done an analysis, too, but only of the main worm (not of the trojan).
Russ over at NTBugTraq has issued more information regarding the specifics of the new Code Red III. Unlike "Code Red", this worm doesn't attack any single target at any point, although its attack strength seems to be much higher (it launches 300 threads right off, although some may only launch 100), so its propagation seems much higher.
Agents from the Ukraine's National Security Service have questioned employees of a Web site which received secret government documents via e-mail after government computers were infected by the Sircam virus, according to a spokesman for the Web site. Reports surfaced Thursday that secret documents from the administration of President Leonid Kuchma had been e-mailed to the Kiev-based news Web site, "ForUm Internet Newspaper" (http://www.for-ua.com ).
SANS at Incidents.org is reporting that there is a new variant (gen 3) of the Code Red spreading. SANS have reported receiving several reports of this from various users. SANS is promising to release more information as it becomes available....
Click here to jump over to www.Incidents.org to see if any further updates have been released.
A new GAO report claims that many of the nation's business secrets, lodged at the U.S. Commerce Department, are open to computer hackers. Senior officials of the U.S. Commerce Department go before Washington lawmakers Friday as a new government report details that the nation's business secrets are open to computer hackers.
A new General Accounting Office (GAO) report says investigators were able to gain Internet access to Commerce Department computer systems, and that the government division is unable to detect outside intruders.
Businesses can bolster network security in various ways--some of them more effectively than others. Experts in the field tell how they keep viruses and hackers from scoring.
The Code Red worm continued its attack on the Internet on Thursday, infecting about 5,000 new computers an hour, but its assault was blunted by people applying protective patches to their vulnerable computers, experts said.
"It's continuing to infect systems at a steady rate, about 5,000 per hour," said Alan Paller of the System Administration, Networking and Security (SANS) Institute. "But something is causing the number of scans to go down." Internet Security Systems reported on Thursday that people had downloaded more than 2 million copies of the patch.
Many mixed opinions are being voiced in the face of the Code Red "incident" that has been consuming the time and attention of security professionals across the world. Some of the relevant, and seemingly conflicting, information is referenced below. What really happened? Probably we will never know completely.
Greetings follow FreeBSD users, lets begin.
First, start with a typical install. If you are not familiar with this process, you should be reading the handbook on installation before consulting this article.
In this chapter we'll talk about the lockdown procedures of a freebsd machine. This article assumes the end user has a general level of familarity with FreeBSD, and unix, in particular, file permissions, kernel configuration, file editing, and basic ssh usage.
