Source: Yahoo DailyNews
People chatting with outdated ICQ software are at risk for a potentially damaging buffer overflow exploit, AOL Time Warner cautioned in an alert posted Monday. The buffer overflow vulnerability affects versions of America Online's popular ICQ instant messaging software prior to version 2001b, which was released October. Only versions for Microsoft's Windows operating system are vulnerable.
Source: Computer User
L33tdawg: The link to Qualys alert as well as the link to the fix download is over at https://www.qualys.com/alert/remoteshellb.html.
Dial (215)701-xxxx
at the phone menu, hit #. When prompted for login, type 100 then hit pound. When prompted for password, type 100 then hit # when you hear inside menus choices, hit # then hit 8 for an outside long distance trunk
You now have free phone calls, hit 011 for internatational. My fav country codes are 60 (maylasia) 92 (pakistan)
Enjoy!
mary2b1a@yahoo.com
Source: Security Tracker
A buffer overflow vulnerability was reported in the RealPlayer client software. A remote user can create a specially crafted media stream that will cause the RealPlayer to crash. It is reported that crashes can be achieved in multiple versions of the Real Media file format including the G2 format and older formats.
Source: Xatrix
Severity : CRITICAL
Discovery : Stealth
Original advisory :
http://www.team-teso.net/advisories/teso-advisory-012.txt
Description :
- -------------
Source: CNN
L33tdawg: Hmmmz -- this is bad news. How can anyone in the future expect to take w00w00 seriously (as a network security solutions provider or whatever) knowing that they've previously released a patch for a security hole that had a backdoor implanted in it? *tsk tsk* Bad w00w00 -- no cookie for you. Although w00w00 did apologize for the error, it shouldn't have happened in the first place.
Marcus Ranum, father of the firewall, defines a firewall as “the implementation of your Internet security policy”. Ranum states that if you haven’t got a security policy, you haven’t got a firewall. Instead, you’ve got a thing that’s sort of doing something, but you don’t know what it’s trying to do because no one has told you what it should do. Ranum’s observation is supported by the fact that while computer security is not so new, the publication of Writing Information Security Policies didn’t happen until late 2001.
