HNS Newsletter Issue 124 - 26.08.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- RSA CONFERENCE 2002, PARIS, 7 - 10 OCTOBER ----------------------------------------------------------------- Join over 1,000 security minded professionals at Europe's premiere e-security conference. If you are involved in information security as a developer, engineer, IT professional, or government official, this event is designed for you. http://www.rsaconference.net/paris/ ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Virus news 5) Security world 6) Featured articles 7) Featured reviews 8) Security software [ General security news ] ---------------------------------------------------------------- XML FIREWALLS AID SERVICES Two technology companies are helping corporate users embrace XML-based information while ensuring the security and integrity of the messages that come into their systems. >> http://www.net-security.org/news.php?id=822 SEND CONGRESS BACK TO SCHOOL Why lawmakers should stop legislating the Internet until they understand it better. >> http://www.net-security.org/news.php?id=823 MICROSOFT SECURITY UNDER FIRE, AGAIN... Microsoft's commitment to security is being questioned after its inaction regarding two new reports of security vulnerabilities in its products, security experts say. >> http://www.net-security.org/news.php?id=824 CANADIANS STEERING CLEAR OF ON-LINE SHOPPING The Leger Marketing survey found out that Canadians pass up up opportunities to buy their goods and services online because security-related worries. >> http://www.net-security.org/news.php?id=825 WIRELESS SECURITY AND HACKING This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools. >> http://www.net-security.org/news.php?id=826 THE WHITE HOUSE AND FREE SOFTWARE WILL GUIDE THE INDUSTRY We know that a focus on security is necessary, but can the government and the Free Software and Open Source communities agree on what that means? >> http://www.net-security.org/news.php?id=828 MORE OUTSIDE ARTICLES AT HNS - WIRELESS The "Wireless" section has been added to the list of Outside Articles. Check it out for all your wireless security needs. >> http://www.net-security.org/articles_out_cat.php?cat=15 WIRELESS HACKERS TAKE TO THE AIR Australian hackers have taken the practice of looking for open wireless networks to new heights. >> http://www.net-security.org/news.php?id=830 A NEW PART OF HNS - REVIEWS The Reviews section has opened it's doors. Check it out! >> http://www.net-security.org/reviews.php SPRINT SECURITY FAULTED IN VEGAS HACKS Telco faces forced security audits as vice hack case wraps up in Las Vegas. >> http://www.net-security.org/news.php?id=832 CRACKING THE HACKERS' CODE If your organisation suffered a computer crime in the past few years and reported it to AusCERT, it was probably an attack carried out from the outside. >> http://www.net-security.org/news.php?id=833 EXPLORING DIFFIE-HELLMAN ENCRYPTION The GNU bc threaded code compiler provides arbitrary precision arithmetic that can handle large numbers used in modern cryptography. Here we use it to explore Diffie-Hellman public key encryption. >> http://www.net-security.org/news.php?id=834 GUIDE TO WINDOWS SECURITY This guide will cover some of such tips and tricks for different applications which should make your system more secure as well as less prone to viruses. >> http://www.net-security.org/news.php?id=835 RSA SECURITY FACES SEC INJUNCTION THREAT The US Securities and Exchange Commission may file for a civil injunction against RSA Security, following an investigation into the company's disclosures of revenue recognition changes. >> http://www.net-security.org/news.php?id=836 START-UP WILL MARKET PGP New PGP company acquires encryption technology, plans expanded product line. >> http://www.net-security.org/news.php?id=837 HAIKU'DA BEEN A SPAM FILTER A new spam-filtering service uses a unique method to halt the flow of the horrid stuff: a hidden scrap of copyrighted poetry. >> http://www.net-security.org/news.php?id=838 AUTOMATE ACCESS CONTROL Today, technology more closely resembles the popular show "Survivor" - as tech leaders never really know who's a threat or where the next betrayal could come from. >> http://www.net-security.org/news.php?id=839 COMPUTER EXPERTS SAY 'SCRIPT KIDDIES' A RELIC "They're [script kiddies] just not the threat they once were," said Mark Toshack, a virus analyst for MesssageLabs. >> http://www.net-security.org/news.php?id=840 STUDY: ADMINS SLOW IN PATCHING APACHE-SSL SERVERS Many web servers running Apache-SSL remain vulnerable to attacks, although a June security alert did prompt administrators to patch standard Apache Web installations. >> http://www.net-security.org/news.php?id=842 CAN MICROSOFT TAKE THE LEAD IN SECURITY? Microsoft is undergoing a major cultural shift in the way it deals with security, but it has come much later than it should have, said company executives at its TechEd conference in Brisbane. >> http://www.net-security.org/news.php?id=843 CAN MICROSOFT TAKE THE LEAD IN SECURITY? Microsoft is undergoing a major cultural shift in the way it deals with security, but it has come much later than it should have, said company executives at its TechEd conference in Brisbane. >> http://www.net-security.org/news.php?id=843 EUROPE TO FORCE ISPS AND TELCOS TO RETAIN DATA FOR ONE YEAR European Union proposals on data retention would compel telecom firms to keep customer email logs, details of internet usage and phone call records for at least a year. >> http://www.net-security.org/news.php?id=844 A MAP OF WIRELESS CONTROVERSY? They strike at night or in broad daylight. They're called "warchalkers," and they're part of a global guerrilla campaign to point out to others where to get free, wireless Internet access in public places. >> http://www.net-security.org/news.php?id=845 WIRELESS SECURITY BLACKPAPER Can wireless networks be deployed securely? What are the security holes? This article attempts to answer these questions and others about wireless networking security in an enterprise environment. >> http://www.net-security.org/news.php?id=847 DATA DELUGE Security systems generate an overload of information. New tools help manage it all more effectively. >> http://www.net-security.org/news.php?id=848 A NEW AES STANDARD FOR WIRELESS A new encryption mode joins 16 others for consideration by the National Institute of Standards and Technology as a security mode using the advanced encryption standard (AES). >> http://www.net-security.org/news.php?id=849 KNOW YOUR ENEMY: DEFINING VIRTUAL HONEYNETS This paper defines what a Virtual Honeynet is, its advantages and disadvantages, and the different way they can be deployed. >> http://www.net-security.org/news.php?id=850 PLANS EMERGING FOR NATIONAL SECURITY DATA SHARING Defense and intelligence officials are shedding light on new antiterror initiatives at this week's Information Sharing and Homeland Security conference. >> http://www.net-security.org/news.php?id=851 ALBERTA HACKERS GEAR UP FOR INTERNATIONAL WAR DRIVING DAY Information technology managers may want to pay close attention to Red Deer, Alberta, on Aug. 31, which has been targeted by hackers for a "wardriving" day. >> http://www.net-security.org/news.php?id=852 U.S. PROBES FIRM IN SECURITY BREACH Federal law enforcement authorities searched the computers of a San Diego security firm that used the Internet to access government and military computers without authorization. >> http://www.net-security.org/news.php?id=853 INTRODUCTION TO AUTOROOTERS This article explores the concepts behind autorooters and what can be done to defend against them. >> http://www.net-security.org/news.php?id=854 NEW SALVO IN PIRACY, PRIVACY WAR The RIAA asks a federal court to order Verizon Internet Services to turn over information on one of its subscribers, which the court does. Verizon demurs. The issue is far from closed. >> http://www.net-security.org/news.php?id=855 SECURITY POLICIES: ONLY AS GOOD AS THE AUDIT If you think you have a sound IT policy because your administrators clamor about the continual need to update security patches, you might want to think again. >> http://www.net-security.org/news.php?id=856 STOLEN DATA REVEAL UNDERCOVER COPS Surveillance firm’s client list is stolen and posted on Internet; undercover police officers, Secret Service names revealed. >> http://www.net-security.org/news.php?id=857 SECURITY SPECIALISTS BLAME FAULTY SOFTWARE "When we face a choice between adding features and resolving security issues, we need to choose security," wrote Microsoft chairman Bill Gates to his employees. >> http://www.net-security.org/news.php?id=858 SECURITY FLAW IN KEY MICROSOFT SERVICES Microsoft on Tuesday warned users of a number of its subscription programs of a potential security flaw affecting the software they use for downloads. >> http://www.net-security.org/news.php?id=859 WAR DIALING After introducing and exploring the different forms war dialing attacks can take and some tools used to execute such attacks, the article examines measures that can be taken to prevent such an attack. >> http://www.net-security.org/news.php?id=860 WINDOWS ICF: CAN'T LIVE WITH IT, CAN'T LIVE WITHOUT IT In this article, we will give an overview of the Internet Connection Firewall (ICF), see how it performs under a simulated attack, and discuss the pros and cons of ICF. >> http://www.net-security.org/news.php?id=862 CACHEFLOW TRIES ON SECURITY COAT CacheFlow, which once concentrated on specialty servers for speeding Net access, has changed its name to Blue Coat Systems and will focus on the security market. >> http://www.net-security.org/news.php?id=863 WHITE HOUSE DEBATES CYBERWAR RULES The Bush administration is stepping up an internal debate on the rules of engagement for cyberwarfare as evidence mounts that foreign governments are surreptitiously exploring our digital infrastructure. >> http://www.net-security.org/news.php?id=864 THE SEVEN DEADLY SECURITY SINS Gartner research director John Pescatore blamed the hiring of people who turn out to be internal threats or who have submitted inflated resumes, which results in "sheer incompetence." >> http://www.net-security.org/news.php?id=865 CYBERTERRORISM SCENARIOS SCRUTINIZED Security experts, IT professionals meet to consider how best to plan for likely cyberattacks. >> http://www.net-security.org/news.php?id=866 A WEB-ONLY PRIMER ON PUBLIC-KEY ENCRYPTION This article is an outline of the principles of the most common variant of public-key cryptography, which is known as RSA, after the initials of its three inventors. >> http://www.net-security.org/news.php?id=867 EXPLORING XML ENCRYPTION, PART 2 In this paper, the author examines the usage model of XML Encryption with the help of a use case scenario. >> http://www.net-security.org/news.php?id=868 NetScreen adds intrusion detection with OneSecure purchase Firewall and VPN hardware and software maker NetScreen Technologies is adding intrusion detection and prevention systems to its list of products, thanks to the acquisition of OneSecure. >> http://www.net-security.org/news.php?id=869 MAKING THE MOST OF OPENSSH OpenSSH is a secure replacement for depreciated protocols such as telnet and rsh. It has become a De-facto standard as a remote login service for Linux, BSD, and other *nix variants for quite a while. >> http://www.net-security.org/news.php?id=870 ---------------------------------------------------------------- ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- 43,136 security incidents have been reported through June, 2002. Last year 52,658 were reported for the entire year. The most common point of entry is exploitation of known operating system vulnerabilities. Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ----------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Light Remotely Exploitable Code Execution Vulnerability >> http://www.net-security.org/vuln.php?id=1980 Achievo Arbitary Code Execution Vulnerability >> http://www.net-security.org/vuln.php?id=1979 LG Electronics LR3100p Router Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=1978 Arbitrary Command Execution on Distributor SQL Server 2000 Machines >> http://www.net-security.org/vuln.php?id=1977 Microsoft File Transfer Manager Vulnerability >> http://www.net-security.org/vuln.php?id=1976 Aquonics File Manager, PalmOS 4.x and AccessDenied Screensaver Vulnerabilities >> http://www.net-security.org/vuln.php?id=1975 LG Electronics LR3001f Router Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=1974 scponly Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=1973 Multiple Vulnerabilities with Pingtel xpressa SIP Phones #2 >> http://www.net-security.org/vuln.php?id=1972 Mantis Arbitrary Code Execution and File Reading Vulnerabilities >> http://www.net-security.org/vuln.php?id=1971 Mantis Arbitrary Code Execution Vulnerability >> http://www.net-security.org/vuln.php?id=1970 Mantis Cookie Manipulation Vulnerability >> http://www.net-security.org/vuln.php?id=1969 PostgreSQL repeat() function Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=1968 Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities >> http://www.net-security.org/vuln.php?id=1967 Mantis Limiting Output to Reporters Bypass Vulnerability >> http://www.net-security.org/vuln.php?id=1966 Mantis SQL Poisoning Vulnerability >> http://www.net-security.org/vuln.php?id=1965 Multiple Remote Buffer Overruns Tomahawk Steelarrow >> http://www.net-security.org/vuln.php?id=1964 Arbitrary File Creation and Overwriting with SQL Agent Jobs >> http://www.net-security.org/vuln.php?id=1963 FUDforum File Access and SQL Injection Vulnerabilities >> http://www.net-security.org/vuln.php?id=1962 Lynx CRLF Injection Vulnerability >> http://www.net-security.org/vuln.php?id=1961 Kerio Mail Server Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=1960 Insufficient Verification of Client Certificates in IIS 5.0 pre SP3 >> http://www.net-security.org/vuln.php?id=1959 Microsoft DirectX Files Viewer xweb.ocx ActiveX Sample Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=1958 NTFS Hard Links Subvert Auditing >> http://www.net-security.org/vuln.php?id=1957 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Caldera Security Advisory - UnixWare 7.1.1 Open UNIX 8.0.0: command line buffer overflow in ndcfg >> http://www.net-security.org/advisory.php?id=972 SGI Security Advisory - WorldView vulnerability >> http://www.net-security.org/advisory.php?id=971 Debian Security Advisory - New Light package fixes arbitrary script execution >> http://www.net-security.org/advisory.php?id=970 Novell Security Vulnerability - Rconag6 Secure IP Login Vulnerability - NW6SP2 >> http://www.net-security.org/advisory.php?id=969 Microsoft Security Bulletin MS02-044 - Unsafe Functions in Office Web Components >> http://www.net-security.org/advisory.php?id=968 Debian Security Advisory - New kdelibs packages fix several vulnerabilities >> http://www.net-security.org/advisory.php?id=967 Red Hat Security Advisory - New PHP packages fix vulnerability in safemode >> http://www.net-security.org/advisory.php?id=966 Red Hat Security Advisory - Updated libpng packages fix buffer overflow >> http://www.net-security.org/advisory.php?id=965 Debian Security Advisory - New mantis package fixes several vulnerabilities >> http://www.net-security.org/advisory.php?id=964 Novell Security Advisory - NetBasic Buffer Overflow + Scripting Vulnerability >> http://www.net-security.org/advisory.php?id=963 Novell Security Advisory - Perl Handler Vulnerability Patch >> http://www.net-security.org/advisory.php?id=962 Caldera Security Advisory - UnixWare 7.1.1 Open UNIX 8.0.0: REVISED: rpc.ttdbserverd file creation/deletion and buffer overflow vulnerabilities >> http://www.net-security.org/advisory.php?id=961 FreeBSD Security Advisory - Boundary checking errors involving signed integers >> http://www.net-security.org/advisory.php?id=960 SGI Security Advisory - Sun RPC xdr_array vulnerability (update) >> http://www.net-security.org/advisory.php?id=959 Debian Security Advisory - New fam packages fix privilege escalation >> http://www.net-security.org/advisory.php?id=958 Microsoft Security Bulletin MS02-043 - Cumulative Patch for SQL Server >> http://www.net-security.org/advisory.php?id=957 Microsoft Security Bulletin MS02-042 - Flaw in Network Connection Manager Could Enable Privilege Elevation >> http://www.net-security.org/advisory.php?id=956 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Once Again a Virus Targets the KaZaA Network >> http://www.net-security.org/virus_news.php?id=64 Trojan Horse Masquerades as Kaspersky Anti-Virus >> http://www.net-security.org/virus_news.php?id=63 Virus Bulletin 2002 Conference Preview >> http://www.net-security.org/virus_news.php?id=61 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- Sophos Virus Expert to Address Gartner Sector 5 Summit >> http://www.net-security.org/press.php?id=958 Panda Software A Key Player at Anti Cyber-Terrorism Summit >> http://www.net-security.org/press.php?id=957 West Nile Virus - Also on PCs? >> http://www.net-security.org/press.php?id=956 Intrusion Inc. Receives Delisting Notice >> http://www.net-security.org/press.php?id=955 Westcon Group to Distribute Secoshield and Secospider >> http://www.net-security.org/press.php?id=954 Trend Micro First to Offer Comprehensive, End-to-end Virus Protection for the Enterprise Linux Environment >> http://www.net-security.org/press.php?id=953 WatchGuard Announces New Firebox SOHO 6 Products >> http://www.net-security.org/press.php?id=952 RSA Security Helps Authentica Secure Its Suite of Content Security Software >> http://www.net-security.org/press.php?id=951 Panda Software Launches Panda Antivirus Titanium in Japanese >> http://www.net-security.org/press.php?id=950 Snapgear Appoints Further Channel In Growing Global Markets >> http://www.net-security.org/press.php?id=949 Network-1 Reports Second Quarter 2002 Results >> http://www.net-security.org/press.php?id=948 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- IMPLEMENTATION OF CHOSEN-CIPHERTEXT ATTACKS AGAINST PGP AND GNUPG PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an unwitting "decryption oracle". >> http://www.net-security.org/article.php?id=163 PROTECTING THE DISTRIBUTED ENTERPRISE Shows how a distributed security strategy can cost-effectively extend the reach of enterprise-class security and remote access throughout the enterprise. >> http://www.net-security.org/article.php?id=164 ---------------------------------------------------------------- [ Featured Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- BOOK - HAVE YOU LOCKED THE CASTLE GATE? HOME AND SMALL BUSINESS COMPUTER SECURITY The author did a good work with this book, and it will serve it's purpose. Only thing there is for you to do, is to go and get it, get acquainted with basic security concepts and go broaden your newly found knowledge further. >> http://www.net-security.org/review.php?id=9 SOFTWARE - SOPHOS ANTI-VIRUS FOR UNIX In this review of Sophos Anti-Virus for Unix we take a look at its Linux version. The information that's provided here gives an overview of its functionality with main aspects focused on installation, configuration and usage. >> http://www.net-security.org/review.php?id=10 BOOK - WEB HACKING: ATTACKS AND DEFENSE What you have here is an essential collection of web hacking techniques and, most importantly, countermeasures against them, all in one book. Sort of an all around guide on web hacking, with methods and techniques demystified. >> http://www.net-security.org/review.php?id=11 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- RSSH 0.9.2 rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. >> http://www.net-security.org/software.php?id=236 SECURITY FILTER 1.0-B2 SecurityFilter is a Java Servlet Filter that mimics container managed security. It looks just like container managed security to your app, as you can call request.getRemoteUser(), equest.isUserInRole(), and request.getUserPrincipal() and get valid responses. >> http://www.net-security.org/software.php?id=237 DISCOVERER 0.03-PRE-ALPHA Discoverer is a small 802.11b network detector for Linux, intended to run on the IPAQ and Zaurus. >> http://www.net-security.org/software.php?id=238 KEYCHAIN 2.0 Keychain helps you to manage RSA and DSA keys in a convenient and secure manner. It acts as a frontend to SSH-agent, but allows you to easily have one long running SSH-agent process per system, rather than the norm of one SSH-agent per login session. >> http://www.net-security.org/software.php?id=239 ENCRYPTGENIE 2.64.1 EncryptGenie is a powerful e-mail and file encrypt tool. It allows you to Encrypt/Decrypt/Wipe and Update files without leaving the Explorer. >> http://www.net-security.org/software.php?id=240 SECOND SIGHT 1.46 Second Sight is a full-featured Windows surveillance application that keeps a complete record of all activities on your computer. >> http://www.net-security.org/software.php?id=241 VBOLOCK 3.2 VBOLock is easy to use, easy to implement, powerful copy protection for all of your Visual Basic, Delphi and C++ Builder software applications! >> http://www.net-security.org/software.php?id=242 LOGINDLG COMPONENT 1.0 LoginDlg is a COM component that launches a dialog that can be used in scripting environments, like a login script written in VBScript, to enter username, password and domain. Every dialog element, like button text, can be customized to the language of your choice. >> http://www.net-security.org/software.php?id=243 SNORTCENTER 0.9.4 SnortCenter is a web-based client-server management system written in PHP and Perl. It will help you configure the Snort configuration & signature files. The Management Console will build the configuration files for you and then send it to the remote sensor. >> http://www.net-security.org/software.php?id=244 SPLITSECRET 1.0 SplitSecret is a 32 bits console application that splits a file (the secret) into up to 255 shares. Unless all shares are available, there is no known way to reconstruct the secret from any combination of them. >> http://www.net-security.org/software.php?id=245 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php