|------------------------------------------|

|- Astalavista Group Security Newsletter -|

|- Issue 11 2 December 2004
-|
|- http://www.astalavista.com
-|
|- security@astalavista.net
-|
|------------------------------------------|
- Table of contents [01] Introduction
[02] Security News
- Online fraud tutorials... from the Secret Service?
- Alleged DDoS kingpin joins most wanted list
- Cisco firewall source code is for sale
- Trojan horse targets mobile phones
- New MyDoom attacks may signal 'Zero Day'
[03] Astalavista Recommends
- PGP 101 - Getting, installing, and using PGP Freeware
- Vtrace 0.1
- Exploit Mitigation Techniques - presentation
- Net Tools 3.1
- AppRecon - applications identification
[04] Site of the month - FutureWar.net
[05] Tool of the month - Vodka-tonic - cryptography-steganography hybrid tool
[06] Paper of the month - Wireless devices vulnerability list
[07] Free Security Consultation
- We have recently found out that sensitive documents were available..
- A network attack was responsible for shutting down..
- It's not that I don't trust the people that I employ, it's the..
[08] Enterprise Security Issues
- Company's best practices on anti-spam prevention
[09] Home Users Security Issues
- How to effectively fight spam - pratical tips
[10] Meet the Security Scene
- Interview with Dave Wreski,
LinuxSecurity.com
[11] Security Sites Review
- Shellcode Archive
- Security-guide.de
- ToolCrypt
- Web-Hack.ru
- TheHacktivist.com
[12] Astalavista needs YOU!
[13] Astalavista.net Advanced Member Portal
[14] Astalavista Banner Contest - 2004
[15] Final Words
01. Introduction
-----------Dear Subscribers,
Welcome to Issue 11 of Astalavista's Security Newsletter! In this edition we hav
e covered the most
significantsecurity events during November;we featured two articles, concerning
both corporate and
home users on how to effectively deal with spam;we also chatted with Dave Wreski
from
LinuxSecurity.com on various emerging security topics.

Astalavista Banner Contest - 2004 is now live, more information is available at:
http://www.astalavista.com/index.php?page=107
Enjoy your time, holidays are coming :)
Astalavista's Security Newsletter is mirrored at:
http://packetstormsecurity.org/groups/astalavista/
If you want to know more about Astalavista.com, visit the following URL:
http://astalavista.com/index.php?page=55
Previous Issues of Astalavista's Security Newsletter can be found at:
http://astalavista.com/index.php?section=newsletter
Editor - Dancho Danchev
dancho@astalavista.net
Proofreader - Yordanka Ilieva
danny@astalavista.net
02. Security News
------------The Security World is a complex one. Every day a new
vulnerability is found, new tools are released, new measures are made up and
implemented etc. In such a sophisticated Scene we have decided to
provide you with the most striking and up-to-date Security News during the
month, a centralized section that contains our personal comments on the
issue discussed. Your comments and suggestions about this section are
welcome at security@astalavista.net
------------[ ONLINE FRAUD TUTORIALS...FROM THE SECRET SERVICE? ]
As a jaunty flourish in its high-profile roundup of fraudsters and forgers last
Thursday, the agency took over Shadowcrew.com, a New Jersey-based online crime b
azaar
that sits at the center of the government's "Operation Firewall" investigation.
Officials locked out the user accounts and swapped in a new front page featuring
a Secret Service
banner, an image of a prison cell, and a list of federal charges against some si
te members.
More information can be found at:
http://securityfocus.com/news/9866
http://www.shadowcrew.com/
Astalavista's comments:
The Secret Service's "deface" of the group's site simply sends out a message to
a very large and
malicious audience, the group's other members, given the fact that the
investigation itself must have taken a great deal of coordination and resources.

I wonder how many groups like this are still active, and how many are to come ha
ving in
mind the rise of phishing and id thefts,?
[ ALLEGED DDOS KINGPIN JOINS MOST WANTED LIST ]
The fugitive Massachusetts businessman charged in the first criminal case to ari
se from an
alleged DDoS-for-hire scheme has appeared on an FBI most wanted list, while the
five men accused
of carrying out his will are headed for federal court.
More information can be found at:
http://securityfocus.com/news/9870
http://www.fbi.gov/mostwant/alert/echouafni.htm
Astalavista's comments:
Why is the government going after such a small fish with green bucks after all probably because of the
good publicy, but this is not the best way to send a message for potential DDoSfor-hire schemes
since the people behind these attacks are still out there, building zombie netwo
rks,
underground economics, DDoS and phishing services on demand.
[ CISCO FIREWALL SOURCE CODE IS FOR SALE ]
A group describing itself as the Source Code Club (SCC) has offered to sell sour
ce code for
Cisco's Pix proprietary security firewall software to any taker for $24,000. In
a note posted on a
Usenet newsgroup, the group also said that it would also make available other, u
nnamed source code to
those who paid.
More information can be found at:
http://nwc.networkingpipeline.com/shared/article/showArticle.jhtml?articleId=512
02557
Astalavista's comments:
Although Cisco have had quite a lot of source code leakeges recently, I doubt wh
ether this is a serious
one, or perhaps the folks behind it are desperately looking for cash. Cisco, as
the world's most
established networking company, should put more efforts into safeguarding its so
urce code.
News reports like these make a mockery of the company's image.
[ TROJAN HORSE TARGETS MOBILE PHONES ]
A new Trojan horse that sends unauthorized spam to mobile phones via sms has bee
n detected by anti-virus
authority Sophos, marking a new trend in the convergence of viruses and mass-mai
l attacks.
The Troj/Delf-HA Trojan horse infects a PC, then downloads instructions on which

spam campaign to
launch from a Russian telecom Web site, according to Gregg Mastoras, senior secu
rity analyst at Sophos.
It can plague owners of cell phones by sending them unsolicited junk text messag
es
over the carrier's network.
More information can be found at:
http://wireless.newsfactor.com/story.xhtml?story_title=Trojan-Horse-Targets-Mobi
le-Phones&story_id=28307
Astalavista's comments:
Welcome to the new borne world of mobile viruses, mobile spam, and with the numb
er of banks doing
banking over mobiles, mobile phishing attacks are soon to appear as well. A coup
le of interesting papers
for you to read on the topic are available at:
http://www.sourceo2.com/NR/rdonlyres/ehunutobhlesv6szirdn2sd4ltxg7vkbhuh2ak4zizn
oe4xgk3ezbsfdxlhi7i76zlsik5ujllbf4tetdzzw7vqajwb/CabirWormInfo.pdf
http://www.astalavista.com/index.php?section=dir&cmd=file&id=2315
http://www.astalavista.com/index.php?section=dir&cmd=file&id=1586
[ NEW MYDOOM ATTACKS MAY SIGNAL 'ZERO DAY' ]
The newest version of the MyDoom worm now circulating suggests to security exper
ts that the much-anticipated
"Zero Day attack" may have arrived. Zero Day refers to an exploit, either a worm
or a virus, that arrives on the
heels of, or even before, the public announcement of a vulnerability in a comput
er system. This new MyDoom appeared
only two days after a security flaw in Windows IE was made public, according to
reports.
More information can be found at:
http://www.pcworld.com/news/article/0,aid,118580,00.asp
Astalavista's comments:
Slaves of the botnets?! Yes we are, the whole industry is. They fill every secur
ity gap,
they make patching pointless, they update and fully load each other whenever a
public or Zero Day exploit is found, thus creating yet another news story
and a couple of thousands new zombies by the time administrators respond.
Further reading:
http://www.columbia.edu/~medina/docs/resnet/medina-resnet2004.pdf
http://www.sfbay-infragard.org/SUMMER2004/Botnets_Botherds-1.pdf
03. Astalavista Recommends
---------------------This section is unique with its idea and the information included within. Its pu
rpose is
to provide you with direct links to various white papers covering many aspects o
f Information Security.

These white papers are defined as a "must read" for everyone interested in deepe
ning his/her
knowledge in the Security field. The section will keep on growing with every new
issue.
Your comments and suggestions about the section are welcome at
security@astalavista.net
" PGP 101 - GETTING, INSTALLING, AND USING PGP FREEWARE "
A tutorial on PGP for the complete beginner, screenshots included as well
http://www.astalavista.com/?section=dir&act=dnd&id=3190
" VTRACE 0.1 "
Tool for visual tracert, shows the geographical location of a certain host
http://www.astalavista.com/?section=dir&act=dnd&id=3187
" EXPLOIT MITIGATION TECHNIQUES - PRESENTATION "
Various exploit mitigation techniques revealed
http://www.astalavista.com/index.php?section=dir&act=dnd&id=3151
" NET TOOLS 3.1 "
Over 70 network/security tools application, recommended!
http://www.astalavista.com/index.php?section=dir&act=dnd&id=3163
" APPRECON - APPLICATIONS IDENTIFICATION "
AppRecon is a small java tool that tries to identify
applications by sending appropriate discovery broadcast packets.
http://www.astalavista.com/?section=dir&act=dnd&id=3214
04. Site of the month
-----------------http://www.futurewar.net/
FutureWar.net is a site dedicated to provide its visitors with quality and exten
sive
information on various information warfare issues.
05. Tool of the month
-----------------Vodka-tonic - cryptography-steganography hybrid tool
Vodka-tonic is a cryptography-steganography hybrid
tool. It a three level security system for paranoid people.
http://www.astalavista.com/index.php?section=dir&act=dnd&id=3181
06. Paper of the month
-------------------

Wireless devices vulnerability list

Info on default settings and related vulnerabilities
http://www.astalavista.com/index.php?section=dir&act=dnd&id=3218
07. Free Security Consultation
-------------------------Have you ever had a Security related question but you
weren't sure where to direct it to? This is what the "Free Security
Consultation" section was created for. Due to the high number of Security-relate
d e-mails we
keep getting on a daily basis, we have decided to initiate a service,
free of charge. Whenever you have a Security related question, you are advised t
o
direct it to us, and within 48 hours you will receive a qualified response from
one
of our Security experts. The questions we consider most interesting and useful
will be published at the section. Neither your e-mail, nor your name will be pre
sent anywhere.
Direct all of your Security questions to security@astalavista.net
Thanks a lot for your interest in this free security service, we are doing our b
est
to respond as soon as possible and provide you with an accurate answer to your q
uestions.
--------Question: Hello, Astalavista. I'm an IT manager for a small U.S based IT solutio
ns company. We have recently
found out that we have had sensitive information leaked out from our webserver t
o Google. By the time
we removed it, there had been numerous downloads of the file. Although it's now
gone from our server, Google
still keeps a cache of it, any thoughts on this issues would be greatly apprecia
ted from you, guys?
--------Answer: Thanks for the email. The power of Google has created an entirely new gr
oup of malicious users - the
google hackers, namely individuals locating sensitive data, exploiting services
and servers with the help of Google.
It will take a while, up to a week and a half based on previous removal procedur
es I took care of; after that the
file will be gone from Google's cache as well. There're a couple of things you c
an do ; keep the file but with wrong
information.Thus you'll be able to misinform or detect competitors trying to loc
ate sensitive data; the most important
thing is to have a word with the person responsible for all web servers, and mak
e him/her take advantage of robots.txt
approaches, so that you can protect your entire web infrastructure, and keep the
sensitive files/directories out of Google.
More info is available at Google's site:
http://www.google.com/remove.html
---------

Question: A network attack of some kind was recently responsible for shutting do
wn the connection between
our branches in two different cities; we weren't able to detect a DDoS attack, n
or was our ISP able to detect anything
unusual. We have started an investigation - any ideas on what happened would be
appreciated?
--------Answer: Thanks for the extensive email and your request for advice on this issue
. From what I've read
it sounds like either an insider had knowledge of critical infrastructure and th
e physical insecurities around it, or an
application level DoS attack simply shut down these vital servers. I would recom
mend you make sure that the servers aren't
compromised by the use of integrity checkers, since you alredy have them in plac
e, and pay attention to a possible insider
treat. I'm sure if you look deeper, you will be able to clarify what happened.
A useful paper on Application level DoS attacks can be found at:
http://www.corsaire.com/white-papers/040405-application-level-dos-attacks.pdf
Another useful article on insiders can be found at:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci906437,00
.html
---------Question: Hi, folks at Astalavista.com. Congratulations on the security resource
you've been providing me with for the past
several years. It helped me achieve a lot in my ITSec career. I wanted to reques
t additional opinion on an issue that has
been bothering me for a very long time. It's not that I don't trust the people
that I employ, I do, since trust is
vital, but how do I protect from insiders, so taht the company does not turn int
o a commercial BigBrother :)
---------Answer: Depends on what you're doing and how sensitive it is. You might need to
turn your enterprise into a
BigBrother to a certain extent. Staff monitoring is a hot and complicated topic
given the different laws and regulations
across the globe. Most of all, staff monitoring should act as an enformecement t
ool when implementing your company's
security policy; otherwise the amount of information gathered could be abused to
a great extent. Your employees aren't
watched, there're just monitored - this is the feeling that your monitoring prog
ram should represent and enforce.
08. Enterprise Security Issues
-------------------------In today's world of high speed communications, of companies completely
relying on the Internet for conducting business and increasing profitability, w
e have
decided that there should be a special section for corporate security, where
advanced and highly interesting topics will be discussed in order to provide
that audience with what they are looking for - knowledge!
- Company's best practices on anti-spam prevention -

Spam represents one of the biggest threats to our business and personal email co
mmunication. Every day
millions of spam messages are sent, a couple of hundred people are lured into th
e ads, several thousand
think they've removed themselves on the mail servers - a certain loss of product
ivity when employees are constantly
bothered by spam. In this issue we have decided to provide company or IT manager
s with practical tips on how to deal
with the problem.
The problems with mail server bandwidth
Given the different sizes of organizations and the publicity of their emails, th
e unecessary flood of
daily spam can cause additional, sometimes above the average bandwidth costs to
an organization. It can contribute to the
certain delays in processing emails as well.
The problems with loss of productivity
The flood of spam targeting your employees can result in significant loss of pro
ductivity; everyone has to
manually go through the spam and delete it. Employees' mode of thinking is that
they believe the company has better
anti-spam filters than the ones they have at their free web based or ISP mail ac
counts; this is why they often use these
emails on public forums etc.
Practices to safeguard the company's infrastructure
- the anti-email exposure policies
Your company has to develop and closely monitor the enforcement of an anti-email
exposure policy, namely
that the company's email accounts shouldn't be used at public www boards, mailin
g lists etc. If enforced successfully, this
might significantly limit the amount of spam towards your mail servers.
- the use of web forms
The use of web forms instead of plain info@example.com emails is strongly recomm
ended. Yes it's very
convinient for a customer to reach you, the same goes out about the spammer as w
ell. Beside all, users don't mind
filling out web forms.
- the use of cost-effective open-source solutions
The Spam Assassin Project (http://spamassassin.apache.org/ ) is one of the most
effective anti-spam approaches I have
used so far, besides developing an effective white listing model. It works perfe
ctly well even on a high
bandwidth server processing thousands of mails daily.
09. Home Users' Security Issues
-------------------------Due to the high number of e-mails we keep getting from novice users, we have dec
ided that it would be a very good
idea to provide them with their very special section, discussing various aspects
of Information Security in an
easily understandable way, while, on the other hand, improve their current level

of knowledge.
- How to effectively fight spam - practical tips How many messages did you got today? I got 14 even though I've thought there's a
spam protection in
place. The truth is that spammers are getting smart - they're not using our own
computers once breached to distribute
spam. Yes this is right - you might be actually sending all that spam to yoursel
f and your friends even without
knowing it. This article will provide you with practical tips on how to deal wit
h spam and avoid the most general mistakes.
How spammers harvest your emails
- from public web forums or places where your email is in plain text like you@ya
hoo.com
- from fake mailing lists and sites created with the idea to gather as much emai
ls as possible
How to protect your email
- have a couple of emails, one for personal reasons, other for business, and yet
another one to give out
for mailing lists and web site submissions, so you can be sure if there're unetc
hical activities behind the site you'll
be able to find that very easily
- Read your email offline. As a large number of spammers no longer require you t
o reply or somehow
interact with the message, once you open it, it sends back a confirmation so you
r email is now known as an active one,
meaning you'll get even more spam.
- Never reply to a spammer or try to manualy remove yourself from the list, simp
ly because this is just
another way to confirm that your email is real and active.
- Whenever posting your email somewhere, make sure it is in the following form,
thus protecting against spam
harvesters: you@yahoo.com would be you AT yahoo DOT com or you [at] yahoo.com.
A recommended article that will give you more details on how to protect yourself
can be downloaded at:
http://www.astalavista.com/?section=dir&act=dnd&id=3194
10. Meet the Security Scene
----------------------In this section you are going to meet famous people, security experts and
all personalities who in some way contribute to the growth of the community.
We hope that you will enjoy these interviews and that you will learn a great dea
l of
useful information through this section. In this issue we have interviewed Dave
Wreski from LinuxSecurity.com
Your comments are welcome at security@astalavista.net
------------------------------------------------

Interview with Dave Wreski,

http://www.linuxsecurity.com/
Astalavista: Dave, tell us something more about your background in the InfoSec
industry and what is LinuxSecurity.com all about?
Dave: I have been a long-time Linux enthusiast, using it before version v1.0
on my 386DX40 home PC, which prompted me to dump Windows shortly thereafter and
I've never looked back.
In early 1993 I began to realize the tremendous value that Linux could bring to
the security issues I was facing.
I found the decisions I was making, with regard to managing computer systems, we
re more and more
based on the impact security had on the data residing on those systems. It's cer
tainly more challenging to
keep the bad guys out than it is the other way round - the bad guys have to only
be right
once, while the good guys have to always make the right decisions. So I created
a
company to help ensure the good guys had the tools necessary to make the most ef
fective options to keep
their networks secure.
The void in comprehensive information on security in the Linux space was the pri
mary reason I started LinuxSecurity.com in
1996. Since then, we have seen millions of visitors make it their primary
information resource. In fact, we're completely revamping the site with new feat
ures, greater functionality and
a whole new look -launching December 1st.
Astalavista: What was the most important trend in the open-source security
scene during the last couple of years,in your opinion?
Dave: Actually, there have been so many that it's difficult to focus on
any one in particular. Certainly, the adoption of open
standards by many vendors and organizations makes it much easier to
communicate between disparate systems securely. The maturity of
the OpenSSH/OpenSSL projects, IPsec, and even packet filtering has
enabled companies, including Guardian Digital, to create solutions to
Internet security issues equal to, or better than,
their proprietary counterparts.
Astalavista: The monopolism of Microsoft in terms of
owning more than 95% of the desktops in the world has resulted in a lot of
debates on how insecure the whole Internet is because of their
insecure software. Whereas my personal opinion is that if Red
Had had 95% of the desktop market, the effect would be the same.
Do you think their software is indeed insecure, or it happens to be
the one most targeted by hackers?
Dave: I think the mass-market Linux vendors try to develop a product
that's going to provide the largest numbers of features, while
sacraficing security in the process. They have to
appeal to the lowest common denominator, and if that means
delivering a particular service that is requested by their
customers, then much of the responsibility of security falls on the
consumer, who may or may not be aware of the implications of not
maintaining a secure system, and in all likelihood, do not possess the
ability to manage the security of their system.

Astalavista: The appearance of Gmail and Google

Desktop had a great impact on the privacy concerns of everyone, however these
expanditures by Google happened to be very successful. Do you think there's real
ly a privacy
concern about Google, their services and privacy policy, and, most importantly,
the future of the
company?
Dave: No, not really. I actually think that most of us
gave up our privacy years ago, and any privacy that remains is
only in perception. There's far more damage that could be done
through things like the United States Patriot Act than there
is through Google reading your general communications. Anyone who
has half a brain and wants to make sure their communications are
not intercepted is using cryptography for electronic
issues.
Astalavista: We've recently seen an enormous increase of phishing attacks, some
of which
are very successful. What caused this in your opinion? What is the way to limit
these from
your point of view?
Dave: Reduce the human factor involvement somehow. Phishing is just the
new "cyber" term for social engineering, which has existed forever.
Through the efforts of Guardian Digital, and other companies
concerned about the privacy and security of their customers' data,
we are making great strides towards user education,
and providing tools for administrators to filter commnications.
Astalavista: Spyware is another major problem that created an industry of compan
ies fighing it,
and while the government is slowly progressing on the issue, the majority of PCs
online
are infected by spyware. Would you, please, share your comments on the topic?
Dave: This issue is different from issues such as phishing because the
end-user is not aware is it occurring. The responsibility here
falls directly on the operating system vendor to produce an
environment where security is maintained. In other words, by
creating software that enables the end-user to better define what
constitutes authorized access, users can develop a situation where
this type of attack does not succeed. In the meantime, application-level securit
y filters and strict
corporate information policies thwart many of these types of attacks.
Astalavista: What do you think will happen in the near future with Linux
vs. Microsoft? Shall we witness more Linux desktops, or entire
countries will be renovating their infrastructure with
Unix-based operating systems?
Dave: We are already seeing a growing trend on an
international level in the migration from Windows operating systems to Linux.
Guardian Digital has implemented several Linux-based solutions for
multi-national and international corporations who recognize the costs and
security risks associated with a Windows system, and if our business
is any indication of the growth potential, I'd say Microsoft
is going to have a real fight on their hands.
Although I'm not too involved in the desktop space

itself, I am completely comfortable with my cobbled-together Linux

desktop, much more than just a few years ago. I think that as more
and more computing tasks become distributed - moved from the
desktop to being powered by a central server - it will become
easier to rely on Linux on the desktop and the growth will continue.
11. Security Sites Review
--------------------The idea of this section is to provide you with reviews of various highly intere
sting
and useful security related web sites. Before we recommend a site, we make sure
that
it provides its visitors with quality and a unique content.
Shellcode Archive
http://www.shellcode.com.ar/
Large shellcode and papers archive
Security-guide.de
http://www.security-guide.de/
A German security related web site, quality content.
ToolCrypt
http://www.toolcrypt.org/
Various crypto and security related tools, a must
visit.
Web-Hack.ru
http://www.web-hack.ru/
A Russian security web site, useful content.
The Hacktivist.com
http://www.thehacktivist.com/
A resource discussing hacktivism and electronic civil
disobedience.
12. Astalavista needs YOU!
--------------------We are looking for authors that would be interested in writing security related
articles for our newsletter, for people's ideas that we will turn into reality w
ith
their help, and for anyone who thinks he/she could contribute to Astalavista
in any way. Below we have summarized various issues that might concern you.

- Write for Astalavista What topics can I write about?

You are encouraged to write on anything related to Security:
General Security
Security Basics
Windows Security
Linux Security
IDS (Intrusion Detection Systems)
Malicious Code
Enterprise Security
Penetration Testing
Wireless Security
Secure programming
What do I get?
Astalavista.com gets more than 200 000 unique visits every day, our Newsletter h
as
more than 22,000 subscribers, so you can imagine what the exposure of your artic
le
and you will be, impressive, isn't it! We will make your work and you popular am
ong the
community!
What are the rules?
Your article has to be UNIQUE and written especially for Astalavista, we are not
interested in republishing articles that have already been distributed somewhere
else.
Where can I see a sample of a contributing article?
http://www.astalavista.com/media/files/malware.txt
Where and how should I send my article?
Direct your articles to security@astalavista.net and
include a link to your article. Once we take a look at it and decide whether is
it
qualified enough to be published, we will contact you within several days, pleas
e be
patient.
Thanks a lot all of you, our future contributors!
13. Astalavista.net Advanced Member Portal Promotion
------------------------------------------------Astalavista.net is a world known and highly respected Security Portal, offering
an enormous database of very well-sorted and categorized Information Security
resources - files, tools, white papers, e-books and many more. At your disposal
are also thousands of working proxies, wargames servers where all the members
try their skills and, most importantly, the daily updates of the portal.
- Over 3.5 GByte of Security Related data, daily updates and always working link
s.

- Access to thousands of anonymous proxies from all over the world, daily update
s
- Security Forums Community where thousands of individuals are ready to share th
eir knowledge and answer
your questions; replies are always received no matter of the question asked.
- Several WarGames servers waiting to be hacked; information between those inter
ested in this activity is
shared through the forums or via personal messages; a growing archive of white
papers containing
info on previous hacks of these servers is available as well.
http://www.astalavista.net/
The Advanced Security Member Portal
14. Astalavista Banner Contest - 2004
----------------------------------Are you good at designing creatives (banners, buttons, wallpapers etc.)?
Would you like to contribute to Astalavista.com with your talent and creativity?
And would you appreciate if we provide the most talented of you with the brand n
ew Astalavista DVD or
a FREE Astalavista.net membership?
All you have to do is simple - participate!
At Astalavista.com we have always valued designers and provided them with the op
portunity to publish
their work at our Gallery section, while rewarding the best creatives with Astal
avista.net memberships.
So far we have had several successful creative contests, namely because we are w
ell aware of the high
number of designers visiting our site.
Enjoy this year's creative contest!
We are looking for the following Astalavista.com and
Astalavista.net related creatives:
- banners
Banners should be in the following size only (468 x 60)
- buttons
Buttons should be in the following size only (88 x 31)
- Prize
The brand new Astalavista DVD, or a free membership to Astalavista.net - Advance
d Security Member Portal
More information is available at:
http://astalavista.com/index.php?page=107
15. Final Words
----------Dear Subscribers,
Thanks for your feedback and participations at our contests, hope you've enjoyed
issue 11.
Thanks for your time, till the next Christmas issue of Astalavista Security News
letter.

Editor - Dancho Danchev

dancho@astalavista.net
Proofreader - Yordanka Ilieva
danny@astalavista.net