|------------------------------------------|
|- Astalavista Group Security Newsletter  -|        
|- Issue 13 31 December 2004              -|
|- http://www.astalavista.com             -|      
|- security@astalavista.net               -|
|------------------------------------------| 

- Table of contents -

[01] Introduction
[02] Security News
        - School's out to shun IE
        - New Vulnerability Affects All Browsers
        - Spam Sites Crippled by Lycos Screensaver DDoS
        - Google worm targets AOL and Yahoo
        - Groups fight Internet wiretap push
[03] Astalavista Recommends
        - Reverse code engineering: An in-depth analysis of the bagle virus
        - A distributed WEP cracker 
        - Anti-Virus evasion techniques and countermeasures
        - The unofficial SuprNova.org closure FAQ
        - Securing yourself and your computer
[04] Site of the month - Astalavista Security Toolbox DVD v2.0
[05] Tool of the month - ARPalert - unauthorized ARP address monitoring
[06] Paper of the month - A day in the life of the JPEG Vulnerability
[07] Free Security Consultation
        - All employees in my department use IE...
        - I recently read about a vulnerability in ALL browsers, is this for real...?!
        - I was interested in the real value of various security certificates...
[08] Enterprise Security Issues
        - Can our 5k firewall tell us if we're really under attack?
[09] Home Users Security Issues
        - Will my PC ever be secured? Part 1 - basic security concepts
[10] Meet the Security Scene
        - Interview with Mitchell Rowton, http://SecurityDocs.com/
[11] Security Sites Review
        - Secureroot.com
        - Fravia.frame4.com
        - Xakep.ru
        - Hackers4hackers.org
        - Sinred.com
[12] Astalavista needs YOU!
[13] Astalavista.net Advanced Member Portal
[14] Final Words

01. Introduction
   ------------

Dear Subscribers,

Welcome to our Issue 12 of Astalavista Security Newsletter, which is now officially one year old!
In the beginning of 2004, our security newsletter was created with the idea to provide Astalavista's
security interested and IT minded visitors with a qualified monthly publication covering the month's
most significant security topics and various security trends among the industry. During the year
we've managed to increase our subscribers with a couple of thousand new ones, and to attract a
large number of readers and organizations professionally involved in the infosec industry . 
At the Astalavista.com we had a couple of contests active around the year, our
constantly updated gallery section with various fan photos, and an overall improvement in the quality of the submissions
at the site.

For 2005 we have prepared quite a lot of new services and sections at our newsletter, we have extended the
security knowledge we've been providing you so far with more practical articles, tutorials, for both home and
professional readers. Issue 13 will be the longest and most resourceful so far, so watch out!

Thank you for contacting us with all of your ideas and comments, and thanks for the interest.
 
Enjoy your time, happy holidays, folks!

Astalavista's Security Newsletter is mirrored at:

http://packetstormsecurity.org/groups/astalavista/

If you want to know more about Astalavista.com, visit the following URL:

http://astalavista.com/index.php?page=55

Previous Issues of Astalavista's Security Newsletter can be found at:

http://astalavista.com/index.php?section=newsletter

Editor - Dancho Danchev
dancho@astalavista.net 

Proofreader - Yordanka Ilieva
danny@astalavista.net

02. Security News
   -------------

The Security World is a complex one. Every day a new vulnerability is found, new tools
are released, new measures are made up and implemented etc. In such a sophisticated Scene
we have decided to provide you with the most striking and up-to-date Security News during the
month, a centralized section that contains our personal comments on the issue discussed. Your comments
and suggestions about this section are welcome at security@astalavista.net 
   -------------

[ SCHOOL'S OUT TO SHUN IE ]

Citing security risks, a state university is urging students to drop Internet Explorer in
favor of alternative Web browsers such as Firefox and Safari.

In a notice sent to students on Wednesday, Pennsylvania State University's Information Technology
Services department recommended that students download other browsers to reduce attacks through
vulnerabilities in the Microsoft software. 

More information can be found at:

http://news.com.com/Schools+out+to+shun+IE/2100-1002_3-5485834.html

Astalavista's comments:

Although we haven't seen any significant campaigns that raise awareness on how insecure you actually are
while using IE, in the upcoming year we would definitely witness a shift towards the use of other browsers
beside IE for the obvious security threats of its use. 

[ NEW VULNERABILITY AFFECTS ALL BROWSERS ]

Secunia.com has reported about a new vulnerability, which affects all browsers. It allows a malicious
web site to "hi-jack" pop-up windows, which could have been opened by e.g. a your bank or an online shop.

More information can be found at:

http://it.slashdot.org/article.pl?sid=04/12/09/0053205

Here is a demonstration of the vulnerability:

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

Astalavista's comments:

Yes, you've read it right, and if you have eventually tested it, you should have noticed the results. What
you should do is to immediately update your browser's version to a more current one; otherwise you will easily
fall victim to online scams or possible phishing attacks. Secunia's discovery points out that sooner or later all
browsers get exploited; make sure you or your organization isn't using the less secure one by default.

[ SPAM SITES CRIPPLED BY LYCOS SCREENSAVER DDOS ]

A distributed denial of service (DDoS) attack launched by users of Lycos Europe's MakeLoveNotSpam.com
screensaver has succeeded in crippling several spammer sites, but some of the targeted sites remain available.

More information can be found at:

http://news.netcraft.com/archives/2004/12/01/spam_sites_crippled_by_lycos_screensaver_ddos.html

Astalavista's comments:

The rather contradictory and somehow falling initiative by Lycos Europe to take the
responsibility for the massive DDoS attacks targeting what are believed to be spam
sites in order to increase their bandwith damaged the company's reputation a lot by
going through various industry experts and portal opinions. Although a couple of sites
have been sucessfully shutdown, the customers are unknowingly commiting illegal actions
towards the spam sites; furthermore, there're much more effective proactive approaches to
find spam instead of targeting a couple of web sites. Next time it would be someone's computer
or an organization's network to be shut down.

[ GOOGLE WORM TARGETS AOL, YAHOO ]

Days after Google acted to thwart the Santy worm, security firms warned that variants have begun
to spread using both Google and other search engines. 

More information can be found at:

http://news.com.com/Google+worm+targets+AOL,+Yahoo/2100-7349_3-5504769.html?tag=nl

Astalavista's comments:

Application based worms are getting increasingly popular due to their easy to execute nature
and due to the help of an intermediary, in this case the search engine that's actually feeding
their intrusive attempts. Google's reaction to the worm was pretty fast but it opened an interesting
discussion of the way search engines can restrict, or even monitor users/worms. Who's still searching for passwd files
on Google??

[ GROUPS FIGHT INTERNET WIRETAP PUSH ]

Companies and advocacy groups opposed to the FBI's plan to make the Internet more accommodating
to covert law enforcement surveillance are sharpening a new argument against the controversial
proposal: that law enforcement's Internet spying capabilities are just fine as it is. 

More information can be found at:

http://www.securityfocus.com/news/10192

Astalavista's comments:

This issues need as much publicity as possible, so here we go. The current architecture of the Internet
is insecure by design and everyone knowing enough about various protocols and network
issues is aware of that. Both hackers and government officials have all the possible
capabilities to wiretap each and every bit of data you've ever sent with the
current design of the Internet. What's even worse would be to make the Internet even more insecure in
order to accommodate it for better wiretapping; since the same capability goes right into the hands
of malicious attackers,too, we all use or abuse it, let's don't make it less insecure than it
already is.

03. Astalavista Recommends
   ----------------------

This section is unique with its idea and the information included within. Its purpose is
to provide you with direct links to various white papers covering many aspects of Information Security.
These white papers are defined as a "must read" for everyone interested in deepening his/her
knowledge in the Security field. The section will keep on growing with every new issue.
Your comments and suggestions about the section are welcome at security@astalavista.net

" REVERSE CODE ENGINEERING: AN IN-DEPTH ANALYSIS OF THE BAGLE VIRUS "

This article looks at the Bagle (Beagle) worm from a reverse engineer's point of view

http://www.astalavista.com/?section=dir&act=dnd&id=3322

" A DISTRIBUTED WEP CRACKER "

A distributed WEP cracker, totally platform/architecture neutral

http://www.astalavista.com/?section=dir&act=dnd&id=3316

" ANTI-VIRUS EVASION TECHNIQUES AND COUNTERMEASURES" 

The objective of this article is to demonstrate different possible ways that viruses and worms coders
use to evade anti-virus products while coding malicious programs

http://www.astalavista.com/?section=dir&act=dnd&id=3288

" THE UNOFFICIAL SUPRNOVA.ORG CLOSURE FAQ "

Do you wonder what has happened with SuprNova.org recently? Find out here!

http://www.astalavista.com/?section=dir&act=dnd&id=3379

" SECURING YOURSELF AND YOUR COMPUTER "

This guide is about securing yourself and your computer, useful reading for the novice users.

http://www.astalavista.com/?section=dir&act=dnd&id=3371

04. Site of the month
   ------------------

http://www.astalavista.com/index.php?page=3

Astalavista Security Toolbox DVD v2.0 is now out. Find out what's inside or how to get it by following the
link.

05. Tool of the month
   ------------------

ARPalert - unauthorized ARP address monitoring 

ARPalert uses ARP address monitoring to help prevent unauthorized connections on the local network. 

http://www.astalavista.com/?section=dir&act=dnd&id=3338

06. Paper of the month
   -------------------

A day in the life of the JPEG Vulnerability 

This paper will provide a detailed analysis of the Buffer Overrun in JPEG Processing which
started appearing on Microsoft software in September 2004.

http://www.astalavista.com/?section=dir&act=dnd&id=3326

07. Free Security Consultation
   --------------------------

Have you ever had a Security related question but you weren't sure where to direct it to?
This is what the "Free Security Consultation" section was created for. Due to the high
number of Security-related e-mails we keep getting on a daily basis, we have decided to
initiate a service, free of charge. Whenever you have a Security related
question, you are advised to direct it to us, and within 48 hours you will receive
a qualified response from one of our Security experts. The questions we consider
most interesting and useful will be published at the section. Neither your e-mail,
nor your name will be present anywhere.

Direct all of your Security questions to security@astalavista.net 

Thanks a lot for your interest in this free security service, we are doing our best
to respond as soon as possible and provide you with an accurate answer to your questions.

---------
Question: Hello, although I already have several opinions on this question, I was wondering whether you
could also advise me about how to proceed in this situation. You see, all my employees use IE on their
computers and we cannot catch up with all the spyware and sometimes malicious software installed on the desktop
computers. We have a commercial anti-virus and we're considering a spyware one to deal with this problem, what do you
think we should do?
---------

Answer: A commercial anti-virus scanner is essential for making sure that you're protected against the vast
majority of known viruses/trojans and worms, however it's protecting just one of the many layers of your
organization's network that have to be safeguarded. Many other organizations are confronted with the
same task right now, so you have two options - either enforce the use of another browser, which will
pretty much solve the entire spyware or possible malware infections problem, or get a spyware solution, make sure you have
the latest versions of IE on all desktops. Even with maximum security measures, the second may again be ineffective
as we've seen it in the past, so my advice is to try to slowly enforce the use of another browser or make sure your
anti-spyware solution is worth the investment.

---------
Question: Thanks for the service guys, I'm a regular visitor of your site and this newsletter. I
must congratulate you for keeping it free and available to anyone who wants to take advantage of so
much security knowledge. I've recently came across a vulnerability "that affects all browsers" and I
was stunned to find out it also affects my thought to be secure Mozilla browser, I'm
confused, any comments? :)
---------

Answer: Hi, we appreciate your comments and that you enjoy reading our newsletter. Secunia's vulnerability
is a good  example that sooner or later the "security through obscurity" effect might not last forever, whereas
the implications with this vulnerability can have a tremendous impact on every Internet user. What to do about it? In this
case simply update your software since the severity of this pop-up hijacking attack made all vendors release immediate
patches, or simply keep yourself up-to-date in the future.

----------
Question:  Hi, folks. I'm a computer science student and I want to specialize in the information security
area once I graduate. However, I keep having the impression that the majority of experts are required to have some
security certification as a proof of their knowledge. I was wondering what's the real value of these and are they
as important as they seem to be for me?
----------

Answer: Thanks for the question. As a matter of fact we usually receive quite a lot of career and
certification related questions from various readers interested in improving their competitiveness or
basic knowledge of security.

In Issue 1 of our newsletter we featured a small article about security certifications, and have given
various external resources for further information. Indeed, popular certifications like the CISSP one happen
to be very useful when applying for a new position, but the real value of these certifications is to get the one
most suitable for your future profession. Choosing to be a network architect, an auditor, an administrator or a 
firewall specilist would require you to take different certificates, although the CISSP one can be considered "a must have"
and proves that the holder has a very good background in various information security positions. I would recommend you
to go through our list of certificates in Issue 1 or check http://www.isaca.org ; http://www.cisco.com or 
http://www.giac.org right away.

08. Enterprise Security Issues
   --------------------------

In today's world of high speed communications, of companies completely relying on the Internet for 
conducting business and increasing profitability, we have decided that there should be a special section for
corporate security, where advanced and highly interesting topics will be discussed in order to provide
that audience with what they are looking for - knowledge! 

- Can our 5k firewall tell us if we're really under attack? - 

Small or middle size businesses are often given the false impression of security represented by the
multilayer firewall protection introduced by a top rated vendor. The results are often very dissapointing, not
clear, and in the end it's usually the person responsible for configuring it who gets blamed. This short article
will try to bring more insight on why firewalls are not a complete solution to your network connection dependent 
business, the advantages of IDSs, and the possible employment of system administrators well experienced in firewall
architectures.

Multilayer firewall approaches happen to be very useful while fighting network attacks, restricting
access control or making sure trust is established between specific hosts only. While this is true, many businesses out
there still believe that their firewall is the perfect sensor to detect network and host based attacks, leaving the
possibility to implement a cost-effective and open-source IDS solution far behind their future opportunities. Firewalls will
indeed give you useful information on who's attacking your network, but they would miss important trends such as the
vulnerabilities tried at your network, the possible brute forcing of accounts and many others. If you really want to see
the big picture in details and make sure you take the adequate measures to respond to the real threats and attacks to your
network, then you're strongly advised to take advantage of the use of an IDS (Intrusion Detection System), where the most
popular open-source one is Snort (http://www.snort.org). If properly configured and maintained, this IDS will give
you a very detailed and useful informaton on what's really going around your network.

Your firewall is essential the way the Internet is somehow essential for your business, but the person
behind configuring it should have a very broad sense of knowledge on various threats methodologies and recent trends in
order to keep the firewall up-to-date with the latest security trends. If not configured correctly, the firewall will allow
the possibilities for a DoS(Denial of Service Attack) on your network, or it could allow further information leakage to be
used in a possible break-in. This is why it's essential to employ a person with a wide understanding of various network
and security issues.

What's important to remember is that even the perfect firewall in theory happens to be the worst in practice
when it comes to wrong configuration, so make sure you keep testing the configuration of yours or request a service like
this from a reliable security services provider.

09. Home Users' Security Issues
   --------------------------

Due to the high number of e-mails we keep getting from novice users, we have decided that it would be a very
good idea to provide them with their very special section, discussing various aspects of Information Security in
an easily understandable way, while, on the other hand, improve their current level of knowledge.

- Will my PC ever be secured? Part 1 - basic security concepts - 

With the media portals filled with weekly stories on "yet another worm in the wild", the costant spam and
phishing messages received, the increasing personal firewall alarms and the new threat from spyware, the average
Internet user is often frustrated when it comes to securing his/her desktop PC. This article will go briefly through
various basic security concepts with the idea to raise more awareness among the end users on what's really going
out there "in the wild".

You OS's "choice"

Choosing your Operating System (did you have the choice btw ) is an important process when it comes to
security. A large number of savvy users, scared from possible virus or trojans infections, are actually using the
"security through obscurity" approach, namely they use OSs like Mac OS that are less popular, and namely, less targeted by
viruses, spyware, or other common threats possed by the Internet or the OS's design itself. A basic truth is
that you've pretty much solved your malware and spyware problem at once for a long time to go, by choosing anything else but
Microsoft Windows. Mac OS or Linux like any other OS are also vulnerable to various attacks, but compared to what's
actually going on Microsoft's front, it's more than acceptable solution for someone who's not interested in becoming
a security expert in order to listen to online music, chat or take advantage of the Internet at all. Some OSs are
more secure than others because they were built with security in design, because they're not so popular(and so targeted
by attackers), or simply because the person behind it knows how to configure it as secure as possible.

Anti-virus and anti-trojan scanners myth

There're things that you cannot live without while using the Internet these days and they're a decent
anti-virus scanner and a personal firewall. While this is true, the fact that a lot of users don't know a lot about
how their scanners or personal firewalls can be taken advantage of has created a myth that what goes through the
scanner and is reported as safe is actually safe, and if allowing your latest 31337 application or backdoored music
player to establish an Internet connection is considered smart, will let malicious attackers to take advantage 
of your assets. Anti-virus and anti-trojan scanners deal mostly with signatures and on-the-fly scanning. Although they've
started issuing signatures updates very often, never trust the software entirely because as we have seen, vulnerabilities
that bypass the scanning of certain anti-virus software have been found in the past. Use your common sense - is this a
reliable program, does it have a reliable site, does Google know anything about it. If you spend some time, you might 
actually identify it as a spyware, virus etc. by reading someone else's "experience" with what you were about to run. 
Besides all, don't be naive and make sure you update your signatures on a daily basis, thus ensuring yourself you're 
still protected from a large number of malicious code.

Is my firewall considered a trusted security measure

Your personal firewall is as important as your anti-virus scanner is, but again it depends on how you
configure it, or to what extent you understand each and every event it notifies you of. Basically, what's important about
your firewall is to make sure that there're no vulnerabilities affecting your current version, and besides all, to
make sure what processes are allowed to connect to the Internet. Do you make a difference between the files Olidvd32.exe
and 0lidvd32.exe? The second one starts with "zero". My point is that unintentionally or even intentionally you might allow
a malicious program to establish a connection to the Internet. Thus it will be able to send all the information
gathered or give the attacker a remote access to your computer. Pay additional attention to untrusted music or movie
players, or anything that proclaims to be free software but often comes with a variety of hidden features within.
Be more suspicious!

The spyware threat

"How significant is it really and why should I care?" As far as spyware is concerned, the irresponsible Internet user is
considering the exchange of free music and movies for the installation of spyware on his/her desktop PC, and is
actually fighting against himself/herself when trying to remove these.  How do you get infected with spyware? 
Illegal sites, cracks, porn etc. often experience financing problems, and problems that can no longer be solved by placing
adult banners or reselling porn sites memberships(or it's the natural greed?). This is why you may
find spyware on sites spreading screensavers, wallpapers, lyrics and the aforementioned ones. Beside secretly monitoring
your Internet activities, web sites that you visit and in some cases your passwords and pretty much everything that
you type, the spyware often updates automatically without your  knowledge, it slows down your computer and makes the 
majority of your applications crash, as well as your favorite IE  browser. Usingfreeware AdAware or Spybot - Search&Destroy
applications will indeed protect or desinfect you from a large number of publicly known spywares, and with tools like
Spywareguard or others that directly block malicious web sites, BHOs or cookies you can rest by the time you open your
IE browser again. If you really want to solve your spyware problem, try using any other browser beside IE, and in a 
while you'll notice the difference - no more toolbars, weather forecasts etc. under your URL field...

In the next part we'll cover spamming, phishing and software and browser vulnerability attacks.

10. Meet the Security Scene
   -----------------------

In this section you are going to meet famous people,security experts and
all personalities who in some way contribute to the growth of the community.
We hope that you will enjoy these interviews and that you will learn a great deal of
useful information through this section. In this issue we have interviewed
Mitchell Rowton from http://www.SecurityDocs.com/

Your comments are welcome at security@astalavista.net 

------------------------------------------------
Interview with Mitchell Rowton,
http://www.securitydocs.com/

Astalavista: Hello Mitchell, would you please tell us something more about your
background in the information security industry, and what is SecurityDocs.com all about?

Mitchell: I joined the US Marine Corps after high school.  There I worked a helpdesk
for a year or so before moving on to being a server administrator.  After a while I became more and more interested
in the networking side of things (switches and routers.) Firewalls weren't used that often back then, and one day 
I was asked to put up an access-control list (ACL) on our borderrouter.  After that I started getting more and more
security responsibility. When I left the Marine Corps I used my security clearance to get a job as a DoD 
contractor, then a contractor in the health care industry.

By this time in my life I had a wife and kids.  So I took a job that was more stable and didn't have as much
travel closer to home.  When I think back, this is probably when the idea behind SecurityDocs.com was born. While
I was leaving one job and going to another I was told to do a very in depth turnover about starting an incident response
team at the company.  So how do you explain how to start an incident response team at a fortune 500 company in a turnover
document?  After a while I gave up and put several dozen links to white papers that discuss starting an incident
response team.

Basically that's what SecurityDocs.com is - a collection of security white papers that are organized into categories so
that it's easy for someone to learn any particular area.

Astalavista: The media and a large number of privacy concious experts keep targeting
Google and how unseriously the company is taking the privacy concerns of
its users. What is your opinion on that? Do you think a public company
such as Google should keep to its one-page privacy policy and
contradictive statements given the fact that it's the world's most popular
search engine?

Mitchell: I should start off by saying that my company makes money through Google's
Adsense program.  That being said, it seems like most of the media hoopla
surrounding Google privacy has centered around gmail and desktop search.  I
just don't see a problem with either of these issues. I signed up for gmail
knowing that I would see targeted text ads based on the content of e-mail
that I was viewing.

And I know that Google is going to learn some general stuff about everyones
desktop searching habits.  They will know that pdf's are searched for more
often than spreadsheets and other non-specific information. None of which
is personally identifiable.

Astalavista: Phishing attacks are on the rise, each and every month we see an
increasing number of new emails targeting new companies. What do you think
of the recent exploit of the SunTrust bank web site? Are users really
falling victims to these attacks or even worse, they're getting even
more scared to shop online?

Mitchell: The blame in this specific case falls mostly with the bank, but also on the users. I can't remember
the last time my bank asked me for my atm or credit card number on a non-secure page. That being said, I
know that my grand mother would probably fall for this. Sure users should check for SSL Certificates and use common
sense. But more importantly financial institutions should not allow cross site scripting or malicious scripting
injections.

If this type of phishing continues to rise then I imagine it will make the average user a little more worried about giving
information online.  This is bad for companies, but as a security guy, I think that most users should be
more worried about who they give their information to. There are a lot of phishing attacks that have nothing to do with the
institutions ( http://www.fraudwatchinternational.com/fraudalerts2/0412/pages/041207_4176_bankamerica.htm )

In cases like this, users must use some basic security common sense or risk getting scammed.

Astalavista: What used to be a worm in wild launched by a 15 years old kid or
hactivist, has recently turned into "DDoS services on demand", what do you
think made this possible? Is it the unemployed authors themselves, the
real criminals realizing the potential of the Internet, or the unethical
competition?

Mitchell: I'm sure it's a combination of all three. But it's also getting more popular because it hurts more today
than it used to. Five years ago an organizations web site was usually little more than an online brochure that
wasn't too important in the scheme of things.  Today their website is probably tightly integrated into their business 
model, and will cause a large financial and reputation loss if it is compromised or unusable.

The first step in doing a security assessment is to determine what's really important. Most companies should realize 
that having the same security mechanisms in place that they had three years ago is putting them more and
more at risk because these security mechanisms are protecting information that gets more important every day.

Astalavista: Recently, the FBI has been questioning Fyodor, the author of NMAP over
accessing server logs from insecure.org. Do you think these actions, legal
or not, can have any future implications on the users's privacy at other
web sites? I mean, next it could be any site believed to be visited by a
criminal, and besides all how useful this information might be in an investigation?

Mitchell: I had a mixed reaction when I first read about this.  But I must say that
Fyodor handled this superbly.  He sent an e-mail out telling people what was
happening and explaining that he was only complying with properly served
subpoenas.  He also puts things into perspective. If someone hacks into a
server and downloads nmap at a specific time, then perhaps law enforcement
should be able to view the nmap server logs for that specific time.  On the
other hand what if I were also downloading NMap at that time? I personally
wouldn't care if anyone knows that I download nmap, but I can also
understand why other people would be bothered by this. Overall I agree with
very narrow subpoenas directed at specific time periods and source IP's.

11. Security Sites Review
   ---------------------

The idea of this section is to provide you with reviews of various highly interesting
and useful security related web sites. Before we recommend a site, we make sure that
it provides its visitors with quality and a unique content.

-
Secureroot
-
http://www.secureroot.com/

Although a bit outdated, this links directory still has joys I'm sure you've forgotten about

-
Fravia.frame4.com
-
http://www.fravia.frame4.com

A mirror of Fravia's reverse engineering page provided by Frame4 Security Systems

-
Xakep.ru
-
http://www.Xakep.ru/

Xakep.ru is a popular, well organized and very resourceful Russian web site about security

-
Hackers4hackers.org
-
http://www.Hackers4hackers.org

Hackers4hackers.org is a Dutch E-zine about security

-
Blackcode.com
-
http://www.blackcode.com

Blackcode has been online since 1998 providing its mostly novice visitors with various security resources

12. Astalavista needs YOU!
   ---------------------

We are looking for authors that would be interested in writing security related
articles for our newsletter, for people's ideas that we will turn into reality with
their help, and for anyone who thinks he/she could contribute to Astalavista in any way. Below we have summarized
various issues that might concern you.

- Write for Astalavista -

What topics can I write about?

You are encouraged to write on anything related to Security:

General Security
Security Basics
Windows Security
Linux Security
IDS (Intrusion Detection Systems)
Malicious Code
Enterprise Security
Penetration Testing
Wireless Security
Secure programming

What do I get?

Astalavista.com gets more than 200 000 unique visits every day, our Newsletter has more than 22,000 subscribers, so
you can imagine what the exposure of your article and you will be, impressive, isn't it! We will make your work and you
popular among the community!

What are the rules?

Your article has to be UNIQUE and written especially for Astalavista, we are not interested in republishing articles
that have already been distributed somewhere else.

Where can I see a sample of a contributing article?

http://www.astalavista.com/media/files/malware.txt

Where and how should I send my article?

Direct your articles to security@astalavista.net and include a link to your article. Once we take a look at
it and decide whether is it qualified enough to be published, we will contact you within several days, please be patient.

Thanks a lot all of you, our future contributors!

13. Astalavista.net Advanced Member Portal Promotion
   -------------------------------------------------

Astalavista.net is a world known and highly respected Security Portal, offering
an enormous database of very well-sorted and categorized Information Security
resources - files, tools, white papers, e-books and many more. At your disposal
are also thousands of working proxies, wargames servers where all the members
try their skills and, most importantly, the daily updates of the portal.

- Over 3.5 GByte of Security Related data, daily updates and always working links.
- Access to thousands of anonymous proxies from all over the world, daily updates
- Security Forums Community where thousands of individuals are ready to share their knowledge and
answer your questions; replies are always received no matter of the question asked.
- Several WarGames servers waiting to be hacked; information between those interested in this activity
is shared through the forums or via personal messages; a growing archive of white papers containing
info on previous hacks of these servers is available as well.

http://www.astalavista.net/
The Advanced Security Member Portal

14. Final Words
   -----------

Dear Subscribers,

Watch out for our Issue 13 in January, 2005, a lot of new and useful sections have been added plus many
other surprises. We appreciate all your feedback, your remarks and anything else you want to say to us, so keep it coming.

See you all in 2005!

Editor - Dancho Danchev
dancho@astalavista.net

Proofreader - Yordanka Ilieva
danny@astalavista.net