[linux-elitists] Another opportunity to overload deCSS

Heather star@betelgeuse.starshine.org
Fri Mar 17 10:30:50 PST 2000


This is a regular security announce list I'm on, I figured you folks would
enjoy the indulgence in 3LA-itis.

-* Heather Stern -*- Use of MSwin systems might be considered a security risk
                     because you can't secure that they'll even stay working.

----- Forwarded message from The SANS Institute -----

X-Envelope-From: sans@sans.org
From: The SANS Institute <sans@sans.org>
Subject: NWC/SANS SAC Newsletter #36

To: Heather Stern (SD107773)
Re: Your personalized Security Alert Consensus

                       -- Security Alert Consensus --

                              Number 036 (00.12)

                            Friday, March 17, 2000

                              Created for you by
                  Network Computing and the SANS Institute

-------- sponsor ad zapped ---------------------------------------------

Welcome to the latest edition of Security Alert Consensus.  If you have
any problems or questions, please e-mail us at <consensus@nwc.com>.

Headlines:

* Many more reports of applications "vulnerable to CSS (cross-site
  scripting)" have appeared this week. The gist of the problem is that
  JavaScript can be embedded practically anywhere -- e-mail, Web page,
  HTML reports, etc. The possibilities are endless, and therefore we
  will not keep reporting the individual applications that allow for a
  CSS style attack. If you want to be secure, disable JavaScript/active
  scripting on the client. More information on CSS can be found at
  http://www.cert.org/advisories/CA-2000-02.html

* The Apache Group has officially announced the release of Apache 2.0
  alpha. http://archives.neohapsis.com/archives/apache/2000/0004.html

* Sendmail version 8.10.0 has been released, and it includes more UCE
  (spam) filtering and control.
  http://archives.neohapsis.com/archives/sendmail/2000-q1/0001.html

[snip]




More information about the linux-elitists mailing list