Net-Sec mini letter 
Issue 2 - 28.02.2000 


1) Security news roundup 
2) Security issues 
3) HNS and Default 

1) Security news roundup 

Internet Security Alliance started [22.02.2000] 
The Alliance for Internet Security, founded by ICSA.net, is an organization of Internet service providers (ISPs), industry professionals and corporations committed to the widespread adoption of security measures to address recent Distributed Denial of Service Attacks (DDoS). 

Link: http://www.icsa.net/html/press_related/2000/02_22_00_alliance.shtml 


Microsoft attacked [23.02.2000] 
Microsoft said on that cyber vandals had tried to topple its corporate Web site, but the they said the assault, the latest in a string of crippling attacks on major Internet operations, had done little damage. 

Link: http://www.wired.com/news/business/0,1367,34540,00.html 


NDB.com attacked [24.02.2000] 
National Discount Brokers Group said its stock trading Web site was down for more than an hour today, due to an apparent computer hacker attack. National Discount, a brokerage and share dealer, said its NDB.com's Web site froze early in the afternoon after it was flooded with information requests from two Internet addresses. 

Link: http://news.cnet.com/news/0-1007-200-1557619.html?tag=st.ne.ron.lthd.1007-200-1557619 


FBI was also attacked [25.02.2000] 
The FBI acknowledged that electronic vandals shut down its own Internet site for hours last week in the same type of attack that disrupted some of the Web's major commercial sites. The bureau's Web site, www.fbi.gov, remained inaccessible for more than three hours Feb. 18. 

Link: http://www.apbnews.com/newscenter/internetcrime/2000/02/25/fbihack0225_01.html 


Smart cards [26.02.2000] 
Serge Humpich, the 36 year-old engineer who discovered flaws in the chip-based security of French credit cards, was sentenced yesterday in Paris. Under the ruling issued by the 13th correctional chamber, he was sentenced to a suspended prison sentence of 10 months, 12,000 francs (approx. L1,200) in fines, and one symbolic franc in damages to the Groupement des Cartes Bancaires. His computer equipment has been seized, as well as the document that he had filed with the INPI (France's patents and trademarks office), detailing his findings 

Link: http://www.theregister.co.uk/000226-000001.html 


Japan tightens up security [27.02.2000] 
Japan's science chiefs vowed Monday to tighten security on government Internet sites amid reports that a Chinese group is waging a cyber war. "What is imperative for us with regard to security is to do away with security holes to fight further attacks and that is what we are doing," said Science and Technology Agency official Yuichi Sakamoto 

Link: http://www.insidechina.com/news.php3?id=134051 



2) Security issues 

Outblaze problems 
By using authentication strings in the URL after logging in to a mailbox, 
Outblaze-powered e-mail accounts are left vulnerable to unauthorized access. 
Anyone who discovers that string before a login session expires can gain full 
access to any Outblaze-powered e-mail account. 

Link: http://www.net-security.org/misc/bugtraq/2402outblaze.txt 


Georgi Guninski advisory #7 
There is a vulnerability in Wordpad which allows executing arbitrary 
programs without warning the user after activating an embedded or linked 
object. This may be also exploited in IE for Win9x 

Link: http://www.net-security.org/misc/bugtraq/2402guninski.txt 


MS back door? 
MS signed software seems to have very special privileges with regard to software signed by other publishers. 
This demo is intended to demonstrate that MS signed code has the power of override IE security settings . 
I have only tested IE 5.01 , IE 4.01 and IE 5 with all the security fixes . Note that the back door I am describing can also be used by HTML e-mail messages. 

Link: http://www.angelfire.com/ab/juan123/iengine.html 



3) HNS and Default 

You could expect compiled articles from Default newsletter in a day or two. 
Last article submitted was : 

"A guide to backdooring Unix systems" by airwalk [28.02.2000 -- Default 08-08] 
http://net-security.org/default/08/default-08-08.txt 

Older copies could be fetched from: 
http://net-security.org/default/issues 

Current active mirrors: 

http://www.nwo.net/default 
http://www.attrition.org/~modify/texts/zines/default 
http://www.projectgamma.com/archives/zines/default 
http://www.dark-e.com/default 
http://ech0.zort.org/default 
http://www.deepquest.pf/default 
http://hns.crolink.net/default 
http://packetstorm.securify.com/mag/default 

If you are mirroring Default newsletter or if you want to write for it please do e-mail me at bhz@net-security.org 


HNS backend - http://www.net-security.org/backend 
HNS forum - http://net-security.org/webboard.htm 
HNS mailing list - http://net-security.org/info/list 


Berislav Kucan - BHZ 
bhz@net-security.org 
http://net-security.org