Networking

Crackers defaced multiple Web sites belonging to apparel-maker Levi Strauss & Co. on Friday including
flagships levi.com and dockers.com.

Jeff Beckman, a spokesperson for the company, said the server was immediately shut down shortly after the
intrusion happened at about 12:30 p.m. EDT.
The global 'splash' pages of levi.com and dockers.com were affected.
Anyone trying to get into our regional sites via our global 'splash'
pages was unable to during the two to three hours downtime," he said.

America Online [NYSE:AOL] is investigating the defacement Monday of two Web servers operated by the company's ICQ instant-messaging unit, AOL said. One of the systems, part of a group of four machines running Microsoft's Internet Information Server that hosts data about ICQ interest groups, remained defaced this morning. The home page of the machine, located at http://icqgroup01.icq.com/ , was defaced by a group calling itself Silver Lords.

All versions of Oracle running on Windows NT are open to a security flaw that can cause the system to crash, according to security management specialist Internet Security Systems. A security alert on the company's Web site states, "This vulnerability causes a Windows NT system to consume 100% of available memory. Access to the server is denied and a full reboot is required."

The NSA placed their Win 2000 Security Guidelines online and due to the demand (?) they twice as quickly took their guidebook offline claiming that their 'server couldn't handle the number of downloads'

Until now, how people choose their computer passwords has been a mystery. But domain names seller CentralNic has found the selection process may not be very complicated and may not be at all safe. CentralNic polled 1,200 internet subscribers and found their passwords fell into four distinct categories: family, celebrities and sports stars, fantasy and cryptic.

This article is extremely vauge on what boxes it will infect. Take from it what you will, but I figured I would post it anyways to get the word out.A government Internet watchdog warned companies this past weekend of a new malicious program that spreads to previously compromised PCs and seemingly prepares the infected machines to launch a denial-of-service attack, sources said Monday.

Two security incidents last week have polarized the parties debating the thorny issue of
reporting vulnerabilities and exploits, but help may be on the way in the form of an industry
group with established protocols.

While a program to exploit the flaw has yet to be made public, at least one hacker group has
already developed such a tool, said Marc Maiffret, chief hacking officer for network-protection
company eEye Digital Security.

"Because the hole is so huge, they want to keep the exploit (program) to themselves," he said. "There is a small circle of people that do these types of things who like to be able to say they have it so they can break into servers if they want to."

Security has always been a dynamic task, not something you do once and let run forever. The changes in our networked environment, and the
increasingly global nature of business and government dictates that you need to be on top of security every second of the day. New vulnerabilities and new attack methodologies are created and distributed as sets of exploit code thru the internet. Underground cells of crackers then take these cookie cutter solutions and use it to further their peer reverence and sometimes to further a political cause.

Security consultants have warned of
two new varieties of virus, and
said IT managers should ensure
their antivirus measures are kept
up to date. Last week Jonathon
Mynott, a technical consultant at
security specialist Cryptic
Software, said hacker interest was
growing in a virus tool called
GodMessage. It will be easy to fall