HNS Newsletter Issue 127 - 16.09.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- *** ALERT! *** ALL OF THE FOLLOWING APPLICATIONS ARE VULNERABLE TO ATTACK!: *** Oracle *** Microsoft SQL Server *** Sybase *** Lotus Domino QUESTION: How Vulnerable are Your Applications? ANSWER: Find out by downloading AppDetective from: ******* http://www.appsecinc.com/products/#pentest AppDetective will DISCOVER Rogue Installations; Perform Zero Knowledge PENETRATION TESTS without Administrative Rights; and Perform In-Depth SECURITY AUDITS from the Inside-Out without Agents. DOWNLOAD YOUR FREE EVALUATION VERSION TODAY FROM: http://www.appsecinc.com/products/#pentest ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Security world 6) Featured review 7) Security software 8) Virus news [ General security news ] ---------------------------------------------------------------- TOOL ALIGNS BUSINESS PROCESSES, SECURITY Business process management software provider IDS Scheer Inc. will announce a new tool that is designed to align business processes and enterprise systems with new standards of operational security. >> http://www.net-security.org/news.php?id=975 UNIX LOGFILES This tutorial gives detailed information about LastLog logging file, the structure of the log file and how to change user's entry. >> http://www.net-security.org/news.php?id=976 PHYSICAL AND NETWORK SECURITY MERGING? Should you combine your physical and information security departments? Companies that have done it reveal tips for handling budgeting and political challenges. >> http://www.net-security.org/news.php?id=977 THE IP SECURITY PROTOCOL, PART 1 Explaining IPSec, different levels of security and how to be safe sending and receiving packets over the network. >> http://www.net-security.org/news.php?id=978 BOOK REVIEW: PROFESSIONAL APACHE 2.0 Generally, the book is clearly written and contains enough examples to find any configuration you want. >> http://www.net-security.org/news.php?id=979 PUTTING SECURITY FIRST Anteon IT executive ponders dilemmas raised while searching for national technology security solutions. >> http://www.net-security.org/news.php?id=980 IT MANAGERS CITE SECURITY WHEN CHOOSING A LINUX SYSTEM An investigator switched to Linux. "It's a security issue," he said. "Viruses which target Windows could send confidential documents from my machines to random people - and that could send me to prison. >> http://www.net-security.org/news.php?id=981 COMPUTER FORENSICS SPECIALISTS IN DEMAND AS HACKING GROWS "There simply are not enough people to do this work," says Scott Pancoast, a Seattle-based certified forensic computer examiner with the Washington state Attorney General's Office. >> http://www.net-security.org/news.php?id=982 TERROR LAWS 'EAT AWAY AT PRIVACY' The UK is one of the worse places in the world for privacy with the internet playing a huge part in the erosion of rights. >> http://www.net-security.org/news.php?id=983 JORDANIANS ARRESTED IN MANILA PHONE HACKING STING The Philippines says it has cracked a $1.9 million computer hacking ring that had gained access to telephone company lines and sold off cheap phone calls. >> http://www.net-security.org/news.php?id=985 MICROSOFT 'SOLVES' HACKING MYSTERY A wave of mysterious Windows 2000 hacks isn't the result of a software hole - it's all down to password management. >> http://www.net-security.org/news.php?id=986 WORLDWIDE 'WAR DRIVE' EXPOSES INSECURE WIRELESS LANS Amateur wireless LAN sniffers detected hundreds and of insecure wireless LANs in North America and Europe during the past week. >> http://www.net-security.org/news.php?id=987 SPECIAL COVERAGE: ONE YEAR LATER One year after the attacks on the WTC and the Pentagon, IT professionals are at the forefront of efforts to prevent the nightmare of a recurrence - and to be prepared if what used to be unthinkable happens again. >> http://www.net-security.org/news.php?id=988 SECURITY PROS: OUR DEFENCES NEED WORK Despite widespread cyberterrorism anxiety, corporations have only made modest gains in security over the past year. >> http://www.net-security.org/news.php?id=989 INTRUSION DETECTION This documentation will show how you can protect yourself by installing Snort on a Mandrake Linux System. >> http://www.net-security.org/news.php?id=990 INTERNET SECURITY NOT PRESSING TO ALL Companies increasingly identify computer security as one of their top priorities, but a significant minority admit that they are inadequately protected, according to a survey. >> http://www.net-security.org/news.php?id=991 ASYNCHRONY ROLLS OUT SECURE IM FOR CAUTIOUS COMPANIES Asynchrony Solutions rolled out a secure IM product, developed with the U.S. Department of Defense, figuring that if it's secure enough for the government, it's secure enough for your enterprise. >> http://www.net-security.org/news.php?id=993 SECURITY V. PRIVACY CONFERENCE Visit the conference in Seattle, Washington, 18-19 September 2002. It includes two full days of keynotes, general sessions, and many topical tracks that address your concerns about Internet law and policy. >> http://www.net-security.org/news.php?id=995 INTEL LAUNCHES 'LAGRANDE' SECURITY PLAN Intel unveiled a new security initiative, code-named LaGrande Technology, that it will integrate into future processors and chip sets to stymie efforts to steal data. >> http://www.net-security.org/news.php?id=996 QUALYS IS PROACTIVE ABOUT NETWORK SECURITY Qualys Vice President of Engineering Gerhard Eschelbeck discusses the company's ASP model and how best to protect multiple entry points into a company. >> http://www.net-security.org/news.php?id=997 TECHNOLOGY AIDS HUNT FOR TERRORISTS Analysts at the CIA and NSA can now search through audio feeds and watch lists for spoken words and terrorist names. >> http://www.net-security.org/news.php?id=998 ADMINISTRATION PARES CYBER-SECURITY PLAN As the White House moves to finalize a national plan to better secure cyberspace, high-tech firms are continuing a furious campaign to have some recommendations struck from the document. >> http://www.net-security.org/news.php?id=999 SECURITY REQUIRES 'DEPTH IN DATAPATH', AT&T RESEARCHER SAYS Distributed computing environments of the future require a "defense in depth" security architecture which cannot be implemented with single-point firewalls, an AT&T Labs researcher said. >> http://www.net-security.org/news.php?id=1000 EVALUATING NETWORK INTRUSION DETECTION SIGNATURES, PART 1 This article will discuss some of the basics of evaluating NID signature quality, and then look at issues relating to selecting attacks to be used in testing. >> http://www.net-security.org/news.php?id=1001 STUNNEL 4.00 BUILDS ON PRIOR SUCCESS Stunnel encapsulates cleartext protocols within strong SSL encryption and can be used to protect any standard TCP connection, from your mail protocol (POP, IMAP, SMTP) to your own customized application. >> http://www.net-security.org/news.php?id=1004 ONLINE PRIVACY AT ODDS WITH SECURITY The concern over online privacy is nothing new. Even the staunchest critics were silenced after people figured out what cookies could be used for and that hitting the "delete" key did not mean a file was gone for good. >> http://www.net-security.org/news.php?id=1005 "BUGGY" SEPT. 11 WORM SURFACES A new e-mail worm has surfaced that uses the terror attacks of Sept. 11 to lure victims, antivirus groups say. >> http://www.net-security.org/news.php?id=1006 HACKERS CHALK ONE UP The conference of the Australian Unix User Group was "war chalked" within hours of opening last week. >> http://www.net-security.org/news.php?id=1007 WIN-XP HELP CENTER REQUEST WIPES YOUR HD A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine. MS has rolled the fix silently into SP1 without making a public announcement. >> http://www.net-security.org/news.php?id=1008 SECURING DYNAMIC WEB CONTENT This article details how to secure dynamic content on an Apache Web server. It is targeted primarily at Webmasters and system administrators responsible for maintaining and securing a Web server. >> http://www.net-security.org/news.php?id=1009 BOOK REVIEW: DESKTOP WITNESS This book attempts to enable the readers do the unthinkable - both use their personal computers, and have security and privacy. >> http://www.net-security.org/news.php?id=1010 VIRTUALLY HELPLESS The next time the USA is targeted by terrorists, the primary weapon may be an object no bigger than your thumbnail: a computer chip. >> http://www.net-security.org/news.php?id=1011 TERROR CZAR: THE WAR IS DIGITAL Ousting Saddam Hussein is the easy part, says congressional security adviser Barry McCaffrey. The real trick, he maintains, is disrupting terrorists' communications. >> http://www.net-security.org/news.php?id=1012 VICTORIA TO TABLE NEW LAWS ON COMPUTER CRIME Tough new legislation to combat hackers and those who knowingly spread viruses are set to be tabled in the Victorian parliament. >> http://www.net-security.org/news.php?id=1013 HNS SECURITY DATABASE BACK ONLINE We finally updated the whole HNS Security Database which now has over 325 listed companies with more then 1415 security products. Check it out and share the feedback. >> http://www.net-security.org/secdb_main.php BUG WATCH: ALL QUIET ON THE VIRUS FRONT? Mikko Hypponen, manager of antivirus research at F-Secure Corporation's antivirus team, looks at the theories behind the eerie silence in the antivirus world. >> http://www.net-security.org/news.php?id=1016 SECURITY AT YOUR FINGERTIPS Biometric technology has become increasingly important since September 11. While not new, the idea of biometrics has been pushed to the forefront since last year's attacks. >> http://www.net-security.org/news.php?id=1017 WHEN WILL SECURITY GET PERSONAL? Whilst we have grown used to the constant need to change passwords in the workplace, once we get home our perception of security changes completely. >> http://www.net-security.org/news.php?id=1018 NEGLECTING PHONE SYSTEMS IS COSTLY Companies fearful of hacking attacks have improved security on their data networks, but have probably left themselves vulnerable not paying attention to their telephone systems. >> http://www.net-security.org/news.php?id=1019 CYBER JAIL TERMS TOUGHER Criminals who hack into computers and communications equipment face up to 10 years in jail. >> http://www.net-security.org/news.php?id=1021 NETWORK ASSOCIATES SAYS OWNS 96% OF MCAFEE.COM Computer security provider Network Associates Inc. said it has completed an exchange offer and now owns about 96 percent of the shares of McAfee.com. >> http://www.net-security.org/news.php?id=1022 OUTLOOK EXPRESS BECOMES ATTACK PLATFORM, OF SORTS For years Outlook Express failings have been exploited to infect users. So why not take advantage of its features to send viruses in such a way that they might fool detection by AV and content checking tools? >> http://www.net-security.org/news.php?id=1023 SAMBA: TALKING TO WINDOWS NETWORKS This is an excerpt in PDF format from "Multitool Linux: Practical Uses for Open Source Software" by Michael Schwarz, Jeremy Anderson, Peter Curtis and Steven Murphy. >> http://www.net-security.org/review.php?id=12 GUARDING AGAINST WLAN SECURITY THREATS Through effective security techniques you can beef up the security of a wireless LAN to a degree that satisfies specific requirements. >> http://www.net-security.org/news.php?id=1025 ---------------------------------------------------------------- ----------------------------------------------------------------- RSA CONFERENCE 2002, PARIS, 7 - 10 OCTOBER ----------------------------------------------------------------- Join over 1,000 security minded professionals at Europe's premiere e-security conference. If you are involved in information security as a developer, engineer, IT professional, or government official, this event is designed for you. http://www.rsaconference.net/paris/ ----------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- TrendMicro InterScan VirusWall Bypassing Vulnerability >> http://www.net-security.org/vuln.php?id=2042 Xbreaky Symlink Vulnerability >> http://www.net-security.org/vuln.php?id=2041 PHP fopen() CRLF Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2040 Mozilla Privacy Leak >> http://www.net-security.org/vuln.php?id=2039 Norton AntiVirus 2001 POP3 Proxy Local Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2038 Buffer Over/Underflows in ssldump Prior to 0.9b3 >> http://www.net-security.org/vuln.php?id=2037 Savant Web Server Malformed URL Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2036 Apple QuickTime ActiveX v5.0.2 Buffer Overrun Vulnerability >> http://www.net-security.org/vuln.php?id=2035 Internet Explorer Frame and Iframe Security Problems >> http://www.net-security.org/vuln.php?id=2034 Multiple wordtrans-web Vulnerabilities >> http://www.net-security.org/vuln.php?id=2033 Vulnerabilities in Microsoft's Java Implementation >> http://www.net-security.org/vuln.php?id=2032 phpGB Denial of Service and Command Execution Vulnerabilities >> http://www.net-security.org/vuln.php?id=2031 phpGB Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2030 phpGB SQL Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2029 Woltlab Burning Board 2.0 RC 1 SQL Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2028 PHP header() CRLF Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2027 ZMerge Administration Database Insecure Default ACLs >> http://www.net-security.org/vuln.php?id=2026 PGP Remotely Exploitable Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2025 WebServer 4 Everyone Directory Traversal Vulnerability >> http://www.net-security.org/vuln.php?id=2024 Multiple Vulnerabilities at Canada.com >> http://www.net-security.org/vuln.php?id=2023 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Debian Security Advisory - New PostgreSQL packages fix several vulnerabilities >> http://www.net-security.org/advisory.php?id=1032 Conectiva Linux Security Advisory - util-linux >> http://www.net-security.org/advisory.php?id=1031 Mandrake Linux Security Advisory - php >> http://www.net-security.org/advisory.php?id=1030 KDE Security Advisory - Konqueror Cross Site Scripting Vulnerability >> http://www.net-security.org/advisory.php?id=1029 KDE Security Advisory - Secure Cookie Vulnerability >> http://www.net-security.org/advisory.php?id=1028 KDE Security Advisory - Konqueror SSL vulnerability >> http://www.net-security.org/advisory.php?id=1027 Red Hat Security Advisory - Updated gaim client fixes URL vulnerability >> http://www.net-security.org/advisory.php?id=1026 Mandrake Linux Security Advisory - kdelibs >> http://www.net-security.org/advisory.php?id=1025 Mandrake Linux Security Advisory - krb5 >> http://www.net-security.org/advisory.php?id=1024 Compaq Security Bulletin - HP Tru64 UNIX Potential Security Vulnerabilities (TPC/IP, FTPD, ARP) >> http://www.net-security.org/advisory.php?id=1023 Debian Security Advisory - New cacti package fixes arbitrary code execution >> http://www.net-security.org/advisory.php?id=1022 Red Hat Security Advisory - New wordtrans packages fix remote vulnerabilities >> http://www.net-security.org/advisory.php?id=1021 Gentoo Linux Security Announcement - glibc >> http://www.net-security.org/advisory.php?id=1020 Debian Security Advisory - New mhonarc packages fix cross site scripting problems >> http://www.net-security.org/advisory.php?id=1019 Debian Security Advisory - New Python packages fix problem introduced by security fix >> http://www.net-security.org/advisory.php?id=1018 Microsoft Security Bulletin MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing (version 3.0) >> http://www.net-security.org/advisory.php?id=1017 Microsoft Security Bulletin MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing (version 2.0) >> http://www.net-security.org/advisory.php?id=1016 Microsoft Security Bulletin MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing (version 1.0) >> http://www.net-security.org/advisory.php?id=1015 Mandrake Linux Security Advisory - gaim (update) >> http://www.net-security.org/advisory.php?id=1014 Debian Security Advisory - New ethereal packages fix buffer overflow >> http://www.net-security.org/advisory.php?id=1013 Cisco Security Advisory - Cisco VPN Client Multiple Vulnerabilities - Second Set >> http://www.net-security.org/advisory.php?id=1012 Gentoo Linux Security Announcement - amavis >> http://www.net-security.org/advisory.php?id=1011 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- INTERVIEW WITH STUART MCCLURE Stuart's latest book, Web Hacking: Attacks and Defense, was recently released and that was the perfect opportunity to get him to answer a few questions. >> http://www.net-security.org/article.php?id=176 THE WEAKEST LINK IN DISASTER RECOVERY Access to the latest detailed configuration settings means faster disaster recovery. This paper demonstrates where having detailed configuration documentation fits in the disaster recovery process and how it aids in the rapid restoration of an IT infrastructure. >> http://www.net-security.org/article.php?id=174 VIRTUAL PRIVATE NETWORKS FOR SMALL TO MEDIUM ORGANIZATIONS This whitepaper explains the benefits of VPN, how a VPN works, how to evaluate VPN technology options, and how to choose the right SonicWALL VPN solution in your organization. >> http://www.net-security.org/article.php?id=173 ASTARO CONTENT FILTERING PROCESS Traditional Internet filtering methods depend on manually compiled blocking lists, individual ratings or online applied heuristics algorithms. These methods are, for the most part, inadequate, cannot keep up with the growth of the Internet or result in high numbers of false positives. As a consequence, inappropriate content is often allowed through the filter while acceptable content is blocked. Cobion instead uses a new approach to Internet filtering. >> http://www.net-security.org/article.php?id=175 KEEP E-COMMERCE SECURE BY DISCONNECTING YOUR SERVERS FROM THE INTERNET While it sounds strange, disconnecting your e-commerce servers from the Internet is exactly what SpearHead Security Technologies would have you do - using their NetGAP line of security products. NetGAP technology allows communication to continue while creating an un-crossable physical gap between the Internet and an organization's internal network. >> http://www.net-security.org/article.php?id=177 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- PivX Analyzes Microsoft's Service Pack 1 for Internet Explorer, Finds 19 Vulnerabilities >> http://www.net-security.org/press.php?id=993 GFI's Email Security Testing Zone Launches a New Test >> http://www.net-security.org/press.php?id=992 US. Government Customer Expands Deployment Of Datakey Smart Card Technology >> http://www.net-security.org/press.php?id=991 Identix Fingerprint Technology Adopted by Several Major Healthcare >> http://www.net-security.org/press.php?id=990 Check Point Software Unveils New SmartLSM >> http://www.net-security.org/press.php?id=989 Research Firm Recognizes Check Point as VPN Market Leader >> http://www.net-security.org/press.php?id=988 Check Point Software And Internet Security Systems Secure Networld+Interop and COMDEX Event Network >> http://www.net-security.org/press.php?id=987 Baltimore Technologies Plc Announces Restructuring Close to Completion and Half-Year Results in Line with Expectations for 6 Months Ended June 30 2002 >> http://www.net-security.org/press.php?id=986 Ositis Ships SiteStripper >> http://www.net-security.org/press.php?id=985 Trend Micro to Join Nikkei Stock Average >> http://www.net-security.org/press.php?id=984 SSH Communications Security Achieves Opsec Certification From Check Point Software >> http://www.net-security.org/press.php?id=983 How To Ensure Security When The Business Itself Is Confidential, Personal Information >> http://www.net-security.org/press.php?id=982 Top Layer Networks Secures $28 Million >> http://www.net-security.org/press.php?id=981s ---------------------------------------------------------------- [ Review ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- MULTITOOL LINUX: PRACTICAL USES FOR OPEN SOURCE SOFTWARE This book is intended as a guide for users who already installed their Linux boxes, but are unsure of their possibilities or don't know what to do with them. As such, it does good. >> http://www.net-security.org/review.php?id=12 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- UNMASK 1.0 Unmask is a python script that allows you to break the anonymity of e-mail or other text. It works by doing basic statistical matching against stored "signatures." >> http://www.net-security.org/software.php?id=265 PROPORT 2.2 Proport is a port monitor/protector. The program will monitor an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill, and IP resolving. >> http://www.net-security.org/software.php?id=266 SCRIPT SENTRY 2.7.1 Windows Scripting Host is a double-edged sword. On one hand it can be used to make some very useful scripts to automate common Windows functions. On the other hand, it can be very easy for a malicious user to make a virus using WSH. Script Sentry allows safe scripts to run on your system while alerting you if a script might harm your system. >> http://www.net-security.org/software.php?id=267 TRACKS ERASER PRO 2.0 Tracks Eraser Pro is a privacy cleaner that can clean up all Internet tracks and other activity trails on your computer. With only one click, Tracks Eraser Pro allows you to erase the browser cache, cookies (with option to keep certain ones), history, typed URLs, auto-complete memory as well as index.dat from your browser, and Windows temp folders, run history, search history, open/save history, recent documents and more. >> http://www.net-security.org/software.php?id=268 VISUALZONE 5.7 VisualZone is an intrusion analyser and report utility for ZoneAlarm, ZoneAlarm Plus and ZoneAlarm Pro. It displays a clear overview of all intrusion attempts and allows you to analyse the information in lots of different ways. >> http://www.net-security.org/software.php?id=269 NESSQUICK nessQuick currently consists of a three files designed to assist in managing the output from Nessus scans and creating an alternate report format. >> http://www.net-security.org/software.php?id=270 STUNNEL 4.00 Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer). Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. >> http://www.net-security.org/software.php?id=271 FOLDER SHIELD 1.2 Folder Shield can be used to conceal any directories under Windows 95/98/ ME/NT/2000/XP, completely and securely. Your personal documents, private photographs etc. are invisible, and hence no longer accessible, as soon as the relevant folders have been hidden with Folder Shield. >> http://www.net-security.org/software.php?id=272 NETWATCHER 2000 NetWatcher logs the date, time, IP address, port number and host used by anyone trying to get into your system - giving you everything you need to report intruders to their Internet Service Provider. >> http://www.net-security.org/software.php?id=273 NETALERT 5.0.0.1 NetAlert is designed to provide intruder detection for the home and office - watchdog program that sits in your system tray monitoring your IP ports. >> http://www.net-security.org/software.php?id=274 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Sophos: September 11th Worm is a Distasteful Attempt >> http://www.net-security.org/virus_news.php?id=74 F-Secure Informs About a 9/11 Themed Worm >> http://www.net-security.org/virus_news.php?id=73 We Will Find the Way... >> http://www.net-security.org/virus_news.php?id=72 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php