what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Mar 1, 2005
Authored by astalavista | Site astalavista.com

Featured articles - Managed security solutions providers overview ; Passwords the first line of defense - Interview with an anonymous Spyware coder

SHA-256 | fda2c8e3c5a462670164087321dc0342ed5783936a871a88bcd8717065d47b25


Change Mirror Download
|- Astalavista Group Security Newsletter -|
|- Issue 8 16 September 2004 -|
|- http://www.astalavista.com/ -|
|- security@astalavista.net -|

- Table of contents -

[01] Introduction
[02] Security News
- Microsoft finally releases its Windows XP Service Pack 2
- FBI busts alleged DDoS Mafia
- South Pole "cyberterrorist" hack wasn't the first
- U.S tackles Emergency Alert System insecurity
- Company Aquisitions in the Security Industry
[03] Astalavista Recommends
- Information Warfare in 2025
- HTML Source Bar
- Are your Web Applications Vulnerable?
- .txt Extensions Insecurity and Anti-Virus Scanners
- HTML Code Injection and Cross-Site Scripting
[04] Site of the Month - Google Watch - http://www.google-watch.org/
[05] Tool of the month - Spybot - Search&Destroy
[06] Paper of the month - An Independent Analysis of the Carnivore System
[07] Free Security Consultation
- Hi guys! IE or another browser, what's most secure?
- Hello. Is the Internet monitored and if yes, to what extent?
- The network I maintain holds sensitive data, I was wondering..?
[08] Enterprise Security Issues
- Managed Security Solutions Providers - How Useful and Reliable?
[09] Home Users Security Issues
- Passwords - The first line of defense
[10] Meet the Security Scene
- Interview with an Anonymous Spyware coder
[11] Security Sites Review
- Securitystats.com
- Forensics.nl
- Information Security Glossary
- Cellphonehacks.com
- The Super Wordlists Archive
[12] Astalavista needs YOU!
[13] Astalavista.net Advanced Member Portal
[14] Readers' Feedback
[15] Final Words

01. Introduction

Dear Subscribers,

Issue 8 of Astalavista's Security Newsletter is out! In this issue you're going to read an overview of Managed Security
Solutions Providers, passwords' best practices, an interview with a spyware coder, and our new section - Readers' Feedback.

Enjoy your time!

Astalavista's Security Newsletter is mirrored at:


If you want to know more about Astalavista.com, visit the following URL:


Previous Issues of Astalavista's Security Newsletter can be found at:


Editor - Dancho Danchev

Proofreader - Yordanka Ilieva

02. Security News

The Security World is a complex one. Every day a new vulnerability is found,
new tools are released, new measures are made up and implemented etc.
In such a sophisticated Scene we have decided to provide you with the most
striking and up-to-date Security News during the month, a centralized
section that contains our personal comments on the issue discussed.
Your comments and suggestions about this section are welcome at


Microsoft Windows XP Service Pack 2 (SP2) provides new proactive security
technologies for Windows XP to better defend against viruses, worms, and hackers. In
addition to a more robust security infrastructure, SP2 improves the security configuration
options of Windows XP and provides better security information to help users facing
security decisions. Further, Microsoft has released a long list of programs that are affected by
its new XP SP 2 patch, including some of its own.

More information can be found at:


Astalavista's comments:

The biggest vendors are put under enormous pressure to timely provide their latest patches and updates to the public,
but, as always, it's about meeting deadlines instead of providing the quality everyone's waiting for.


A Massachusetts businessman allegedly paid members of the computer underground to
launch organized, crippling distributed denial of service (DDoS) attacks against three of his
competitors, in what federal officials are calling the first criminal case to arise from a
DDoS-for-hire scheme.

More information can be found at:


Astalavista's comments:

Quite an interesting story given the FBI's speed of reaction on the issue. DDoS mafia indeed exists, it's just
a matter of time that other cirles of the underground will act as a mafia organization. Right now, hundreds of sites are
blackmailed or somehow affected by this rising threat. What to do about it? - Know your Enemy!


That's the story behind an intrusion into the network at the National Science Foundation's Amundsen-Scott South Pole
Station in May of last year, as it's been said by the FBI and the U.S Attorney General. But did it actually happen
that way?

More information can be found at:


Astalavista's comments:

In situations where critical and extremely vital systems are exposed to risk, thereby threating someone's life because of
a computer, is nearly a public disaster - something the U.S doesn't need right now; that is why someone has always to
take the blame => everyone's happy!


The U.S Emergency Alert System (EAS), which lets officials instantly interrupt radio and T.V broadcast to provide
emergency information in a crisis, suffers security holes that leave it vulnerable to denial of service attacks; and it
could even permit hackers to issue their own false regional alerts- federal regulators acknowledged this on Thursday.

More information can be found at:


Astalavista's Comment:

Who wants to go "live"? Having an emergency message broadcasted, while real-life events like 9/11 are happening, will
definitely create chaos for a certain, often critical period of time. Hopefully, someone will take care of the system's
weak and outdated design soon.


Two interesting aquasitions took place this month. One of them is McAfee Inc's aquirement of Foundstone Inc.,at a cash price of $86 million. Also, Computer Associates International Inc. took over PestPatrol - a privately held
provider of anti-spyware solutions.

More information can be found at:


Astalavista's comment:

This puts McAfee in a very good market position, bearing in mind the customers' base of Foundstone
and their expertise and realibity as a vulnerability management company. As far as PestPatrol is concerned, they're indeed
a market leader in the anti-spyware business, and it's not just me noticing that.

03. Astalavista Recommends

This section is unique with its idea and the information included within. Its
purpose is to provide you with direct links to various white papers covering
many aspects of Information Security. These white papers are defined as a "must
read" for everyone interested in deepening his/her knowledge in the Security field.
The section will keep on growing with every new issue. Your comments and suggestions
about the section are welcome at security@astalavista.net


2025 is a study designed to comply with a directive from the chief of staff of the Air Force
to examine the concepts, capabilities, and technologies the United States will require to remain
the dominant air and space force in the future.



This is a collection of utilities and libraries intended for forensic or forensic-related
investigative use in a modern Microsoft Windows environment.



HTML Source Bar is an Internet Explorer 5 (or better) Explorer Bar that shows you the source contents
of the viewed HTML pages. The HTML source code can be viewed, as well any scripting code
(JavaScript, VBScript or any client-side script code) used. In addition, information about the images, applets
and links are displayed.



An overview of SQL Injections.



A bit of a rant about how Microsoft and Virus scanners fail to properly pay attention to .txt file
extensions and how they can be used by attackers to fall into the background.



As web-based applications have become more sophisticated, the types of vulnerabilities are capable
of exploiting has rapidly increased. A particular class of attacks commonly referred to as “code insertion” and
often “Cross-Site Scripting” has become increasingly popular.


04. Site of the month

Google Watch - site monitoring Google's activities, both corporate and BigBrother related ones


05. Tool of the month

Spybot - Search&Destroy

Spybot - Search&Destroy is a freeware anti-spyware/anti-adware application that has a large database of malicious
programs, hijackers etc. You're strongly recommended to use it, as it will definitely give you excellent results.


06. Paper of the month

Independent Technical Review of the Carnivore System

A document discussing and giving a detailed overview of Carnivore - FBI's surveillance system


07. Free Security Consultation

Have you ever had a Security related question but you weren't sure where to
direct it to? This is what the "Free Security Consultation" section was created for.
Due to the high number of Security-related e-mails we keep getting on a
daily basis, we have decided to initiate a service, free of charge. Whenever you have a Security related question,
you are advised to direct it to us, and within 48 hours you will receive a qualified
response from one of our Security experts. The questions we consider most interesting and useful will be published at
the section. Neither your e-mail, nor your name will be present anywhere.

Direct all of your Security questions to security@astalavista.net

Thanks a lot for your interest in this free security service, we are doing our best to respond
as soon as possible and provide you with an accurate answer to your questions.

Question: Hi guys! I've been a victim of a large number of spyware, and I believe it's because I'm a
constant user of IE. Anyway I was wondering what's the most secure solution to protect myself from spyware?

Answer: Question: There isn't a 100% solution to protecting from spyware, but the first thing you urgently
need to do is - change your browser, right away! The reason for this is that the majority,if not all of the
spyware circling around the net,are affecting the (in) security of Internet Explorer, and using it while browsing
around could have a huge impact on your computer. "Why is everyone using it then, you may ask? Just because it
comes with every Windows, just because people got used to using the browser and switching to another one is something
not everyone is looking for at the near future.

Here are some interesting articles you might want to take a look at:


Question: Hello. I just wanted to ask, is the Internet monitored and if yes, to what extent? I'm a privacy conscious
visitor of your site :)I hope I'll get a response back.

Answer: Locally, every country monitors it's Internet traffic to a certain extent, some even censor a vast majority of the
web's content. Global monitoring is happening with systems like Echelon, but keep in mind that the public information that
could be gathered for intelligence purposes is so huge that nowadays everyone could have his/her Echelon out there. Ask
yourself the following question, is the government monitoring, are corporations, or private individuals doing it, as each
of these refers to many more aspects of the question.

Some articles worth mentioning are:


Question: Hi guys, amazing work at Astalavista.com. Here's my security related problem, hope you'll get back to me:
The network I maintain holds sensitive data like people's names, their cv's, projects(it's an educational institution) etc.
We've managed to secure the network itself, but I was wondering is encryption an option for us?

Answer: Encrypted partitions are, but if you're looking for efficiency, this might make some troubles. Make sure the staff
is well educated on various sensitive data exposure threats, CorporatePGP or another company wide encryption solution
should be taken into account as well.

08. Enterprise Security Issues

In today's world of high speed communications, of companies completely
relying on the Internet for conducting business and increasing profitability, we have
decided that there should be a special section for corporate security, where
advanced and highly interesting topics will be discussed in order to provide
that audience with what they are looking for - knowledge!

- Managed Security Solutions Providers - How Useful and Reliable? -

What is a Managed Security Solutions Provider?

Small and midium-size business are constantly put under high pressure in order to have their infrastructure
secure, while on the other hand remain profitable. They either have to employ qualified security experts, building a secure
network based on using various commercial and non-commercial software, or completely outsource. This article is intended
the bring insight on the MSSP topic.

What are the benefits?

Some of the benefits to be listed are:

- low-cost, but high-quality expertise -
the majority of MSSPs are equippped with well qualified and highly experienced staff, something that might cost you a lot
of funds and efforts

- low infrastructure and products cost -
professional MSSPs will assist you in building your secure infrastructure in a way you could have a better overview of
where your security dollars are invested into. Purchasing certain products might come with a discount, although the
majority use in-house technologies and tools.

- independence -
MSSPs tend to be product independent given the fact that they employ mostly in-house technologies and methods, although it
some cases they would advise on choosing an ultimately necessary product, based on their experiences with it.

- performance -
these companies have 24/7 monitoring capabilities, all dedicated to protecting your company from a possible intrusion, in case
of such one, an immediate reaction would be the most critical action, and they'll be there to react.

What are possible Managed Security Solutions?

- managed firewalls -
managed configuration and updates of your firewalls

- managed intrusion detection systems(IDSs) -
managed intrustion detection configuration

- managed virtual private networks(VPNs) -
managed VPN configuration

- monitoring -
24/7 monitoring of all the security events occuring at your company

- incident handling -
better than anyone else, MSSPs will react immediately to a security breach

- anti-malware protection -
managed protection from malicious software(viruses, trojans, worms etc.)

- data archiving -
managed backups and data restoration

- vulnerability assesment and penetration testing -
regular tests of your organization ensure its that critical assets are well protected; from the latest security trends,
MSSPs are an unseperable part of today's security world

09. Home Users' Security Issues

Due to the high number of e-mails we keep getting from novice users, we have
decided that it would be a very good idea to provide them with their very
special section, discussing various aspects of Information Security in an
easily understandable way, while, on the other hand, improve their current level of knowledge.
If you have questions or recommendations for the section, direct
them to security@astalavista.net Enjoy your time!

- Passwords - The first line of defense -

Soon to be replaced by smart cards and other sort of biometric security measures, passwords still remain the first line of
defense and authentication of a service/individual. This article seeks to provide you with various tips on how to safeguard
your accounting data, and list the most common security scenarious.

Tips for choosing a secure password

1. Although most of the systems nowadays will not allow you to do so, make sure your password ISN'T the following:

- your first, last name
- your login name itself
- just a combination of numbers you've picked up
- less than 8 characters long
- a dictionary word

2. On the other hand make sure your passwords consists of the following:

- letters, combination of small and capital one, some numbers and a special character like !@#$%^&*()_+ etc.
- make sure they're random, don't use passwords like aaa444bbb making it more than 8 chacacters - long, but using a weak

3. Tips for remembering passwords

- simply, accosiate, each letter could stand for something, a sample song name like "Fire" and the use of numbers and
characters will create a secure, and easy to memorize password like Fi624RE$@ where the first and the last part consist of
"Fi" and "RE"

4. Tips for keeping your accounting data as secret as possible

The majority of people blindly rely on various methods for keeping their sensitive data, while expositing it to anyone
with little logical and of course abusive mode of thinking.

- do not share your accounting data with anyone, even company representatives or your relatives, the way you treat passwords
might not be the way someone else does it
- make sure nobody is watching while typing your accounting data
- never have the same passwords on more than one service/computer

10. Meet the Security Scene

In this section you are going to meet famous people, security experts and
all personalities who in some way contribute to the growth of the community.
We hope that you will enjoy these interviews and that you will learn a great deal of
useful information through this section. We got another interesting request for an interview,
this time from a spyware coder, probably, if you see this guy on the street you're gonna kill
him right away, but the purpose of this interview is to reveal some more info about the vendors
and the people behind the threat. The interview was conducted via anonymous form, like the
way the coder requested.

Your comments are welcome at security@astalavista.net

Interview with an anonymous spyware coder

Astalavista: Hi, any chance we could possibly identify you with some name for the purpose of this chat?

Anonymoys spyware coder: Darek would do fine.

Astalavista: Ok, Darek, would you please tell us something more about the area you're currently working in, how did you
start, why did you start and what's your personal opinion on what you're doing right now?

Darek: I code spyware for a new "vendor"- I've been doing this for the past year and a half; how did I start? Mostly,
with contacts and knowing who's who in what I'm working right now. As far as my opinion about what I do, I do
it for the financial gains and power to a certain extend.

Astalavista: Don't you think there're better ways to achieve financial gains, or are the majority of people like you just
coding spyware for fast money? My point is, do you realize the impact of what you're doing on the entire world, the
majority of people I know would literally kill you if they knew you code spyware?

Darek: No at the moment, it's the same issue like the malware coders- achieve financial gains, get more power. I realize
that what I do pisses off a lot of people, but there's always someone else who can do it; so if I stop, I wouldn't
change anything and with this interview I want to stress out some more info on the while problem, from the pont ov view of
a person involved in it.

Astalavista: What is the current situation in the spyware scene?

Darek: More and more companies, the majority legal,start noticing this gray area of the Internet right now,
and mainly the benefits. It doesn't take a genious to understand what kind and amount of information could be gathered by
creating a spyware infected network, with advanced monitoring capabilities, and technology for auto updates. Huge

Astalavista: Are there any "spyware wars" between different "vendors"?

Darek: I'm aware of a couple; basically, the average visitor's computer is infected not with one, but with many, and
sometimes this pisses off some vendors. Have you heard of a spyware trying to remove other spyware in order to gain
competitive intelligence? Watch out, cause I've seen it happening, mostly in the most sophisticated variants.

Astalavista: What are the most common distribution methods of spyware, or how do vendors spread the code?

Darek: You might be surprised but it's the auto-updating technique of most of the spyware these days - once they get a huge
number of people, they make sure they stay loyal. File sharing networks, cracks and adult related web sites, anything that
comes to your mind and generates a lot of traffic,is mostly users "playing with the fire".

Astalavista: What do you think is going to happen in the next two years to protect the world from this threat?

Darek: A couple of organizations will police around and make sure networks are well protected from the majority of spyware,
it just needs some more time. Uncle Sam is the one who is going to take action first, and by action I don't mean real law
enforcement, which would limit the spread of popular spyware around. Spyware will become a threat like viruses and worms
are.Indeed, people have started comparing it with these in terms of severity.

Astalavista: And what do you think is going to happen on the spyware front?

Darek: Vendors will compete, wars will be waged - not directly through the spyware networks, but through "external sources;
we've seen DDoS mafia actions recently.

Astalavista: Thanks for bringing insight on the subject, and watch out, you might be jobless in the next couple of months :)

Darek: You're welcome, keep up the good work, and thanks for keeping a spyware free web site like Astalavista.com is,
this is from a (freelance) spyware coder :)

11. Security Sites Review

The idea of this section is to provide you with reviews of various highly interesting
and useful security related web sites. Before we recommend a site, we make sure that it provides
its visitors with quality and a unique content.


Securitystats.com was created out of a perceived need for a central repository of interesting computer
security statistics, which could be used in research materials as well as corporate security
expenditure documentation


Forensics.nl is an independent website contains links to Computer Forensics whitepapers,
articles, presentations, Tools, Products, Mailinglists, Howto's, and more.


Wireless-bern.ch is a site dedicated to various wardriving and wireless security issues.


Information Security Glossary is a site providing its visitors with detailed explanations on various IT/Network/Security


Cellphonehacks.com is a forum site where various discussions on phone modifications take place


The Super Wordlists Archive has one of the most extensive databases of wordlists ever.

12. Astalavista needs YOU!

We are looking for authors that would be interested in writing security related
articles for our newsletter, for people's ideas that we will turn into reality with their help and for anyone who
thinks he/she could contribute to Astalavista in any way. Below we have summarized various issues that might
concern you.

- Write for Astalavista -

What topics can I write about?

You are encouraged to write on anything related to Security:

General Security
Security Basics
Windows Security
Linux Security
IDS (Intrusion Detection Systems)
Malicious Code
Enterprise Security
Penetration Testing
Wireless Security
Secure programming

What do I get?

Astalavista.com gets more than 200 000 unique visits every day, our Newsletter has more than
22,000 subscribers, so you can imagine what the exposure of your article and you will be, impressive, isn't it!
We will make your work and you popular among the community!

What are the rules?

Your article has to be UNIQUE and written especially for Astalavista, we are not interested in
republishing articles that have already been distributed somewhere else.

Where can I see a sample of a contributed article?


Where and how should I send my article?

Direct your articles to dancho@astalavista.net and include a link to your article. Once we take a look
at it and decide whether is it qualified enough to be published, we will contact you within several days,
please be patient.

Thanks a lot all of you, our future contributors!

13. Astalavista.net Advanced Member Portal Promotion

Astalavista.net is a world known and highly respected Security Portal offering
an enormous database of very well-sorted and categorized Information Security
resources, files, tools, white papers, e-books and many more. At your disposal
are also thousands of working proxies, wargames servers where all the members
try their skills and most importantly - the daily updates of the portal.

- Over 3.5 GByte of Security Related data, daily updates and always working
- Access to thousands of anonymous proxies from all over the world, daily updates
- Security Forums Community where thousands of individuals are ready to share
their knowledge and answer your questions, replies are always received no matter
of the question asked.
- Several WarGames servers waiting to be hacked, information between those
interested in this activity is shared through the forums or via personal
messages, a growing archive of white papers containing info on previous
hacks of these servers is available as well.

The Advanced Security Member Portal

14. Readers' Feedback

This is a new section at our Newsletter, mainly created to answer some of the most common or interesting
questions we keep receiving every day. Neither your e-mails, nor your full names will be exposed. We respect your privacy!

Your feedback about Astalavista Security Newsletter is appreciated at security@astalavista.net

Alex [@hotmail.com]

" Hi folks at Astalavista!! I'm a computer science student in the U.S, and I just wanted to congratulate you
on your great work, both at the site, and at your Security Newsletter. Given the fact that a large number of my
IT colleagues visit your site daily, and my lecturers recommend subscribing at your Newsletter, I would like to ask you, how
did you manage to achieve all of this? Basically, you're one of the most recommended and well known security, and cracks of
course, web site in the world? Do you also make money out of it? :)"

-> Hi Alex! Thanks for your mail, it's great to know that the Newsletter is recommended by computer science lecturers.
How did we achieve all of it? Let's just say that the most important issue is to believe in what you're doing, who you are,
and what you have to offer. We've been practically doing this for the past several years, we've established
a relation with our visitors that is based on trust and expectations of good content quality; this is why we keep getting
more and more popular even in countries that have strong censorship on the Internet. Certain countries are known to have
blocked our web site, although users always find a way to bypass this. As far as money making is concerned, Astalavista.com
is entirely free and doesn't even require a user registration. We try to limit the number of ads and whenever there're
some, they're strictly related to security or IT in general. Astalavista.net is what we're trying to promote through the
site, which is the Astalavista Security Community.

Mitchell [@planet.nl]

"Hi people, thanks for your nice site, I've been visiting it since 1999, and it's one of my favourites. I must say I've
found some of the best documents and tools related to security at your site, which is something I really appreciate as I'm
responsible for the security of several networks in Holland. My concern, and something I've always been thinking about is,
to what extend do you have problems with law enforcement agencies trying to catch the latest worm writer, cracks programmer
or let's just say, someone from the underground? My point is that I'm sure that you ,guys, are aware of who's who in the
underground, and basically you know who's behind every illegal page out there?

-> You don't have problems with law enforcement agencies unless you're doing something wrong, isn't it? And we aren't doing
anything wrong! We don't know who's behind the latest worm or who relesed the latest cracks out there, because we're not
into coding worms or hosting cracks, not at all. If you spend some time and do little research, you would be able to find
out by yourself who's behind certain sites; and then in most of the cases they aren't doing anything wrong, because hosting
certain materials might be illegal in some, but legal in other countries around the world.

Rayn [@yahoo.com]

" Dear Astalavista, you have all my respect for what you've guys been doing during all these years. In my opinion, you're
one of the few sites left that are worth visiting on a daily basis! I'm sure a lot of people are asking the same question, and
probably you're going to ignore mine as well, but I'll at least fire it away: how can people join your group and participate
at the site? "

-> Rayn, nice words, we appreciate them! Yes, a lot of people from all over the world keep on asking how they can join
Astalavista, without even proposing or making some sort of contributions, which is not the way a question like this has to
be added. A lot of people think they'll gain financial profits out of working for Astalavista, which is what we hate.
Basically, we're not recrewing, but if we come across people who are worth recrewting and they have great contribution ideas instead of financial gain ones, we'll might have a talk with them.

15. Final Words

Dear Subscribers,

We're sure that you've enjoyed the security knowledge we've provided you with and
would be more than happy to receive your feedback about Issue 8. Issue 9 is on its way, we are again working on a couple of
new sections, and there will also be two contests at Astalavista.com in September, so keep visiting and spreading the word!

Editor - Dancho Danchev

Proofreader - Yordanka Ilieva
Login or Register to add favorites

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    23 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By