-Caveat Lector- from: http://www.LOpht.com/ <A HREF="http://www.LOpht.com/">L0pht Heavy Industries</A> ----- "That vulnerability is completely theoretical." -- Microsoft L0pht, Making the theoretical practical since 1992. Latest 1998 1997 1996 L0pht Soapbox software L0phtCrack SLINT BCS Archives service Consulting Product Certification T-Shirts! L0phtCrack Palm Pilot POCSAG MDT NFR IDS Wireless Black Crawling Systems Whacked Mac Cybertek Tezcat Pictures IIRG The L0pht BBS Cons FAQ General Contact Press Contact Business Contact Send Us News Webmaster Snail Mail L0pht, the L0pht logo, its likeness, and these pages Copyright © 1999 L0pht Heavy Industries, Inc. All Rights Reserved. Read the legal stuff. L0pht Announces AntiSniff at Black Hat Briefings 7.12.1999 AntiSniff is a new class of proactive security monitoring tool. It has the ability to scan a network and detect whether or not any computers are in promiscuouse mode. This is often a sign that a computer has been compromised. Now administrators and security teams can get a handle on who is watching network traffic at their site. Technical details and a trial version for Windows 95/98/NT/2000 coming very soon. Hacker Think Tank To Unleash Anti-Sniff Tools, NY Times There's a whole lotta sniffin' goin' on Many Government Notes Servers Found to Leak Information 7.07.1999 Many Government Notes servers leak information to anonymous users. L0pht and other security groups were sent information about vulnerable government Notes servers. The anonymous sender was concerned that he or she was not getting any action from the webmasters of the sites. We took a look and saw that it was true. User names, log files, lists of files, and sometimes even private information was accessible all anonymously over the web. The L0pht has written numerous advisories on the subject of anonymous access to Lotus Notes servers. Before deploying any Notes server make sure that all anonymous access is turned off. Counterpane Systems and L0pht Announce Analysis of MS PPTP v2 7.06.1999 Bruce Schneier and Mudge debunked the crypto security of PPTP v1. The system was so flawed that Bruce Schneier called the system "kindergarten cryptography". Now using this free crypto and protocol analysis from some the the best in the in the world Microsoft has attempted to fix PPTP. The short answer is the system is greatly improved but not what you would call an "industrial strength" VPN. Announcment Full Paper New L0pht Announcements for Defcon 6.30.1999 Wired has a story on Back Orifice 2000 and some other product announcements that are slated for DefCon 7 on July 9. They mention that L0pht will be announcing 'AntiSniff' and 'Booty Call'. Hmmm.... wonder what those could be. Wired, Coming Soon: Back Orifice 2000 Army Site Was Warned About Vulnerability 6.30.1999 The latest Army web site to be attacked, www.army.mil, was warned about their Cold Fusion vulnerability 2 months ago. The L0pht even sent the webmaster a personal email about the problem. It appears that the Army only fixed one of the machines in their web farm so the other one remained vulnerable. We never received a response from them. The majority of hackers want sites to be secure. That is why we published the the advisory and even sent personal emails to the webmasters of high profile vulnerable sites. It is too bad that the media usually writes about the few malicious hackers who vandalize sites and not those trying to improve the state of Internet security. MSNBC has the story. They do mention the fact that the Army was warned about the problem whereas all the other media coverage doesn't mention this fact. New L0pht T-Shirts Are Out 6.27.1999 The L0pht T-Shirts will make their first public debut at Defcon 7 in Las Vegas on July 9, 1999. You don't need to go to Las Vegas. You can order one now from us. T-Shirts are black high quality 100% preshrunk cotton Haynes Beefy-T with printing on both sides. Size only in Adult XL. Price is $15 plus $5 Shipping & Handling. I need my L0pht swag! Security Experts Debate Publishing Flaws 6.19.1999 Space Rogue lends his comments to a ZDNet story, Should security flaws be posted? Microsoft is calling eEye irresponsible for posting information about a devestating flaw in one of their products sooner than they would have liked. The focus should be squarely on Microsoft and why there was a problem in the first place. Microsoft, admit your errors. Say that you should have done more testing and move on. Devastating IIS Vulnerability Found 6.14.1999 eEye has discoverd a buffer overflow in IIS 4.0, Microsoft's Web Server, that allows a remote attacker to execute code with SYSTEM privilage. This allows a remote attacker to completely control the system including installing a remote control program such as NetBus or the forthcoming BO2K. eEye did their exploit testing with a modified version of netcat. Microsoft is working feverishly on a fix but until then most IIS servers on the net are vulnerable. Apache and Netscape servers are not vulnerable. Full eEye Advisory Full Working Exploit Wired Article w/comments from Space Rogue Microsoft IIS Security Bulletin with quick fix L0pht on Discovery Channel 6.09.1999 The Discovery Channel is broadcasting a Canadian Broadcasting Company (CBC) documentary, Big Brother, that the L0pht was interviewed for. This piece originally aired in Canada as Witness: No Place to Hide on 04.16.98. The show will air on 06.13.99 at 2PM EST. Space Rogue Interviewed in MSNBC Story 6.03.1999 MSNBC has a story about computer hackers working in the software industry. We can tell you from personal experience that any good network security department has one or more. Any good security product company has several. Most security auditing companies have hackers working for them. Everybody says they don't hire hackers but it just isn't true. Perils of moonlighting as a hacker, MSNBC MORE NEWS... ----- Aloha, He'Ping, Om, Shalom, Salaam. Em Hotep, Peace Be, Omnia Bona Bonis, All My Relations. Adieu, Adios, Aloha. Amen. Roads End Kris DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om