|------------------------------------------| |- Astalavista Group Security Newsletter -| |- Issue 13 31 December 2004 -| |- http://www.astalavista.com -| |- security@astalavista.net -| |------------------------------------------| - Table of contents - [01] Introduction [02] Security News - School's out to shun IE - New Vulnerability Affects All Browsers - Spam Sites Crippled by Lycos Screensaver DDoS - Google worm targets AOL and Yahoo - Groups fight Internet wiretap push [03] Astalavista Recommends - Reverse code engineering: An in-depth analysis of the bagle virus - A distributed WEP cracker - Anti-Virus evasion techniques and countermeasures - The unofficial SuprNova.org closure FAQ - Securing yourself and your computer [04] Site of the month - Astalavista Security Toolbox DVD v2.0 [05] Tool of the month - ARPalert - unauthorized ARP address monitoring [06] Paper of the month - A day in the life of the JPEG Vulnerability [07] Free Security Consultation - All employees in my department use IE... - I recently read about a vulnerability in ALL browsers, is this for real...?! - I was interested in the real value of various security certificates... [08] Enterprise Security Issues - Can our 5k firewall tell us if we're really under attack? [09] Home Users Security Issues - Will my PC ever be secured? Part 1 - basic security concepts [10] Meet the Security Scene - Interview with Mitchell Rowton, http://SecurityDocs.com/ [11] Security Sites Review - Secureroot.com - Fravia.frame4.com - Xakep.ru - Hackers4hackers.org - Sinred.com [12] Astalavista needs YOU! [13] Astalavista.net Advanced Member Portal [14] Final Words 01. Introduction ------------ Dear Subscribers, Welcome to our Issue 12 of Astalavista Security Newsletter, which is now officially one year old! In the beginning of 2004, our security newsletter was created with the idea to provide Astalavista's security interested and IT minded visitors with a qualified monthly publication covering the month's most significant security topics and various security trends among the industry. During the year we've managed to increase our subscribers with a couple of thousand new ones, and to attract a large number of readers and organizations professionally involved in the infosec industry . At the Astalavista.com we had a couple of contests active around the year, our constantly updated gallery section with various fan photos, and an overall improvement in the quality of the submissions at the site. For 2005 we have prepared quite a lot of new services and sections at our newsletter, we have extended the security knowledge we've been providing you so far with more practical articles, tutorials, for both home and professional readers. Issue 13 will be the longest and most resourceful so far, so watch out! Thank you for contacting us with all of your ideas and comments, and thanks for the interest. Enjoy your time, happy holidays, folks! Astalavista's Security Newsletter is mirrored at: http://packetstormsecurity.org/groups/astalavista/ If you want to know more about Astalavista.com, visit the following URL: http://astalavista.com/index.php?page=55 Previous Issues of Astalavista's Security Newsletter can be found at: http://astalavista.com/index.php?section=newsletter Editor - Dancho Danchev dancho@astalavista.net Proofreader - Yordanka Ilieva danny@astalavista.net 02. Security News ------------- The Security World is a complex one. Every day a new vulnerability is found, new tools are released, new measures are made up and implemented etc. In such a sophisticated Scene we have decided to provide you with the most striking and up-to-date Security News during the month, a centralized section that contains our personal comments on the issue discussed. Your comments and suggestions about this section are welcome at security@astalavista.net ------------- [ SCHOOL'S OUT TO SHUN IE ] Citing security risks, a state university is urging students to drop Internet Explorer in favor of alternative Web browsers such as Firefox and Safari. In a notice sent to students on Wednesday, Pennsylvania State University's Information Technology Services department recommended that students download other browsers to reduce attacks through vulnerabilities in the Microsoft software. More information can be found at: http://news.com.com/Schools+out+to+shun+IE/2100-1002_3-5485834.html Astalavista's comments: Although we haven't seen any significant campaigns that raise awareness on how insecure you actually are while using IE, in the upcoming year we would definitely witness a shift towards the use of other browsers beside IE for the obvious security threats of its use. [ NEW VULNERABILITY AFFECTS ALL BROWSERS ] Secunia.com has reported about a new vulnerability, which affects all browsers. It allows a malicious web site to "hi-jack" pop-up windows, which could have been opened by e.g. a your bank or an online shop. More information can be found at: http://it.slashdot.org/article.pl?sid=04/12/09/0053205 Here is a demonstration of the vulnerability: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ Astalavista's comments: Yes, you've read it right, and if you have eventually tested it, you should have noticed the results. What you should do is to immediately update your browser's version to a more current one; otherwise you will easily fall victim to online scams or possible phishing attacks. Secunia's discovery points out that sooner or later all browsers get exploited; make sure you or your organization isn't using the less secure one by default. [ SPAM SITES CRIPPLED BY LYCOS SCREENSAVER DDOS ] A distributed denial of service (DDoS) attack launched by users of Lycos Europe's MakeLoveNotSpam.com screensaver has succeeded in crippling several spammer sites, but some of the targeted sites remain available. More information can be found at: http://news.netcraft.com/archives/2004/12/01/spam_sites_crippled_by_lycos_screensaver_ddos.html Astalavista's comments: The rather contradictory and somehow falling initiative by Lycos Europe to take the responsibility for the massive DDoS attacks targeting what are believed to be spam sites in order to increase their bandwith damaged the company's reputation a lot by going through various industry experts and portal opinions. Although a couple of sites have been sucessfully shutdown, the customers are unknowingly commiting illegal actions towards the spam sites; furthermore, there're much more effective proactive approaches to find spam instead of targeting a couple of web sites. Next time it would be someone's computer or an organization's network to be shut down. [ GOOGLE WORM TARGETS AOL, YAHOO ] Days after Google acted to thwart the Santy worm, security firms warned that variants have begun to spread using both Google and other search engines. More information can be found at: http://news.com.com/Google+worm+targets+AOL,+Yahoo/2100-7349_3-5504769.html?tag=nl Astalavista's comments: Application based worms are getting increasingly popular due to their easy to execute nature and due to the help of an intermediary, in this case the search engine that's actually feeding their intrusive attempts. Google's reaction to the worm was pretty fast but it opened an interesting discussion of the way search engines can restrict, or even monitor users/worms. Who's still searching for passwd files on Google?? [ GROUPS FIGHT INTERNET WIRETAP PUSH ] Companies and advocacy groups opposed to the FBI's plan to make the Internet more accommodating to covert law enforcement surveillance are sharpening a new argument against the controversial proposal: that law enforcement's Internet spying capabilities are just fine as it is. More information can be found at: http://www.securityfocus.com/news/10192 Astalavista's comments: This issues need as much publicity as possible, so here we go. The current architecture of the Internet is insecure by design and everyone knowing enough about various protocols and network issues is aware of that. Both hackers and government officials have all the possible capabilities to wiretap each and every bit of data you've ever sent with the current design of the Internet. What's even worse would be to make the Internet even more insecure in order to accommodate it for better wiretapping; since the same capability goes right into the hands of malicious attackers,too, we all use or abuse it, let's don't make it less insecure than it already is. 03. Astalavista Recommends ---------------------- This section is unique with its idea and the information included within. Its purpose is to provide you with direct links to various white papers covering many aspects of Information Security. These white papers are defined as a "must read" for everyone interested in deepening his/her knowledge in the Security field. The section will keep on growing with every new issue. Your comments and suggestions about the section are welcome at security@astalavista.net " REVERSE CODE ENGINEERING: AN IN-DEPTH ANALYSIS OF THE BAGLE VIRUS " This article looks at the Bagle (Beagle) worm from a reverse engineer's point of view http://www.astalavista.com/?section=dir&act=dnd&id=3322 " A DISTRIBUTED WEP CRACKER " A distributed WEP cracker, totally platform/architecture neutral http://www.astalavista.com/?section=dir&act=dnd&id=3316 " ANTI-VIRUS EVASION TECHNIQUES AND COUNTERMEASURES" The objective of this article is to demonstrate different possible ways that viruses and worms coders use to evade anti-virus products while coding malicious programs http://www.astalavista.com/?section=dir&act=dnd&id=3288 " THE UNOFFICIAL SUPRNOVA.ORG CLOSURE FAQ " Do you wonder what has happened with SuprNova.org recently? Find out here! http://www.astalavista.com/?section=dir&act=dnd&id=3379 " SECURING YOURSELF AND YOUR COMPUTER " This guide is about securing yourself and your computer, useful reading for the novice users. http://www.astalavista.com/?section=dir&act=dnd&id=3371 04. Site of the month ------------------ http://www.astalavista.com/index.php?page=3 Astalavista Security Toolbox DVD v2.0 is now out. Find out what's inside or how to get it by following the link. 05. Tool of the month ------------------ ARPalert - unauthorized ARP address monitoring ARPalert uses ARP address monitoring to help prevent unauthorized connections on the local network. http://www.astalavista.com/?section=dir&act=dnd&id=3338 06. Paper of the month ------------------- A day in the life of the JPEG Vulnerability This paper will provide a detailed analysis of the Buffer Overrun in JPEG Processing which started appearing on Microsoft software in September 2004. http://www.astalavista.com/?section=dir&act=dnd&id=3326 07. Free Security Consultation -------------------------- Have you ever had a Security related question but you weren't sure where to direct it to? This is what the "Free Security Consultation" section was created for. Due to the high number of Security-related e-mails we keep getting on a daily basis, we have decided to initiate a service, free of charge. Whenever you have a Security related question, you are advised to direct it to us, and within 48 hours you will receive a qualified response from one of our Security experts. The questions we consider most interesting and useful will be published at the section. Neither your e-mail, nor your name will be present anywhere. Direct all of your Security questions to security@astalavista.net Thanks a lot for your interest in this free security service, we are doing our best to respond as soon as possible and provide you with an accurate answer to your questions. --------- Question: Hello, although I already have several opinions on this question, I was wondering whether you could also advise me about how to proceed in this situation. You see, all my employees use IE on their computers and we cannot catch up with all the spyware and sometimes malicious software installed on the desktop computers. We have a commercial anti-virus and we're considering a spyware one to deal with this problem, what do you think we should do? --------- Answer: A commercial anti-virus scanner is essential for making sure that you're protected against the vast majority of known viruses/trojans and worms, however it's protecting just one of the many layers of your organization's network that have to be safeguarded. Many other organizations are confronted with the same task right now, so you have two options - either enforce the use of another browser, which will pretty much solve the entire spyware or possible malware infections problem, or get a spyware solution, make sure you have the latest versions of IE on all desktops. Even with maximum security measures, the second may again be ineffective as we've seen it in the past, so my advice is to try to slowly enforce the use of another browser or make sure your anti-spyware solution is worth the investment. --------- Question: Thanks for the service guys, I'm a regular visitor of your site and this newsletter. I must congratulate you for keeping it free and available to anyone who wants to take advantage of so much security knowledge. I've recently came across a vulnerability "that affects all browsers" and I was stunned to find out it also affects my thought to be secure Mozilla browser, I'm confused, any comments? :) --------- Answer: Hi, we appreciate your comments and that you enjoy reading our newsletter. Secunia's vulnerability is a good example that sooner or later the "security through obscurity" effect might not last forever, whereas the implications with this vulnerability can have a tremendous impact on every Internet user. What to do about it? In this case simply update your software since the severity of this pop-up hijacking attack made all vendors release immediate patches, or simply keep yourself up-to-date in the future. ---------- Question: Hi, folks. I'm a computer science student and I want to specialize in the information security area once I graduate. However, I keep having the impression that the majority of experts are required to have some security certification as a proof of their knowledge. I was wondering what's the real value of these and are they as important as they seem to be for me? ---------- Answer: Thanks for the question. As a matter of fact we usually receive quite a lot of career and certification related questions from various readers interested in improving their competitiveness or basic knowledge of security. In Issue 1 of our newsletter we featured a small article about security certifications, and have given various external resources for further information. Indeed, popular certifications like the CISSP one happen to be very useful when applying for a new position, but the real value of these certifications is to get the one most suitable for your future profession. Choosing to be a network architect, an auditor, an administrator or a firewall specilist would require you to take different certificates, although the CISSP one can be considered "a must have" and proves that the holder has a very good background in various information security positions. I would recommend you to go through our list of certificates in Issue 1 or check http://www.isaca.org ; http://www.cisco.com or http://www.giac.org right away. 08. Enterprise Security Issues -------------------------- In today's world of high speed communications, of companies completely relying on the Internet for conducting business and increasing profitability, we have decided that there should be a special section for corporate security, where advanced and highly interesting topics will be discussed in order to provide that audience with what they are looking for - knowledge! - Can our 5k firewall tell us if we're really under attack? - Small or middle size businesses are often given the false impression of security represented by the multilayer firewall protection introduced by a top rated vendor. The results are often very dissapointing, not clear, and in the end it's usually the person responsible for configuring it who gets blamed. This short article will try to bring more insight on why firewalls are not a complete solution to your network connection dependent business, the advantages of IDSs, and the possible employment of system administrators well experienced in firewall architectures. Multilayer firewall approaches happen to be very useful while fighting network attacks, restricting access control or making sure trust is established between specific hosts only. While this is true, many businesses out there still believe that their firewall is the perfect sensor to detect network and host based attacks, leaving the possibility to implement a cost-effective and open-source IDS solution far behind their future opportunities. Firewalls will indeed give you useful information on who's attacking your network, but they would miss important trends such as the vulnerabilities tried at your network, the possible brute forcing of accounts and many others. If you really want to see the big picture in details and make sure you take the adequate measures to respond to the real threats and attacks to your network, then you're strongly advised to take advantage of the use of an IDS (Intrusion Detection System), where the most popular open-source one is Snort (http://www.snort.org). If properly configured and maintained, this IDS will give you a very detailed and useful informaton on what's really going around your network. Your firewall is essential the way the Internet is somehow essential for your business, but the person behind configuring it should have a very broad sense of knowledge on various threats methodologies and recent trends in order to keep the firewall up-to-date with the latest security trends. If not configured correctly, the firewall will allow the possibilities for a DoS(Denial of Service Attack) on your network, or it could allow further information leakage to be used in a possible break-in. This is why it's essential to employ a person with a wide understanding of various network and security issues. What's important to remember is that even the perfect firewall in theory happens to be the worst in practice when it comes to wrong configuration, so make sure you keep testing the configuration of yours or request a service like this from a reliable security services provider. 09. Home Users' Security Issues -------------------------- Due to the high number of e-mails we keep getting from novice users, we have decided that it would be a very good idea to provide them with their very special section, discussing various aspects of Information Security in an easily understandable way, while, on the other hand, improve their current level of knowledge. - Will my PC ever be secured? Part 1 - basic security concepts - With the media portals filled with weekly stories on "yet another worm in the wild", the costant spam and phishing messages received, the increasing personal firewall alarms and the new threat from spyware, the average Internet user is often frustrated when it comes to securing his/her desktop PC. This article will go briefly through various basic security concepts with the idea to raise more awareness among the end users on what's really going out there "in the wild". You OS's "choice" Choosing your Operating System (did you have the choice btw ) is an important process when it comes to security. A large number of savvy users, scared from possible virus or trojans infections, are actually using the "security through obscurity" approach, namely they use OSs like Mac OS that are less popular, and namely, less targeted by viruses, spyware, or other common threats possed by the Internet or the OS's design itself. A basic truth is that you've pretty much solved your malware and spyware problem at once for a long time to go, by choosing anything else but Microsoft Windows. Mac OS or Linux like any other OS are also vulnerable to various attacks, but compared to what's actually going on Microsoft's front, it's more than acceptable solution for someone who's not interested in becoming a security expert in order to listen to online music, chat or take advantage of the Internet at all. Some OSs are more secure than others because they were built with security in design, because they're not so popular(and so targeted by attackers), or simply because the person behind it knows how to configure it as secure as possible. Anti-virus and anti-trojan scanners myth There're things that you cannot live without while using the Internet these days and they're a decent anti-virus scanner and a personal firewall. While this is true, the fact that a lot of users don't know a lot about how their scanners or personal firewalls can be taken advantage of has created a myth that what goes through the scanner and is reported as safe is actually safe, and if allowing your latest 31337 application or backdoored music player to establish an Internet connection is considered smart, will let malicious attackers to take advantage of your assets. Anti-virus and anti-trojan scanners deal mostly with signatures and on-the-fly scanning. Although they've started issuing signatures updates very often, never trust the software entirely because as we have seen, vulnerabilities that bypass the scanning of certain anti-virus software have been found in the past. Use your common sense - is this a reliable program, does it have a reliable site, does Google know anything about it. If you spend some time, you might actually identify it as a spyware, virus etc. by reading someone else's "experience" with what you were about to run. Besides all, don't be naive and make sure you update your signatures on a daily basis, thus ensuring yourself you're still protected from a large number of malicious code. Is my firewall considered a trusted security measure Your personal firewall is as important as your anti-virus scanner is, but again it depends on how you configure it, or to what extent you understand each and every event it notifies you of. Basically, what's important about your firewall is to make sure that there're no vulnerabilities affecting your current version, and besides all, to make sure what processes are allowed to connect to the Internet. Do you make a difference between the files Olidvd32.exe and 0lidvd32.exe? The second one starts with "zero". My point is that unintentionally or even intentionally you might allow a malicious program to establish a connection to the Internet. Thus it will be able to send all the information gathered or give the attacker a remote access to your computer. Pay additional attention to untrusted music or movie players, or anything that proclaims to be free software but often comes with a variety of hidden features within. Be more suspicious! The spyware threat "How significant is it really and why should I care?" As far as spyware is concerned, the irresponsible Internet user is considering the exchange of free music and movies for the installation of spyware on his/her desktop PC, and is actually fighting against himself/herself when trying to remove these. How do you get infected with spyware? Illegal sites, cracks, porn etc. often experience financing problems, and problems that can no longer be solved by placing adult banners or reselling porn sites memberships(or it's the natural greed?). This is why you may find spyware on sites spreading screensavers, wallpapers, lyrics and the aforementioned ones. Beside secretly monitoring your Internet activities, web sites that you visit and in some cases your passwords and pretty much everything that you type, the spyware often updates automatically without your knowledge, it slows down your computer and makes the majority of your applications crash, as well as your favorite IE browser. Usingfreeware AdAware or Spybot - Search&Destroy applications will indeed protect or desinfect you from a large number of publicly known spywares, and with tools like Spywareguard or others that directly block malicious web sites, BHOs or cookies you can rest by the time you open your IE browser again. If you really want to solve your spyware problem, try using any other browser beside IE, and in a while you'll notice the difference - no more toolbars, weather forecasts etc. under your URL field... In the next part we'll cover spamming, phishing and software and browser vulnerability attacks. 10. Meet the Security Scene ----------------------- In this section you are going to meet famous people,security experts and all personalities who in some way contribute to the growth of the community. We hope that you will enjoy these interviews and that you will learn a great deal of useful information through this section. In this issue we have interviewed Mitchell Rowton from http://www.SecurityDocs.com/ Your comments are welcome at security@astalavista.net ------------------------------------------------ Interview with Mitchell Rowton, http://www.securitydocs.com/ Astalavista: Hello Mitchell, would you please tell us something more about your background in the information security industry, and what is SecurityDocs.com all about? Mitchell: I joined the US Marine Corps after high school. There I worked a helpdesk for a year or so before moving on to being a server administrator. After a while I became more and more interested in the networking side of things (switches and routers.) Firewalls weren't used that often back then, and one day I was asked to put up an access-control list (ACL) on our borderrouter. After that I started getting more and more security responsibility. When I left the Marine Corps I used my security clearance to get a job as a DoD contractor, then a contractor in the health care industry. By this time in my life I had a wife and kids. So I took a job that was more stable and didn't have as much travel closer to home. When I think back, this is probably when the idea behind SecurityDocs.com was born. While I was leaving one job and going to another I was told to do a very in depth turnover about starting an incident response team at the company. So how do you explain how to start an incident response team at a fortune 500 company in a turnover document? After a while I gave up and put several dozen links to white papers that discuss starting an incident response team. Basically that's what SecurityDocs.com is - a collection of security white papers that are organized into categories so that it's easy for someone to learn any particular area. Astalavista: The media and a large number of privacy concious experts keep targeting Google and how unseriously the company is taking the privacy concerns of its users. What is your opinion on that? Do you think a public company such as Google should keep to its one-page privacy policy and contradictive statements given the fact that it's the world's most popular search engine? Mitchell: I should start off by saying that my company makes money through Google's Adsense program. That being said, it seems like most of the media hoopla surrounding Google privacy has centered around gmail and desktop search. I just don't see a problem with either of these issues. I signed up for gmail knowing that I would see targeted text ads based on the content of e-mail that I was viewing. And I know that Google is going to learn some general stuff about everyones desktop searching habits. They will know that pdf's are searched for more often than spreadsheets and other non-specific information. None of which is personally identifiable. Astalavista: Phishing attacks are on the rise, each and every month we see an increasing number of new emails targeting new companies. What do you think of the recent exploit of the SunTrust bank web site? Are users really falling victims to these attacks or even worse, they're getting even more scared to shop online? Mitchell: The blame in this specific case falls mostly with the bank, but also on the users. I can't remember the last time my bank asked me for my atm or credit card number on a non-secure page. That being said, I know that my grand mother would probably fall for this. Sure users should check for SSL Certificates and use common sense. But more importantly financial institutions should not allow cross site scripting or malicious scripting injections. If this type of phishing continues to rise then I imagine it will make the average user a little more worried about giving information online. This is bad for companies, but as a security guy, I think that most users should be more worried about who they give their information to. There are a lot of phishing attacks that have nothing to do with the institutions ( http://www.fraudwatchinternational.com/fraudalerts2/0412/pages/041207_4176_bankamerica.htm ) In cases like this, users must use some basic security common sense or risk getting scammed. Astalavista: What used to be a worm in wild launched by a 15 years old kid or hactivist, has recently turned into "DDoS services on demand", what do you think made this possible? Is it the unemployed authors themselves, the real criminals realizing the potential of the Internet, or the unethical competition? Mitchell: I'm sure it's a combination of all three. But it's also getting more popular because it hurts more today than it used to. Five years ago an organizations web site was usually little more than an online brochure that wasn't too important in the scheme of things. Today their website is probably tightly integrated into their business model, and will cause a large financial and reputation loss if it is compromised or unusable. The first step in doing a security assessment is to determine what's really important. Most companies should realize that having the same security mechanisms in place that they had three years ago is putting them more and more at risk because these security mechanisms are protecting information that gets more important every day. Astalavista: Recently, the FBI has been questioning Fyodor, the author of NMAP over accessing server logs from insecure.org. Do you think these actions, legal or not, can have any future implications on the users's privacy at other web sites? I mean, next it could be any site believed to be visited by a criminal, and besides all how useful this information might be in an investigation? Mitchell: I had a mixed reaction when I first read about this. But I must say that Fyodor handled this superbly. He sent an e-mail out telling people what was happening and explaining that he was only complying with properly served subpoenas. He also puts things into perspective. If someone hacks into a server and downloads nmap at a specific time, then perhaps law enforcement should be able to view the nmap server logs for that specific time. On the other hand what if I were also downloading NMap at that time? I personally wouldn't care if anyone knows that I download nmap, but I can also understand why other people would be bothered by this. Overall I agree with very narrow subpoenas directed at specific time periods and source IP's. 11. Security Sites Review --------------------- The idea of this section is to provide you with reviews of various highly interesting and useful security related web sites. Before we recommend a site, we make sure that it provides its visitors with quality and a unique content. - Secureroot - http://www.secureroot.com/ Although a bit outdated, this links directory still has joys I'm sure you've forgotten about - Fravia.frame4.com - http://www.fravia.frame4.com A mirror of Fravia's reverse engineering page provided by Frame4 Security Systems - Xakep.ru - http://www.Xakep.ru/ Xakep.ru is a popular, well organized and very resourceful Russian web site about security - Hackers4hackers.org - http://www.Hackers4hackers.org Hackers4hackers.org is a Dutch E-zine about security - Blackcode.com - http://www.blackcode.com Blackcode has been online since 1998 providing its mostly novice visitors with various security resources 12. Astalavista needs YOU! --------------------- We are looking for authors that would be interested in writing security related articles for our newsletter, for people's ideas that we will turn into reality with their help, and for anyone who thinks he/she could contribute to Astalavista in any way. Below we have summarized various issues that might concern you. - Write for Astalavista - What topics can I write about? You are encouraged to write on anything related to Security: General Security Security Basics Windows Security Linux Security IDS (Intrusion Detection Systems) Malicious Code Enterprise Security Penetration Testing Wireless Security Secure programming What do I get? Astalavista.com gets more than 200 000 unique visits every day, our Newsletter has more than 22,000 subscribers, so you can imagine what the exposure of your article and you will be, impressive, isn't it! We will make your work and you popular among the community! What are the rules? Your article has to be UNIQUE and written especially for Astalavista, we are not interested in republishing articles that have already been distributed somewhere else. Where can I see a sample of a contributing article? http://www.astalavista.com/media/files/malware.txt Where and how should I send my article? Direct your articles to security@astalavista.net and include a link to your article. Once we take a look at it and decide whether is it qualified enough to be published, we will contact you within several days, please be patient. Thanks a lot all of you, our future contributors! 13. Astalavista.net Advanced Member Portal Promotion ------------------------------------------------- Astalavista.net is a world known and highly respected Security Portal, offering an enormous database of very well-sorted and categorized Information Security resources - files, tools, white papers, e-books and many more. At your disposal are also thousands of working proxies, wargames servers where all the members try their skills and, most importantly, the daily updates of the portal. - Over 3.5 GByte of Security Related data, daily updates and always working links. - Access to thousands of anonymous proxies from all over the world, daily updates - Security Forums Community where thousands of individuals are ready to share their knowledge and answer your questions; replies are always received no matter of the question asked. - Several WarGames servers waiting to be hacked; information between those interested in this activity is shared through the forums or via personal messages; a growing archive of white papers containing info on previous hacks of these servers is available as well. http://www.astalavista.net/ The Advanced Security Member Portal 14. Final Words ----------- Dear Subscribers, Watch out for our Issue 13 in January, 2005, a lot of new and useful sections have been added plus many other surprises. We appreciate all your feedback, your remarks and anything else you want to say to us, so keep it coming. See you all in 2005! Editor - Dancho Danchev dancho@astalavista.net Proofreader - Yordanka Ilieva danny@astalavista.net