HNS Newsletter Issue 115 - 17.06.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ======================================================== LANguard Security Event Log Monitor ======================================================== LANguard SELM is a network wide event log monitor that retrieves logs from all NT/2000 servers and workstations and immediately alerts the administrator of possible intrusions. Through network wide reporting, you can identify machines being targeted as well as local users trying to hack internal company information. LANguard analyses the system event logs,therefore is not impaired by switches, IP traffic encryption or high-speed data transfer. Download your evaluation copy from: http://www.net-security.org/lm/ads/ads.pl?banner=gfitxt ======================================================== Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Virus news 5) Security world 6) Featured articles 7) Security software [ General security news ] ---------------------------------------------------------------- FIRST PEOPLE INJECTED WITH ID CHIPS, SALES DRIVE KICKS OFF The 'barcoding' of people has quietly begun rolling out in the US, via Applied Digital Solutions' VeriChip. >> http://www.net-security.org/news.php?id=344 OLD CODE IN WINDOWS IS SECURITY THREAT Microsoft will retire old code from Windows more quickly, to plug security holes that are years old. >> http://www.net-security.org/news.php?id=345 MONITORING LINUX FIREWALLS WITH FIRELOGD Monitoring firewalls on Linux can be a challenge because of the text-based nature of the OS. The firelogd program can greatly improve the monitoring process. >> http://www.net-security.org/news.php?id=346 THE COMMONER'S VIRUS Despite its virulence, the Klez worm is ignored by the newspapers and dismissed by the digerati. Could the demographics of its victims be a factor? >> http://www.net-security.org/news.php?id=347 CIBOULETTE ENCRYPTION SOFTWARE FOR OS X RELEASED Marcadesign has released an OS X version of Ciboulette 1.5. Ciboulette is an encryption utility designed for clipboards and files. >> http://www.net-security.org/news.php?id=350 FIRST CONFIRMED SPEAKERS FOR HIVERCON 2002 HiverCon web site was updated with the first three confirmed speakers - Simple Nomad, Ofir Arkin and Rain Forrest Puppy. >> http://www.net-security.org/news.php?id=351 XBOX HACKERS PREVIEW MOVIE PLAYER Further Xbox hacks have shown what the machine is really capable of, as hackers reveal a prototype DivX player for the games console. >> http://www.net-security.org/news.php?id=352 CRACKS IN THE SYSTEM Russia's cybercrime squad fears the next al-Qaeda attack may be on crucial computer networks. >> http://www.net-security.org/news.php?id=353 SECURE NETWORK SPENDING SEEN OVER $46 BLN BY 2006 Spending on "virtual private networks" will grow more than 100% over the next 4 years as companies increasingly jump online and the ranks of telecommuting employees grow. >> http://www.net-security.org/news.php?id=354 WHITE HOUSE STRESSING UNORTHODOX IN IT SECURITY FIGHT The Bush administration is playing "dirty" with the private sector in a roundabout attempt to fortify the nation's computer security defenses, according to Richard Clarke. >> http://www.net-security.org/news.php?id=355 REVIEW: HARDENED LINUX PUTS HACKERS ENGARDE If you're ready to construct your fortifications of stronger stuff, security-enhanced Linux distributions may be the answer. They offer an alternative to the patch-and-pray cycle we're stuck in today. >> http://www.net-security.org/news.php?id=356 STUDY: SOFTWARE PIRACY INCREASES Software piracy grew last year, breaking six years of progress by software companies to stamp out illegal use, the Business Software Alliance reports. >> http://www.net-security.org/news.php?id=357 FIND THE ROGUE PROTOCOLS Akonix Systems Inc is offering companies a way to monitor and regulate employees' use of insecure internet services such as instant messaging, with the launch of its first product, L7. >> http://www.net-security.org/news.php?id=358 SUPER-SECURE LINUX The NSA is moving close to pushing out secure additions to a module that works with Linux, and no, that's not a contradiction of ideas. >> http://www.net-security.org/news.php?id=359 SUN MICROSYSTEMS RECEIVES A SECURITY CERTIFICATE Sun Microsystems' "Trusted" Solaris 8 4/01 Operating Environment is the first and only operating system to receive the highest level of security certification. >> http://www.net-security.org/news.php?id=360 CISCO MAKES DESKTOP SWITCHES MORE SECURE Network administrators will be able to put up more safeguards against attackers from inside an enterprise with a series of enhancements to Cisco desktop switches. >> http://www.net-security.org/news.php?id=361 CORPORATE SECURITY OVERVIEW: 04-11 JUNE 2002 Security companies send us their press releases, which we republish in our press section. This is an overview of interesting developments in the corporate security world during the past week. >> http://www.net-security.org/article.php?id=130 CONSUMERS FACE WIRETAPPING FEES FBI demand for new surveillance functions forces telecos to upgrade equipment, forego new customer services. >> http://www.net-security.org/news.php?id=363 VIRUS GIRL FINDS HACKER BOYFRIEND It's a match made in heaven, or on IRC anyway. Gigabyte, the teenage, female virus writer in Belgium, has fallen in love with Nostalg1c, a notorious Belgian hacker. >> http://www.net-security.org/news.php?id=364 NEW OPENBSD ANTI-TROJAN KERNEL PATCHES The latest version of Anti-Trojan software, V2 is available as a beta for OpenBSD 3.1 Release only at this stage with others to follow. >> http://www.net-security.org/news.php?id=365 HIGH TECH FOR HOMELAND SECURITY: WE MUST DO MORE What role will technology play in national security? If Bush's proposal for the new Department of Homeland Security is passed, not a large one. But there are two rival plans that take tech more seriously. >> http://www.net-security.org/news.php?id=366 SECURITY HOLES: THE DANGER WITHIN Significant destruction can be caused by employees, yet they continue to be overlooked as an IT security threat. >> http://www.net-security.org/news.php?id=367 HOW HACKERS DO IT This article describes the tricks, tools, and techniques hackers use to gain unauthorized access to Solaris Operating Environment (Solaris OE) systems. >> http://www.net-security.org/news.php?id=368 FTC VOWS TO KEEP CLOSER TABS ON PRIVACY BREACHES Companies that release customer data as a result of security mistakes could find themselves in the cross hairs of the Federal Trade Commission. >> http://www.net-security.org/news.php?id=369 THE SOLUTION TO SPAM - REVERSE FILTERING Dynamic modification of rules is simple for people but complex for machines; indeed, it is so complex that the cost of sending spam would skyrocket, eliminating the problem. >> http://www.net-security.org/news.php?id=370 FEDS, INDUSTRY, BATTLE THE BIGGEST BUG A security hole in implementations of Abstract Syntax Notation One may threaten some of America's most crucial networks. Relax, the President's been briefed. >> http://www.net-security.org/news.php?id=371 DEVELOPING AN EFFECTIVE INCIDENT COST ANALYSIS MECHANISM In this article Dave Dittrich discusses the Incident Cost Analysis Modeling Project, an attempt to develop a workable model for estimating the costs of computer security incidents. >> http://www.net-security.org/news.php?id=373 INTRODUCTION TO NESSUS This article describes the basics of installing and using Nessus. Nessus operates as a client and server system. >> http://www.net-security.org/news.php?id=374 COMMENT: A TAXING TIME FOR SECURITY Inland Revenue had to shut down its online tax declaration site as its supposedly secure records were left wide open. >> http://www.net-security.org/news.php?id=375 WALL STREET AIMS TO THWART CRIMINALS WITH DATABASE Financial services firms plan to create a company that will run a central database of information on customers and potential clients to weed out those with ties to crime. >> http://www.net-security.org/news.php?id=376 NEW FRETHEME WORM ON THE CRAWL Antivirus companies are warning users to install patches and signature files to protect against a worm variant that has surfaced in the United States and Europe. >> http://www.net-security.org/news.php?id=377 FEDS EXAMINE ICANN OFFICIALS Congress is taking a look at the California company that administers Internet addresses after critics said it is too slow to address security holes and should be more closely regulated. >> http://www.net-security.org/news.php?id=378 WATCHING NATO SPY PICTURES Nato surveillance flights in the Balkans are beaming their pictures over an insecure satellite link - and anyone can tune in and watch their operations live. >> http://www.net-security.org/news.php?id=379 JPEG WORM BREAKS NEW GROUND Antivirus companies warned of a new virus that communicates through digital images, but security experts aren't sure how much of a threat this latest evolutionary branch of malicious code poses. >> http://www.net-security.org/news.php?id=380 SECURITY BREACHES MAY BE THE NEXT TOBACCO-EXPERTS That's what computer experts are telling businesses that have been hit by a steady stream of infections from viruses and other vulnerabilities that hit their machines. >> http://www.net-security.org/news.php?id=381 WHAT TO DO WITH THAT VIRUS ALERT? Don't pass it on, says an expert, as it may be a hoax and the creator may be exploiting your goodwill. >> http://www.net-security.org/news.php?id=383 TOORCON 2002 CALL FOR PAPERS Papers and presentations are now being accepted for ToorCon 2002, which is being held on the 27th-29th of September 2002 at the San Diego Concourse in San Diego, CA. >> http://www.net-security.org/news.php?id=384 'MASSIVE ABUSE' OF PRIVACY FEARED Plans to increase the number of organisations that can look at records of what you do online could lead to widespread abuse of personal information. >> http://www.net-security.org/news.php?id=385 CLEVER PEOPLE CAN FOOL MOST SOPHISTICATED BIOMETRICS The Fraunhofer Research Institute in Germany, set out to see whether it could fool various biometric systems. It was easy. >> http://www.net-security.org/news.php?id=386 ROUNDUP ON BIND DENIAL OF SERVICE A few days ago we wrote about a Denial of Service vulnerability in ISC Bind. This is a roundup of security advisories covering this issue. >> http://www.net-security.org/article.php?id=133 BEST BUY: MAY DAY MAYDAY FOR SECURITY The retailer's in-store wireless network exposed customers' credit card data. Best Buy has plenty of company. >> http://www.net-security.org/news.php?id=388 SUN SETS PACE FOR WEB SERVICES SECURITY Sun Microsystems, sensing it has fallen behind rivals Microsoft and IBM in Web services leadership, is launching a renewed strategy in an attempt to play catch up. >> http://www.net-security.org/news.php?id=389 WOMAN CHARGED FOR HACKING Massachusetts Attorney General Tom Reilly has filed charges against Wendy Sholds, accusing her of hacking into her former boss' computer system and forwarding confidential e-mails to former co-workers. >> http://www.net-security.org/news.php?id=390 POLICE FIND FIRST ILLEGAL DVD LAB ON WEST COAST Police uncovered the first DVD pirating laboratory on the West Coast where more than 1,200 illegal movies were found. >> http://www.net-security.org/news.php?id=391 MICROSOFT SHIPMENTS INFECTED WITH NIMDA All of the Korean-language versions of Visual Studio .Net developer tool shipped with a help file that is infected with the Nimda virus. >> http://www.net-security.org/news.php?id=392 ---------------------------------------------------------------- ------------------------------------------------------------- Computer Security Institute Survey: 90% Say Systems Hacked. How Secure Is Your Network? Get a FREE Assessment! http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Ruslan Communications Builder SQL Modification Vulnerability >> http://www.net-security.org/vuln.php?id=1777 Denial of Service in AnalogX SimpleServer:www 1.16 >> http://www.net-security.org/vuln.php?id=1776 Microsoft SQLXML ISAPI Overflow and Cross Site Scripting >> http://www.net-security.org/vuln.php?id=1775 Active! Mail Automatic Script Execution Vulnerability >> http://www.net-security.org/vuln.php?id=1774 Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow >> http://www.net-security.org/vuln.php?id=1773 Vulnerability in 3Com OfficeConnect Remote 812 ADSL Router (part II) >> http://www.net-security.org/vuln.php?id=1772 Oracle Reports Server Buffer Overflow >> http://www.net-security.org/vuln.php?id=1771 Oracle TNS Listener Buffer Overflow >> http://www.net-security.org/vuln.php?id=1770 mmmail POP3-SMTP Daemon Format String Vulnerability >> http://www.net-security.org/vuln.php?id=1769 SSI and XSS Execution in MakeBook 2.2 >> http://www.net-security.org/vuln.php?id=1768 Multiple Vulnerabilities in CGIscript.net's csNews.cgi >> http://www.net-security.org/vuln.php?id=1767 SCO OpenServer Xsco Heap Overflow >> http://www.net-security.org/vuln.php?id=1766 Datalex BookIt! Consumer Password Vulnerabilities >> http://www.net-security.org/vuln.php?id=1765 AlienForm2 CGI Script Arbitrary File Reading and Writing >> http://www.net-security.org/vuln.php?id=1764 ZenTrack System Information Path Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=1763 Remote Denial of Service Vulnerability in Mozilla 1.0 >> http://www.net-security.org/vuln.php?id=1762 ImageFolio Pro 2.2 Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=1761 Multiple Security Vulnerabilities in GeekLog >> http://www.net-security.org/vuln.php?id=1760 Multiple Security Vulnerabilities in MyHelpdesk >> http://www.net-security.org/vuln.php?id=1759 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Microsoft Security Bulletin MS02-028 - Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise >> http://www.net-security.org/advisory.php?id=768 Microsoft Security Bulletin MS02-030 - Unchecked Buffer in SQLXML Could Lead to Code Execution >> http://www.net-security.org/advisory.php?id=767 Microsoft Security Bulletin MS02-029 - Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution >> http://www.net-security.org/advisory.php?id=766 Microsoft Security Bulletin MS02-027 - Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker''s Choice >> http://www.net-security.org/advisory.php?id=765 Microsoft Security Bulletin MS02-022 - Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Version 2.0) >> http://www.net-security.org/advisory.php?id=764 Caldera Security Advisory - Linux: ghostscript arbitrary command execution >> http://www.net-security.org/advisory.php?id=763 Red Hat Security Advisory - Relaxed LPRng job submission policy >> http://www.net-security.org/advisory.php?id=762 Red Hat Security Advisory - Updated mailman packages available for Red Hat Linux >> http://www.net-security.org/advisory.php?id=761 Red Hat Security Advisory - Updated mailman packages available for Red Hat Powertools >> http://www.net-security.org/advisory.php?id=760 SuSE Announcement - SuSE Linux 6.4 is not supported anymore >> http://www.net-security.org/advisory.php?id=759 Caldera Security Advisory - OpenServer 5.0.5 OpenServer 5.0.6: snmpd denial-of-service vulnerabilities >> http://www.net-security.org/advisory.php?id=758 Caldera Security Advisory - Open UNIX 8.0.0: BIND 9 Denial-of-Service vulnerability >> http://www.net-security.org/advisory.php?id=757 SGI Security Advisory - talkd vulnerability >> http://www.net-security.org/advisory.php?id=756 SGI Security Advisory - Xinet K-Talk Appletalk xkas vulnerability >> http://www.net-security.org/advisory.php?id=755 Microsoft Security Bulletin MS02-026 - Unchecked Buffer in ASP.NET Worker Process >> http://www.net-security.org/advisory.php?id=754 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Panda Antivirus Platinum 7.0 Beta Released >> http://www.net-security.org/virus_news.php?id=33 Sophos Enterprise Manager Web Seminar >> http://www.net-security.org/virus_news.php?id=31 Virus Related Downloads at HNS Software Section >> http://www.net-security.org/virus_news.php?id=31 Sophos Also Warns on World Cup Related Viruses >> http://www.net-security.org/virus_news.php?id=30 Kaspersky AV Tagged Best-Buy by "What PC?" >> http://www.net-security.org/virus_news.php?id=29 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- Picture This: A Virus in a JPEG >> http://www.net-security.org/press.php?id=838 Sichuan Mobile Selects CA's Unicenter, Brightstor and eTRUST for Critical Operations Infrastructure >> http://www.net-security.org/press.php?id=837 Panda Software Releases Panda Antivirus Platinum 7.0 >> http://www.net-security.org/press.php?id=836 Panda ActiveScan Certified by West Coast Labs >> http://www.net-security.org/press.php?id=835 Information Security Magazine Receives ASBPE Award For Editorial Excellence >> http://www.net-security.org/press.php?id=834 Trend Micro Releases Enhanced Desktop Virus Protection for the Enterprise >> http://www.net-security.org/press.php?id=833 Entercept Unveils Advanced Intrusion Prevention Capabilities >> http://www.net-security.org/press.php?id=832 Sophos Anti-Virus World Expert On-Stand At Networks Telecom 2002 >> http://www.net-security.org/press.php?id=831 Citrix and Sun Bring Client-Server, Legacy Applications into Secure Enterprise Web Portals >> http://www.net-security.org/press.php?id=830 RLX ServerBlade Platform Receives "Secured by Check Point" Certification >> http://www.net-security.org/press.php?id=829 Check Point Provides The Industry's Most Secure Voice Over IP Communications >> http://www.net-security.org/press.php?id=828 Baltimore Technologies Introduces UniCERT 5.0 >> http://www.net-security.org/press.php?id=827 IT Collaboration Launches Vision To Tackle UK Crime >> http://www.net-security.org/press.php?id=826 eEye Digital Security Releases Attack Prevention Solution for Microsoft IIS Web Servers >> http://www.net-security.org/press.php?id=825 RSA Conference 2002 Europe is Announced >> http://www.net-security.org/press.php?id=824 Telia Denmark Selects Norman As The Market’s Best Anti-Virus Solution >> http://www.net-security.org/press.php?id=823 Crowley Independent School District Deploys Aladdin's eSafe For Strong Internet Content Security >> http://www.net-security.org/press.php?id=822 Norman Virus Control Receives Virus Bulletin 100% Award for Windows XP >> http://www.net-security.org/press.php?id=821 World Class Internet Security Experts Join Qualys' Technical Advisory Board >> http://www.net-security.org/press.php?id=820 SecurityFocus Introduces New Brand Name - DeepSight - For Existing Product Family >> http://www.net-security.org/press.php?id=819 Citadel Security Software Announces Launch of Authorized Technology Partner and Channel Partner Programs >> http://www.net-security.org/press.php?id=818 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- USABILITY AND PRIVACY: A STUDY OF KAZAA P2P FILE-SHARING P2P file sharing systems are rapidly becoming one of the most popular applications on the internet, with millions of users online exchanging files daily. While primarily intended for sharing multimedia files, programs such as Gnutella, Freenet, and Kazaa frequently allow other types of files to be shared. Although this has no doubt contributed to P2P filesharing’s growing popularity, it raises serious security concerns about the types of files that users are aware of sharing with others. Users who accidentally or unknowingly allow their private or personal files to be shared risk disclosing their private information to other users on the network. >> http://www.net-security.org/article.php?id=129 VIRUS PROTECTION: ALL ROADS LEAD TO A MULTI-MODAL, MODULAR APPROACH The purpose of this paper is to explain why we have concluded that the future of virus protection lies with architecture, rather than product, and why a multi-modal, modular approach makes most sense. We show that as virus protection is a component of business security, it is best approached at the infrastructure and end-user levels using multiple modalities simultaneously. >> http://www.net-security.org/article.php?id=131 UNDERSTANDING THE EMAIL-BORNE THREAT In the past few years, email has become the predominant purveyor of viruses. This rapid communications technology outpaces the signature-based scanner updates, allowing widespread infection to occur in a matter of mere hours. Attempts to address this problem have ranged from an assortment of active content and behavioral analysis tools, improved signature-based scanners, gateway content filtering applications, digital immune systems, and security patches. >> http://www.net-security.org/article.php?id=132 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- FIRELOGD 1.3 This is a program that will parse ipchains or netfilter (iptables) log data in real time. It will queue up a small batch of alerts and mail them to you. It can also be used to parse an existing log file and it will take log data on standard input for formatting. >> http://www.net-security.org/software.php?id=145 SECURECFM 1.0 SecureCFM is dedicated to the audit of ColdFusion source code, in order to detect then correct possible Cross Site Scripting vulnerabilities. You can use it to check that your web site is not vulnerable. >> http://www.net-security.org/software.php?id=146 IPCOP 0.1.1 IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. The IPCop interface is very user-friendly and task-based. IPCop offers the critical functionality of an expensive network appliance using stock, or even obsolete, hardware and OpenSource Software. >> http://www.net-security.org/software.php?id=147 PROBOT 2.2.0 ProBot is a powerful and versatile workstation monitoring solution. This software generates the detailed event log that is kept securely in binary files. These files may be later refered by the system administrator or computer owner for the exact reconstruction of the computer usage. >> http://www.net-security.org/software.php?id=148 LEVIATHAN AUDITOR 1.0 Leviathan is a network auditing and penetration tool which runs on and againist Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses over port 139 or 445. >> http://www.net-security.org/software.php?id=149 AVIRCAP 2.0 AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. >> http://www.net-security.org/software.php?id=150 MICROCODE 0.96 microCODE from Databay enables you to encrypt your PHP scripts before publication. Thereby you can protect your code against unwanted insights or even modification of the sources by a unauthorized third party. This is especially required for commercial applications, where protection of intellectual property is a primary aim. >> http://www.net-security.org/software.php?id=151 WIPE 2.0.1 Wipe is a secure file wiping utility. >> http://www.net-security.org/software.php?id=152 TUXFRW 2.15 TuxFrw is a set of scripts created to ease the way Linux IPTables rules are configured. Using TuxFrw an user can configure his own Linux / Netfilter based network firewall, simply passing some IP address numbers and other services utilization policies. >> http://www.net-security.org/software.php?id=153 NGREP 1.40 ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. >> http://www.net-security.org/software.php?id=154 ERASER 5.4 Eraser is a secure data removal tool for Windows. It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns. >> http://www.net-security.org/software.php?id=155 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php