Networking

Source: bugtraq/neohapsis

w00w00, one of the premiere security groups around, has a released a very critical exploit against AOL messenger for Windows. TPGN has archived the exploit here.

Source: NandoTimes

In the real world, we worry about anthrax or smallpox. These bacteria and viruses potentially can kill millions of people and it's difficult to defend against them.

In the cyberworld of computers and the Internet, there also are infectious agents that can cause great harm and that are difficult to defend against. Last year, according to a research firm in California, Computer Economics, worms and viruses cost us more than $17 billion.

Source: Xatrix

DLink DWL-1000AP is a 11Mbps wireless LAN access point product, which is geared towards home users. It supports WEP, MAC address control and user authentication.

An oversight in the design of this product creates a vulnerability which may be exploited by an attacker to hijack the access point.

Source: BBC

If you spend a couple of hours per day on the net, the chances are that you have received the attention of a malicious hacker.

Almost all of the people recruited for a survey looking at the level of hacking on the net reported they had been visited by the software scanners that many hackers use to find vulnerable machines.

Participants were given a firewall to protect their machines and to record every visit by the software robots.

Source: The Poor Gurus' Network

Welcome to the grand opening of TPGN.NET's exploit archive.

With the not-so-recent death of hack.co.za, and most decent archives only being hosted by portals, I decided to start up a new search engine and archive exclusively for exploits, patches, and vulnerabilities. No non-sense, no news, no ads -- just vulnerabilites.

Source: The Nando Times

L33tdawg: A buffer overflow is a security risk... you don't say! I bet even a freshie systems administrator would be able to tell you that!

Dumping too much data into a predefined area of computer memory is not unlike pouring too much water into a bucket or flushing too much tissue down a toilet. There are overflows - and the results can be very messy.

Source: Hackers.com

"For obvious reasons, I can't really go into why it was left on the machines." Replies Dean Turner, the Director of Operations at SecurityFocus. Dean is talking about the source code for over 20 programs running on one of SecurityFocus' webservers , which was available to anyone with a web browser for several months. SecurityFocus.com, the self proclaimed 'leading provider of security intelligence services for business', got caught with their pants down.

This is the first in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article we will discuss the basics of network IDS signatures and then take a closer look at signatures that focus on IP, TCP, UDP and ICMP header values. Such signatures ignore packet payloads and instead look for certain header field values or combinations of values. By learning about network IDS signatures, you’ll have more knowledge of how intrusion detection systems operate, and you’ll have a better foundation to write your own IDS signatures.

Source: SecurityFocus

L33tdawg: This is a damn good article and a topic that has always been an interesting aspect of the hacking situation to me. It seems so much more 'elegant' to social engineer your way into a network in ADDITION to breaking in the more 'traditional' way. Then again, perhaps I've been watching too many spy movies! *grin*

Source: CERT.org

Web pages and HTML email messages usually contain HTML text, but other files may also be included. The MIME headers Content-Disposition and Content-Type provide the information needed by the HTML rendering software to determine the type of these files. In Microsoft Internet Explorer, these MIME headers are consulted when evaluating whether to process an embedded file, but they are ignored when the file is actually processed.