I just caught this going by in the daily CPAN update. [9.] Security-Test - Performs checks for common Perl insecurities Uploaded: Sep 06, 2001 CPAN id: N/NW/NWETTERS (Nigel Wetters) http://search.cpan.org/search?author=NWETTERS Package: Security-Test-0.01.tar.gz http://search.cpan.org/search?dist=Security-Test-0.01 What this module actually does is contacts a web server upon installation and tells it what the UID that ran the test was (to see if it's root). It does *not* look like there is any malicious intent, just a little overzealous. I've contacted the author and asked him to voluntarily delete this module and discuss the problem with [EMAIL PROTECTED] package Security::Test; # IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT # # READ THIS BEFORE INSTALLING!! # # This module does nothing. # # The test module sends a HTTP request to # http://securitytest.perlfascist.com # which notes the number of attempted installations # and whether installation was performed # with superuser priviledges. The request is # formatted as follows: # GET /YetAnotherFail?uid=$uid HTTP/1.1 # Host: securitytest.perlfascist.com # I will release details of this research # to CPAN maintainers, and maybe later will # post a summary on # http://securitytest.perlfascist.com -- Michael G. Schwern <[EMAIL PROTECTED]> http://www.pobox.com/~schwern/ Perl6 Quality Assurance <[EMAIL PROTECTED]> Kwalitee Is Job One The eye opening delightful morning taste of expired cheese bits in sour milk!