SecurityFocus Microsoft Newsletter #244
----------------------------------------
This Issue is Sponsored By: WhiteHat Security
Think network security products protect your websites? That's just one of five common misconceptions that can leave your websites open to attack. Download The Five Myths of Web Application Security from WhiteHat Security and get the facts about vulnerability assessment and management for websites. To receive this complimentary white paper, click here:
------------------------------------------------------------------
I. FRONT AND CENTER
1. Shred It!
2. A Role Model for Security. Almost.
3. Software Firewalls: Made of Straw? Part 1 of 2
4. Microsoft's Most Successful Failure
II. MICROSOFT VULNERABILITY SUMMARY
1. MSN ILoveMessenger Cross-Site Scripting Vulnerability
2. Rakkarsoft RakNet Remote Denial of Service Vulnerability
3. Software602 602 LAN Suite 2004 HTML Injection Log Obfuscation Vulnerability
4. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
5. Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability
6. Pragma TelnetServer Log Obfuscation Vulnerability
7. TCPDump BGP Decoding Routines Denial Of Service Vulnerability
8. Invision Power Services Invision Gallery SQL Injection Vulnerability
9. FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability
10. Invision Community Blog Multiple Input Validation Vulnerabilities
11. Microsoft June Advance Notification Unspecified Security Vulnerabilities
12. Macromedia eLicensing Client Activation Code Local Privilege Escalation Vulnerability
13. Novell NetMail Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. DHCP database
2. Scripted Software removal (Encrypting Credentials)
3. E-Mail gateway on IIS.
4. reconsidering physical security: pod slurping
5. Restricting file server to access to domain computers only.
6. Kerberos & NTLM Auth in IIS6
7. Windows Server 2K Lockdown
8. [Q] Beef Up Active Directory
9. DEP on Windows XP SP2
10. Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Shred It!
By Mark Rasch
The second worst thing you can do in the face of a government investigation is to destroy the documents relevant to that investigation. The worst thing you can do, of course, is to almost destroy these documents.
http://www.securityfocus.com/columnists/332
2. A Role Model for Security. Almost.
By Jason Miller
The pursuit of absolute security is a lot like perfectionism.
http://www.securityfocus.com/columnists/331
3. Software Firewalls: Made of Straw? Part 1 of 2
By Israel G. Lugo, Don Parker
The concept of a firewall still brings to mind the picture of an impenetrable brick wall, the unsurpassable magic protector of all that is good.
http://www.securityfocus.com/infocus/1839
4. Microsoft's Most Successful Failure
By Mark Burnett
Someone once asked Pable Picasso which one of his many paintings was his favorite. His reply: the next one. Ask Steve Ballmer which version of Windows is the most secure and guess what his answer will be?
http://www.securityfocus.com/columnists/330
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. MSN ILoveMessenger Cross-Site Scripting Vulnerability
BugTraq ID: 13855
Remote: Yes
Date Published: 2005-06-04
Relevant URL: http://www.securityfocus.com/bid/13855
Summary:
ilovemessenger is prone to a cross-site scripting vulnerbility. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
It should be noted, given the vulnerability is located at a subdomain of MSN.com, this vulnerability could facilitate the theft of Hotmail cookie-based credentials, thus allowing an attacker complete access to the victim users Hotmail email account.
2. Rakkarsoft RakNet Remote Denial of Service Vulnerability
BugTraq ID: 13862
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13862
Summary:
Rakkarsoft RakNet is affected by a remote denial of service vulnerability.
Reportedly, the vulnerability presents itself when the library handles an empty UDP packet.
RakNet 2.33 and prior versions released before May 30, 2005 are affected by this vulnerability. Various games employing the affected library may be vulnerable as well.
3. Software602 602 LAN Suite 2004 HTML Injection Log Obfuscation Vulnerability
BugTraq ID: 13872
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13872
Summary:
602 Lan Suite 2004 is affected by an HTML injection vulnerability.
An attack may allow the attacker to obfuscate logs and hide nefarious activities from an administrator. It is currently unknown if other attacks are possible.
4. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
BugTraq ID: 13873
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13873
Summary:
Multiple vendors are prone to a new class of attack named 'HTTP Request Smuggling'. This class of attack basically revolves around piggybacking a HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, it is demonstrated that this class of attack may result in cache poisoning, cross-site scripting, session hijacking and other attacks.
5. Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability
BugTraq ID: 13878
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13878
Summary:
Kaspersky Anti-Virus for Microsoft Windows 2000 platforms is prone to a privilege escalation vulnerability.
The issue manifests in the Kaspersky kernel driver 'klif.sys'. This issue may ultimately result in the execution of attacker-supplied code in the context of the system kernel (ring-0).
Kaspersky Anti-Virus versions 5.0.227, 5.0.228, and 5.0.335 when running on Microsoft Windows 2000 are reported prone.
6. Pragma TelnetServer Log Obfuscation Vulnerability
BugTraq ID: 13896
Remote: Yes
Date Published: 2005-06-08
Relevant URL: http://www.securityfocus.com/bid/13896
Summary:
Pragma TelnetServer is affected by a log obfuscation vulnerability.
This attack may allow the attacker to obfuscate logs and hide nefarious activities from an administrator. It is currently unknown if other attacks are possible.
Pragma TelnetServer 6.0 is affected by this issue.
7. TCPDump BGP Decoding Routines Denial Of Service Vulnerability
BugTraq ID: 13906
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13906
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Border Gateway Protocol (BGP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed ISIS packets resulting in the software hanging.
8. Invision Power Services Invision Gallery SQL Injection Vulnerability
BugTraq ID: 13907
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13907
Summary:
Invision Gallery is affected by an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Invision Gallery 1.3.0 and prior are vulnerable.
9. FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability
BugTraq ID: 13908
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13908
Summary:
FutureSoft TFTP Server 2000 is prone to a remote denial of service vulnerability. Reports indicate the issue manifests when the TFTP server handles certain types of UDP datagrams.
A remote attacker may exploit this issue to crash the affected service.
10. Invision Community Blog Multiple Input Validation Vulnerabilities
BugTraq ID: 13910
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13910
Summary:
Multiple input validation vulnerabilities reportedly affect Invision Community Blog. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first issue is a cross-site scripting issue and the second set of issues are SQL injection issues.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
11. Microsoft June Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 13923
Remote: Unknown
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13923
Summary:
Microsoft has released advanced notification that they will be releasing ten security bulletins for Windows on June 14, 2005. Eight vulnerabilities will be addressed by these security bulletins.
The maximum severity rating of any of these bulletins is 'Critical'.
12. Macromedia eLicensing Client Activation Code Local Privilege Escalation Vulnerability
BugTraq ID: 13925
Remote: No
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13925
Summary:
The Macromedia installer and eLicensing client for Microsoft Windows platforms install a service 'Macromedia Licensing Service' when installing Macromedia products.
The service is a local service only that runs with SYSTEM privileges. The vendor reports that this service is installed with insecure permissions that allow unprivileged members of the 'Users' group to make changes to the 'Macromedia Licensing Service' configuration. In making said changes a local attacker may leverage this issue to gain SYSTEM level access to a target computer.
13. Novell NetMail Multiple Remote Vulnerabilities
BugTraq ID: 13926
Remote: Yes
Date Published: 2005-06-10
Relevant URL: http://www.securityfocus.com/bid/13926
Summary:
Novell NetMail is susceptible to multiple remote vulnerabilities.
The IMAP agent is susceptible to two remote buffer overflow vulnerabilities, and the Modweb agent is susceptible to a remote buffer overflow vulnerability. These issues allow remote attackers to execute arbitrary machine code in the context of the affected server process.
The Modweb agent is susceptible to two remote denial of service vulnerabilities. These issues allow remote attackers to crash the service, and to consume excessive CPU resources. These issues result in the denial of service to legitimate users.
The Modweb agent is also susceptible to a cross-site scripting vulnerability, allowing attackers to execute arbitrary HTML and script code in unsuspecting users Web browsers in the context of the affected Web site.
This BID will be split into its individual issues at a later date.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. DHCP database
http://www.securityfocus.com/archive/88/402113
3. E-Mail gateway on IIS.
http://www.securityfocus.com/archive/88/402104
4. reconsidering physical security: pod slurping
http://www.securityfocus.com/archive/88/402101
5. Restricting file server to access to domain computers only.
http://www.securityfocus.com/archive/88/401904
6. Kerberos & NTLM Auth in IIS6
http://www.securityfocus.com/archive/88/401853
7. Windows Server 2K Lockdown
http://www.securityfocus.com/archive/88/401825
8. [Q] Beef Up Active Directory
http://www.securityfocus.com/archive/88/401802
9. DEP on Windows XP SP2
http://www.securityfocus.com/archive/88/401688
10. Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?
http://www.securityfocus.com/archive/88/401953
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: WhiteHat Security
Think network security products protect your websites? That's just one of five common misconceptions that can leave your websites open to attack. Download The Five Myths of Web Application Security from WhiteHat Security and get the facts about vulnerability assessment and management for websites. To receive this complimentary white paper, click here:
----------------------------------------
This Issue is Sponsored By: WhiteHat Security
Think network security products protect your websites? That's just one of five common misconceptions that can leave your websites open to attack. Download The Five Myths of Web Application Security from WhiteHat Security and get the facts about vulnerability assessment and management for websites. To receive this complimentary white paper, click here:
http://www.securityfocus.com/sponsor/WhiteHat_ms-secnews_050614
------------------------------------------------------------------
I. FRONT AND CENTER
1. Shred It!
2. A Role Model for Security. Almost.
3. Software Firewalls: Made of Straw? Part 1 of 2
4. Microsoft's Most Successful Failure
II. MICROSOFT VULNERABILITY SUMMARY
1. MSN ILoveMessenger Cross-Site Scripting Vulnerability
2. Rakkarsoft RakNet Remote Denial of Service Vulnerability
3. Software602 602 LAN Suite 2004 HTML Injection Log Obfuscation Vulnerability
4. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
5. Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability
6. Pragma TelnetServer Log Obfuscation Vulnerability
7. TCPDump BGP Decoding Routines Denial Of Service Vulnerability
8. Invision Power Services Invision Gallery SQL Injection Vulnerability
9. FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability
10. Invision Community Blog Multiple Input Validation Vulnerabilities
11. Microsoft June Advance Notification Unspecified Security Vulnerabilities
12. Macromedia eLicensing Client Activation Code Local Privilege Escalation Vulnerability
13. Novell NetMail Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. DHCP database
2. Scripted Software removal (Encrypting Credentials)
3. E-Mail gateway on IIS.
4. reconsidering physical security: pod slurping
5. Restricting file server to access to domain computers only.
6. Kerberos & NTLM Auth in IIS6
7. Windows Server 2K Lockdown
8. [Q] Beef Up Active Directory
9. DEP on Windows XP SP2
10. Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Shred It!
By Mark Rasch
The second worst thing you can do in the face of a government investigation is to destroy the documents relevant to that investigation. The worst thing you can do, of course, is to almost destroy these documents.
http://www.securityfocus.com/columnists/332
2. A Role Model for Security. Almost.
By Jason Miller
The pursuit of absolute security is a lot like perfectionism.
http://www.securityfocus.com/columnists/331
3. Software Firewalls: Made of Straw? Part 1 of 2
By Israel G. Lugo, Don Parker
The concept of a firewall still brings to mind the picture of an impenetrable brick wall, the unsurpassable magic protector of all that is good.
http://www.securityfocus.com/infocus/1839
4. Microsoft's Most Successful Failure
By Mark Burnett
Someone once asked Pable Picasso which one of his many paintings was his favorite. His reply: the next one. Ask Steve Ballmer which version of Windows is the most secure and guess what his answer will be?
http://www.securityfocus.com/columnists/330
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. MSN ILoveMessenger Cross-Site Scripting Vulnerability
BugTraq ID: 13855
Remote: Yes
Date Published: 2005-06-04
Relevant URL: http://www.securityfocus.com/bid/13855
Summary:
ilovemessenger is prone to a cross-site scripting vulnerbility. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
It should be noted, given the vulnerability is located at a subdomain of MSN.com, this vulnerability could facilitate the theft of Hotmail cookie-based credentials, thus allowing an attacker complete access to the victim users Hotmail email account.
2. Rakkarsoft RakNet Remote Denial of Service Vulnerability
BugTraq ID: 13862
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13862
Summary:
Rakkarsoft RakNet is affected by a remote denial of service vulnerability.
Reportedly, the vulnerability presents itself when the library handles an empty UDP packet.
RakNet 2.33 and prior versions released before May 30, 2005 are affected by this vulnerability. Various games employing the affected library may be vulnerable as well.
3. Software602 602 LAN Suite 2004 HTML Injection Log Obfuscation Vulnerability
BugTraq ID: 13872
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13872
Summary:
602 Lan Suite 2004 is affected by an HTML injection vulnerability.
An attack may allow the attacker to obfuscate logs and hide nefarious activities from an administrator. It is currently unknown if other attacks are possible.
4. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
BugTraq ID: 13873
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13873
Summary:
Multiple vendors are prone to a new class of attack named 'HTTP Request Smuggling'. This class of attack basically revolves around piggybacking a HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, it is demonstrated that this class of attack may result in cache poisoning, cross-site scripting, session hijacking and other attacks.
5. Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability
BugTraq ID: 13878
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13878
Summary:
Kaspersky Anti-Virus for Microsoft Windows 2000 platforms is prone to a privilege escalation vulnerability.
The issue manifests in the Kaspersky kernel driver 'klif.sys'. This issue may ultimately result in the execution of attacker-supplied code in the context of the system kernel (ring-0).
Kaspersky Anti-Virus versions 5.0.227, 5.0.228, and 5.0.335 when running on Microsoft Windows 2000 are reported prone.
6. Pragma TelnetServer Log Obfuscation Vulnerability
BugTraq ID: 13896
Remote: Yes
Date Published: 2005-06-08
Relevant URL: http://www.securityfocus.com/bid/13896
Summary:
Pragma TelnetServer is affected by a log obfuscation vulnerability.
This attack may allow the attacker to obfuscate logs and hide nefarious activities from an administrator. It is currently unknown if other attacks are possible.
Pragma TelnetServer 6.0 is affected by this issue.
7. TCPDump BGP Decoding Routines Denial Of Service Vulnerability
BugTraq ID: 13906
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13906
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Border Gateway Protocol (BGP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed ISIS packets resulting in the software hanging.
8. Invision Power Services Invision Gallery SQL Injection Vulnerability
BugTraq ID: 13907
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13907
Summary:
Invision Gallery is affected by an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Invision Gallery 1.3.0 and prior are vulnerable.
9. FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability
BugTraq ID: 13908
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13908
Summary:
FutureSoft TFTP Server 2000 is prone to a remote denial of service vulnerability. Reports indicate the issue manifests when the TFTP server handles certain types of UDP datagrams.
A remote attacker may exploit this issue to crash the affected service.
10. Invision Community Blog Multiple Input Validation Vulnerabilities
BugTraq ID: 13910
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13910
Summary:
Multiple input validation vulnerabilities reportedly affect Invision Community Blog. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first issue is a cross-site scripting issue and the second set of issues are SQL injection issues.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
11. Microsoft June Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 13923
Remote: Unknown
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13923
Summary:
Microsoft has released advanced notification that they will be releasing ten security bulletins for Windows on June 14, 2005. Eight vulnerabilities will be addressed by these security bulletins.
The maximum severity rating of any of these bulletins is 'Critical'.
12. Macromedia eLicensing Client Activation Code Local Privilege Escalation Vulnerability
BugTraq ID: 13925
Remote: No
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13925
Summary:
The Macromedia installer and eLicensing client for Microsoft Windows platforms install a service 'Macromedia Licensing Service' when installing Macromedia products.
The service is a local service only that runs with SYSTEM privileges. The vendor reports that this service is installed with insecure permissions that allow unprivileged members of the 'Users' group to make changes to the 'Macromedia Licensing Service' configuration. In making said changes a local attacker may leverage this issue to gain SYSTEM level access to a target computer.
13. Novell NetMail Multiple Remote Vulnerabilities
BugTraq ID: 13926
Remote: Yes
Date Published: 2005-06-10
Relevant URL: http://www.securityfocus.com/bid/13926
Summary:
Novell NetMail is susceptible to multiple remote vulnerabilities.
The IMAP agent is susceptible to two remote buffer overflow vulnerabilities, and the Modweb agent is susceptible to a remote buffer overflow vulnerability. These issues allow remote attackers to execute arbitrary machine code in the context of the affected server process.
The Modweb agent is susceptible to two remote denial of service vulnerabilities. These issues allow remote attackers to crash the service, and to consume excessive CPU resources. These issues result in the denial of service to legitimate users.
The Modweb agent is also susceptible to a cross-site scripting vulnerability, allowing attackers to execute arbitrary HTML and script code in unsuspecting users Web browsers in the context of the affected Web site.
This BID will be split into its individual issues at a later date.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. DHCP database
http://www.securityfocus.com/archive/88/402113
2. Scripted Software removal (Encrypting Credentials)
http://www.securityfocus.com/archive/88/402112
3. E-Mail gateway on IIS.
http://www.securityfocus.com/archive/88/402104
4. reconsidering physical security: pod slurping
http://www.securityfocus.com/archive/88/402101
5. Restricting file server to access to domain computers only.
http://www.securityfocus.com/archive/88/401904
6. Kerberos & NTLM Auth in IIS6
http://www.securityfocus.com/archive/88/401853
7. Windows Server 2K Lockdown
http://www.securityfocus.com/archive/88/401825
8. [Q] Beef Up Active Directory
http://www.securityfocus.com/archive/88/401802
9. DEP on Windows XP SP2
http://www.securityfocus.com/archive/88/401688
10. Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?
http://www.securityfocus.com/archive/88/401953
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: WhiteHat Security
Think network security products protect your websites? That's just one of five common misconceptions that can leave your websites open to attack. Download The Five Myths of Web Application Security from WhiteHat Security and get the facts about vulnerability assessment and management for websites. To receive this complimentary white paper, click here:
http://www.securityfocus.com/sponsor/WhiteHat_ms-secnews_050614
[ reply ]