Backdoored dsniff, fragroute and fragrouter

In a recent hack of irssi server, attacker modified the configure script which gave him shell access to any system that installed the backdoored irssi program. The same thing …

RSA Security enhances RSA Keon

In support of its commitment to make the deployment and use of digital certificates easy for conducting secure and cost-effective e-business, RSA Security announced that its …

Security Advisories Week: 22-29 May 2002

Title: OpenServer popper buffer overflow and denial of service Date: May 22 2002 Vendor: Caldera Vulnerable systems: OpenServer 5.0.5 and OpenServer 5.0.6 Full advisory: …

Cyclone: A Safe Dialect of C

Cyclone is a safe dialect of C. It has been designed from the ground up to prevent the buffer overflows, format string attacks, and memory management errors that are common in …

Cross Site Scripting “the security gap”

I wonder if Microsoft applies the patches on their systems of their products. This question is always on my mind. I personally think that sufficient effort is not made on this …

Corporate Security Overview: 21-28 May 2002

A number of security companies send us their company press releases, which we republish in the press section of Help Net Security. This is an overview of interesting …

Basic security with passwords

The password. It really gives you power doesn’t it? You’re the only one that has the “key” to the workstation or something else that has to be kept …

A test of the ‘Email Security Testing Zone’

GFI is a worldwide supplier of security and communication tools for NT/2000 administrators. GFI’s security product range consists of MailSecurity email content checking …