Networking

Georgi Guninski reports that there
is local root compromise in OpenBSD
2.9, 2.8 due to a race probably in
the kernel. By forking a few
process it is possible to attach to
+s pid with ptrace. The process
seems to be in a strange state when
it is attached. Contrary to the man
info PT_DETACH allows specifying an

The Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2)
module allows Telnet access when no password has been set. The
correct response is to disallow any remote access to the module until
the password has been set. This vulnerability may result in users
gaining unintended access to secure systems..br>
Cisco Security Advisory: Cisco 6400 NRP2 Telnet Vulnerability
===============================
Revision 1.0

As Always the Government is behind by a few months, if not years. At last someone in the government acknowledges that Carnivore might/does violate our constitutional rights. I dont think this comes as a surprise to any of us.

Another from ZDNETHouse Majority Leader Dick Armey sent a letter Thursday to U.S. Attorney General John Ashcroft to express concern that the FBI's use of a controversial e-mail surveillance technology could violate the Constitution.

Security specialist Steve Gibson has created quite a fracas with his
increasingly vocal opposition to the raw-socket connectivity planned
for Windows-XP, and upon which he bases predictions of
impending chaos for the entire Internet, so he's decided to exploit
the very threat he claims will make the Internet permanently unstable.

Statistics don't lie and AllDas.de, the web page defacement mirror, has the stats to show that not only are the number of attacks on web sites increasing... but as well the number of attackers is increasing each month...

2001/05
:
12 Os's
472 Attackers
3431
defaced sites archived

A computer system that controls much of the flow of electricity across California was under siege from hackers for at least 17 days during the height of the state's ongoing power crisis, the Los Angeles Times reported Saturday. The cyber attack, while apparently limited, exposed security lapses in the system that the California Independent Systems Operator (Cal-ISO) uses to oversee most of the state's massive electricity transmission grid and connect to the grid for the western United States.

The arms race between hackers and security personnel continues unabated as each side
constantly strives to top the capabilities of the other - especially when it comes to denial
of service (DoS) attacks.

The self-identified culprit behind last month's attacks on Apache.org and VA Linux's SourceForge and Themes.org
web sites says he has nothing against the open source community -- he just thinks computer cracking is too easy.

Hackers: Not Always Bad And Not Just a Man's Club
J.D. Biersdorfer New York Times Service


Friday, June 8, 2001

NEW YORK When Sarah Flannery was 16 in 1999, she won
Ireland's Young Scientist of the Year award for her work in
Internet cryptography.

Although she is described in a recent book, "The Hacker Ethic,"
as "a 16-year-old hacker," Ms. Flannery, who is now 19 and
studying computer science at Cambridge University, is not quite
sure how to feel about that description.

Todays update from SANS gives us three
charts to work with. The Top 10 IP's from
which hackers are attacking from, The Top
10 Most Probed Ports for June 6th, and a
new chart listing the Top 10 Ports where
there has been the most increased probing
activity.