-----BEGIN PGP SIGNED MESSAGE----- At 12:38 PM 7/26/01 -0700, Michael Katz wrote: >I have been unable to find any specific vulnerabilities with >shopper.exe. > >I believe that there are either new unpubished vulnerabilities in >the shopper.exe executable or attackers are looking to exploit the >existing vulnerabilities listed above. > >If you have PDGSoft's Shopping Cart package, be warned. http://www.nipc.gov/warnings/advisories/2001/01-007.htm ADVISORY 01-007 "PDG Shopping Cart Software" Vulnerability Affecting E-Commerce Issued 04/06/2001 Downloading the W32 version of the patch, a new version of shopper.exe is in the archive. To give a little credit where credit is due, AFAIK this was the only time NIPC issued an advisory before a problem was common knowledge by anyone not living in a cave. To what extent there were already victims of the problem is something we'll probably never know. I do wonder if it had anything to do with their investigation that yielded one of their "DOH" advisories: http://www.nipc.gov/warnings/advisories/2001/01-003.htm -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: hacker=cybercriminal the definition has changed; get over it iQCVAwUBO2EYe/GfiIQsciJtAQHUAgQAxiNOcW5vdLNMO9Lp7Tmd0Ngt9SRuP94c 2qWhKavXOUgIj5e3stfIHqtnguuyVn3qoB4AeKDNGWoz1pok2vjcozNl8C0ToFZW fPnkvyymqGW9Vga44dqeR6Cu3opblHuQ74mFubNtlPFseju0erj1CcDDwyE6Hkm9 PNpAV/WVAls= =KEDL -----END PGP SIGNATURE----- -- Regards, David Kennedy CISSP Director of Research Services, TruSecure Corp. http://www.trusecure.com Protect what you connect. Look both ways before crossing the Net. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:23:02 PDT