Security Resources

    April 2, 2002

Microsoft has released security bulletin number MS02-015. This is yet another patch “roll-up” for Internet Explorer. This patch is supposed to include all of the previously released patches for IE 5, 5.5, and 6.0 along with a couple of new ones.

This patch is classified as critical by Microsoft and can be found below. In the event that you missed it, a couple of weeks ago we featured an article on SecurityProNews devoted to all of the security bulletins released by Microsoft since the beginning of the year.

I am sure that most of you are familiar with ZDNet, and you are probably familiar with their cable tv channel, TechTV. Well, it seems that TechTV has a security portal featuring the latest news about cracking. (Yes, I know that most of the press use the terms ‘hacking’ and ‘hacker’, but that is incorrect. Hacking is not about attacking and intrusions, it is about a quest for knowledge. ‘Cracking’ and ‘crackers’, on the other hand, are the terms that should be used to refer to invasive and destructive types of activities and individuals.) Regardless, if you want to keep up with the latest cracking/hacking headlines, be sure to check out their site.

Another excellent resource for news, exploits (for testing your own systems only!), and updates is AstaLaVista. The AstaLaVista network covers topics including Unix/Linux security, Mac/Apple security, Windows (all shapes and colors) security, Novell security, exploits, anonymity, and much, much more. Be forewarned, many of the links from AstaLaVista have sexually explicit content; if you are easily offended, please don’t go there. Otherwise there is a plethora of information available. The main reason that I mention this site is that this is a site frequented by script kiddies, so if you want to perform any type of penetration testing on your network, this may be a good place to start. Even if you do nothing but browse the forums, you will learn something new.

Have you received an email virus that you are trying to identify or remove from your machine? I have to admit that those guys over at Symantec really have it going on in this department. There are lists of the latest warnings, removal tools, virus updates (if you use Norton’s Antivirus) and more. In fact, before you forward some “help this person- forward to everyone you know” or “this person is missing- forward to everyone you know” email, be sure to check out the hoaxes section. This page is an invaluable resource for System Administrators.

Ultimately, one on the best security resources on the internet is CERT (Computer Emergency Response Team). Sponsored by Carnegie Melon, CERT has the most up-to-date advisories on the web. There are resources here for everyone, from beginner to expert. This should be one of your first stops when you are looking for information.

Jay Fougere is the IT manager for the iEntry network. He also writes occasional articles. If you have any IT questions, please direct them to