> What I’m wondering is whether such a token would have any value at all.
> Why should a piece of paper with "Camp Scrip Token" printed on it be
> worth anything?

Initially the tokens aren’t worth anything. People have nothing to
back a currency with, so initially the currency…

http://www.varbusiness.com/sections/news/breakingnews.jhtml?articleId=193402614

AKA http://tinyurl.com/y5yjly

has a story about compromised computers costing money. A
look at http://www.e-gold.com/security.html is free!
JMR

—

Hello All.

In reference to our earlier post regarding Sell Order Rate Change.

Our sell order fee has been DECREASED from 3% back to 2% or $5 whichever is the greater.

Fee change is effective immediately.

All sell orders are being processed in usual time (within 12 hours) and of course all buy orders are being completed straight away once they have been received.

Admin
TheGoldShop.biz
http://www.thegoldshop.biz/

Hello All.

Our sell order fee has been increased from 2% to 3% or $5 whichever is the greater.

As there is so much e-gold on the market right now (many sellers as the gold price moves upwards) we have had to increase our sell order fee - effective immediately.

All sell orders are being processed in usual time (within 12 hours) and of course all buy orders are being completed straight away once they have been received.

Admin
TheGoldShop.biz
http://www.thegoldshop.biz/

Revision Note: Advisory Published. Advisory Summary:Microsoft is releasing this security advisory to inform customers about an update that enables Wi-Fi Protected Access 2 (WPA2) support for Wireless network Group Policy settings in Windows XP Service Pack 2. This update is being released to provide parity between Windows XP Service Pack 2 (before a broad release vehicle, like a service pack, is released) and the upcoming release of Windows Server 2003 Service Pack 2. With this update, customers can create Wireless network Group Policy settings to simultaneously manage WPA2 on systems running Windows XP Service Pack 2 and for any versions of Windows targeted by the upcoming Windows Server 2003 Service Pack 2. Also included in this update are Wireless client behavior changes for non-broadcast and ad-hoc networks. These defense-in-depth changes are intended to help prevent systems from connecting to networks other than those a user intends to connect to. The reason these defense-in-depth changes are included in this update in addition to the WPA2 support for Wireless network Group Policy is to provide parity between the two Windows versions. This makes it possible to manage WPA2 settings for wireless clients on different Windows versions using the same Wireless Group Policy. These defense-in-depth changes will be included in Windows 2003 Service Pack 2 as part of the same WPA2 support for Wireless network Group Policy settings. For more information about the upcoming Windows 2003 Service Pack 2 see the Windows Service Pack Road Map. The broad release vehicle is still considered to be a service pack for Windows XP for the defense-in-depth changes included in update 917021.

Hello All.

We had some server software problems over the last few hours. The problem has been fixed and everything is back to normal again.

Sorry for any inconvenience caused.

Admin
TheGoldShop.biz
http://www.thegoldshop.biz

Recently, we have seen a trend in Trojan horse programs exploiting popular desktop applications. The applications that have been exploited have included Microsoft Word, Excel, Powerpoint, and JustSystem’s Ichitaro. Now, we have uncovered a Trojan horse exploiting a vulnerability in WinRar—software which may not be quite as well known as those examples I have just mentioned.

Symantec Security Response has confirmed that Trojan.Radropper exploits the RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability. This vulnerability was first made public in July of this year and has subsequently been fixed. The current version of WinRAR (version 3.61) does not contain this vulnerability.

The attack was email based and was executed when an email with a RAR archive attachment was sent to a user. Once the archive was opened, the RAR file would drop a file, which is detected as Backdoor.Trojan, onto the user’s computer.

This threat is considered a very low risk at this time, due to the fact that it was used in a targeted attack. Additionally, the vulnerability exploited here is not new and a patch is already available. However, if you are using WinRAR, I fully advise you to patch the software as soon as possible.

Companies and home users urged to apply fixes at earliest opportunity.

Lee Lawson submits this work on an excellent Penetration Test structure. This is a must for anyone performing penetration testing!!! …

Gzip should be installed on your Red Hat Linux system, because it is a very commonly used data compression program. The following CVDIDs were addressed: CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4338 CVE-2006-4337…

This month is a busy one, with 10 updates in total, fixing 27 distinct vulnerabilities. Of the 10 updates, seven of them are listed as “Critical” by Microsoft. Interestingly, all seven of them are intended to patch various client-side vulnerabilities—four of them in the Office suite.

Critical bugs:

The patched Office vulnerabilities are all file-format vulnerabilities that will allow an attacker to run the code of their choice on the victim machine, provided a user on that machine opens the malicious file.

There are patches for Powerpoint (MS06-058: BIDs 20322, 20304, 20325, 20226), Excel (MS06-059: BIDs 20391, 18989, 20344, 18872), Word (MS06-060: BIDs 19835, 20387, 20341, 20358), and core Office components (MS06-062: BIDs 20384, 20383, 20382, 20320).

Obviously, all of this month’s Office patches address multiple vulnerabilities. A few of these vulnerabilities were discovered by Symantec, as our antivirus teams investigated actual, real-world attacks and saw that malicious code was already exploiting these previously unpublicized issues. Some of them are new and are being proactively patched by Microsoft before exploits are discovered in the wild. In both cases, the provided patches will probably be quickly reverse-engineered by attackers, and exploits for the vulnerabilities will be added to popular toolkits and will also be used in targeted attacks. For more information on the use of zero-day vulnerabilities in common desktop software, please see my blog entry from July. Also, please see Hon Lau’s excellent entry from September regarding the subject.

Also on the Critical list this month:

MS06-057, BID 19030: “Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability”. This vulnerability was first disclosed in July and can, like the others above, lead to attacker-supplied code running on the target machine. This is an ActiveX vulnerability and can be mitigated by shutting off the relevant control (WebViewFolderIcon, CLSID {844F4806-E8A8-11d2-9652-00C04FC30871}). This would be most likely attacked via a malicious Web site or potentially an HTML email. Multiple exploits are already in circulation.

MS06-061, BIDs 20338 and 20339: XML Vulnerabilities. One of these is rated “Critical” and the other “Important”, making the single patch of critical importance overall. BID 20339, if exploited, can lead to remote code execution, and 20338 can in some circumstances lead to information disclosure via a buffer overflow.

On the “Moderate” list for this month:
MS06-056, BID 20337. This is a fairly standard cross-site scripting bug affecting the .NET platform, with the usual repurcussions if exploited.

MS06-063, BIDs 19215 and
20373. This is a patch to the SMB handling code that fixes one old and one new issue, both leading to potential denial of service attacks against the target system.

MS06-065, BID 20318. This Windows Object Packager vulnerability can be used to misrepresent file types, and in conjunction with a little social engineering, can be used to entice users to open file types that they normally would not.

And finally, on a semi-humorous note, the lone ‘Low’ priority patch for the month: Fixes to some age-old vulnerabilities in almost every TCP/IP implementation are now available for the IPv6 stack on Windows. MS06-064 patches the new stacks against BIDs 10183,
13124, and 13658. Land attack, anyone? Good on Microsoft for thinking to test the new technology against yesterday’s attacks, however.

More details and the bulletins themselves can be viewed at Microsoft’s October Security Bulletin Summary page.

Well, that’s “all” for October—although that’s plenty, thankyouverymuch. It feels a little like Halloween came early, doesn’t it? Get on to your patching, and see you next month!

Read ‘em and weep. Doesn’t matter what it is, how much you spent on it, or what you’ve done it implement it, its outlook is about as good as the Cleveland Browns’ Super Bowl chances. Got your attention? That’s the idea. This type of apocalyptic proclamation has been alive and well in information security over the past few years and never ceases to get its share of eyeballs and chatter. Gartner fired a shot across the bow a while back with the “IDS is dead” statement and similar things are now being said about antivirus. The siren call of these alarmist statements has proven irresistible, but I’ll offer that while they make for catchy headlines, they obscure a more complex, but much more accurate reality. In this spirit, I’ll offer up a couple of alternate headlines that are a lot less captivating, but also do a better job of hitting the mark, in my eyes.

Company faces distribution glitches in issuing “critical” fixes for Windows, Office, among other updates.

U.K. police struggle to contact people whose passwords and credit card details have been stolen.

Company announces products, services and partnerships designed to secure consumers and businesses.

Robert,

> > Space exploration, mega projects, achievement etc. are the
> > results of individual choice and effort not pharonic fiat.
>
> Thousands of people spontaneously united in their voluntary
> quest to build a railroad across America, and then reveled
>…

I landed in Montreal on Sunday morning and immediately began sorting out pictures of my dogs (!) so I could put the finishing touches on my Virus Bulletin presentation. “Everything I Need to Know About Security I Learned from My Dog and a Country Western Song” is not your usual security paper title; in fact, the initial idea evolved as a tongue-in-cheek “what if” mental exercise. However, the more I thought about it, and the more people I talked to about it, the more I realized the idea was worth pursuing to the next level. Somewhere along the way it changed to “two dogs”, I submitted the abstract to Virus Bulletin, it was accepted, and the paper began to take shape.

Virus Bulletin is undoubtedly one of the best opportunities (globally) to meet with the people who use the technologies we design and develop. It is also an excellent place to talk with security-conscious executives about the security products, policies, and programs they have—or wish they had—in their organizations. And, that’s what people do here, year after year after year. While we find ourselves in new places, and while there are new faces on the presentation stage, the songs generally remain the same. Could it be that as much as the world has changed since my first VB in 1994, it has, in some very important ways, stayed the same? Is it possible that we need to be reexamining those things, and reconsidering how that information is passed on to others? After all, if after ten years some of these things haven’t permeated our security cultures to the point we don’t need to repeat them, it could be that we need to adapt the ways we’re trying to get the information across. Or, it could be, as I learned doing some of the research for the paper, that repeating them is even more important than I realized. Not only is repeating them important, it’s how we repeat them that is important. And, that’s where the dogs and the song come in.

Yep - been like it for over 24 hrs - any update JP? (or Dan)
Some silly rumours already starting on the forums…….

Cheers

Andy

—–Original Message—–
From: Patrick Chkoreff
Sent: Tuesday, 10 October 2006 8:52 PM

On 10 Oct 2006, at 11:13, Randall Randall wrote:

> Ethics, morals, and law are three different things with
> different standards. It’s perfectly consistent to declare
> that action A is not ethically permissible and yet, still
> should be legal.

I have pointed this out a…