|------------------------------------------|
|- Astalavista Group Security Newsletter  -| 
|- Issue 11 2 December 2004               -|
|- http://www.astalavista.com             -|      
|- security@astalavista.net               -|
|------------------------------------------| 

- Table of contents -

[01] Introduction
[02] Security News
        - Online fraud tutorials... from the Secret Service?
        - Alleged DDoS kingpin joins most wanted list
        - Cisco firewall source code is for sale
        - Trojan horse targets mobile phones
        - New MyDoom attacks may signal 'Zero Day'
[03] Astalavista Recommends
        - PGP 101 - Getting, installing, and using PGP Freeware
        - Vtrace 0.1
        - Exploit Mitigation Techniques - presentation
        - Net Tools 3.1
        - AppRecon - applications identification
[04] Site of the month - FutureWar.net
[05] Tool of the month - Vodka-tonic - cryptography-steganography hybrid tool
[06] Paper of the month - Wireless devices vulnerability list
[07] Free Security Consultation
        - We have recently found out that sensitive documents were available..
        - A network attack was responsible for shutting down..
        - It's not that I don't trust the people that I employ, it's the..
[08] Enterprise Security Issues
        - Company's best practices on anti-spam prevention
[09] Home Users Security Issues
        - How to effectively fight spam - pratical tips
[10] Meet the Security Scene
        - Interview with Dave Wreski,
LinuxSecurity.com
[11] Security Sites Review
        - Shellcode Archive
        - Security-guide.de
        - ToolCrypt
        - Web-Hack.ru
        - TheHacktivist.com
[12] Astalavista needs YOU!
[13] Astalavista.net Advanced Member Portal
[14] Astalavista Banner Contest - 2004
[15] Final Words

01. Introduction
   ------------

Dear Subscribers,

Welcome to Issue 11 of Astalavista's Security Newsletter! In this edition we have covered the most
significantsecurity events during November;we featured two articles, concerning both corporate and
home users on how to effectively deal with spam;we also chatted with Dave Wreski from
LinuxSecurity.com on various emerging security topics.

Astalavista Banner Contest - 2004 is now live, more information is available at:

http://www.astalavista.com/index.php?page=107

Enjoy your time, holidays are coming :)

Astalavista's Security Newsletter is mirrored at:

http://packetstormsecurity.org/groups/astalavista/

If you want to know more about Astalavista.com, visit the following URL:

http://astalavista.com/index.php?page=55

Previous Issues of Astalavista's Security Newsletter can be found at:

http://astalavista.com/index.php?section=newsletter

Editor - Dancho Danchev
dancho@astalavista.net 

Proofreader - Yordanka Ilieva
danny@astalavista.net

02. Security News
   -------------

The Security World is a complex one. Every day a new
vulnerability is found, new tools are released, new measures are made up and
implemented etc. In such a sophisticated Scene we have decided to
provide you with the most striking and up-to-date Security News during the
month, a centralized section that contains our personal comments on the
issue discussed. Your comments and suggestions about this section are
welcome at security@astalavista.net 
   -------------

[ ONLINE FRAUD TUTORIALS...FROM THE SECRET SERVICE? ]

As a jaunty flourish in its high-profile roundup of fraudsters and forgers last
Thursday, the agency took over Shadowcrew.com, a New Jersey-based online crime bazaar
that sits at the center of the government's  "Operation Firewall" investigation. 
Officials locked out the user accounts and swapped in a new front page featuring a Secret Service
banner, an image of a prison cell, and a list of federal charges against some site members. 

More information can be found at:

http://securityfocus.com/news/9866
http://www.shadowcrew.com/

Astalavista's comments:

The Secret Service's "deface" of the group's site simply sends out a message to a very large and
malicious audience, the group's other members, given the fact that the
investigation itself must have taken a great deal of coordination and resources.

I wonder how many groups like this are still active, and how many are to come having in 
mind the rise of phishing and id thefts,?

[ ALLEGED DDOS KINGPIN JOINS MOST WANTED LIST ]

The fugitive Massachusetts businessman charged in the first criminal case to arise from an 
alleged DDoS-for-hire scheme has appeared on an FBI most wanted list, while the five men accused 
of carrying out his will are headed for federal court.

More information can be found at:

http://securityfocus.com/news/9870
http://www.fbi.gov/mostwant/alert/echouafni.htm

Astalavista's comments:

Why is the government going after such a small fish with green bucks after all - probably because of the
good publicy, but this is not the best way to send a message for potential DDoS-for-hire schemes
since the people behind these attacks are still out there, building zombie networks,
underground economics, DDoS and phishing services on demand.

[ CISCO FIREWALL SOURCE CODE IS FOR SALE ]

A group describing itself as the Source Code Club (SCC) has offered to sell source code for 
Cisco's Pix proprietary security firewall software to any taker for $24,000. In a note posted on a 
Usenet newsgroup, the group also said that it would also make available other, unnamed source code to
those who paid.

More information can be found at:

http://nwc.networkingpipeline.com/shared/article/showArticle.jhtml?articleId=51202557

Astalavista's comments:

Although Cisco have had quite a lot of source code leakeges recently, I doubt whether this is a serious
one, or perhaps the folks behind it are desperately looking for cash. Cisco, as the world's most
established networking company, should put more efforts into safeguarding its source code.
News reports like these make a mockery of the company's image.

[ TROJAN HORSE TARGETS MOBILE PHONES ]

A new Trojan horse that sends unauthorized spam to mobile phones via sms has been detected by anti-virus
authority Sophos, marking a new trend in the convergence of viruses and mass-mail attacks.

The Troj/Delf-HA Trojan horse infects a PC, then downloads instructions on which spam campaign to
launch from a Russian telecom Web site, according to Gregg Mastoras, senior security analyst at Sophos.
It can plague owners of cell phones by sending them unsolicited junk text messages
over the carrier's network.

More information can be found at:

http://wireless.newsfactor.com/story.xhtml?story_title=Trojan-Horse-Targets-Mobile-Phones&story_id=28307

Astalavista's comments:

Welcome to the new borne world of mobile viruses, mobile spam, and with the number of banks doing
banking over mobiles, mobile phishing attacks are soon to appear as well. A couple of interesting papers
for you to read on the topic are  available at:

http://www.sourceo2.com/NR/rdonlyres/ehunutobhlesv6szirdn2sd4ltxg7vkbhuh2ak4ziznoe4xgk3ezbsfdxlhi7i76zlsik5ujllbf4tetdzzw7vqajwb/CabirWormInfo.pdf
http://www.astalavista.com/index.php?section=dir&cmd=file&id=2315
http://www.astalavista.com/index.php?section=dir&cmd=file&id=1586

[ NEW MYDOOM ATTACKS MAY SIGNAL 'ZERO DAY' ]

The newest version of the MyDoom worm now circulating suggests to security experts that the much-anticipated
"Zero Day attack" may have arrived. Zero Day refers to an exploit, either a worm or a virus, that arrives on the
heels of, or even before, the public announcement of a vulnerability in a computer system. This new MyDoom appeared
only two days after a  security flaw in Windows IE was made public, according to reports.

More information can be found at:

http://www.pcworld.com/news/article/0,aid,118580,00.asp

Astalavista's comments:

Slaves of the botnets?! Yes we are, the whole industry is. They fill every security gap,
they make patching pointless, they update and fully load each other whenever a
public or Zero Day exploit is found, thus creating yet another news story
and a couple of thousands new zombies by the time administrators respond.

Further reading:

http://www.columbia.edu/~medina/docs/resnet/medina-resnet2004.pdf
http://www.sfbay-infragard.org/SUMMER2004/Botnets_Botherds-1.pdf

03. Astalavista Recommends
   ----------------------

This section is unique with its idea and the information included within. Its purpose is
to provide you with direct links to various white papers covering many aspects of Information Security.
These white papers are defined as a "must read" for everyone interested in deepening his/her
knowledge in the Security field. The section will keep on growing with every new issue.
Your comments and suggestions about the section are welcome at
security@astalavista.net

" PGP 101 - GETTING, INSTALLING, AND USING PGP FREEWARE "

A tutorial on PGP for the complete beginner, screenshots included as well

http://www.astalavista.com/?section=dir&act=dnd&id=3190

" VTRACE 0.1 "

Tool for visual tracert, shows the geographical location of a certain host

http://www.astalavista.com/?section=dir&act=dnd&id=3187

" EXPLOIT MITIGATION TECHNIQUES - PRESENTATION " 

Various exploit mitigation techniques revealed

http://www.astalavista.com/index.php?section=dir&act=dnd&id=3151

" NET TOOLS 3.1 "

Over 70 network/security tools application, recommended!

http://www.astalavista.com/index.php?section=dir&act=dnd&id=3163

" APPRECON - APPLICATIONS IDENTIFICATION "

AppRecon is a small java tool that tries to identify
applications by sending appropriate discovery broadcast packets.

http://www.astalavista.com/?section=dir&act=dnd&id=3214

04. Site of the month
   ------------------

http://www.futurewar.net/

FutureWar.net is a site dedicated to provide its visitors with quality and extensive
information on various information warfare issues.

05. Tool of the month
   ------------------

Vodka-tonic - cryptography-steganography hybrid tool

Vodka-tonic is a cryptography-steganography hybrid
tool. It a three level security system for paranoid people.

http://www.astalavista.com/index.php?section=dir&act=dnd&id=3181

06. Paper of the month
   -------------------

Wireless devices vulnerability list

Info on default settings and related vulnerabilities

http://www.astalavista.com/index.php?section=dir&act=dnd&id=3218

07. Free Security Consultation
   --------------------------

Have you ever had a Security related question but you
weren't sure where to direct it to? This is what the "Free Security
Consultation" section was created for. Due to the high number of Security-related e-mails we
keep getting on a daily basis, we have decided to initiate a service,
free of charge. Whenever you have a Security related question, you are advised to
direct it to us, and within 48 hours you will receive a qualified response from one
of our Security experts. The questions we consider most interesting and useful
will be published at the section. Neither your e-mail, nor your name will be present anywhere.

Direct all of your Security questions to security@astalavista.net 

Thanks a lot for your interest in this free security service, we are doing our best
to respond as soon as possible and provide you with an accurate answer to your questions.

---------
Question: Hello, Astalavista. I'm an IT manager for a small U.S based IT solutions company. We have recently
found out that we have had sensitive information leaked out from our webserver to Google. By the time
we removed it, there had been numerous downloads of the file. Although it's now gone from our server, Google
still keeps a cache of it, any thoughts on this issues would be greatly appreciated from you, guys?
---------

Answer: Thanks for the email. The power of Google has created an entirely new group of malicious users - the
google hackers, namely individuals locating sensitive data, exploiting services and servers with the help of Google.
It will take a while, up to a week and a half based on previous removal procedures I took care of; after that the
file will be gone from Google's cache as well. There're a couple of things you can do ; keep the file but with wrong
information.Thus you'll be able to misinform or detect competitors trying to locate sensitive data; the most important
thing is to have a word with the person responsible for all web servers, and make him/her take advantage of robots.txt
approaches, so that you can protect your entire web infrastructure, and keep the sensitive files/directories out of Google.

More info is available at Google's site:

http://www.google.com/remove.html

---------
Question: A network attack of some kind was recently responsible for shutting down the connection between
our branches in two different cities; we weren't able to detect a DDoS attack, nor was our ISP able to detect anything
unusual. We have started an investigation - any ideas on what happened would be appreciated?
---------

Answer: Thanks for the extensive email and your request for advice on this issue. From what I've read
it sounds like either an insider had knowledge of critical infrastructure and the physical insecurities around it, or an
application level DoS attack simply shut down these vital servers. I would recommend you make sure that the servers aren't
compromised by the use of integrity checkers, since you alredy have them in place, and pay attention to a possible insider
treat. I'm sure if you look deeper, you will be able to clarify what happened.

A useful paper on Application level DoS attacks can be found at:

http://www.corsaire.com/white-papers/040405-application-level-dos-attacks.pdf

Another useful article on insiders can be found at:

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci906437,00.html

----------
Question: Hi, folks at Astalavista.com. Congratulations on the security resource you've been providing me with for the past
several years. It helped me achieve a lot in my ITSec career. I wanted to request additional opinion on an issue that has 
been  bothering me for a very long time. It's not that I don't trust the people that I employ, I do, since trust is
vital, but how do I protect from insiders, so taht the company does not turn into a commercial BigBrother :)
----------

Answer: Depends on what you're doing and how sensitive it is. You might need to turn your enterprise into a
BigBrother to a certain extent. Staff monitoring is a hot and complicated topic given the different laws and regulations
across the globe. Most of all, staff monitoring should act as an enformecement tool when implementing your company's
security policy; otherwise the amount of information gathered could be abused to a great extent. Your employees aren't
watched, there're just monitored - this is the feeling that your monitoring program should represent and enforce.

08. Enterprise Security Issues
   --------------------------

In today's world of high speed communications, of companies completely
relying on the Internet for conducting  business and increasing profitability, we have
decided that there should be a special section for corporate security, where
advanced and highly interesting topics will be discussed in order to provide
that audience with what they are looking for - knowledge! 

- Company's best practices on anti-spam prevention - 

Spam represents one of the biggest threats to our business and personal email communication. Every day
millions of spam messages are sent, a couple of hundred people are lured into the ads, several thousand
think they've removed themselves on the mail servers - a certain loss of productivity when employees are constantly
bothered by spam. In this issue we have decided to provide company or IT managers with practical tips on how to deal
with the problem.

The problems with mail server bandwidth

Given the different sizes of organizations and the publicity of their emails, the unecessary flood of
daily spam can cause additional, sometimes above the average bandwidth costs to an organization. It can contribute to the
certain delays in processing emails as well.

The problems with loss of productivity

The flood of spam targeting your employees can result in significant loss of productivity; everyone has to
manually go through the spam and delete it. Employees' mode of thinking is that they believe the company has better
anti-spam filters than the ones they have at their free web based or ISP mail accounts; this is why  they often use these
emails on public forums etc.

Practices to safeguard the company's infrastructure

- the anti-email exposure policies
Your company has to develop and closely monitor the enforcement of an anti-email exposure policy, namely
that the company's email accounts shouldn't be used at public www boards, mailing lists etc. If enforced successfully, this
might significantly limit the amount of spam towards your mail servers.

- the use of web forms
The use of web forms instead of plain info@example.com emails is strongly recommended. Yes it's very
convinient for a customer to reach you, the same goes out about the spammer as well. Beside all, users don't mind
filling out web forms.

- the use of cost-effective open-source solutions
The Spam Assassin Project (http://spamassassin.apache.org/ ) is one of the most effective anti-spam approaches I have
used so far, besides developing an effective white listing model. It works perfectly well even on a high
bandwidth server processing thousands of mails daily.

09. Home Users' Security Issues
   --------------------------

Due to the high number of e-mails we keep getting from novice users, we have decided that it would be a very good
idea to provide them with their very special section, discussing various aspects of Information Security in an 
easily understandable way, while, on the other hand, improve their current level of knowledge.

- How to effectively fight spam - practical tips - 

How many messages did you got today? I got 14 even though I've thought there's a spam protection in
place. The truth is that spammers are getting smart - they're not using our own computers once breached to distribute
spam. Yes this is right - you might be actually sending all that spam to yourself and your friends even without 
knowing it. This article will provide you with practical tips on how to deal with spam and avoid the most general mistakes.

How spammers harvest your emails

- from public web forums or places where your email is in plain text like you@yahoo.com
- from fake mailing lists and sites created with the idea to gather as much emails as possible

How to protect your email

- have a couple of emails, one for personal reasons, other for business, and yet another one to give out
for mailing lists and web site submissions, so you can be sure if there're unetchical activities behind the site you'll
be able to find that very easily

- Read your email offline. As a large number of spammers no longer require you to reply or somehow
interact with the message, once you open it, it sends back a confirmation so your email is now known as an active one,
meaning you'll get even more spam.

- Never reply to a spammer or try to manualy remove yourself from the list, simply because this is just
another way to confirm that your email is real and active.

- Whenever posting your email somewhere, make sure it is in the following form, thus protecting against spam
harvesters: you@yahoo.com would be you AT yahoo DOT com or you [at] yahoo.com.

A recommended article that will give you more details on how to protect yourself can be downloaded at:

http://www.astalavista.com/?section=dir&act=dnd&id=3194

10. Meet the Security Scene
   -----------------------

In this section you are going to meet famous people, security experts and
all personalities who in some way contribute to the growth of the community.
We hope that you will enjoy these interviews and that you will learn a great deal of
useful information through this section. In this issue we have interviewed Dave Wreski from LinuxSecurity.com

Your comments are welcome at security@astalavista.net 

------------------------------------------------
Interview with Dave Wreski,
http://www.linuxsecurity.com/

Astalavista: Dave, tell us something more about your background in the InfoSec
industry and what is LinuxSecurity.com all about?

Dave: I have been a long-time Linux enthusiast, using it before version v1.0
on my 386DX40 home PC, which prompted me to dump Windows shortly thereafter and I've never looked back.
In early 1993 I began to realize the tremendous value that Linux could bring to the security issues I was facing.
I found the decisions I was making, with regard to managing computer systems, were more and more
based on the impact security had on the data residing on those systems. It's certainly more challenging to
keep the bad guys out than it is the other way round - the bad guys have to only be right
once, while the good guys have to always make the right decisions. So I created a
company to help ensure the good guys had the tools necessary to make the most effective options to keep
their networks secure.

The void in comprehensive information on security in the Linux space was the primary reason I started LinuxSecurity.com in
1996. Since then, we have seen millions of visitors make it their primary
information resource. In fact, we're completely revamping the site with new features, greater functionality and
a whole new look -launching December 1st.

Astalavista: What was the most important trend in the open-source security
scene during the last couple of years,in your opinion?

Dave: Actually, there have been so many that it's difficult to focus on
any one in particular. Certainly, the adoption of open
standards by many vendors and organizations makes it much easier to
communicate between disparate systems securely. The maturity of
the OpenSSH/OpenSSL projects, IPsec, and even packet filtering has
enabled companies, including Guardian Digital, to create solutions to
Internet security issues equal to, or better than,
their proprietary counterparts.

Astalavista: The monopolism of Microsoft in terms of
owning more than 95% of the desktops in the world has resulted in a lot of
debates on how insecure the whole Internet is because of their
insecure software. Whereas my personal opinion is that if Red
Had had 95% of the desktop market, the effect would be the same.
Do you think their software is indeed insecure, or it happens to be
the one most targeted by hackers?

Dave: I think the mass-market Linux vendors try to develop a product
that's going to provide the largest numbers of features, while
sacraficing security in the process. They have to
appeal to the lowest common denominator, and if that means
delivering a particular service that is requested by their
customers, then much of the responsibility of security falls on the
consumer, who may or may not be aware of the implications of not
maintaining a secure system, and in all likelihood, do not possess the
ability to manage the security of their system.

Astalavista: The appearance of Gmail and Google
Desktop had a great impact on the privacy concerns of everyone, however these
expanditures by Google happened to be very successful. Do you think there's really a privacy 
concern about Google, their services and privacy policy, and, most importantly, the future of the
company?

Dave: No, not really. I actually think that most of us
gave up our privacy years ago, and any privacy that remains is
only in perception. There's far more damage that could be done
through things like the United States Patriot Act than there
is through Google reading your general communications. Anyone who
has half a brain and wants to make sure their communications are
not intercepted is using cryptography for electronic
issues.

Astalavista: We've recently seen an enormous increase of phishing attacks, some of which
are very successful. What caused this in your opinion? What is the way to limit these from
your point of view?

Dave: Reduce the human factor involvement somehow. Phishing is just the
new "cyber" term for social engineering, which has existed forever.
Through the efforts of Guardian Digital, and other companies
concerned about the privacy and security of their customers' data,
we are making great strides towards user education,
and providing tools for administrators to filter commnications.

Astalavista: Spyware is another major problem that created an industry of companies fighing it,
and while the government is slowly progressing on the issue, the majority of PCs online
are infected by spyware. Would you, please, share your comments on the topic?

Dave: This issue is different from issues such as phishing because the
end-user is not aware is it occurring. The responsibility here
falls directly on the operating system vendor to produce an
environment where security is maintained. In other words, by
creating software that enables the end-user to better define what
constitutes authorized access, users can develop a situation where
this type of attack does not succeed. In the meantime, application-level security filters and strict
corporate information policies thwart many of these types of attacks.

Astalavista: What do you think will happen in the near future with Linux
vs. Microsoft? Shall we witness more Linux desktops, or entire
countries will be renovating their infrastructure with
Unix-based operating systems?

Dave: We are already seeing a growing trend on an
international level in the migration from Windows operating systems to Linux.
Guardian Digital has implemented several Linux-based solutions for
multi-national and international corporations who recognize the costs and
security risks associated with a Windows system, and if our business
is any indication of the growth potential, I'd say Microsoft
is going to have a real fight on their hands.

Although I'm not too involved in the desktop space
itself, I am completely comfortable with my cobbled-together Linux
desktop, much more than just a few years ago. I think that as more
and more computing tasks become distributed - moved from the
desktop to being powered by a central server - it will become
easier to rely on Linux on the desktop and the growth will continue.

11. Security Sites Review
   ---------------------

The idea of this section is to provide you with reviews of various highly interesting
and useful security related web sites. Before we recommend a site, we make sure that
it provides its visitors with quality and a unique content.

-
Shellcode Archive
-
http://www.shellcode.com.ar/

Large shellcode and papers archive

-
Security-guide.de
-
http://www.security-guide.de/

A German security related web site, quality content.

-
ToolCrypt
-
http://www.toolcrypt.org/

Various crypto and security related tools, a must
visit.

-
Web-Hack.ru
-
http://www.web-hack.ru/

A Russian security web site, useful content.

-
The Hacktivist.com
-
http://www.thehacktivist.com/

A resource discussing hacktivism and electronic civil
disobedience.

12. Astalavista needs YOU!
   ---------------------

We are looking for authors that would be interested in writing security related
articles for our newsletter, for people's ideas that we will turn into reality with
their help, and for anyone who thinks he/she could contribute to Astalavista 
in any way. Below we have summarized various issues that might concern you.

- Write for Astalavista -

What topics can I write about?

You are encouraged to write on anything related to Security:

General Security
Security Basics
Windows Security
Linux Security
IDS (Intrusion Detection Systems)
Malicious Code
Enterprise Security
Penetration Testing
Wireless Security
Secure programming

What do I get?

Astalavista.com gets more than 200 000 unique visits every day, our Newsletter has
more than 22,000 subscribers, so you can imagine what the exposure of your article
and you will be, impressive, isn't it! We will make your work and you popular among the
community!

What are the rules?

Your article has to be UNIQUE and written especially for Astalavista, we are not
interested in republishing articles that have already been distributed somewhere else.

Where can I see a sample of a contributing article?

http://www.astalavista.com/media/files/malware.txt

Where and how should I send my article?

Direct your articles to security@astalavista.net and
include a link to your article. Once we take a look at it and decide whether is it
qualified enough to be published, we will contact you within several days, please be
patient.

Thanks a lot all of you, our future contributors!

13. Astalavista.net Advanced Member Portal Promotion
   -------------------------------------------------

Astalavista.net is a world known and highly respected Security Portal, offering
an enormous database of very well-sorted and categorized Information Security
resources - files, tools, white papers, e-books and many more. At your disposal
are also thousands of working proxies, wargames servers where all the members
try their skills and, most importantly, the daily updates of the portal.

- Over 3.5 GByte of Security Related data, daily updates and always working links.
- Access to thousands of anonymous proxies from all over the world, daily updates
- Security Forums Community where thousands of individuals are ready to share their knowledge and answer
your questions; replies are always received no matter of the question asked.
- Several WarGames servers waiting to be hacked; information between those interested in this activity is
shared through the forums or via personal  messages; a growing archive of white papers containing
info on previous hacks of these servers is available as well.

http://www.astalavista.net/
The Advanced Security Member Portal

14. Astalavista Banner Contest - 2004
   -----------------------------------

Are you good at designing creatives (banners, buttons, wallpapers etc.)?
Would you like to contribute to Astalavista.com with your talent and creativity?
And would you appreciate if we provide the most talented of you with the brand new Astalavista DVD or
a FREE Astalavista.net membership?

All you have to do is simple - participate!

At Astalavista.com we have always valued designers and provided them with the opportunity to publish
their work at our Gallery section, while rewarding the best creatives with Astalavista.net memberships.
So far we have had several successful creative contests, namely because we are well aware of the high
number of designers visiting our site. 

Enjoy this year's creative contest!

We are looking for the following Astalavista.com and
Astalavista.net related creatives:

- banners 
Banners should be in the following size only (468 x 60)
- buttons 
Buttons should be in the following size only (88 x 31)
- Prize
The brand new Astalavista DVD, or a free membership to Astalavista.net - Advanced Security Member Portal

More information is available at:

http://astalavista.com/index.php?page=107

15. Final Words
   -----------

Dear Subscribers,

Thanks for your feedback and participations at our contests, hope you've enjoyed issue 11.

Thanks for your time, till the next Christmas issue of Astalavista Security Newsletter.

Editor - Dancho Danchev
dancho@astalavista.net

Proofreader - Yordanka Ilieva
danny@astalavista.net