HNS Newsletter Issue 126 - 08.09.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- 43,136 security incidents have been reported through June, 2002. Last year 52,658 were reported for the entire year. The most common point of entry is exploitation of known operating system vulnerabilities. Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Virus news 5) Security world 6) Featured articles 7) Security software [ General security news ] ---------------------------------------------------------------- OASIS FUELS SECURITY AGENDA Determined to nail down key security and interoperability standards, the broad base of support for official standards bodies is swelling to counter enterprise apprehension regarding Web services adoption. >> http://www.net-security.org/news.php?id=924 SECURITY PRODUCTS AIM TO MAKE NETS HACKER-PROOF Concerns over network security are giving rise to new Internet products aimed at foiling the efforts of hackers and cyberterrorists. >> http://www.net-security.org/news.php?id=925 MAIL FILTERING There are many ways to filter your e-mail with Perl. Two of the more popular and interesting ways are to use PerlMx or Mail::Audit. The author took a long look at both, and this is what he thought of them. >> http://www.net-security.org/news.php?id=926 UNCOVERING A COMPUTER'S SECRETS Mark Eddo discovers how easy it is to find data on a hard disk even if it has been deleted or reformatted. >> http://www.net-security.org/news.php?id=927 ASK THESE QUESTIONS BEFORE YOU HIRE A HACKER OR CRACKER Two articles on hiring ex-hackers generated a lot of discussion. The author reviews some of those comments and addresses some of the concerns they raise. >> http://www.net-security.org/news.php?id=928 D.C. AREA EMERGENCY NETWORK COULD BE MODEL FOR U.S. When completed, the network could serve as a model for other communities looking to help emergency officials share critical data wirelessly when disaster strikes. >> http://www.net-security.org/news.php?id=929 E-TERRORISM: DIGITAL MYTH OR TRUE THREAT? Doomsday predictions of a "digital Pearl Harbor" have persisted in the year since the terrorist attacks of Sept. 11. >> http://www.net-security.org/news.php?id=930 FIREWALL FOLLIES The complacency firewalls breed is ultimately more damaging than the computer pirates they keep out. >> http://www.net-security.org/news.php?id=931 ZIFF PAYS $125K TO SETTLE SECURITY BREACH Publisher Ziff-Davis has agreed to pay $125,000 to settle legal actions brought after a security breach that exposed customer credit card details on the Web. >> http://www.net-security.org/news.php?id=934 NEW PRIVACY CZAR ON WAY Eager to head off criticism from privacy advocates over expanded surveillance provisions, the Bush administration is expected to recommend appointing a federal "privacy czar" to act as watchdog. >> http://www.net-security.org/news.php?id=935 ADAPTIVE LINUX FIREWALLS Automatic firewall hardening is a technique used by many commercial firewalls to prevent invalid packets from reaching protected networks. This document will demonstrate how to harden iptables in real-time. >> http://www.net-security.org/news.php?id=936 PASSWORD SECURITY FOR ONLINE BANKING QUERIED Banks should shift from keyboard password entry to a mouse-based system to help avoid surreptitious keyboard logging programs. >> http://www.net-security.org/news.php?id=937 WHO'S WATCHING YOU? A SURVEILLANCE SOCIETY Computer databases already have a lot on us: Credit cards keep track of airline ticket purchases and car rentals. Supermarket discount programs know our eating habits. Libraries track books checked out... >> http://www.net-security.org/news.php?id=938 CATCHING WIRELESS HACKERS IN THE ACT It's been a cinch for vandals with an eye on Internet mischief to launch attacks by co-opting an unsecured wireless network, but such break-ins may not go so unnoticed now. >> http://www.net-security.org/news.php?id=939 LOCAL SITES POTENTIAL TARGETS FOR CYBERTERROR From nuclear plants to gas pipelines to electric utilities, Western Washington contains several "critical infrastructure" facilities that terrorists might target - through their computers. >> http://www.net-security.org/news.php?id=940 IMPROVING THE TCPA SPECIFICATION The author explains in a balanced fashion what is both good and bad about the proposed industry standard and suggest ways that the Trusted Computing Platform Alliance technical committee can improve it. >> http://www.net-security.org/news.php?id=941 HACKERS BEING JOBBED OUT OF WORK Long gone is the day when hackers could write their own ticket for mainstream network-security jobs. Even famous "good" hackers, like Max Vision, are having trouble getting a nibble. >> http://www.net-security.org/news.php?id=942 AN INTRODUCTION TO ON-ACCESS VIRUS SCANNING, PART ONE This two-part series will offer a brief overview of a particular type of anti-virus mechanism know as on-access virus scanners. >> http://www.net-security.org/news.php?id=944 SECURITY OVERHAUL TO POSTPONE SQL SERVER Built-in security development is at the heart of a delay of a major Microsoft database upgrade. >> http://www.net-security.org/news.php?id=945 BLUESOCKET TIGHTENS WIRELESS SECURITY Looking to speed adoption of wireless local area networks, Bluesocket and SSH Communications Security have partnered to address one of the top concerns about the systems - security. >> http://www.net-security.org/news.php?id=946 HACKERS CLAIM LORD OF THE RINGS LEAK Four months before its official release, hackers claim that the next instalment of the Lord of the Rings trilogy may already be available on the internet. >> http://www.net-security.org/news.php?id=947 ALBERTA HACKERS FIND WIRELESS NETWORKS WIDE OPEN Alberta hackers have discovered that two-thirds of the province's wireless computer networks are operating with an unsecured connection. >> http://www.net-security.org/news.php?id=948 HACKER VS. HACKER: HOW TO TELL THEM APART If we do not distinguish good from bad, if we fail to understand the make-up of such a complex group of people, how can we ever hope to limit black-hat hacking? >> http://www.net-security.org/news.php?id=949 WHY FBI COMPUTER FORCE AIN'T FAT The finest hackers in the land can't work for the FBI even if they want to because of the agency's physical fitness requirements. A few other regulations are kind of tricky, too. >> http://www.net-security.org/news.php?id=950 PASSWORD GUESSING GAMES WITH CHECK POINT FIREWALL Security researchers have discovered two potentially serious flaws with Check Point's flagship FireWall-1 firewall which give rise to both username guessing and sniffing issues. >> http://www.net-security.org/news.php?id=952 UTAH USES DIGITAL SIGNATURES TO SECURE DEALS Utah Incentive Funds, a division of the state's department of business and economic development, is using online services secured with digital certificates to lure more businesses to the state. >> http://www.net-security.org/news.php?id=954 FIBRE CHANNEL SAN SECURITY As Fibre Channel SANs become larger and more complex, ensuring the security of the data they contain becomes more difficult. >> http://www.net-security.org/news.php?id=955 ‘SPAM’ CRACKDOWN URGED Three consumer groups petitioned the Federal Trade Commission to enact tougher rules regarding the sending of spam. >> http://www.net-security.org/news.php?id=956 A FREEBSD OPERATING SYSTEM SECURITY CHECKLIST This document is intended to be a working checklist of security settings implemented on FreeBSD servers. >> http://www.net-security.org/news.php?id=957 MOBILE PHONES KEY TO E-COMMERCE SECURITY RSA plans to bring two-factor authentication to the masses by sending keys by SMS to mobile phones. >> http://www.net-security.org/news.php?id=958 COMPANIES EXPOSED TO ‘SOCIAL ENGINEERS’ Companies are leaving themselves exposed to hackers because of a lack of awareness of the 'social engineering' techniques deployed by the most dangerous attackers, according to Kevin Mitnick. >> http://www.net-security.org/news.php?id=959 SERVER ATTACKS STUMP MICROSOFT Microsoft released further details of a rash of attacks on Windows 2000 servers that has so far stumped Microsoft's research team. >> http://www.net-security.org/news.php?id=960 SECURING A HETEROGENEOUS NETWORK WITH FREE SOFTWARE TOOLS After reading this special issue you will know a bit more about security, but in no way will you be able to say that your network is secure. You have been warned. >> http://www.net-security.org/news.php?id=961 USING TERROR AS A PRETEXT In a world obsessed with security, it's tempting to hand law enforcement broad surveillance powers over the Internet and other aspects of people's private lives. >> http://www.net-security.org/news.php?id=962 AIRWAVE CAMOUFLAGE TO STOP DRIVE-BY HACKING Software that generates a blizzard of bogus wireless network access points could bamboozle hackers trying to access corporate and home computer networks. >> http://www.net-security.org/news.php?id=963 FILE-NAME FLAW THREATENS PGP USERS For more than a decade, the US government classified encryption technology as a weapon. Now that label might actually apply. >> http://www.net-security.org/news.php?id=965 SECURITY'S HUMAN TOUCH Interview - GWU's security officer Krizi Trivisani focuses on the softer skills-like communicating with students and administrators-to help her battle real-life villains. >> http://www.net-security.org/news.php?id=966 XBOX LIVE TO TARGET HACKERS? Microsoft may backtrack on an earlier pledge not to use its Xbox Live online gaming service to crack down on "mod chips". >> http://www.net-security.org/news.php?id=967 THWARTING THE PBX HACKER Verizon is urging customers who use voicemail and PBXs to use secure passwords to keep hackers out. >> http://www.net-security.org/news.php?id=968 KLEZ ATTACK MAY WIPE OUT ATTACKER A minor variant of the Klez virus is set to go into action today, erasing a host of files on infected hard drives. But the attack may also wipe out the attacker. >> http://www.net-security.org/news.php?id=969 HEARD OF DRIVE-BY HACKING? MEET DRIVE-BY SPAMMING 'Warspammers' are taking advantage of unprotected wireless LANs to send out millions of junk emails. >> http://www.net-security.org/news.php?id=970 SECURITY WEATHERS THE SPOTLIGHT Perimeter scans, vulnerability assessments, and re-evaluated business continuity plans became even more sought-after during the frenzied dash to plug enterprise holes after the events of Sept. 11. >> http://www.net-security.org/news.php?id=971 GOVERNMENT PUSHES FOR TOUGHER IT SECURITY A new set of guidelines aim to make businesses better defended against risks such as hackers and computer viruses. >> http://www.net-security.org/news.php?id=972 WIN2K FIRST RESPONDER'S GUIDE This article offers a brief overview of some of the steps security administrators and incident handlers should take as part of the first response to security incidents. >> http://www.net-security.org/news.php?id=973 ---------------------------------------------------------------- ----------------------------------------------------------------- RSA CONFERENCE 2002, PARIS, 7 - 10 OCTOBER ----------------------------------------------------------------- Join over 1,000 security minded professionals at Europe's premiere e-security conference. If you are involved in information security as a developer, engineer, IT professional, or government official, this event is designed for you. http://www.rsaconference.net/paris/ ----------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Compaq Tru64 Unix Mulitple Buffer Overflows >> http://www.net-security.org/vuln.php?id=2022 Finjan SurfinGate URL Filter Bypassing Vulnerabilities >> http://www.net-security.org/vuln.php?id=2021 Cacti Multiple Security Vulnerabilities >> http://www.net-security.org/vuln.php?id=2020 Aestiva HTML/OS Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2019 Guessing or Sniffing SecuRemote Usernames Using IKE >> http://www.net-security.org/vuln.php?id=2018 Microsoft SQL Server Stored Procedures "public role" Vulnerability >> http://www.net-security.org/vuln.php?id=2017 Windows .NET Server (RC1) and MSDE 2000 Vulnerability >> http://www.net-security.org/vuln.php?id=2016 Microsoft Outlook S/MIME Vulnerability >> http://www.net-security.org/vuln.php?id=2015 Null HTTPd Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2014 ScrollKeeper Insecure Creation of Tempfiles Vulnerability >> http://www.net-security.org/vuln.php?id=2013 Trillian XML Parser Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2012 FactoSystem CMS Contains Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=2011 Ethereal ISIS Protocol Dissector Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2010 Mozilla FTP View Cross-Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2009 Multiple 602Pro LAN SUITE 2002 Denial of Service Vulnerabilities >> http://www.net-security.org/vuln.php?id=2008 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Gentoo Linux Security Announcement - scrollkeeper >> http://www.net-security.org/advisory.php?id=1010 Debian Security Advisory - New Mantis package fixes privilege escalation >> http://www.net-security.org/advisory.php?id=1009 Microsoft Security Bulletin MS02-049 - Flaw Could Enable Web Page to Launch Visual FoxPro 6.0 Application Without Warning >> http://www.net-security.org/advisory.php?id=1008 Cisco Security Advisory - Cisco VPN 3000 Concentrator Multiple Vulnerabilities >> http://www.net-security.org/advisory.php?id=1007 Conectiva Linux Security Advisory - mailman >> http://www.net-security.org/advisory.php?id=1006 Debian Security Advisory - New scrollkeeper packages fix insecure temporary file creation >> http://www.net-security.org/advisory.php?id=1005 Red Hat Security Advisory - Updated scrollkeeper packages fix tempfile vulnerability >> http://www.net-security.org/advisory.php?id=1004 Red Hat Security Advisory - PXE server crashes from certain DHCP packets >> http://www.net-security.org/advisory.php?id=1003 Gentoo Linux Security Announcement - ethereal >> http://www.net-security.org/advisory.php?id=1002 Compaq Security Bulletin - HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service >> http://www.net-security.org/advisory.php?id=1001 Compaq Security Bulletin - HP Tru64 UNIX & HP OpenVMS Potential OpenSSL Security Vulnerability >> http://www.net-security.org/advisory.php?id=1000 Compaq Security Bulletin - SANworks Management Appliance & Potential SQL Server/MSDE Security Vulnerability >> http://www.net-security.org/advisory.php?id=999 SuSE Security Announcement - glibc >> http://www.net-security.org/advisory.php?id=998 Conectiva Linux Security Advisory - gaim >> http://www.net-security.org/advisory.php?id=997 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Panda AV Compatible with Citrix Metaframe 1.8 >> http://www.net-security.org/virus_news.php?id=71 Bitdefender: Top Ten Viruses in August 2002 >> http://www.net-security.org/virus_news.php?id=70 Sophos Anti-Virus Receives West Coast Checkmark >> http://www.net-security.org/virus_news.php?id=69 Kaspersky Labs: Virus Top 20 for August 2002 >> http://www.net-security.org/virus_news.php?id=68 Sophos: Top 10 Viruses and Hoaxes in August 2002 >> http://www.net-security.org/virus_news.php?id=67 Central Command: Top 12 Viruses For August 2002 >> http://www.net-security.org/virus_news.php?id=66 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- SonicWALL Continues Market Share Leadership >> http://www.net-security.org/press.php?id=980 Snapgear Scoops Linux Journal Editor's Choice Awards >> http://www.net-security.org/press.php?id=979 MasterCard and VeriSign Join Forces to Increase Security for Online Transactions >> http://www.net-security.org/press.php?id=978 Trusecure Expands Global Operations into Central America >> http://www.net-security.org/press.php?id=977 AMP Turns up Network Protection with Sophos Anti-Virus >> http://www.net-security.org/press.php?id=976 Email Spam is Rapidly Becoming the 'Tool of Choice' For Internet Fraud and Identity Theft >> http://www.net-security.org/press.php?id=975 McAfee.com SpamKiller Now Supports MSN Hotmail >> http://www.net-security.org/press.php?id=974 BindView Unveils Multi Platform Password Self Service Solution >> http://www.net-security.org/press.php?id=973 Symantec's New Norton Systemworks 2003 Delivers Web Optimization Tools and Enhanced Virus Protection >> http://www.net-security.org/press.php?id=972 SSH AND Bluesocket Drive the Adoption of Wireless Security Solutions >> http://www.net-security.org/press.php?id=971 Baltimore Technologies to OEM Identrus Technology from Kyberpass >> http://www.net-security.org/press.php?id=970 VIA NET.WORKS UK Launches Managed E-Mail Anti-Virus Service >> http://www.net-security.org/press.php?id=969 ComputerLinks Becomes Distribution Partner of Utimaco Safeware >> http://www.net-security.org/press.php?id=968 Activcard Expands Global Presence >> http://www.net-security.org/press.php?id=967 Panda Software Now Compatible with Citrix Metaframe 1.8 >> http://www.net-security.org/press.php?id=966 IDC Confirms Trend Micro is Worldwide Leader in Server-Based Antivirus Software Market for Second Consecutive Year >> http://www.net-security.org/press.php?id=965 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- MONITORED INTRUSION DETECTION SYSTEMS Monitored Intrusion Detection Systems (MIDS) offer real-time detection and response to attacks, including dynamic blocking, complaints to ISPs, and report generation. >> http://www.net-security.org/article.php?id=168 SSL - A DISCUSSION OF THE SECURE SOCKET LAYER The Secure Socket Layer is the protocol that gives e-commerce the confidence it needs to allow on-line banking and shopping. SSL provides and encrypted bi-directional data stream. It is commonly used for secure HTTP connections where credit card information is going to be sent along a network. This is a paper discussiong the theory and practice of SSL. >> http://www.net-security.org/article.php?id=169 THREAT PROFILING MICROSOFT SQL SERVER This paper is written from the perspective of an attacker and shows typical "cursi incursi" for Microsoft SQL Server. >> http://www.net-security.org/article.php?id=170 IMPROVING ENTERPRISE SECURITY WITH ECORA'S CONFIGURATION AUDITOR application configuration is a contributing factor in the great majority of exploits. Ecora's Configuration Auditor software simplifies control through configuration management and assessment. In this document, we describe our methodology and the benefits of this tool for effectively securing the enterprise. >> http://www.net-security.org/article.php?id=171 BUFFER OVERFLOWS - DEFENDING AGAINST ARBITRARY CODE EXECUTION This paper deals with the technical details concerning buffer overflows and the methods of prevention. Examples are in C and x86 assembly. >> http://www.net-security.org/article.php?id=172 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- 1ST SECURITY AGENT 3.0 Secure your PC with 1st Security Agent. It offers an administrative support for controlling which users are allowed to access your PC and the level of access each user may have. >> http://www.net-security.org/software.php?id=255 ACCESS ADMINISTRATOR 8.7 Protect your computer and restrict access to Internet with Security Administrator. This password-protected security utility enables you to impose a variety of access restrictions to protect your privacy and stop others from tampering with your PC. >> http://www.net-security.org/software.php?id=256 OUTLOOK SECURE 4.0 Outlook Secure gives you the power to safely and securely prevent unauthorized access to both Microsoft Outlook 2000 and XP. You have the option to password-protect Outlook on startup, along with the ability to lock Outlook at any point when you need to quickly walk away from your computer. >> http://www.net-security.org/software.php?id=257 AW SECURITY PORT SCANNER 4.61 AWSPS is a first-line weapon against network perils being used worldwide by thousands of security-conscious corporations, official state departments and consulting companies. >> http://www.net-security.org/software.php?id=258 FAKE AP 0.2 Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables. >> http://www.net-security.org/software.php?id=259 PRIVACY PROTECTOR 3.9 Privacy Protector creates a safe haven within your computer where everything you choose is encrypted and hidden from prying eyes. Powerful 128-bit encryption combined with a unique session-based program style provide the tools you need to secure your privacy on-line and off. >> http://www.net-security.org/software.php?id=260 APTOOLS 0.1.0 APTools is a utility that queries ARP Tables and Content-Addressable Memory (CAM) for MAC Address ranges associated with 802.11b Access Points. It will also utilize Cisco Discovery Protocol (CDP) if available. >> http://www.net-security.org/software.php?id=261 AIRSNORT 0.2.1B AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. >> http://www.net-security.org/software.php?id=262 PHPSECURESITE 0.0.3 phpSecureSite is an authentication and session-handling system for Web applications built using PHP. It is designed to be very secure and easy to deploy. >> http://www.net-security.org/software.php?id=263 PRELUDE MANAGER 0.8.4 Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is a multithreaded server which handles connections from the Prelude sensors. >> http://www.net-security.org/software.php?id=264 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php