Eric Hacker, writing to BugTraq, stated that " Recently a disturbing event played out in the IDS world. A security company released an advisory regarding the ability to bypass IDS signatures. This is disturbing because it conveys the impression that otherwise, it was not possible to bypass IDS systems. This is not true. IDS, especially Network IDS, is not mathematics. It is more like psychology; it is far from perfect.
A small Hungarian firm, one of only three worldwide able to recover damaged data from severely crashed computer hard drives, has offered to help salvage crucial data stored on mangled PCs in the destroyed World Trade Center in New York.
As the world waits for a traditional military response to the Sept. 11 terrorist attacks, troops have been quietly deployed in an emerging theatre of conflict: cyberspace. Dubbed "infowar troops," "cyber warriors" or the more formal "information warfare specialist," these newest members of the military are more likely to brandish software, computer viruses, signal-jamming techniques and a computer hacker's mindset and toolbox than to carry a gun or a grenade.
So perhaps you have been following all those defacement mirrors and are worried about whether your machine is going be the next entry in the archives? This article is intended to act as a health supplement for your existing security needs and policies.
Now, like I just said, this article is like a health supplement, but you have to consume it along with your basic food intake. In other words have a basic security policy in place, otherwise you'll be wasting your time here.
Scope:
Anyone who can send instant messages to a user signed on to the AOL Instant Messenger service can crash that user's AOL Instant Messenger. The default settings allow everyone to send the user messages. This bug does not appear to be exploitable for running arbitrary code.
Confirmed Vulnerable:
AOL Instant Messenger/Win32 4.7.2480
AOL Instant Messenger/Win32 4.3.2229
Confirmed Not Vulnerable:
aimirc (all versions)
AIM Express
QuickBuddy
AOL Instant Messenger/Linux 1.5.234
Unknown:
Corporations and government agencies have long viewed security of computer networks as an optional cost. No more. In the era of cyberterrorism, it is critical. "Network security used to be a necessary evil, but now it's a core value of companies," says CEO Peggy Weigle of Internet security firm Sanctum.
The focus on "homeland security," or strengthening U.S. security against terrorists, has led federal agencies and businesses to flood network-security firms with business inquiries, security firms say.
By: Jeff McClure and Katharine McCoy
Tuesday October 2nd, 2001
The FBI on Monday released a list of the top 20 computer security vulnerabilities most likely to leave the Internet vulnerable to attacks from hackers. Since Sans.org is being swamped by visitors looking for the list, we have placed it here for your convenience...
Top 20 Computer Vulnerabilities
General vulnerabilities
The biggest computer security threat isn't a vicious virus or a skilled and malicious hacker.
The real danger, according to dozens of experts, is easy-to-install software and software vendors who focus too heavily on adding convenient features instead of solid security solutions into their applications.
The default software installations performed by most operating systems and applications top the SANS (System Administration, Networking, and Security) Institute and the FBI-led National Infrastructure Protection Center's new Top 20 security threats list.
NEEDHAM HEIGHTS, Mass., Oct. 2, 2001--With the publication of its new book, The Hacker Report, DATA BECKER Corp. moves beyond publishing software titles and related products to become a publisher of consumer computing books. Along with The Hacker Report, which reveals inside secrets to PC security, DATA BECKER is also announcing The Essential Palm Programming Guide and The Essential Palm User's Guide.
