HNS Newsletter Issue 93 - 24.12.2001 http://net-security.org http://security-db.com This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured products 5) Featured articles 6) Security software ======================================================== Sponsored by GFI, the developers of a revolutionary new intrusion detection product - LANguard Security Event Log Monitor. Download your copy! http://www.net-security.org/cgi-bin/ads/ads.pl?banner=gfitxt ======================================================== General security news --------------------- ---------------------------------------------------------------------------- UNDERSTANDING ROOTKITS A rootkit is a collection of tools an intruder brings along to a victim computer after gaining initial access. The main purpose of a rootkit is to allow intruders to come back to the compromised system later and access it without being detected. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://linux.oreillynet.com/pub/a/linux/2001/12/14/rootkit.html SECURITY HOLES IN BIG BOXES The history of IT is full of stories of security flaws in systems, especially those of machines running Windows. However, today comes news of holes in the operating systems of much bigger boxes, namely those of Sun Microsystems and Big Blue. Link: http://www.it-director.com/article.php?id=2430 IDS USERS SWAMPED WITH FALSE ALERTS The number of redundant alarms and false positives generated by Intrusion Detection Systems has come under fire from users attending an 'ABCs of IDS' event at London's City University. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/55/23420.html AN ALLIANCE TO TACKLE HACKERS, VIRUSES AND VULNERABILITIES The Security Alliance for Internet and New Technologies (Saint) aims to share information on vulnerabilities and new attacks by hackers, and come up with fixes. Saint will cost around L600,000 a year to run, and will be funded by the industry along with founder members, each of which will make a L5000 contribution. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1127789 FED ADOPTION OF ENCRYPTION STANDARD MAY SPREAD SLOWLY The federal government's decision to adopt the Advanced Encryption Standard (AES) for securing sensitive information will not happen overnight. Technology standards bodies representing industries such as financial services and banking need to approve AES as well, and that will take time. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerworld.com/itresources/rcstory/0,4167,STO66662_KEY73,00.html FBI WANTS ACCESS TO WORM'S PILFERED DATA The FBI is asking for access to a massive database that contains the private communications and passwords of the victims of the Badtrans worm. MonkeyBrains, a San Francisco based independent ISP, was not intimidated, instead they made part of the database available to everyone. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.dailyrotten.com/articles/archive/189387.html JUNK E-MAIL EXPECTED TO RISE IN 2002 Driven in part by anthrax scares, analysts say, e-mail volume will likely grow 45 percent next year, up from recent annual growth rates of 40 percent. A lot of it is junk. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/internet/12/17/e.mail.management.ap/index.html REVIEW: ENGARDE SECURE LINUX 1.0.1 Walter Arellano writes: "We tested this software on a bare-bones PC and found it very simple to set up and use. It's a great value for those looking for a fully functional Internet server that can run on old or inexpensive hardware." Link: http://www.8wire.com/articles/?aid=2350 RSA BEEFS UP WIRELESS SECURITY RSA Security will announce a new technology designed to improve the security of wireless networks used within buildings and protect them from so-called "drive-by hacks." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,5100771,00.html SOCIAL ENGINEERING FUNDAMENTALS Social engineering is the technique of circumventing technological security measures by manipulating people to disclose crucial authentication information. In this article, Sarah Granger begins a two-part look at social engineering, including a look at motives, different techniques, and some accounts of successful attacks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/infocus/1527 AMERICAN EXPRESS OWNS UP TO SECURITY BLOOMER Amex offers cardholders the chance to win a luxury holiday to the Cayman Islands. All customers have to do is input their details - including their credit card number - on a simple web form, print it off and pop it in the post. The form contains no SSL and caches the data, leaving users of shared machines, or in office environments, vulnerable to someone hitting the 'back' button on the browser to reveal all. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.silicon.com/a50000 ID BADGES GET SMART Some companies are replacing ID badges with smart cards for higher security. But interoperability and storage issues could become stumbling blocks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.informationweek.com/story/IWK20011213S0006 AN ID CHIP PLANTED IN YOUR BODY? A New Jersey surgeon has embedded under his skin tiny computer chips that can automatically transmit personal information to a scanner, a technology that his employer hopes will someday be widely used as a way to identify people. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.washingtonpost.com/wp-dyn/articles/A62663-2001Dec18.html WARNING OF MALICIOUS E-CARDS "Just be vigilant," said Andrew Armstrong, general manager of anti-virus firm Trend Micro, "because you'll be getting e-mails with Christmas cards in or with attachments, and they could potentially be a virus. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.bbc.co.uk/hi/english/sci/tech/newsid_1709000/1709077.stm NETWORK INTRUSION DETECTION SIGNATURES, PART 1 This is the first in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article we will discuss the basics of network IDS signatures and then take a closer look at signatures that focus on IP, TCP, UDP and ICMP header values. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/infocus/1524 SIRCAM WORMS ITS WAY TO NUMBER ONE A dramatic increase in the number of virus-infected emails in UK businesses was recorded during 2001 with the most evil being SirCam, according to two surveys released this week. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://pcw.vnunet.com/News/1127834 WIRELESS SECURITY ISN'T SECURE You would have to be living in a cave not to have heard about the problems with wireless security for networking. Even as more organizations take advantage of wireless networking, we hear about "war driving" and that the security features were poorly designed. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.spirit.com/Network/net1001.html THE FIRST LINE OF DEFENSE IS A GOOD ANTI-VIRUS PROGRAM A virus is simply a tiny computer program. Instead of helping you write a report or send an e-mail, it is almost always used to create mischief inside your computer. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsfactor.com/perl/story/15416.html REEEZAK WORM OFFERS HOLIDAY JEERS A new mass-mailer worm that offers New Year's greetings and what appears to be a Christmas-related animation, but actually tries to delete large portions of the Windows OS, is reported spreading in Europe. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.pcworld.com/news/article/0,aid,76664,00.asp STEGANOGRAPHY, NEXT GENERATION A new steganography-based technique hides barcodes inside pictures and could help create forgery-proof identity documents. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/conflict/0,2100,49213,00.html FIGHT AGAINST CHILD ABUSE GOES HIGH-TECH Per-Eric Astrom, manager of an anti-child pornography hotline, busted Sweden's biggest online child pornography ring. He is one of a growing band of "infiltrators" who use the latest technology to combat computer savvy child abusers on their own turf. But the new technology has proved both a blessing and a curse. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/internet/12/19/children.sex.internet.reut/index.html WANT BETTER WORKPLACE SECURITY? An established company moves into a downtown high-rise and a few months later discovers that many of its secrets are going public. How is that possible? Its networks are locked down. Its employees use passwords, and are given security clearances. So what's the problem? Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/anchordesk/stories/story/0,10738,2833569,00.html WHEELS TURNING WITH SECRET KEYS The E-government unit of the State Services Commission has opted for an open PKI standard it hopes will lead to rapid adoption of encryption technology by Government agencies. Link: http://www.nzherald.co.nz/storydisplay.cfm?storyID=333465 THE LINUX WEB SERVER CD BOOKSHELF, VERSION 1.0 The CD Bookshelf is a must-have compilation for anyone running a Web server. Regardless of which Linux flavor you run, you'll find something in this bundle that will make you wonder how you ever lived without it. Link: http://www.unixreview.com/documents/s=1781/urm0112h/0112h.htm AUSTRALIA PUSHES FOR E-MAIL INTERCEPTION New counter-terrorism measures pushed by a government "run out of control" will see more Australian agencies able to intercept e-mails for routine investigations, according to civil liberties group Electronic Frontiers of Australia. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2833525,00.html IS DISTRIBUTED COMPUTING A CRIME? A computer network administrator faces multiple felony charges and years in a Georgia prison for allegedly installing Distributed.net clients without permission from his boss. Prosecutors say its justice, others aren't so sure. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/300 LUKAWINSKY SENTENCED Markus P. Lukawinsky was sentenced to 12 months in prison, to be followed by three years' supervised release. He was inidicted for stealing computer equipment and "hacking" computer systems of Mars & Co. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.usdoj.gov/criminal/cybercrime/LukawinskySent.htm THE LITTLEST SECURITY PRO A teenaged computer prodigy in India becomes the youngest CISSP in the certification's twelve-year history. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/301 PORNO PAYMASTER CCBILL HACKED HARD Porn site billing processor CCBill has somehow managed to leak the server passwords of well over a thousand of its clients, whose systems have since been infected by IRC bots listening on port 9872 for whatever commands their owner wishes to issue. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/23482.html DETECTING THE SOFTWARE SWITCHEROO It may be the next big thing in Trojan horse attacks: swapping bad code for good code in transit. Fortunately, there's a defense. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityfocus.com/columnists/48 RUSSIAN HACKER HAS A PARTY Geeks, hackers and cyber-rights activists gathered to celebrate the government's decision to drop criminal charges against Dmitri Sklyarov, the Russian programmer who had been accused of violating the Digital Millennium Copyright Act. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,49272,00.html IMPLEMENTING ROW LEVEL SECURITY IN SQL SERVER This article explains how to implement row level security/permissions in SQL Server databases effectively. It also provides scripts to demonstrate a working setup. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://vyaskn.tripod.com/row_level_security_in_sql_server_databases.htm IBM LEADS THE WAY IN MOBILE SECURITY Big Blue's entrance into mobile security signals serious industry interest in facilitating secure mobile infrastructures for m-commerce transactions. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.mcommercetimes.com/Solutions/198 SHOHO OUTBREAK Yet another worm has cleverly taken advantage of a well-publicized and already patched vulnerability in IE by offering an e-mail message that sounds legitimate to frequent Internet users. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2834295,00.html REASSURANCE NEEDED FOR XP SOFTWARE PATCH FBI and Defense Department officials and some top industry experts sought reassurance Friday from Microsoft Corp. that a free software fix it offered will prevent hackers from attacking major flaws discovered in the latest version of Windows. Link: http://www.nandotimes.com/technology/story/200327p-1944436c.html IE HTTPS CERTIFICATE ATTACK The e-matters security team has discovered a serious security flaw in the Microsoft Internet Explorer that allows an attacker to perform a SSL man in the middle attack without any certificate warning." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://security.e-matters.de/advisories/012001.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- MICROSOFT INTERNET EXPLORER 6 CAN READ LOCAL FILES There is a bug in the Microsoft.XMLHTTP component shipped with IE 6 which allows reading and sending local files. This component doesn't handle http redirects to local files properly In order for this exploit to work the file name must be known. Link: http://www.net-security.org/text/bugs/1008592099,96560,.shtml HP-UX SETUID RLPDAEMON PROBLEMS /usr/sbin/rlpdaemon in HP-UX is setuid root. Switches include "-l" to enable logging and "-L /some/thing" to select a logfile other than the default. When run by a non-root user it can create/append a logfile owned by root. With a little care (and a copy of RFC1179) a local user can supply data to add to files he chooses and thereby get root. The victim doesn't actually need to have any printers configured. Link: http://www.net-security.org/text/bugs/1008592172,32008,.shtml FTP "NETWORK PLACE" REVEALS CACHED PASSWORD When a "Network Place" has been added to "My Network Places" with a saved username and password it is possible to get Explorer to display the password in cleartext format by altering the path in the address bar. Link: http://www.net-security.org/text/bugs/1008593813,70204,.shtml ATPHTTPD 0.4 DOS VULNERABILITY ATPhttpd, the tiny, caching, high performance webserver. ATPhttpd is ideal for serving lots of static content, especially where disk I/O is expensive, such as NFS mounted web shares, or graphics servers. Link: http://www.net-security.org/text/bugs/1008593884,44455,.shtml DANGEROUS INFORMATION IN CENTRAONE LOG FILES Centra is a Web-based product designed to facilitate e-learning and collaboration. By default, when the application is launched, several log files are created within one of the application's sub-directories. These log files are not protected and contain sensitive information about the user, his/her machine and the connected network; including the proxy server name, port, exception list and a base64 encoded username / password string. Base64 is not an encryption method and it is, therefore, trivial to decode the clear text username and password. Link: http://www.net-security.org/text/bugs/1008674049,93766,.shtml SGI - BUFFER OVERFLOW IN SYSTEM V DERIVED LOGIN login is a program that local and remote connection mechanisms often invoke to facilitate logging into a Unix system. A vulnerability has been discovered in the login program for many System V-derived Unix implementations that allows unauthorized root access. Link: http://www.net-security.org/text/bugs/1008674193,54800,.shtml HOT KEYS PERMISSIONS BYPASS UNDER XP Hot keys" allow non-administrative users to execute Administrator owned applications which are not usually accessible to them. Link: http://www.net-security.org/text/bugs/1008674285,6954,.shtml NOVELL GROUPWISE SERVLET GATEWAY DEFAULT USER/PASS A default username and password exists that controls the servlet manager. The servlet manager allows the configuration of the servlets to be loaded, reloaded or unloaded. This is more of an annoyance than a exploit. The ability to control and unload servlets allows an attacker to deny web based services to users. This will prevent users from accessing mail or other servlet based resources. Link: http://www.net-security.org/text/bugs/1008674570,81687,.shtml FTPXQ DEFAULT INSTALL READ/WRITE CAPABILITIES Upon default setup through anonymous and through the user name and pass of test you have read/write capabilities to drive c: Link: http://www.net-security.org/text/bugs/1008770522,20885,.shtml PROFTPD - PROBLEMS IN FILE GLOBBING A problem in handling file globbing exists in the current version of ProFTPD 1.2.4 (but it’s fixed in the Candidate version: 1.2.5rc1). This is very similar to the wu-ftpd bug (“ls ~{”) and occurs when you issue the command: ls /////////// (11 or more ‘/’). Link: http://www.net-security.org/text/bugs/1008853362,13338,.shtml MULTIPLE VULNERABILITIES IN MICROSOFT SQL SERVER This advisory describes multiple vulnerabilities in Microsoft SQL Server 7.0 and 2000 that allow an attacker to run arbitrary code on the SQL Server in the context of the account that SQL Server is running under (normally an administrator). Link: http://www.net-security.org/text/bugs/1008952369,35309,.shtml BUFFER OVERFLOW IN UPNP SERVICE ON MS WINDOWS Vulnerabilities in software included by default on Microsoft Windows XP, and optionally on Windows ME and Windows 98, may allow an intruder to execute arbitrary code on vulnerable systems, to launch denial-of-service attacks against vulnerable systems, or to use vulnerable systems to launch DoS attacks against third-party systems. Link: http://www.net-security.org/text/bugs/1008952506,84752,.shtml BUFFER OVERFLOW IN ORACLE 9IAS The web service with Oracle 9iAS is powered by Apache and provides many application environmentswith which to offer services from the site. These include SOAP, PL/SQL, XSQL and JSP. Two security issues exists in the PL/SQL Apache module - one a buffer overrun vulnerability and the second a directory traversal issue. The directory traversal issue affects only Windows NT/2000. Link: http://www.net-security.org/text/bugs/1008952643,22298,.shtml WINDOWS XP SECURITY CONCERNS Tomasz Polus writes: "Following the link you can see a description of three security problems with Windows XP Professional, which we think are bugs - not features. We are actually writing a book about Windows XP security and need to clarify these concerns. Please express you opinions and let us know if you find these problems important to Windows XP security. Link: http://www.net-security.org/text/bugs/1008952881,12383,.shtml PLESK (PSA) ALLOWS READING OF .PHP FILES Plesk is a server admnistrator used by LOTS of web hosting companies to make easy the menagement of the server. Its a really cool software!! i work with it. This bug allows you to read the source of the hosted .php files. Link: http://www.net-security.org/text/bugs/1009049299,45937,.shtml ---------------------------------------------------------------------------- ======================================================== HNS Security Database ======================================================== HNS Security Database consists of a large database of security related companies, their products, professional services and solutions. HNS Security Database will provide a valuable asset to anyone interested in implementing security measures and systems to their companies' networks. Visit us at http://www.security-db.com ======================================================== Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- WEB APPLICATION SECURITY SOLUTION FOR EUROPEAN MARKET Sanctum, Inc., the established leader in Web application security software, announced a partnership with Articon-Integralis AG, the European market leader in IT security solutions. Under the terms of the agreement, Allasso, the channel-focused company of Articon-Integralis, will distribute both Sanctum products, AppScan and AppShield, throughout Europe. Through their extensive reseller base, Allasso will provide enterprises with Sanctum's solutions to detect and defend against all types of Web application attacks, providing comprehensive protection of critical corporate digital assets and intellectual property. Press release: < http://www.net-security.org/text/press/1008674950,60188,.shtml > ---------------------------------------------------------------------------- TRIPWIRE AND RECOURSE PARTNER Tripwire Inc., the leading provider of data and networking integrity (DNI) solutions, and Recourse Technologies, the leading supplier of threat management solutions, today announced an industry first technology partnership to deliver a comprehensive network- and host-based intrusion detection solution that provides customers with a robust defense strategy to detect and prevent network and server attacks. Press release: < http://www.net-security.org/text/press/1008675013,84757,.shtml > ---------------------------------------------------------------------------- CITRIX SYSTEMS ANNOUNCES CITRIX SECURE GATEWAY Citrix Systems, Inc., a global leader in application serving and portal software and services, announced the immediate availability of the company's latest product, Citrix Secure Gateway (CSG). Using CSG, Citrix MetaFrame XP for Windows or MetaFrame for UNIX customers can achieve simple and secure delivery of Windows and UNIX applications across the Internet via Citrix NFuse application portal software. CSG secures all MetaFrame traffic traveling across the Internet via industry-standard Secure Socket Layer (SSL) between MetaFrame clients and servers. CSG makes firewall traversal easier, provides heightened security with SSL encryption, simplifies application deployment and enables tight integration with MetaFrame and NFuse. Press release: < http://www.net-security.org/text/press/1008675095,62982,.shtml > ---------------------------------------------------------------------------- COLUMBITECH WIRELESS VPN FOR POCKET PC 2002 BETA Columbitech, a leading provider of secure wireless data solutions announced a beta program with select companies that are testing their Columbitech Wireless VPN for Pocket PC 2002. The beta program is open to all companies interested in providing security, convenience, and performance for wireless access to corporate data. Press release: < http://www.net-security.org/text/press/1008675301,84658,.shtml > ---------------------------------------------------------------------------- INFOEXPRESS AND ALCATEL ANNOUNCE PARTNERSHIP InfoExpress, a pioneer in remote access security, announced that it has joined Alcatel’s Technology Partner Program to provide a secure, integrated Virtual Private Network (VPN) and firewall solution with Alcatel’s Secure VPN Clients to safeguard corporate networks. Press release: < http://www.net-security.org/text/press/1008698842,56701,.shtml > ---------------------------------------------------------------------------- RSA CONFERENCE 2002 ANNOUNCES CLASS SCHEDULE Organizers of RSA Conference 2002, one of the world's largest computer security events, announced that this year's event will feature more than 200 presentations and panels from the security industry's foremost authorities. The call for papers drew more than 1,300 submissions ensuring that the 11th annual conference presents the field's leading experts and most engaging topics. In addition, conference attendees will have the opportunity to hear about the latest trends and technologies from leading suppliers of security technology products and services. Press release: < http://www.net-security.org/text/press/1008770783,75924,.shtml > ---------------------------------------------------------------------------- COOLSITE WORM LEAVES USERS RED FACED Sophos, a world leader in corporate anti-virus protection, is urging users to be wary of the CoolSite worm (JS/CoolSite-A). Sophos has received several reports of this worm from the wild. Press release: < http://www.net-security.org/text/press/1008854554,8281,.shtml > ---------------------------------------------------------------------------- KASPERSKY ANTI-VIRUS LOCALIZED FOR EUROPEAN COUNTRIES Kaspersky Labs, an international data-security software-development company, announces that its flagship, award-winning suite, Kaspersky Anti-Virus, is now available in four of the world's most widespread languages: French, Spanish, German and Italian. The localized versions of the software are now available for purchase in European retail shops as well as at Kaspersky Labs' Internet store. Press release: < http://www.net-security.org/text/press/1008953588,3472,.shtml > ---------------------------------------------------------------------------- ======================================================== Help Net Security T-Shirt available ======================================================== Thanks to our affiliate Jinx Hackwear we are offering you the opportunity to wear a nifty HNS shirt :) The image speaks for itself so follow the link and get yourself one. Get one here: http://207.21.213.175:8000/ss?click&jinx&3af04db0 ======================================================== Featured products ------------------- The HNS Security Database is located at: http://www.security-db.com Submissions for the database can be sent to: staff@net-security.org ---------------------------------------------------------------------------- OPSEC SOLUTIONS In addition to the billable services described in the Enforcement Point section, Check Point's SVN for Managed Service Providers is also integrates at the Application Program Interface (API) level, solutions from over 200 partners. These partners provide solutions for Content Security, Authentication and Authorization, Intrusion Detection, Event Analysis and Reporting, High Availability, Secured Operation Systems, Directory Services, and PKI Products and Services. Click here for an overview. Read more: < http://www.security-db.com/product.php?id=428 > This is a product of Check Point, for more information: < http://www.security-db.com/company.php?id=93 > ---------------------------------------------------------------------------- KEYTOOLS SSL KeyTools SSL is a complete, full strength implementation of the SSL 3.0 protocol, including up-to-the-minute support for the TLS 1.0 protocol and is available in C++ and Java, KeyTools SSL makes it easy to add full strength encryption, integrity and authentication to all on-line communications. The Baltimore KeyTools developer suite is a modular family of developer tools. The KeyTools SSL library snaps into the core KeyTools Lite or Pro components to access the cryptographic functionality which resides in these core modules. In this way the SSL component extends the functionality offered by the core API, providing all the features required to implement SSL. At the same time, this modular architecture allows the developer to avail of the rich features available at the heart of the KeyTools family, including digital certificate handling and security policy management. Read more: < http://www.security-db.com/product.php?id=34 > This is a product of Baltimore Technologies, for more information: < http://www.security-db.com/company.php?id=9 > ---------------------------------------------------------------------------- UAC PN7 Each UAC PN7 has a unique ID. UAC PN7 VPN servers will not communicate with other UAC PN7 servers that do not have an ID. Having an ID does not ensure its sender's validity. A session on a UAC PN7 opens with an exchange of digital certificates. These certificates include the ID and the digital signatures to verify the validity of the sender. UAC PN7 provides integrated firewalling capabilities that can be centrally administered over a WAN. Read more: < http://www.security-db.com/product.php?id=1157 > This is a product of Unified Access Communications, for more information: < http://www.security-db.com/company.php?id=270 > ---------------------------------------------------------------------------- Featured article ---------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org ---------------------------------------------------------------------------- BOOK REVIEW: THE PRACTICE OF SYSTEM AND NETWORK ADMINISTRATION If you need a helping hand or a guide to successful system administration look no further than this book. You'll find everything you need in it. Mandatory reading material. Sort of a bible. Read more: < http://www.net-security.org/various/bookstore/hogan > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- BLACKICE DEFENDER 2.9 BlackICE Defender delivers bulletproof intrusion detection and personal firewall protection to your PC. It scans your DSL, cable, or dial-up Internet connection looking for hacker activity, much like antivirus programs scan your hard disk looking for viruses. BlackICE will not slow down your PC or your Internet experience. BlackICE Defender protects you in ways the other personal firewalls or antivirus software don't: - It detects the attack, identifies and blocks the malicious activity before it can reach your computer, and identifies the attacker and type of attack by name - It fully inspects the contents of each packet, looking for hidden hostile code that personal firewalls cannot detect - It protects you from attack, even from someone you trust, through its dynamic IP address and port blocking. Info/Download: < http://www.net-security.org/various/software/1008593794,25200,windows.shtml > ---------------------------------------------------------------------------- MASKER 5.0 MASKER is able to hide your sensitive files other file (carrier file), which is absolute discrete and looks like regular file without changing the exterior impression. MASKER encrypts files using strong encryption algorithms: CAST-128, BLOWFISH-256, RIJNDAEL-256, TWOFISH-256. The encrypted files will then be hidden within a carrier file. As a carrier file you can use: image files, audio files, program files, video files. Info/Download: < http://www.net-security.org/various/software/1008848921,72464,windows.shtml > ---------------------------------------------------------------------------- IPFC IPFC is software and a framework to manage and monitor multiple types of security modules across a global network. Security modules can be as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used. Info/Download: < http://www.net-security.org/various/software/1008852161,66356,linux.shtml > ---------------------------------------------------------------------------- SECURITY FOCUSED: CAMAL 2.8 Camal is a vulnerability scanner with many features. It scans remote systems over the internet and it includes many features like a TCP and UDP scanner, a remote OS guesser and the ability to write the result of the portscan to a textfile. Camal is compatible with Linux, BSD and every other UNIX-based systems. Info/Download: < http://www.net-security.org/various/software/1008852294,78273,linux.shtml > ---------------------------------------------------------------------------- LOGSCAN.PY Logscan is a tool to assist in generating complaint emails in response to security probes or attacks. Logscan scans through logs looking for patterns and if certain thresh-holds are reached it sends a template email to the local administrators for approval. If the administrator sees the attack is not a mistake they can forward the email to the ISP who owns the attacking IPs. Info/Download: < http://www.net-security.org/various/software/1008852518,74572,linux.shtml > ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org http://security-db.com