My Code Red Advisory
A new worm appeared on the Internet and began propagating using Microsoft's increasingly infamous "Can O'Worms" IIS web servers.

Calling itself CodeRedII, this is a completely new worm, written from scratch and with a very different agenda and replication technology.

HackerHeaven
This is hackerheaven, a site for hackers, by hackers. With hacker, I mean the hacker mentioned in the Jargon file (no, not the one carving furniture :)

Dshield - Distributed Intrusion Detection System
DShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.
Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.
More complex patterns, such as are used by application level firewalls may be handled in the future.

Cops, Crimes and HAL2001
HAL2001 is an event similar to HIP97, where hackers come together, learn about lots of nifty new stuff and pick each others brains clean. Unfortunately, a lot of scriptkiddies that call themselves 'hackers' attend as well, and usually only because of the 1 Gbit uplink that will be present.
Rop Gonggrijp (from hacktic fame) wrote a short text about HAL2001, targeted at that dubious group of people. A fun read for real hackers (tm) and a wise lesson for neophytes. Read on for the text.

Hacker Grabs JDS Earnings Release Prior To Posting
Executives at the fiber-optics company, based here, said during the company's earnings call Thursday that a hacker gained access to a draft of its fourth-quarter financial release as it was being prepared for the company's Web site. JDS quickly halted trading of its stock because of the incident.
JDS had its earnings release ready to post on its Web site with the push of a button Thursday, and someone was able to guess the release's URL before it became public on the site, a company spokesman said Friday.

Save Your Site
For the fullest online security, companies need the broadest array of defenses. Many commercial sites maintain firewalls to control access and allow certain kinds of content (or people) in or out. Most encrypt sensitive data like credit card numbers in transit over the Internet. Yet web applications inside your firewall are essentially wide-open targets. Holes and vulnerabilities in commercial web software constantly crop up and need to be filled or plugged with upgrades or patches from vendors.
Businesses can't afford to wait passively for security glitches to be discovered and fixed manually. And continually fixing code written in-house by hand is an expensive, time-consuming and never-ending task. In fact, most sites add so much new code every day that they could never hope to keep up by patching or fixing holes manually. This makes a majority of sites essentially insecure.
Sanctum's AppShield™ can make your online business all but impenetrable to Web Perversion. And our AppScan™ software can show you where your applications are vulnerable, and recommend how to fix them.
Protecting the applications running at the heart of your online business by manually patching or upgrading is a strategy that will fail you, sooner or later.

SECUROM
SecuROM™ is a PC CD-ROM copy protection solution developed by Sony DADC. Together with its sister plants Sony DADC is the world market leader in CD replication services. Protect your profits with SecuROM™and see what a difference it makes.

The Spread of the Code-Red Worm (CRv2)
Around 10:00 UTC in the morning of July 19th, 2001 a random seed variant of the Code-Red worm (CRv2) began to infect hosts running unpatched versions of Microsoft's IIS webserver. The worm spreads by probing random IP addresses and infecting all hosts vulnerable to the IIS exploit. As noted by others, there are at least two variants of the worm: one that used a fixed, static seed for its random number generator, and another that used a random seed. [eeye] [stuart] In this paper, we examine the characteristics of the random seed variant of Code-Red (CRv2).

ITNet exposes job seekers' details online
A job applicant to IT services firm ITNet had more to worry about than company perks after sensitive details from his application form were left accessible online.

FAQ and Guide to Cracking

I am going to describe the methods and strategies used to access various UNIX hosts among the internet unauthorizedly. This guide will not teach you how to hack, neither do you have to be a hacker to use the techniques described here. Hacking means finding your own way to do it, and finding new approaches to accomplishing something. I am only going to supply you with one possible approach to cracking.

Commonly overlooked audit trails on intrusions
This is my attempt of compiling a 'top list' of audit trails that
are being left after intrusions where the intruders try to cover their
tracks but don't do a good job. To put it short, there are actually
a lot of audit trails on a normal UNIX system, which can almost all
be overcome, but with some effort, that most intruders evade.

Protecting against the unknown - improving information security for the future
This paper attempts to define the problem and answer the question:
What pure or applied technical measures can be taken to protect the Internet against future forms of attack?

Inside the E-Mails of a Spy
The following are representative samples of Robert P. Hanssen's thinking on various issues, from the breakdown in security at DOE facilities and Clinton-administration bungling to Israeli intelligence operations to Fidel Castro and the Elian Gonzalez case. All are taken from a collection of Hanssen's e-mails.

Inside the E-Mails of a Spy
The following are representative samples of Robert P. Hanssen's thinking on various issues, from the breakdown in security at DOE facilities and Clinton-administration bungling to Israeli intelligence operations to Fidel Castro and the Elian Gonzalez case. All are taken from a collection of Hanssen's e-mails.

STUDY MANUAL   COUNTER INTELLIGENCE  PROLOGUELN324
The purpose of this booklet is to present basic information on the mission and activities of Counter Intelligence. But, with the understanding that the primary mission is to support the commanders of the armed forces. This booklet is dedicated to the concepts of Counter Intelligence in relation with its functional areas, the application of these functions, and a specific dedication and instructions on how to apply these functions. The terms "special agent of Counter Intelligence" (SA) refers to all those persons who conduct and contribute to the handling and gathering of information of the
multi-disciplinary intelligence of the hostile services. This booklet is
primarily oriented at those persons involved in the control and execution of the operations of CI. In like manner, this booklet has a very significant value for other members of the armed forces that function in the areas and services of security and other departments of intelligence.

When Secrets Crash
When a passenger airliner crashes, investigators from the National Transportation Safety Board quickly arrive on the scene to try to determine what went wrong. Press conferences and press coverage follow. The NTSB Web site notes that media are briefed at least once a day by one of the board members accompanying the investigating team and that a public affairs officer maintains contact with the media. Viewers of the nightly news often see aerial images of the crash site. The flight and airplane involved will be precisely identified by the airline and NTSB. Eventually, the public can expect a detailed report on the conclusions.
Things can be very different when the crash involves a military aircraft--particularly if it is an airplane whose existence or mission the United States has not yet acknowledged or that carries particularly sensitive equipment. Over the years, a variety of secret intelligence and military aircraft have crashed, and the specifics of US government responses have varied--sometimes as the result of the different circumstances of the crashes, other times as the result of different rules for dealing with the press queries concerning classified programs. However, preserving secrecy has been a constant objective.

U.S. News: China: How big a threat? (7/23/01)
It was originally created by the U.S. Air Force and is now entrusted with some of the U.S. government's most sensitive and secretive national security studies. So executives at Rand, a think tank based in Santa Monica, Calif., were stunned when intelligence officials called on June 8 to say they were firing Rand from a classified project ordered by Congress to assess China's future military capabilities. The National Intelligence Council (NIC), a group that reports directly to CIA chief George Tenet, concluded that Rand was failing to do its job adequately and decided it needed to hire another contractor.

Fight over Euro-intelligence plans
The sudden closure of one of the world’s largest spy stations is a potential harbinger of confrontation between the U.S. and Germany.

The alt.2600 FAQ file on hacking, including loops
The purpose of this FAQ is to give you a general introduction to the topics covered in alt.2600 and #hack. No document will make you a hacker.

Internet Storm Watch Project
Today Internet Storm Center gathers more than 3,000,000 intrusion detection log entries every day. It is rapidly expanding in a quest to do a better job of finding new storms faster, isolating the sites that are used for attacks, and providing authoritative data on the types of attacks that are being mounted against computers in various industries and regions around the globe. Internet Storm Center is a free service to the Internet community. The work is supported by the SANS Institute from tuition paid by students attending SANS security education programs.