HNS Newsletter Issue 122 - 05.08.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- 43,136 security incidents have been reported through June, 2002. Last year 52,658 were reported for the entire year. The most common point of entry is exploitation of known operating system vulnerabilities. Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Virus news 5) Security world 6) Featured articles 7) Security software [ General security news ] ---------------------------------------------------------------- SECURE SITE SEALS MAY BE MISLEADING: NETCRAFT Secure site seals handed out to sites by certificate authorities and lock icons shown by browsers can often mislead consumers into believing that a site is more secure than it actually is. >> http://www.net-security.org/news.php?id=696 FLUFFY BUNNY NO LONGER ENERGIZED Brian McWilliams says that the hacker group that once contemplated a massive, distributed DoS attack on the Net's 13 domain-name root servers has been awfully quiet this year. >> http://www.net-security.org/news.php?id=697 WI FI HONEYPOTS A NEW HACKER TRAP War drivers beware, the next wireless network you tap might be part of an elaborate sting. >> http://www.net-security.org/news.php?id=698 IMPROVEMENTS TIGHTEN LUCENT'S SECURITY MANAGEMENT SERVER LSMS 7.0 comes with QoS support, DHCP Relay and Brick DHCP client support, HTTP application filtering, robust TCP protocol inspection, and it also includes new software for Lucent's Brick firewalls. >> http://www.net-security.org/news.php?id=699 THE RIGHT TO DEFEND Is it criminal to reach out and hack an infected machine that's attacking your network? >> http://www.net-security.org/news.php?id=700 INSIDE SECURITY ATTACKS ARE MORE FREQUENT THAN EXTERNAL Contrary to a popular belief, hackers are less of a threat. Companies are mostly at risk from inside - from discontented employees, reckless employees, or disgruntled ex-employees. >> http://www.net-security.org/news.php?id=701 PALLADIUM DEBATE HEATS UP As Microsoft shares more details of Palladium, there is a growing unease in the security community about not only the technology but also Microsoft's intentions. >> http://www.net-security.org/news.php?id=702 INTRODUCTION TO PASSWORD CRACKING Password and user account exploitation is one of largest issues in network security. This article looks at password cracking and how and ways to combat it. >> http://www.net-security.org/news.php?id=703 DEFEATING FORENSIC ANALYSIS ON UNIX Digital forensic analysis is rapidly becoming an integral part of incident response, capitalising on a steady increase in the number of trained forensic investigators and forensic toolkits available. >> http://www.net-security.org/news.php?id=704 TURNING THE SPOTLIGHT TO INTERNAL IT SECURITY Is your company data an asset or a threat? The issue will be discussed with particular reference to the U.K. >> http://www.net-security.org/news.php?id=706 HANDHELD OSES DUE FOR SECURITY ADVANCES Palm Inc. and Microsoft Corp., have seized on security as a selling point in their offerings, and we can expect significant security advances in the next-generation handheld operating systems from these companies. >> http://www.net-security.org/news.php?id=707 ARCHIVING PF FIREWALL LOGS This article looks at the problem of automating the transfer of logs from the firewall to one of the workstations connected to the internal private network segment. >> http://www.net-security.org/news.php?id=708 STUDENTS HELP FIGHT CYBERCRIME In an unusual arrangement, Tulsa, police are teaming up with students at the University of Tulsa to help investigate and stop cybercrime. >> http://www.net-security.org/news.php?id=709 MICROSOFT TAPS ACADEMICS ON SECURITY The Trustworthy Computing Academic Advisory Board will contribute to Microsoft's recent effort to improve the security and reliability of its products. >> http://www.net-security.org/news.php?id=710 CYBERINSURANCE MAY COVER DAMAGE OF COMPUTER WOES Cyberinsurance covers almost anything related to information technology, including losses resulting from viruses, hacker or denial of service attacks, extortion, and copyright and privacy infringement. >> http://www.net-security.org/news.php?id=711 FIGHTING INTERNET ABUSE: THINGS YOU CAN DO It takes about ten seconds to find that a particular IP address maps back to a certain ISP, whereupon you can simply drill down to the relevant contact e-mail addresses for the abuse admins. >> http://www.net-security.org/news.php?id=712 WARTIME SPIES' CODE GETS NEW LIFE ON CD A firm has built encryption software it claims offers the highest level of encryption available, but a local expert questions its practicality. >> http://www.net-security.org/news.php?id=713 XML WEB SERVICES NEED A FIREWALL Security is the biggest obstacle to deploying XML Web services. Traditional network firewalls won't do the job. You need the authentication and access control of an XML application firewall. >> http://www.net-security.org/news.php?id=714 RIAA HACKERS GET THEIR OWN BACK A denial of service attack knocked the Recording Industry Association of America's website off the net over the weekend. >> http://www.net-security.org/news.php?id=716 NEW TRENDS IN VIRUS TECHNOLOGY Many machines are falling prey to attackers who are using back- door viruses to take over computers to use them in distributed denial-of-service attacks. >> http://www.net-security.org/news.php?id=718 PRINCETON APOLOGIZES FOR WEB BREACH Princeton University President Shirley Tilghman apologized for snooping by at least one Princeton admissions officer into online files of high school seniors who had applied to Yale University. >> http://www.net-security.org/news.php?id=719 SCAM SWEEP TARGETS 19 ONLINE FRAUDSTERS Federal and state law enforcement authorities said Tuesday they had taken action against 19 Internet-based scams that they say collectively bilked consumers out of millions of dollars. >> http://www.net-security.org/news.php?id=720 HONEYPOTS TURN THE TABLES ON HACKERS Honeypots are positioned to become a key tool to defend the corporate enterprise from hacker attacks, but some security watchers worry they could bring a new set of security worries with them. >> http://www.net-security.org/news.php?id=721 IT NIGHTMARE: THE ENEMY WITHIN The discovery that employees are attacking internal systems is a challenge because the majority of security monitoring is focused on the outside perimeter of the organization, not on the inside. >> http://www.net-security.org/news.php?id=722 SECURITY WARNING DRAWS DMCA THREAT Hewlett Packard has found a new club to use to pound researchers who unearth flaws in the company's software: the Digital Millennium Copyright Act. >> http://www.net-security.org/news.php?id=724 WHEN DREAMCASTS ATTACK White hat hackers use game consoles, handheld PCs to crack networks from the inside out. >> http://www.net-security.org/news.php?id=726 RICHARD CLARKE POINTS FINGER OF BLAME Software makers and Internet service providers must share the blame for the nation's vulnerable networks, according to President Bush's special adviser on cyberspace security Richard Clarke. >> http://www.net-security.org/news.php?id=727 NMAP SECURITY SCANNER VERSION 3.00 HAS BEEN RELEASED Version 3.00 is the first "stable" release since 2.53 (May 2000). It's recommended that all current users upgrade. Improvements from 39 public beta releases have gone into this version. >> http://www.net-security.org/news.php?id=728 SECURING LINUX 101 Kopmanis provides some methods, lessons, and checklists for detecting blackhats, then securing your Linux box. >> http://www.net-security.org/news.php?id=730 AGENTS PASS ON AL QAEDA SITE HIJACKED FOR FBI When Web operator Jon Messner gained control of one of al Qaeda's prime Internet communication sites, he offered it to the FBI to use it for disinformation and collecting data about sympathizers. >> http://www.net-security.org/news.php?id=729 MONITOR LINUX ROUTERS AND FIREWALLS WITH MRTG MRTG doesn't have all the bells and whistles of commercial monitoring software, but it does the job well and is definitely worth considering as part of your network monitoring activities. >> http://www.net-security.org/news.php?id=731 DEFENSE DEPARTMENT TO IMPOSE LIMITS ON WIRELESS DEVICES The Defense Department is imposing new limits on its workers' use of the latest generation of wireless devices inside military buildings. >> http://www.net-security.org/news.php?id=732 SANDSTORM LAUNCHES NETINTERCEPT 1.1 NetIntercept 1.1 is a network forensics and analysis tool for FreeBSD. It debuted at GOVSEC in Washington DC. Demonstrations included the patent-pending decryption of SSH2 traffic. >> http://www.net-security.org/news.php?id=733 BN.COM: INSECURE ABOUT SECURITY? Where there is e-commerce, there will be security holes. Online bookseller BarnesandNoble.com knows this well - just don't tell them when they have one. Or six. >> http://www.net-security.org/news.php?id=734 VEGAS BRACES FOR THE HACKERS It's time once again for Def Con, the infamous hacking convention where mysterious incidents - like smoking swimming pools and FBI arrests of Russian programmers - are more commonplace than not. >> http://www.net-security.org/news.php?id=735 OPENSSH TROJANED Edwin Groothuis sent an email to the Incidents mailing list in which he says that the OpenSSH package on ftp.openbsd.org and its mirrors is trojaned. >> http://www.net-security.org/news.php?id=736 SUMMER SURPRISES WITH VIRUS RELIEF Central Command has reported that the number of virus attacks it tracks fell in July compared with June--the first time this year that reported virus infections dropped month-on-month. >> http://www.net-security.org/news.php?id=737 HACKER RINGS CRACKED IN ITALY Tipped off by American officials, Italian police shut down two rings of hackers who attacked Web sites belonging to the U.S. Army and NASA as well as Web sites in Italy. >> http://www.net-security.org/news.php?id=738 HP BACKS OFF DMCA THREAT Hewlett-Packard abandoned legal threats it made against security analysts who publicized flaws in the company's software. >> http://www.net-security.org/news.php?id=739 HACKING UP THE TRUTH ON THE INTERNET Sometimes what seems to be a respected source of reliable information is actually a clever scheme to manipulate people, suggests Dartmouth Thayer School of Engineering Professor George Cybenko. >> http://www.net-security.org/news.php?id=740 THE WEB'S MOST WANTED The hacking community from Cardiff to California has declared war on cyber crime investigators who are led by the FBI. >> http://www.net-security.org/news.php?id=741 IS SECURITY A MAN'S WORLD? By creating a women-only conference, members of the SANS institute thought they’d found a clever way to attract an extra 50 percent of the population. Instead they unleashed a fury. >> http://www.net-security.org/news.php?id=742 ADVANCED LOG PROCESSING This article offers a brief overview of log analysis, particularly: log transmission, log collection and log analysis. It will also briefly touch upon log storing and archival. >> http://www.net-security.org/news.php?id=743 GOVERNMENT AGAINST FULL DISCLOSURE OF VULNERABILITIES The government wants hackers to search for vulnerabilities, but also wants them to only pass information they find on to software vendors and the government, not to the rest of the security community. >> http://www.net-security.org/news.php?id=745 HOW THE GHETTOHACKERS TEACH SECURITY The founders of GhettoHackers say its members teach others how to crack security only to find flaws so that defenses can be hardened. They are the good guys. >> http://www.net-security.org/news.php?id=746 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Parachat Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=1919 Remote Buffer Overflow Vulnerability in Sun RPC >> http://www.net-security.org/vuln.php?id=1918 IBM U2 UniVerse ODBC Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=1917 OpenSSL Multiple Security Vulnerabilities >> http://www.net-security.org/vuln.php?id=1916 Sendform.cgi Directory Traversal Vulnerability >> http://www.net-security.org/vuln.php?id=1915 Eupload Password.txt File Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=1914 Brother Corporation NC-3100h Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=1913 Linux util-linux chfn Local Root Vulnerability >> http://www.net-security.org/vuln.php?id=1912 PHP dotProject Authentication Bypass Vulnerability >> http://www.net-security.org/vuln.php?id=1911 Abyss Web Server Version 1.0.3 File and Directory Information Revealing Vulnerability >> http://www.net-security.org/vuln.php?id=1910 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- SuSE Security Announcement - mod_ssl, mm >> http://www.net-security.org/advisory.php?id=895 Debian Security Advisory - Remote execution exploit in gallery >> http://www.net-security.org/advisory.php?id=894 FreeBSD Security Advisory - Sun RPC XDR decoder contains buffer overflow >> http://www.net-security.org/advisory.php?id=893 FreeBSD Security Advisory - exploitable race condition in pppd >> http://www.net-security.org/advisory.php?id=892 Red Hat Security Advisory - Updated mm packages fix temporary file handling >> http://www.net-security.org/advisory.php?id=891 Red Hat Security Advisory - Updated openssl packages fix remote vulnerabilities >> http://www.net-security.org/advisory.php?id=890 EnGarde Secure Linux Advisory - Several vulnerabilities in the openssl library >> http://www.net-security.org/advisory.php?id=889 Debian Security Advisory - Multiple OpenSSL problems >> http://www.net-security.org/advisory.php?id=888 Cisco Security Advisory - TFTP Long Filename Vulnerability >> http://www.net-security.org/advisory.php?id=887 Trustix Security Advisory - util-linux >> http://www.net-security.org/advisory.php?id=886 FreeBSD Security Advisory - insecure handling of stdio file descriptors >> http://www.net-security.org/advisory.php?id=885 SuSE Security Announcement - openssl >> http://www.net-security.org/advisory.php?id=884 Debian Security Advisory - New mm packages fix insecure temporary file >> http://www.net-security.org/advisory.php?id=883 Mandrake Linux Security Advisory - openssl >> http://www.net-security.org/advisory.php?id=882 Caldera Security Advisory - temporary file races in libmm >> http://www.net-security.org/advisory.php?id=881 CERT Advisory CA-2002-23 - Multiple Vulnerabilities In OpenSSL >> http://www.net-security.org/advisory.php?id=880 Mandrake Linux Security Advisory - mm >> http://www.net-security.org/advisory.php?id=879 Red Hat Security Advisory - Updated util-linux package fixes password locking race >> http://www.net-security.org/advisory.php?id=878 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Kaspersky Labs Virus Top 20 for July 2002 >> http://www.net-security.org/virus_news.php?id=57 Top Ten Viruses Reported To Sophos In July 2002 >> http://www.net-security.org/virus_news.php?id=56 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- Panda ActiveScan Provides Free On-Line Virus Protection to Webmasters >> http://www.net-security.org/press.php?id=929 BioconX and Veridicom Partner to Deliver Integrated Solutions that Use Fingerprint Authentication to Safeguard Computer Security >> http://www.net-security.org/press.php?id=928 RSA Security Appoints Jeff Glidden Chief Financial Officer >> http://www.net-security.org/press.php?id=927 Cobion AG introduces Company Internet Usage Analysis >> http://www.net-security.org/press.php?id=926 InfoExpress Selected by eLoyalty to Secure Remote Access Networks >> http://www.net-security.org/press.php?id=925 Snort and Secuplat are the First NIDS to Receive De-Facto Industry Certification >> http://www.net-security.org/press.php?id=924 Intrusion SecureNet Provider 2.0 Delivers Industry Leading Intrusion Detection Data Mining and Management >> http://www.net-security.org/press.php?id=923 Utimaco Safeware and NCP: Strategic Partnership in the Field of Workstation Security >> http://www.net-security.org/press.php?id=922 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- PROXY-BASED SECURITY PROTOCOLS IN NETWORKED MOBILE DEVICES A prototype system has been constructed, which allows for secure, yet efficient, access to networked, mobile devices. The authors present a quantitative evaluation of this system using various metrics. >> http://www.net-security.org/article.php?id=156 HACKING THE INVISIBLE NETWORK: INSECURITIES IN 802.11X This paper addresses the vulnerabilities inherent in 802.11x networks, how to determine if a WLAN is vulnerable using freeware tools and how to best secure them. >> http://www.net-security.org/article.php?id=157 OPENSSL SECURITY VULNERABILITIES ROUNDUP There are four remotely exploitable buffer overflows in OpenSSL plus encoding problems in the ASN.1 library. This roundup contains vulnerability information, security advisories and patches on this topic. >> http://www.net-security.org/article.php?id=158 PROPRIETARY CERTIFICATES Certificates play an essential role in public-key cryptography and are likely to become a cornerstone of commerce related applications. In this paper, we introduce the notion of proprietary and collateral certificates. >> http://www.net-security.org/article.php?id=159 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- NMAPWIN 1.2.13 NMapWin is a Windows2000 front-end for nmap. NMapWin does not replace nmap, but rather acts as a native Windows Gui for nmap. >> http://www.net-security.org/software.php?id=220 LCRZO 4.12 Lcrzo is a network library, for network administrators and network hackers. Its objective is to easily create network programs. >> http://www.net-security.org/software.php?id=221 LCRZOEX 4.12 Lcrzoex is a toolbox for network administrators and network hackers. Lcrzoex contains over 400 tools using network library lcrzo. Each one can be compiled alone and modified to match your needs. >> http://www.net-security.org/software.php?id=222 NIKTO 1.10 Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 1500 potentially dangerous files/CGIs, versions on over 110 products/CGIs, and reports details on over 160 products/CGIs. >> http://www.net-security.org/software.php?id=223 ENCRYPTIT 1.70 EncryptIt uses 448 bit Blowfish and 168 bi 3DES Encryption algorithms to secure your personal files. >> http://www.net-security.org/software.php?id=224 AUTOMATED PASSWORD GENERATOR 2.0 Automated Password Generator is a set of tools for random password generation including a standalone password generator, an RFC972 password generation server, and a Perl client for the password generation server. >> http://www.net-security.org/software.php?id=225 HASHISH 0.4 Hashish is a file and string hashing utility that computes cryptograhpic hashes. >> http://www.net-security.org/software.php?id=226 FWLOGWATCH 0.8.1 fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX, Windows XP, and Snort IDS log files. >> http://www.net-security.org/software.php?id=227 PAM_PASSWDQC 0.6 pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd. >> http://www.net-security.org/software.php?id=228 PERL MD5 SECURE LOGIN 0.20 Perl MD5 Secure Login is a Web-based framework for implementing an MD5-based encryption scheme on both client (using browser JavaScript) and server (using Perl Digest::MD5) for a secure password login to Web applications. Unlike .htaccess, the password is never stored or transmitted as plain text. >> http://www.net-security.org/software.php?id=229 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php