Dam! these glasses are giving me a headache!
Feed Your Brain
         The Digital Nomad                            No Porn, Just Clean InfoSec NFO  

A Internet Informational Portal for all types of Digital Wanderers

    This page last updated:  Sunday  032303 0750hr EST            Use 1024x768  resolution

The Digital Nomad Knowledge Base     "FEED YOUR BRAIN"


All Links Links for Network and Computer Security Studies       

All Education Links and Text  for General Network and Computer Studies  

All Newsgroups Links to various News groups, General and Computer and Networking



All Tools Software firewalls, Antivirus, Security/Insecurity tools



All Text Text, and tutorials relating to computer, network, and Internet 



All Resources Quick look-ups of Whois, File types, Country URL

All Intrusion Detection, Firewalls, Loggers All IDS, Firewalls, and loggers

Technical Links to Computer/Network Manufacture/Equipment

All Search Engines Search engines collection, various countries




Rubi-Con 5

The 5th Annual Rubi-Con Hacking Convention is March 28 - 30 2003, in Dearborn, MI 



RC4 2002

Read C0VERTl's story of Rubi-Con Detroit 2002

Choose File type of choice; txt or html below

  rbcn4.txt    rbcn4.htm

More stories of police, k9 dogs, and doom on the Rubi-Con website

covert_one's RC4 Photo Essay HERE










who is c0vertl?



The DN is not even near dead! Yapoo! might have erased a few files, but they didn't kill our brains!

A !Shout out! to all my great friends:

NightSneak, Josh, Talisker, Salz, Mike F., government monkey, K1flywood, Tanvir, Skill2die4, c0ntagion, and all you loyal Digital Wanderers!

Keep the Faith





















Webmasters and supporters of The Digital Nomad, The Digital Nomad BannerHERE is the banner for this website, Thank you for your support!


covert_one@ziplip.com - Webmaster - All Rights Reserved  2000 - 2004  Not Responsible for use/misuse of information found on this website




Click HERE!



Your Right to Information                   ReWrite The Digital Millenium Copyright Act!     


IE__Get IE Here_IE

























Digital Nomad News   THIS WEEK 
Iraq still online

By Brian McWilliams

Since the U.S. military moved into the "shock and awe" phase of its campaign early Friday, Web surfers have encountered intermittent problems reaching Uruklink.net, the Iraq government's main Web site. But those access difficulties are apparently due to a surge of Internet visitors, along with some untimely technical changes, rather than to damage from the bombing or a government shutdown. In fact, on Thursday, following the start of the U.S.-led attack, traffic to Uruklink.net hit a record. According to a counter at the site's home page, over 14,200 people visited March 20, making it the busiest day at the site. Uruklink.net currently displays a computer-generated date of March 21, 2003. Atop the home page are prominent links to streaming video versions of last month's interview between Hussein and CBS News anchor Dan Rather. The heavy shelling of Baghdad has apparently not yet affected Iraq's primary e-mail servers, mail.uruklink.net and mail.warkaa.net. Both systems were still responding to network queries late Friday EST. The Web site of Iraq's Satellite TV channel was also still online. For reasons not apparent, the administrators of Iraq's network changed the Internet protocol (IP) address of Uruklink.net and a couple of the country's other primary Web sites on Thursday. Meanwhile, one of Iraq's domain name servers -- the systems that route traffic to the appropriate destination -- appears to be offline. As a result, the Iraqi sites' ability to handle the increased traffic is hobbled.Internet traffic to and from Iraq's Web sites and e-mail systems is carried primarily by satellite links provided by Atlanta International Teleport of Georgia and Satellite Media Services of England.

Similarly, the home page of Iraq's BabilOnline newspaper, operated by Saddam Hussein's son Uday, set a traffic record Thursday. A counter on the site's home page racked up over 1,000 visits, twice its average. - Uruklink.net




Survey: Security is a people, not technology, problem

A survey released today by the Computing Technology Industry Association showed that nearly two-thirds of reported security breaches were primarily the result of human error.Both industry and government officials stressed the need for more education and certification of IT professionals, especially in security. But calling for education is one thing and paying for it is another, the speakers said.



Homeland Security warns about systems threats as war looms

The Homeland Security Department today reminded Internet users to be vigilant for cyberattacks in light of President Bush’s ultimatum last night to Iraqi President Saddam Hussein. The department and other federal agencies are monitoring “the Internet for signs of a potential terrorist attack, cyberterrorism, hacking and state-sponsored information warfare,” a Homeland Security statement said. “Industry and public Internet users are reminded of the importance of employing sound security practices and reporting unusual activity or intrusion attempts to DHS or local law enforcement.”








US Army attacked via new Windows flaw

08:43 Tuesday 18th March 2003
Robert Lemos, CNET News.com

Microsoft warned customers on Monday that a security hole in Windows 2000 and the company's Web server software is allowing online attackers to take control of corporate servers.

The flaw, known as a buffer overflow, is in a component of the software that handles the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol in Microsoft's Internet Information Server (IIS). A specially formatted Web request to the WebDAV component can overflow the memory allocated to such requests and cause another, malicious program to be run instead. The technique can be used to take control of the server.

The flaw affects only IIS 5.0 on Windows 2000 servers.

www.fcw.com/fcw/articles/2003/0317/web-hack-03-18-03.asp microsoft.com/technet/treeview//security/bulletin/MS03-007.asp


Microsoft warns of exploit in Windows 2000, IIS

By Paul Roberts
IDG News Service

WebDAV is a set of extensions to HTTP that allows users to edit and manage files on remote Web servers.

Attacks could come in the form of malformed WebDAV requests to a machine running IIS version 5.0. Because WebDAV requests typically use the same port as other Web traffic (Port 80), attackers would only need to be able to establish a connection with the Web server to exploit the vulnerability, Microsoft said. Machines running the Windows NT and Windows XP operating systems are not vulnerable, according to Microsoft.

Adding to the danger of the new vulnerability is the fact that many administrators may not know that they have the WebDAV serbicve enabled on their ISS server, Hameroff said. The service is enabled by default on ISS 5, according to Hameroff



5 Network Vuln scanners tested

InfoSecurityMag tests these network vulnerability scanners:

Internet Security Systems' Internet Scanner 6.21
eEye Digital Security's Retina 4.9
Symantec's NetRecon 3.5
Nessus1.2.6 and NessusWX1.4.2

Read the results and get tips on scanning today's NOS here:



Tricky Windows worm poses as game

By John Leyden  14/03/2003 at 14:00 GMT

A new email-aware worm, Bibrog-B, poses as a computer game in an attempt to dupe users.
The worm, which is spreading (modestly) by email and through file sharing networks, is more subtle and devious than most Windows worms. Its payload contains not just malicious code but a shooting game too.
When users infect themselves via a virus they might notice something is wrong with their PC. The game component of Bibrog-B masks its true purposes.
While the shooting game is running, the worm is copying itself across the user's hard drive and preparing to forward itself to all contacts in the Outlook address book, or via file-sharing networks.
In a particularly devious twist the worm makes changes to an infected user's Internet browser so that it can display fake versions of genuine Web sites such as Hotmail, Citibank, MSN and Yahoo. Security firms believe this is an attempt to steal usernames and passwords.
"Many people assume a virus that destroys data is as bad as it gets. However, a virus which can swipe confidential details such as account information is a much greater potential danger," said Graham Cluley, senior technology consultant for Sophos Anti-Virus.
The payload of the worm comes in the form of an executable attachment. Blocking such attachments in email, which have little or no legitimate use, is probably the simplest and most effective way to guard against Bibrog and other similar viruses
More details of the Bibrog worm are available here.



Code Red II Variant on the Prowl GRRRR!

By Dennis Fisher March 11, 2003

Security experts are watching a new variant of the Code Red II worm that began appearing on some monitoring networks Tuesday. The worm is nearly identical to its ancestor, save for a modified drop-dead date that is now several thousand years in the future. Known as Code Red.F, the worm uses the same infection method as the previous versions, attacking Web servers running Microsoft Corp.'s IIS software. The worm so far has infected only a few machines, and because most administrators patched their servers after the initial Code Red outbreak in 2001, it is unlikely to spread extensively, experts say. All of the Code Red worms exploit an unchecked buffer in the Index Server in the IIS software. They then spread by infecting one machine and then scanning a list of random IP addresses and attempting to connect to port 80.






Windows broadband users targeted by attackers

By David Legard

IDG News Service, 03/12/03

The CERT Coordination Center security organization based at Carnegie Mellon University said Tuesday it has seen an increase in exploitation of weak administrator passwords on systems running Microsoft's Windows 2000 or Windows XP operating systems.

Attacks are being particularly - though not exclusively - targeted at home broadband users running those operating systems, according to CERT/CC. The weakness specifically refers to nonexistent or easily discovered passwords on Server Message Block (SMB) file shares, with thousands of systems being compromised in this way, CERT/CC said in an advisory.

Windows uses the SMB protocol to share files and printer resources with other computers. The two versions of the operating system referred to in the CERT bulletin transfer information via TCP/IP. These systems are vulnerable to attacks using tools such as W32/Deloder, GT-bot, sdbot, and W32/Slackor. Older operating systems which share SMB information differently are not vulnerable, according to CERT/CC.

According to CERT/CC, attackers who gain access in this way could:

• Exercise remote control.

• Expose confidential data.

• Install other malicious software.

• Change or delete files.

• Install or support tools for use in distributed denial-of-service attacks against other computers.




Deloder worm targets weak passwords

By Paul Roberts

IDG News Service


A new worm on the Internet targets computers running the Microsoft Windows operating system, using easy-to-guess passwords for the Administrator account, according to alerts posted by a number of antivirus companies.  The worm attempts to connect to other computers on a network through TCP port 445, randomly generating IP addresses to locate vulnerable machines. Port 445 is used to access shared files on Windows machines with the Server Message Block protocol. When a vulnerable Windows machine is located, the worm attempts to log on to the machine's Administrator account by trying 50 likely passwords such as "admin," "password," "12345," and "administrator," F-Secure said. If the worm succeeds in breaking the Administrator account password, it places copies of a backdoor, (trojan) program known as "inst.exe" in several locations on the infected machine and copies itself as Dvldr32.exe