Neowin.net

Thanks to phluid for telling me about this. :)
The company web site of famed hacker Kevin Mitnick (www.defensivethinking.com) was compromised early last week by a man in Alaska pointing out that the web system had a little known vulnerability. A patch was applied within 2 hours of discovery.

The compromised computer is a public system on a network separate from production systems at Defensive Thinking. No customer information was released nor was in danger of being compromised.

“From the moment we launched we’ve seen a daily, consistent and significantly more complex than average number of network vulnerability attacks coming from almost every country.” said Mitnick

“I suppose if you were a young hacker and wanted to prove your skills, this is the place to go. It reminds me of the movie ‘The Gunfighter.’” he added.

Being such a public target offers an unexpected benefit to customers of Defensive Thinking: all attacks are investigated and cataloged giving the company a unique perspective on current attack methods – many of which are unpublished and unknown by system and software manufacturers.

News source: Defensive Thinking Press Release
View: Defensive Thinking

Changelog:

------------------------------------------
BearShare 4.3.0 Beta 8
------------------------------------------

• [DN] Migrated 4.2.x memory optimizations, bugfixes, and reporting code.
  
• [AK] Code to backup library.dat file on launch so postmortem can be performed if a corruption occurs at any time. Only implemented for beta builds.
  
• [AK] Second phase changes for "watched but not shared folders"
  
• [TJ] New old search UI.
  
• [RS] Search View displays Path where peer is sharing file if peer broadcasts path.
  
• [RS] Ed2K info in Details pane.
  
• [DN] Added Fixed-length record support and optimizations to DObjHeap objects
  
• [DN] Optimized AltLoc Mesh to use fixed-sized DObjHeap optimizations
  
• [AM] Downloads that fail the hash test change status from Validating to Unverified
  
• [AM] Unverified Downloads cancel themselves, deleting the .dat file from Temp
  
• [VF] IP address sanity checking is more lenient: We no longer require addresses to follow Class ABC subnet conventions, allowing classless CIDR addressing.
  
• [AM] Download default block size raised from 64KB to 256KB (min still 8KB)
  
• [MS] Removed 24kbps requirement for dynamic upload slots while in Maximize Bandwidth per slot mode.
  
• [AM] Better Host Console output when user-initiated outbound connections fail
  
• [AM] Change in Alt Loc forwarding policy from Downloads to servers: instead of forwarding all Alt Locs that haven't tested bad (including those that haven't been tested), we now forward only those Alt Locs that have tested good (transferred at least 256 bytes, or resulted in Queued or Busy status).
  
• [AM] Reduced max transferring Download streams to 18 for Win95/98/ME (we still open a max of 48 Active streams)
  
• [AM] FIXED Download stream limits (in Setup) were being clipped to the internal Active stream max instead of to the internal Transferring stream max
  
• [MS] FIXED bug that caused a host conection to get dropped in prior to a manual connection being established. Host accounting now takes place when the host connection goes into Gnutella messaging instead of during handshakeing.
  
• [MS] Implemented first phase of support for high out degree network. Ultrapeers can be configured for up to 30 peer connections, and max TTL on queries is now 4.
  
• [MS] Implemented dynamic querying for the host and on behalf of ultrapeer leaves. Dynamic querying works hand in hand with high out-degree support by first sending probe queries down 3 random peers with a TTL of 2, counting results and then sequentially querying a different peer every 5 seconds until a minimum of 200 results are gathered or we run out of peers.