ISS Security Alert Summary for August 15, 1999.
aea040939f5a04ee9a04044715bfa9bc64dd231351f542d0dd1bd31f8d67bcac
AIX versions 4.1 ,4.x, and 3.x gethostbyname() and /bin/host local root exploit.
078223e0cc15496976e5f5eed3ccb736999f49d92b8b3f662506f6bccfa77725
An interesting interview with Aleph One, the moderator of the BugTraq mailing list.
53f65d1ad4fbd41bcdaa9a60f75c2f82b64020eccb6afb1d05e153dc839c443a
Stay anonymous on the web - How to maintain your anonymity on the web.
45ce2300d2627861d9d966d197426130d073d8fe43bf00fe2b5dd88b373c5a9e
There is a serious vulnerability in the cookies module of the Apache httpd, version 1.1.1 and earlier, which makes it possible for remote individuals to obtain access to systems running the Apache httpd. Only sites which enabled mod_cookies, a nondefault option, are vulnerable.
415bebb205840539ae2b17c5545d041bd57718a9f52efe06857b791f9e5cecfb
Text about hacking from your web browser by checking the PHF bug and some CGI bugs.
6083224d95d5acfbc20b146b869d6b1a8aa0534b55712a0e774946fd4dd73105
Beginners guide to hacking that includes an old sendmail exploit.
87d0317fbaeb10bddb3b2b64ca8a2d221634a3e1ed1626302e2c829983ded8cc
Brief paper discussing security on BSD.
026139f602cab91f6fcd3bacb81e14212d96e8ed84b28fb1d2ff8ebf56993d88
In research for our upcoming network auditing tool, SNI has uncovered a serious problem present in implementations of BIND which trust invalid data sent to them. This vulnerability specifically applies to hostname to address resolution and can result in local and remote users obtaining root privileges.
859f295eb53b572358085865ed77446854a85dd5a5cdb0284a0ee7123f66f271
This file will describe several techniques to acquire a password file just by using an ordinary web browser. The information provided will be best described for the beginner hacker, but all hackers should benefit from this information.
4e1a44d79d2b2e0654bfad6a83e62a6c7529e4e3650a189535b3b1585b2494ee
"Cyber-Christ meets Lady Luck" - With DEFCON is, read this excellent chronicle of Winn's trip to DEFCON II in Las Vegas.
33cea51066995a9c4847bebef2f4cd585fded0c560010eae2bc4ff9e5126d0b2
"Cyber Christ Bites The Big Apple" - We couldn't post Part I of the Cyber Christ series, HOPE (Hackers On Planet Earth) in New York City on August 13-14, 1994.
099356f6af4af41de108fa3400d8e38f3aad398d2c95043861a42482126e7c17
Write up called A Characteristic Model of Computer Criminals.
32f692c00f079b9d702d915057021bdd5d976ff420ef66c864e1f3c0f484691b
This is a whitepaper about countermeasures.
36fe0e8dc12ce485cc6068990770578278d4542695f3973f7cf9c747e625dfcb
Interesting text explaining how to cover your tracks when you leave the system.
d9c1e68a8518fff37df1b395e9629ff68524e7dd103307da1968cff4bcb1c288
SNI has become aware of serious problems relating to the handling of temporary files by the default BSD cron jobs /etc/security and later became aware of an equally serious problem in /etc/daily. In addition, the 4.4BSDlite2 version of /etc/security passes unchecked data to a shell. These bugs make it possible for unpriviliged users to obtain root access, EVEN IF THERE ARE NO SETUID PROGRAMS ON THE SYSTEM.
5ca61e56aee4ef540984270e547da4953f9f595ef2022006e71664ad9a93aa72
Defunct IPs can be used to over ride restrictions set by proxies.
cd86bfae9038bcf69d749a2181d7e2c863e0dabf413030539ad1a22d0f2ace2c
The complete text about very old old Denial Of Service Attacks - Contains info on the following attacks: Finger, UDP and SunOS, freezing Xwindows, malicious use of UDP services, attacking with lynx clients.
463e7898b6b2aa9555a36473db84072f726275dc3666a85f84e43503e1a75a67
Whitepaper called Concerning Hackers Who Break Into Computer Systems.
fe727cd53c18c21231cf9c55821d733ec8d316e5b5fc4bf243ed4b9ea1e55790
This is a FAQ for DHCP.
5046a6a6c8f2d2114eb6a4de84ed742ddad611cf09a500741350756e61e0359c
Interesting and well thought out rant sent in by Anonymous.
5de02bb3ccad824061afe0d2b3f722815a25e7d3244b9d6f8433b691a2b25429
Terminate a DSU satellite communication using a binary overflow.
aed2e0eb10521dfc773614e5a858458b2a32c1b7354941603d58ceb16468f153
Accessing The Internet By E-Mail. Yes, people wrote guides like this in the 90s.
3c41ac4a90e989d1b0da54d6f4b961d8a971a0bfc6e038c7327ba88f22324590
An overview of using the ES-3810 ATM.
29a13ac6dcf189a81d83eabc5196d238207a7846aeb64354f0df7d0c5fea64c6
This is an old, but very meaningful (or should be!) list of rules regarding "computer ethics", that should always be kept in mind by anyone who even thinks of touching a keyboard. From the Computer Ethics Institute, Washington, D.C.
441f3b968e540c12c5c8209e39fec0f9b3510111b505b17c5ccf29e74f129ac0