HNS Newsletter
Issue 121 - 29.07.2002
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


-----------------------------------------------------------------
SECURITY INCIDENT ALERT
-----------------------------------------------------------------
43,136 security incidents have been reported through June, 2002.
Last year 52,658 were reported for the entire year. The most 
common point of entry is exploitation of known operating system 
vulnerabilities.

Check your Web servers, FTP servers, Mail servers , DNS servers,
firewalls, IDS systems, switchers and routers for over 900 up to 
date vulnerabilities. Secure your critical assets today!

FREE System Security Test and Detailed Report
http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1
-----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Virus news
5) Security world
6) Featured articles
7) Security software


[ General security news ]

 
----------------------------------------------------------------

FACE RECOGNITION FAILS IN BOSTON AIRPORT
Test runs of the Identix magical face-recognition terrorist finder 
at Boston's Logan Airport have failed miserably, as expected.
>> http://www.net-security.org/news.php?id=645


AUDIT YOUR LAN BEFORE THE BAD GUYS DO WITH NMAP
Because nmap is so good at what it does, it is the tool of choice 
for crackers, which raises some ethical questions: is it OK to 
portscan other people's networks?
>> http://www.net-security.org/news.php?id=646


INCREASED SECURITY BOOSTS BIOMETRICS MARKET
The impact of the terrorist attacks on security applications will 
boost the value of the biometrics market to $2.05bn in 2006, 
according to a report from analyst Frost & Sullivan.
>> http://www.net-security.org/news.php?id=647


HACKING IN THE NAME OF SECURITY
Barry "The Key" Wels picks locks for the sport of it, but also to 
make a broader point.
>> http://www.net-security.org/news.php?id=648


SECURITY CONCERNS LOOM IN NEW WIRELESS WORLD
Wireless networks are full of holes that criminals can enter. But 
home and business users can take steps that go a long way 
toward plugging security leaks.
>> http://www.net-security.org/news.php?id=649


HACKER NABBED FOR BT1.8M SCAM
Police arrested a computer hacker, Sipho Hasiya, 21, on charges 
relating to a Bt1.8-million scam involving the billing of mobile
phone users and the hacking of credit-card accounts.
>> http://www.net-security.org/news.php?id=650


U.S. COMPANIES UNPREPARED FOR CYBER TERROR
Michael Vatis, director of the Institute for Security Technology 
Studies, says corporate America is vulnerable to attack, and he 
wants to create a team reminiscent of the Manhattan Project to 
tackle the problem.
>> http://www.net-security.org/news.php?id=651


NEW SWISS SURVEILLANCE LAW
A record of almost every email sent to and from Switzerland is to 
be logged and stored for at least six months, under a new Swiss 
surveillance law.
>> http://www.net-security.org/news.php?id=652


LIVERPOOL: I WANNA HOLD YOUR SPAM
Once it discovered that its 6,000-strong staff were sending 100,000
plus internal e-mails a day, the Liverpool City Council, previously 
famous for the Beatles, banned such activities one day a week.
>> http://www.net-security.org/news.php?id=653


NEW BOOK ON STEGANOGRAPHY BY PETER WAYNER
When Peter Wayner wrote a book on the practice of steganography 
in 1996, the term seemed so arcane, so daunting, that his publisher 
insisted he not use that word in the title.
>> http://www.net-security.org/news.php?id=654


SYMANTEC'S SECURITYFOCUS BUYOUT MET WITH PESSIMISM
While Symantec has stated that it will not exert influence on 
BugTraq, which it now owns, list members find that assurance 
hard to trust.
>> http://www.net-security.org/news.php?id=656


HIGH-FLYING SCHMIDT
Unstoppable viruses, massive blackouts, hacked pacemakers? The
government's number two cyber security guy wasn't this apocalyptic 
when he worked for Microsoft.
>> http://www.net-security.org/news.php?id=657


WHAT DOES THE FUTURE HOLD FOR PGP?
Network Associates no longer supports the encryption technology, 
but that doesn't mean it will disappear.
>> http://www.net-security.org/news.php?id=658


NETBSD 1.5.3 MAINTENANCE RELEASE OFFICIALLY AVAILABLE
The NetBSD Project released a maintenance release for its stable 
1.5 branch. Since the last release various improvements, new 
hardware support, and a few security fixes have been integrated.
>> http://www.net-security.org/news.php?id=659


INTERNET EXTENDS LONG ARM OF THE LAW
Police in Italy didn't care that five Web sites they deemed 
blasphemous and thus illegal were located in the United States, 
where First Amendment protections apply.
>> http://www.net-security.org/news.php?id=660


SECURITY SYNERGY
Can IT projects and government requirements be aligned to 
benefit both security and business goals?
>> http://www.net-security.org/news.php?id=661


HARD DISK WILL HAVE HACKERS SEEING DOUBLE
Web sites could be kept safe by using a hard disk with two heads, 
security company says.
>> http://www.net-security.org/news.php?id=662


FIREWALL SAFEGUARDS WEB-ENABLED APPLICATIONS
Reactivity Inc. is hoping to help fill the void in Web services 
security with its new firewall (Service Firewall 1.0) designed 
specifically to protect Web-enabled applications.
>> http://www.net-security.org/news.php?id=663


WIRELESS (IN)SECURITY: ARE YOUR NETWORKS SNOOP-PROOF?
Now, someone can steal your company's most sensitive data by 
snatching it out of thin air - right from the company parking lot. 
>> http://www.net-security.org/news.php?id=666


HERE'S ONE MORE TRICK UP HACKERS' SLEEVES
Even if hackers can't hijack your computer, they can still gain 
access to your personal info--and your Web e-mail--through 
something called cross-site scripting. Robert tells you the 
best way to protect yourself.
>> http://www.net-security.org/news.php?id=667


PIRACY AND FREE SOFTWARE NOT ALWAYS COUNTED
A flaw in the way annual software usage statistics are compiled 
may have led to legal distribution of open-source programs being 
lumped with illegal trafficking in desktop applications, inflating 
losses.
>> http://www.net-security.org/news.php?id=668


WEBTV 'VIRUS' CALLS THE COPS
The malicious code causes the machine to dial 911, the US 
emergency services number, and has reportedly resulted in 
police officers being dispatched to WebTV users' homes.
>> http://www.net-security.org/news.php?id=669


WILL HACKERS UNITE AND TAKE OVER?
If the Web falls prey to a massive shutdown, I do not want to 
see finger-pointing. I want to see handcuffing.
>> http://www.net-security.org/news.php?id=670


MICROSOFT TALKS THE TALK ON SECURITY
Microsoft is making a bid to change from the company the rest of 
us blame for security issues and it is not at all abashed about it.
>> http://www.net-security.org/news.php?id=671


REPORT URGES STATES TO ORGANIZE AGAINST CYBERTERROR
The National Association of State Chief Information Officers is 
urging government leaders to set aside political differences and 
make cybersecurity and critical-infrastructure protection a 
top priority.
>> http://www.net-security.org/news.php?id=672


ADDITIONAL SECURITY IN THE LINUX KERNEL?
On Slashtot nyx says that he's been looking for some way to 
improve security on his linux boxes. He found a few linux patches 
and wonders if anyone can share some experiences with him.
>> http://www.net-security.org/news.php?id=673


COMING SOON: ATTACK OF THE SUPER WORMS
The threat to computer networks from worms is multiplying in 
both sophistication and potential for damage.
>> http://www.net-security.org/news.php?id=674


CONGRESS TO TURN HACKS INTO HACKERS
If House Hollywood sock puppet Howard Berman gets his way, it 
will become legal to hack a network in efforts to impede the on
line illicit trade in copyrighted works.
>> http://www.net-security.org/news.php?id=676


WEB SECURITY MAY HIDE BIZ SECRETS
The Bush administration wants Congress to relax open-government 
laws to beef up computer security. But one lawmaker protests, 
saying companies could hide sensitive information from public 
scrutiny.
>> http://www.net-security.org/news.php?id=677


GROUP UNVEILS FLASH MEMORY SECURITY SPEC
A group of electronics manufacturers is looking to expand the 
uses for removable flash memory cards with a new security 
specification.
>> http://www.net-security.org/news.php?id=678


HACKERS USE WI-FI INVISIBILITY CLOAK
Insecure Wi-Fi does not just put your data at risk. If hackers 
use it to hack other companies, you could be vulnerable to 
lawsuits.
>> http://www.net-security.org/news.php?id=679


SHAVLIK EASES MICROSOFT PATCH MANAGEMENT
Shavlik Technologies announced more real-time features for its 
Microsoft security and patch management tools.
>> http://www.net-security.org/news.php?id=680


DETECTING AND REMOVING MALICIOUS CODE
Crackers have access to countless variations of malicious code, 
all designed to breach your security. This article will explain 
techniques to get their system back on-line and prevent it 
from happening again.
>> http://www.net-security.org/news.php?id=681


HOW-TO FROM HACKERS
Even if you're not sure you'd hire a former hacker, your staff can 
learn a great deal from talking with one. Here are six lessons 
developers can learn from hackers.
>> http://www.net-security.org/news.php?id=682


THE OPEN WEB APPLICATION SECURITY PROJECT
This is a group of devoted volunteers that are building a very 
comprehensive resource regarding security information and 
ways to manage potential security threats on web based systems.
>> http://www.net-security.org/news.php?id=683


MY GUIDE TO LINUX SECURITY
If you are an active proponent of computer security, this article 
will be a review. If you do not have any security practices, you 
should read on to get a general idea of how to secure a Linux box.
>> http://www.net-security.org/news.php?id=684


FIVE MICROSOFT SECURITY BULLETINS RELEASED
Microsoft was pretty active the past few days, as they released 
five security bulletins dealing with SQL Server 2000, Windows 
Media Player, Microsoft Metadirectory and Microsoft Exchange 
5.5 security issues.
>> http://www.net-security.org/article.php?id=154


YALE ACCUSES PRINCETON OF HACKING INTO ADMISSIONS WEB SITE
Yale University complained to the FBI on Thursday that admissions 
officials at Princeton hacked into a Yale Web site that was set up 
for prospective students.
>> http://www.net-security.org/news.php?id=686


US UNION DEFENDS HACKER CODE
A cornerstone of digital copy-protection law is about to be 
challenged in court by the American Civil Liberties Union.
>> http://www.net-security.org/news.php?id=687


FIND A BUG? DON'T E-MAIL MICROSOFT
It may be the most-used vendor bug reporting address in history. 
This week Redmond put "secure@microsoft.com" out to pasture 
in favor of a handy Web form.
>> http://www.net-security.org/news.php?id=688


FIREWALLS: THE SOFT OPTION
There is no excuse for failing to protect data on a network and 
there are plenty of firewall options on the market.
>> http://www.net-security.org/news.php?id=689


CYBERSECURITY CONFUSION HAMPERS GOVERNMENT
U.S. cybersecurity policy and the protection of critical 
infrastructure is being hampered by a failure to communicate 
between the large number of federal organizations which have 
responsibilities in the area.
>> http://www.net-security.org/news.php?id=690


VERIO TRIES TO GET MONKEYS.COM OFF ITS BACK
Web-hosting company won its battle against an antispam activist, 
but the war is far from over.
>> http://www.net-security.org/news.php?id=691


SECURING YOUR NETWORK IS NO EASY TASK, BUT IT HAS TO BE DONE
Information security is becoming increasingly critical, especially 
as companies suffer from more and more nefarious attacks, 
including from viruses and DoS attacks.
>> http://www.net-security.org/news.php?id=692


UNIX SHELL SCRIPTING MALWARE
Unix/Linux binary malware can be very dependent upon distribution 
flavour and kernel version. What are the possibilities in the Unix 
world for malicious code using scripting?
>> http://www.net-security.org/virus_news.php?id=55


EXECUTIVES ADVISED TO TAKE ROLE IN INTERNET SECURITY
Security issues need to be addressed in boardrooms and executive 
suites, not just data centers and network storage closets.
>> http://www.net-security.org/news.php?id=694

----------------------------------------------------------------

-----------------------------------------------------------------
RSA CONFERENCE 2002, PARIS, 7 - 10 OCTOBER
-----------------------------------------------------------------
Join over 1,000 security minded professionals at Europe's premiere
e-security conference. If you are involved in information security as
a developer, engineer, IT professional, or government official, this
event is designed for you.

http://www.rsaconference.net/paris/
-----------------------------------------------------------------


[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

JanaServer Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=1909


Cisco IOS Integrated TFTP Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=1908


Hewlett Packard ChaiVM Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=1907


Mailman Cross Site Scripting Vulnerability
>> http://www.net-security.org/vuln.php?id=1906


Denial of Service Vulnerability in Pine 4.44
>> http://www.net-security.org/vuln.php?id=1905


Stealing and Spoofing Arbitrary Cookie in Mozilla
>> http://www.net-security.org/vuln.php?id=1904


W3Mail Problems With MIME Attachments
>> http://www.net-security.org/vuln.php?id=1903


ezContents multiple vulnerabilities
>> http://www.net-security.org/vuln.php?id=1902


SQL Server 2000 Buffer Overflows and SQL Injection Vulnerabilities
>> http://www.net-security.org/vuln.php?id=1901


Novell GroupWise 6.0.1 Support Pack 1 Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=1900


Unauthenticated Remote Compromise in MS SQL Server 2000
>> http://www.net-security.org/vuln.php?id=1899


Remote Buffer Overflow Vulnerability in Microsoft Exchange Server
>> http://www.net-security.org/vuln.php?id=1898


Uninets StatsPlus 1.25 Script Injection Vulnerabilities
>> http://www.net-security.org/vuln.php?id=1897


CacheFlow CacheOS Cross-site Scripting Vulnerability
>> http://www.net-security.org/vuln.php?id=1896


Interface Promiscuity Obscurity in Linux
>> http://www.net-security.org/vuln.php?id=1895


Cobalt Qube 3 Administration Page Vulnerability
>> http://www.net-security.org/vuln.php?id=1894


PHP Resource Exhaustion Denial of Service Vulnerability
>> http://www.net-security.org/vuln.php?id=1893


PHP Segfault Vulnerability Reproducing
>> http://www.net-security.org/vuln.php?id=1892


Denial of Service in ZyXEL Prestige 642R w/ZyNOS
>> http://www.net-security.org/vuln.php?id=1891


Arbitrary Code Execution Vulnerability in VanDyke SecureCRT
>> http://www.net-security.org/vuln.php?id=1890


Adobe Acrobat eBook Reader and Content Server Vulnerability
>> http://www.net-security.org/vuln.php?id=1889


Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
>> http://www.net-security.org/vuln.php?id=1888


PHP Remote Compromise and Denial of Service Vulnerability
>> http://www.net-security.org/vuln.php?id=1887


BadBlue Unauthorized Administrative Command Execution Vulnerability
>> http://www.net-security.org/vuln.php?id=1886


BadBlue 302 Status Message Cross Site Scripting Vulnerability
>> http://www.net-security.org/vuln.php?id=1885


Geeklog XSS and CRLF Injection Vulnerability
>> http://www.net-security.org/vuln.php?id=1884


Windows 2000 Advanced Server Domain Controller 
Authentication Vulnerability
>> http://www.net-security.org/vuln.php?id=1883


Java Webstart Arbitrary Code Execution Vulnerability
>> http://www.net-security.org/vuln.php?id=1882


wwwoffle Negative Content-Length Value Segfault Vulnerability
>> http://www.net-security.org/vuln.php?id=1881


Oracle Reports Server Information Disclosure Vulnerability
>> http://www.net-security.org/vuln.php?id=1880

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Red Hat Security Advisory - Updated glibc packages fix 
vulnerabilities in resolver
>> http://www.net-security.org/advisory.php?id=877


Microsoft Security Bulletin MS02-039 - Buffer Overruns in SQL Server 
2000 Resolution Service Could Enable Code Execution
>> http://www.net-security.org/advisory.php?id=876


Microsoft Security Bulletin MS02-032 - 26 June 2002 Cumulative Patch 
for Windows Media Player (Version 2.0)
>> http://www.net-security.org/advisory.php?id=875


Microsoft Security Bulletin MS02-038 - Cumulative Patch for SQL 
Server 2000 Service Pack 2
>> http://www.net-security.org/advisory.php?id=874


Microsoft Security Bulletin MS02-037 - Server Response To SMTP 
Client EHLO Command Results In Buffer Overrun
>> http://www.net-security.org/advisory.php?id=873


Microsoft Security Bulletin MS02-036 - Authentication Flaw in 
Microsoft Metadirectory Services Could Allow Privilege Elevation
>> http://www.net-security.org/advisory.php?id=872


EnGarde Secure Linux Advisory - Buffer overflow in BIND4-derived 
resolver code
>> http://www.net-security.org/advisory.php?id=871


Cisco Security Advisory - Heap Overflow in Solaris cachefs Daemon
>> http://www.net-security.org/advisory.php?id=870


CERT Advisory CA-2002-21 - Vulnerability in PHP
>> http://www.net-security.org/advisory.php?id=869


Caldera Security Advisory - OpenServer 5.0.5 OpenServer 5.0.6: 
crontab format string vulnerability
>> http://www.net-security.org/advisory.php?id=868

----------------------------------------------------------------




[ Virus News ] 


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Unix Shell Scripting Malware
>> http://www.net-security.org/virus_news.php?id=55


Panda Software's Perimeterscan Released
>> http://www.net-security.org/virus_news.php?id=54


Panda Antivirus for Novell Netware 6 Beta Released
>> http://www.net-security.org/virus_news.php?id=53


Safeguard Your Campus - Free Web Seminar
>> http://www.net-security.org/virus_news.php?id=52

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

Authenex Announces Aggressive Promotional Pricing For 
Enterprise Two-Factor Authentication Systems
>> http://www.net-security.org/press.php?id=921


VSpace CSA Goes Solo � Launches New Corporate Security System
>> http://www.net-security.org/press.php?id=920


Secos And Security Focus Partner To Deliver Real-Time 
Vulnerability Data
>> http://www.net-security.org/press.php?id=919


Resilience DX4000 Integrated High Availability Security 
Appliance Achieves
>> http://www.net-security.org/press.php?id=918


Symantec's Norton AntiVirus 2002 Wins Editors' Choice in CNET Roundup
>> http://www.net-security.org/press.php?id=917


ISA Server Now Protected by Panda Software's Perimeterscan
>> http://www.net-security.org/press.php?id=916


BitDefender Adds a Privacy Control Module to BitDefender Professional
>> http://www.net-security.org/press.php?id=915


Datakey Announces Second Quarter Results
>> http://www.net-security.org/press.php?id=914


Network-1 Unveils Enhanced Enterprise Desktop Firewall Product 
To Thwart Intrusions Through Remote Clients
>> http://www.net-security.org/press.php?id=913


ICSA Labs Announces 2nd Quarter 2002 Product Certifications
>> http://www.net-security.org/press.php?id=912


iPass and InfoExpress Announce Technology Alliance
>> http://www.net-security.org/press.php?id=911


Panda Software Launches the Beta Version of Panda 
Antivirus for Novell Netware 6
>> http://www.net-security.org/press.php?id=910


Trend Micro PC-cillin Detects 100% of 'In the Wild' Viruses in 
Latest Test by AV-Test.org
>> http://www.net-security.org/press.php?id=909


Worldwide First Microsoft Certification for Utimaco Safeware's 
Pocket PC Security Solution
>> http://www.net-security.org/press.php?id=908

----------------------------------------------------------------




[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

SECURITY IN PLAN 9
The security architecture of the Plan 9 operating system has been 
redesigned to address some technical shortcomings. This redesign 
provided an opportunity also to make the system more conve�nient 
to use securely.
>> http://www.net-security.org/article.php?id=155


FIVE MICROSOFT SECURITY BULLETINS RELEASED
Microsoft was pretty active in the past few days - they released 
five security bulletins dealing with the following products: SQL 
Server 2000, Windows Media Player, Microsoft Metadirectory and 
Microsoft Exchange 5.5 security issues.
>> http://www.net-security.org/article.php?id=154


TRUSTED PATHS FOR BROWSERS: AN OPEN-SOURCE SOLUTION TO WEB SPOOFING
This paper reports the results of our work to systematically defend 
against Web spoofing, by creating a trusted path from the browser 
to the user. 
>> http://www.net-security.org/article.php?id=153


SECURE EXECUTION VIA PROGRAM SHEPHERDING
We introduce program shepherding, a method for monitoring control 
flow transfers during program execution to enforce a security policy.
>> http://www.net-security.org/article.php?id=152

----------------------------------------------------------------




[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

CHKROOTKIT 0.36
Chkrootkit is a tool to locally check for signs of a rootkit. It 
contains a chkrootkit: shell script that checks system binaries 
for rootkit modification.
>> http://www.net-security.org/software.php?id=210


FLOPPYFW 1.0.13
floppyfw is a static router with the firewall-capabilities in Linux.
>> http://www.net-security.org/software.php?id=211


ILOCK 3.1
iLock is designed for computers using Windows 95, Windows 98, or 
Windows Me. iLock is a secure user interface to any program. One 
password unlocks the system. iLock can be quickly disabled for 
easy maintenance.
>> http://www.net-security.org/software.php?id=212


PHPSECUREPAGES 0.27B
phpSecurePages is a PHP module to secures pages with a login 
name and password.
>> http://www.net-security.org/software.php?id=213


MIMEDEFANG 2.16
MIMEDefang is a flexible MIME email scanner designed to protect 
Windows clients from viruses. However, it can do many other kinds 
of mail processing, such as replacing parts of messages with URLs, 
adding boilerplate disclaimers, and so on. It can alter or delete 
various parts of a MIME message according to a very flexible 
configuration file.
>> http://www.net-security.org/software.php?id=214


TASK 1.50
The @stake Sleuth Kit (TASK) is the only open source forensic 
toolkit for a complete analysis of Microsoft and UNIX file systems.
>> http://www.net-security.org/software.php?id=215


AUTOPSY FORENSIC BROWSER 1.60
The Autopsy Forensic Browser is an HTML-based graphical interface 
to The @stake Sleuth Kit (TASK). Together, TASK and Autopsy Forensic 
Browser are an open source alternative to the common Windows-based 
digital forensic tools.
>> http://www.net-security.org/software.php?id=216


BASTILLE LINUX 1.3.0
The Bastille Hardening System attempts to "harden" or "tighten" the 
Linux operating system. It currently supports Red Hat and Mandrake 
systems, with support on the way for Debian, SuSE, TurboLinux 
and HP-UX.
>> http://www.net-security.org/software.php?id=217


KISMET 2.4
Kismet is a 802.11b wireless network sniffer. It is capable of 
sniffing using almost any wireless card supported in Linux, including
Prism2 based cards supported by the Wlan-NG project (Linksys, Dlink,
Rangelan, etc), cards which support standard packet capture via 
libpcap (Cisco), and limited support for cards without RF Monitor 
support.
>> http://www.net-security.org/software.php?id=218


PORTSCAN
Portscan is a tool that creates an archive of submitted portscans, 
and allows the database to be searched in interesting ways.
>> http://www.net-security.org/software.php?id=219

----------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending your e-mail address to:
info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php