HNS Newsletter Issue 99 - 25.02.2002 http://net-security.org http://security-db.com This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured products ====================================================== Free Webshield e500 Info Kit ====================================================== Configure and forget with McAfee Webshield e500 appliance, scan all potential virus-carrying protocols, even POP3. McAfee's Webshield e500 makes gateway defense instant. ====================================================== Click for more - http://www.net-security.org/ad/nai ====================================================== General security news --------------------- ---------------------------------------------------------------------------- IT WALES INTERVIEWS KERNEL HACKER ALAN COX Alan Cox is one of the most influential IT innovators in the world. He has been a key developer of the Linux kernel for nearly a decade. Currently working for Red Hat writing kernel and application code, Cox was previously responsible for the original Linux multiprocessing support, and for much of the early work on networking. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.itwales.com/interviews/alancox.htm DECENTRALISE LINUX SECURITY WITH SUDO Decentralisation of Linux security has never been easier than when Sudo is used. Overall security is maintained while productivity is increased. An essential tool in a multiadministrator environment. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/specials/2000/10/enterprise/techrepublic/2002/06/article004.html OLYMPICS COMMITTEE TO EXPLORE WI-FI LANS The International Olympic Committee has made no decision to ban the use of 802.11 Wi-Fi wireless LANs for use in future games because of security concerns. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerworld.com/storyba/0,4125,NAV47_STO68377,00.html HACKERS FACE US BOMBING The US government has warned that it could take military action against any terrorists who launch attacks through the internet. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1129301 VIRTUAL E-MAIL SHREDDERS ADD CONTROL In the offline world, it can be quite a challenge to retrieve and destroy confidential documents but e-mail is changing those rules, thanks to virtual shredding. Senders can destroy messages either remotely or automatically, without a recipient's consent or cooperation. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2002/TECH/ptech/02/17/self.shredding.email.ap/index.html JAPANESE SPACE AGENCY HACKED BY RIVAL National Space Development Agency of Japan officials confirmed that a worker at a Japanese satellite firm illegally accessed a computer at Japan's space agency to see classified data relating to a rival firm. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1129304 JUDGE ORDERS MICROSOFT TO REVEAL CODE A federal judge told Microsoft it must disclose portions of the Windows source code, including XP and XP Embedded. The states asked for source code access in part because they want Microsoft to sell Windows without the so-called middleware technologies, such as Web browsing, instant messaging and media playback. The software giant contends this is technically impossible. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.com.com/2100-1001-839356.html PRELIMINARY RULES FOR PROTOS SUITE If you are interested in Snort rules for the PROTOS suite, check this link (archive of the Snort-sigs mailing list post related to PROTOS SNMP suite). Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.geocrawler.com/lists/3/SourceForge/6752/0/7840200/ SECURITY: KEY PLAYERS - HP Despite current difficulties in the IT market, HP is achieving progress with security products and services. It is working through its own sales force and also selected members of its indirect channel. Link: http://www.it-director.com/article.php?id=2616 WHY MARKETING-SPEAK HAS NO PLACE IN SECURITY If you pay attention to computer-security issues, you will no doubt have noticed the recent upsurge in security-related marketing. Oracle continues to tout its Oracle9i products as unbreakable, even though they patently are no such thing. And Bill Gates's Trustworthy Computing memo was another notable milestone in security marketing, particularly in light of Microsoft's problems with, and retraction of, the recent IE security multi-patch. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/anchordesk/stories/story/0,10738,2848237,00.html 'SNEAKY' SOFTWARE MAY BE WATCHING YOU "It's horrifying!" says Richard Eaton, who develops, markets and even answers the technical help line for WinWhatWhere software. His qualms haven't stopped him from selling the product, though - more than 200,000 copies of it - to everyone from suspicious spouses to the FBI. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2002/TECH/internet/02/18/sneaky.software.ap/index.html INTERVIEW WITH HARALD WELTE bit_of_love contributed the following - "UnderLinux has an interesting interview with Harald Welte, member of netfilter/ iptables project core team. Harald told about his carrer, dificulties in iptables project, Brazil and Free software, GNU/HURD and, of course, the new iptables2 to kernels 2.5.x/2.6.x." Link: http://www.underlinux.com.br/sections.php?op=viewarticle&artid=107 APPLICATION SECURITY 'IN A GRIM STATE' Application security is "in a grim state", according to new research. Almost half of application security vulnerabilities are readily exploitable through entirely preventable defects. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1129340 SYMBIAN ADDS SECURITY, JAVA TO MOBILE MIX Symbian OS 7.0, announced at 3GSM, means we will soon be seeing mobile phones and wireless PDAs that mix 3G features with Java and some crucial security features. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.zdnet.co.uk/story/0,,t269-s2104626,00.html A LOT OF WORK AHEAD FOR PEEKABOOTY Peekabooty was shown to open-source programmers and social hackers at CodeCon in San Francisco. The demonstration made evident, however, that the program has a way to go, and project leader Paul Baranowski estimated he and programmer Joey De Villa have as much as six months of work ahead of them before the program is usable. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://zdnet.com.com/2100-1105-840652.html 'NEWSLETTER' WORM TARGETS OUTLOOK The virus, called W32.Yarner.A@mm, emerged February 18 in Europe, where it masquerades as a newsletter published by a German security group Tojaner Info, according to a statement on Trojaner's Web site. The statement said an unknown person started the worm and uses the names of Trojaner staffers Thomas Tietz and Andreas Ebert at the end of the message. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/02/02/19/020219hnnewsletter.xml TERRORISM TALKS OPEN RSA CONFERENCE Richard Clarke kicks off the conference with talk of cyber terrorists, while legendary cryptographers ponder America's response to September 11. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/336 ALL-IN-ONE SECURITY: IT'S WHERE WE'RE HEADED Have you noticed the latest trend with security companies? It's the integration of a wide range of services, software, and even hardware into one product. What does this mean for you? IT types could become more dependent on one vendor to meet all their security needs, while those of you more casually interested in security will find more and better information on many security companies' Web sites. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/anchordesk/stories/story/0,10738,2848699,00.html CERT COORDINATION CENTER 2001 ANNUAL REPORT From January through December 2001, the CERT/CC received 118,907 email messages and more than 1,417 hotline calls reporting computer security incidents or requesting information. They also received 2,437 vulnerability reports and handled 52,658 computer security incidents during this period. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cert.org/annual_rpts/cert_rpt_01.html FINGERPRINTS MARK TIGHTER SECURITY ON IBM PCS IBM is upgrading the security system bundled with its PCs, adding fingerprint reading to protect log-ons and polishing up encryption software. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.zdnet.co.uk/story/0,,t269-s2104678,00.html BUILDING A VIRTUAL HONEYNET Hisham shares his experiences with building a virtual honeynet on his existing Linux box. He describes data capture and control techniques, the types of honeynets, and configuration changes to get one running on your system. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/feature_story-100.html NETWORK INTRUSION DETECTION SIGNATURES, PART 3 This is the third in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article, we will continue by studying the area of protocol analysis, focusing on the examination of values within TCP and UDP payloads. Network intrusion detection using protocol analysis-based signatures is very effective in detecting both known and unknown attacks involving protocols such as DNS, FTP, HTTP and SMTP. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityfocus.com/infocus/1544 FIREWALL ROUNDUP Zonker takes a look at firewall offerings from SuSE, Mandrake, and Coyote Linux. He notes the strengths, weaknesses, and most appropriate use for each firewall solution. Link: http://www.unixreview.com/documents/s=2424/uni1014152480113/0202i.htm RIDING ALONG WITH A WARDRIVER The 802.11 wireless standard allows computers near each other to communicate using high bandwidth at an attractive price. Products based on the standard are very popular. Unfortunately, the networks these devices create are not secure. Ride along with our wardriving columnist. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxworld.com/site-stories/2002/0218.wardriving.html GATES WARNED OVER SECURITY PROMISE Chairman Bill Gates has been told by a top White House adviser to keep his word on making his company's products more secure. Richard Clarke, George Bush's cyber security advisor, told at the RSA conference that the new push on security by Microsoft "is no laughing matter". Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1129361 'PENETRATE AND PATCH' E-BUSINESS SECURITY IS GRIM The main conclusion of an evaluation of 45 e-business applications by @stake is that application security flaws introduced early in the design life cycle are giving rise to easily exploitable defects that can readily be prevented. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/55/24133.html FREE CISCO ROUTER SECURITY TOOL RELEASED A free software-analysis tool and benchmark guidelines to help make widely used Cisco Systems routers more secure from attacks and other vulnerabilities were released by a consortium of security groups. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/02/02/20/020220hnciscosecure.xml CYBERTERRORISM: GET READY TO BECOME A HARD TARGET Heightened security will change the Internet, and the network on which you work. Some of these efforts will be successful, some laughable. Most will tick you off. Here's what to think about as you endure the great network lockdown of 2002. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/anchordesk/stories/story/0,10738,2849172,00.html THE SCIENCE OF HAPPY ACCIDENTS The Sardonix project aims to make open source software more rigorously secure. To succeed, it will have to recreate the spontaneous magic of community that gives the movement its spark. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://online.securityfocus.com/columnists/62 MICROSOFT PREPS WINDOWS SECURITY SCANNER As part of a push to regain the public trust, Microsoft plans to release a wizard-like program to help home software users and network administrators protect their computer systems from outside attack. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.zdnet.co.uk/story/0,,t269-s2104760,00.html RSA: SECURING WEB SERVICES At the RSA Conference security players VeriSign, Computer Associates, and the Liberty Alliance will introduce plans to bring authentication and ID management to Web services transactions, while a number of upstarts will introduce devices that secure XML-based Web services networks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/02/02/18/020218hnrsashow.xml BEEFED-UP GLOBAL SURVEILLANCE? In closed-door meetings, European nations are drafting additions to an international cybercrime treaty to address intercepting electronic communications linked to terrorism. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,50529,00.html MICROSOFT SNOOPING ON OUR DVD COLLECTION? Richard M. Smith notes - "I found a number of serious privacy problems with Microsoft's Windows Media Player (WMP) for Windows XP. A number of design choices were made in WMP which allow Microsoft to individually track what DVD movies consumers are watching on their Windows PC. These problems which introduced in version 8 of WMP which ships preinstalled on all Windows XP systems." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerbytesman.com/privacy/wmp8dvd.htm THE CROWDED INTERNET The European Commission is pushing governments and private industry to accelerate support for IPv6 because the Internet will run out of available addresses by 2005. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.informationweek.com/story/IWK20020221S0031 NEW 2600 T-SHIRT In their own words: "Over the years, we've managed to get a lot of corporations, agencies, and entire governments very angry at us for the things we print in the magazine or the web site. It's become difficult for us to keep track of all the legal threats we've gotten. So we decided to stick it all on a t-shirt so nobody would forget." Link: http://store.yahoo.com/2600hacker/coradtshir.html MITNICK MEETS HIS MARK A decade ago Kevin Mitnick tricked a Novell employee into giving him access to sensitive corporate data. This week they met for the first time. "This is ironic," Mitnick said as he and Shawn Nunley shook hands and greeted each other like old pals at the RSA Conference on computer security. The two laughed and swapped stories about the days when they were antagonists. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.com.com/2100-1001-842450.html MOST SNMP VULNS QUIETLY LURKING It's been over a week since CERT released a seemingly endless list of devices and software products containing SNMP vulnerabilities discovered by Finnish University of Oulu researchers, and to date very little bad has happened, no doubt to the disappointment of most news agencies. As the story drops off the media radar screen, it's important to keep in mind that threats to your system can't be measured by the amount of mainstream press coverage they receive. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/55/24167.html AVOIDING SECURITY PANIC ATTACKS A new group will address how software bugs are made public. Not surprisingly, Microsoft's at the helm. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.com.com/2100-1001-842591.html BEYOND OUR CONTROL: BOOK REVIEW Ben Rothke writes: "Most of us may not be lawyers, but the topics in the book -- cyber-security, consumer fraud, free speech rights, intellectual property rights, file-sharing programs, and more -- affect us all." Link: http://www.unixreview.com/documents/s=2424/uni1014152576639/0202j.htm ANOTHER IE BUG Ivy Hungary Ltd. found a critical security fault in IE. The deficiency was discovered during development of a new component for their key product IVY, which would manage data of remote web sites from a central location, allowing the consolidation of data gained from various Internet sources. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://w3.ivy.hu ---------------------------------------------------------------------------- ======================================================== Sponsored by GFI, the developers of a revolutionary new intrusion detection product - LANguard Security Event Log Monitor. Download your copy! http://www.net-security.org/cgi-bin/ads/ads.pl?banner=gfitxt ======================================================== Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- PFORUM MYSQL INJECTION VULNERABILITY Pforum is a www-board system using php and mysql. Although the author seems to try to eliminate malicious code (eg. unwanted html-code) in the inputs, he relies on php Magic-Quotes for adding slashes to some user input. Therefore it is possible to use an sql-injection-attack to log in as admin or user without having the correct password. Link: http://www.net-security.org/text/bugs/1014042839,45325,.shtml NETWIN WEBNEWS BUFFER OVERFLOW VULNERABILITY Netwin's WebNews contains a remotely exploitable buffer overrun that allows the execution of arbitrary code. Link: http://www.net-security.org/text/bugs/1014214471,16086,.shtml DINO'S WEBSERVER V1.2 DENIAL OF SERVICE Dino's WebServer v1.2 is vulnerable to a Denial of Service attack with a possible buffer overflow or heap overflow. Link: http://www.net-security.org/text/bugs/1014214526,9137,.shtml SCRIPTEASE MINIWEB SERVER DOS VULNERABILITY ScriptEase MiniWeb Server is subject to a denial of service. Submitting a request of unusual length to the host will cause the server to crash. A restart is required in order to gain normal functionality. Link: http://www.net-security.org/text/bugs/1014214653,45278,.shtml SEF NOTIFY DAEMON DATA LOSS VIA SNMP The aim of this document is to clearly define some issues related to potential data loss from the Notify Daemon within the Symantec Enterprise Firewall (SEF) environment as provided by Symantec. Link: http://www.net-security.org/text/bugs/1014304319,37650,.shtml CHECKPOINT FW1 HTTP SECURITY HOLE A quite known proxy vulnerability was found for FW1 V4.1 SP5 (plus hotfixes). Link: http://www.net-security.org/text/bugs/1014305924,17479,.shtml LILHTTP PROTECTED FILE ACCESS VULNERABILITY It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the webserver. Link: http://www.net-security.org/text/bugs/1014383069,86360,.shtml THREE SECURITY ISSUES IN THE SQUID-2.X Three security issues have recently been found in the Squid-2.X releases up to and including 2.4.STABLE3. a) A memory leak in the optional SNMP interface to Squid, allowing an malicious user who can send packets to the Squid SNMP port to possibly perform an denial of service attack on the Squid proxy service if the SNMP interface has been enabled (disabled by default). b) A buffer overflow in the implementation of ftp:// URLs where users who are allowed to proxy ftp:// URLs via Squid can perform an denial of service on the proxy service, and possibly even trigger remote execution of code (not yet confirmed). c) The optional HTCP interface cannot be properly disabled from squid.conf even if the documentation claims it can. The HTCP interface to Squid is not enabled by default, but can be enabled at compile time using the --enable- htcp configure option and some vendors distribute Squid binaries with HTCP enabled. Link: http://www.net-security.org/text/bugs/1014383220,10427,.shtml NETWIN WEBNEWS 1.1K DEFAILT USERNAME AND PASSWORD The Netwin Webnews version 1.1k CGI (binaries) contains 4 default users (within the binary) that can not be removed. While running the "strings" command over the file webnews.pl, the users are revealed: testweb newstest alwn3845 imaptest alwi3845 wtest3452 testweb2 wtest4879 For instance, testweb is the username and newstest is it's password. Link: http://www.net-security.org/text/bugs/1014383312,57997,.shtml ---------------------------------------------------------------------------- ======================================================== HNS Security Database ======================================================== HNS Security Database consists of a large database of security related companies, their products, professional services and solutions. HNS Security Database will provide a valuable asset to anyone interested in implementing security measures and systems to their companies' networks. Visit us at http://www.security-db.com ======================================================== Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- NCIPHER E-SECURITY MODULE SUPPORTS ISA SERVER 2000 nCipher, a leading provider of cryptographic IT security solutions, announced the interoperability of its nForce secure e-commerce accelerators with Microsoft Internet Security and Acceleration Server 2000. The interoperability of the nForce family with ISA Server provides customers with a convenient path to cost effectively enhance the hardware server platform to more securely and more efficiently handle the advanced security functions performed by ISA Server. Press release: < http://www.net-security.org/text/press/1014124842,12135,.shtml > ---------------------------------------------------------------------------- TRIPWIRE GETS OPSEC CERTIFICATION FROM CHECK POINT Tripwire, Inc., the data integrity assurance company, announced that Tripwire for Servers 2.4.2 has achieved OPSEC (Open Platform for Security) Certification by Check Point Software Technologies Ltd., the worldwide leader in securing the Internet. Press release: < http://www.net-security.org/text/press/1014124889,68067,.shtml > ---------------------------------------------------------------------------- YARNER: NOT EVERY ANTI-VIRUS IS THE REAL MCCOY Kaspersky Labs, an international data-security software developer, announces the detection of the new, highly dangerous Internet worm "Yarner" that disguises itself as the anti-virus program YAW. At this time, there have been reports of mass-infection caused by this malicious program in Germany. Press release: < http://www.net-security.org/text/press/1014203179,41520,.shtml > ---------------------------------------------------------------------------- VISIT THE KASPERSKY LABS STAND AT CEBIT-2002 Kaspersky Labs invites you to visit our stand, #G09 in pavilion 6, at the world's largest IT event, CeBIT-2002, taking place from March 13-20 in Hannover, Germany. Press release: < http://www.net-security.org/text/press/1014203867,20365,.shtml > ---------------------------------------------------------------------------- LOCKSTEP RELEASES NEW VERSION OF WEBAGAIN Lockstep Systems, Inc. announced the release of WebAgain 2.5, an updated version of Lockstep’s award winning, patent-pending software that automatically repairs hacked web sites. WebAgain protects web site content against the geometrically rising threat of web site hacking by automatically detecting unauthorized changes to web site content and automatically restoring the original content without human intervention. Press release: < http://www.net-security.org/text/press/1014204439,63498,.shtml > ---------------------------------------------------------------------------- COMPUMATICA ACQUIRES UTIMACO SAFEWARE'S VPN LINE From 1st March 2002, Utimaco Safeware will transfer the ownership of its Network Security division´s VPN product line to Compumatica secure networks. Compumatica secure networks, based in Aachen, is the German subsidiary of the Dutch network security supplier Compumatica secure networks, which has been one of Utimaco Safeware's partners in the network security sector for many years. It has been very successful, particularly in providing products and services to government bodies. Press release: < http://www.net-security.org/text/press/1014303188,87925,.shtml > ---------------------------------------------------------------------------- KYBERPASS LAUNCHES SECURE E-MAIL TRUSTPLATFORM Kyberpass Corporation, a leading provider of e-security software for trusted e-business, announced the launch of the Kyberpass Secure E-mail TrustPlatform which offers advanced security and user enhancements to overcome the inherent complexity of managing PKI-based e-mail systems. Integrated with Microsoft Outlook, the Kyberpass Secure E-mail TrustPlatform enables large enterprises and Identrus member financial institutions to conduct high value, non-refutable communications by ensuring that messages can be digitally signed, encrypted and validated in real-time. By providing real-time validation, the product reduces the significant legal and financial ramifications which can result from e-mail-related security breaches such as eavesdropping, forged mail and identity theft. Press release: < http://www.net-security.org/text/press/1014303462,39525,.shtml > ---------------------------------------------------------------------------- RAINBOW AND STRATUM8 NETWORKS STRATEGIC AGREEMENT Rainbow eSecurity, a Rainbow Technologies, Inc. company and a leading solutions provider of digital content and transaction security, and Stratum8 Networks, Inc., a developer of Internet security solutions, announced their joint marketing and technology agreement, which integrates Rainbow's CryptoSwift eCommerce acceleration solutions into Stratum8's new Application Protection System (APS) software solution. This integrated solution accelerates SSL transactions and analyzes the interaction between the Web server and browser to protect users against HTML commands issued with malicious intent, including buffer overruns, cookie tampering, session hijacking and worms. Press release: < http://www.net-security.org/text/press/1014303548,65299,.shtml > ---------------------------------------------------------------------------- CANADIAN COMPANY PRODUCES 8192 ENCRYPTION SOFTWARE Secourier Software Systems Inc, a Vancouver, British Columbia, Canada based software developer proudly announces the release of SECOURIER, an innovative secure document transfer system. Using unprecedented encryption and security levels SECOURIER is destined to become a “best of breed solution” in the document transfer arena. Press release: < http://www.net-security.org/text/press/1014307356,58416,.shtml > ---------------------------------------------------------------------------- INFOEXPRESS’ CYBERGATEKEEPER NOMINATED AS ONE OF THE MOST INNOVATIVE PRODUCTS BY EWEEK IN 2001 InfoExpress, a pioneer in remote access security, announced that eWEEK, the number one enterprise newsweekly (www.eweek.com), has named CyberGatekeeper Suite 1.0 a finalist for the publication’s second annual eXcellence Awards, which recognize the best and most innovative enterprise technology product releases in 2001. Winners will be announced at a special ceremony on March 5, 2002, at the Westin Copley Place Hotel in Boston, Mass. Winners will also be published in the March 4, 2002 edition of eWEEK. Press release: < http://www.net-security.org/text/press/1014382644,60212,.shtml > ---------------------------------------------------------------------------- ======================================================== Help Net Security T-Shirt available ======================================================== Thanks to our affiliate Jinx Hackwear we are offering you the opportunity to wear a nifty HNS shirt :) The image speaks for itself so follow the link and get yourself one. Get one here: http://207.21.213.175:8000/ss?click&jinx&3af04db0 ======================================================== Featured products ------------------- The HNS Security Database is located at: http://www.security-db.com Submissions for the database can be sent to: staff@net-security.org ---------------------------------------------------------------------------- FIRESTAR FireSTAR is the youngest and smallest of the CyberGuard appliance firewall family - but don´t let that fool you. This spitfire of a protector will tirelessly defend systems from attacks and intrusions just like the larger appliance firewalls from CyberGuard. Read more: < http://www.security-db.com/product.php?id=215 > This is a product of CyberGuard, for more information: < http://www.security-db.com/company.php?id=37 > ---------------------------------------------------------------------------- SECURETN3270 SecureTN3270 allows users to securely access their mainframe systems remotely over a TCP/IP TELNET connection. It also provides the most detailed instant replay screens available for rapid problem resolution, and decreases user errors and downtime. Read more: < http://www.security-db.com/product.php?id=521 > This is a product of SecureAgent Software, for more information: < http://www.security-db.com/company.php?id=114 > ---------------------------------------------------------------------------- SECURVANTAGE Securify designed this unique service for measuring security effectiveness of business networks including intranets, production networks and e-Partner connections. Securify SecurVantage provides in-depth visibility and analysis of the security attributes of live network traffic, enabling security managers and IT staff to quickly detect security risks misconfigurations, and the presence of unauthorized devices. Read more: < http://www.security-db.com/product.php?id=1160 > This is a product of Securify, for more information: < http://www.security-db.com/company.php?id=272 > ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org http://security-db.com