HNS Newsletter Issue 131 - 14.10.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- *** ALERT! *** ALL OF THE FOLLOWING APPLICATIONS ARE VULNERABLE TO ATTACK!: *** Oracle *** Microsoft SQL Server *** Sybase *** Lotus Domino QUESTION: How Vulnerable are Your Applications? ANSWER: Find out by downloading AppDetective from: ******* http://www.appsecinc.com/products/#pentest AppDetective will DISCOVER Rogue Installations; Perform Zero Knowledge PENETRATION TESTS without Administrative Rights; and Perform In-Depth SECURITY AUDITS from the Inside-Out without Agents. DOWNLOAD YOUR FREE EVALUATION VERSION TODAY FROM: http://www.appsecinc.com/products/#pentest ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Security world 6) Security software 7) Virus news 8) Winners announcement [ General security news ] ---------------------------------------------------------------- VIRUS WRITERS GET SLAPPER HAPPY Internet vandals have continued to modify the recent Slapper worm and have sent at least four new variants of the hostile Linux program into the electronic wilds. >> http://www.net-security.org/news.php?id=1178 RUSSIAN HACKER SENTENCED TO 3 YEARS A Russian man snared in an FBI scheme to catch computer hackers has been sentenced to three years in prison for convictions on 20 counts of conspiracy, fraud and related computer crimes. >> http://www.net-security.org/news.php?id=1179 HACKWARE AUTHOR ARRESTED - MAYBE A group whose chat network took hits from a hacker known as Torner applauds his London arrest. But no one's certain that the man in custody is the one who wrote the hacking toolkit used in the attacks. >> http://www.net-security.org/news.php?id=1180 CONFIGURING FIREWALLS FOR LINUX USING NETFILTER/IPTABLES The author provides an introduction to the netfilter/iptables system, how it works, its advantages, installing and configuring, and how to use it to configure firewalls on Linux systems to filter IP packets. >> http://www.net-security.org/news.php?id=1181 SECURITY TOOLS IN LINUX DISTRIBUTIONS, PART I In part one of this two-part series, Bobby discusses various HIDS and NIDS that come with Red Hat distributions. >> http://www.net-security.org/news.php?id=1182 SECURITY TOOLS IN LINUX DISTRIBUTIONS, PART II The second part of this series is an overview of tools included in SuSE distributions for hardening, monitoring and securing your system. >> http://www.net-security.org/news.php?id=1188 FIXING THE FBI'S 'TOP 20' SECURITY FLAWS ISN'T ENOUGH The U.S. FBI's top-20 list of software vulnerabilities provides a solid foundation for IT security. But you need to do more than just protect against these flaws alone. >> http://www.net-security.org/news.php?id=1183 OPASOFT TARGETS WINDOWS SYSTEMS Opasoft worm that targets machines running Microsoft's Windows 95, 98, and ME operating systems is spreading according to virus alerts posted by several antivirus companies. >> http://www.net-security.org/news.php?id=1184 MALAYSIA REFUTES ORIGIN OF BUGBEAR VIRUS Denying reports of the Bugbear virus's origin in Malaysia, cyber detectives of this region said that there is no proof to support the allegation. >> http://www.net-security.org/news.php?id=1185 BUGBEAR TO SET NEW VIRUS RECORD The virus is spreading a bit more slowly than last week, but is still on track to become the most prolific to date. >> http://www.net-security.org/news.php?id=1189 DOD'S WIRELESS SAFETY NET A Defense Department policy provides a workable strategy for eventually allowing the use of wireless communications within the Pentagon without compromising security. >> http://www.net-security.org/news.php?id=1190 SPAM BLOCKER HAS OPPOSITE EFFECT Satisfied users of junk e-mail filter SpamNet protest loudly when unsolicited messages suddenly flood their inboxes. The problem? System "upgrades" - and the widespread UUNet failure. >> http://www.net-security.org/news.php?id=1191 FEDS PROBE DIGITAL TV PIRACY FUROR The Justice Department is investigating allegations that a company controlled by Rupert Murdoch's News Corp. hacked a rival's protection technology and distributed the information on the Internet. >> http://www.net-security.org/news.php?id=1192 IMPROVE LINUX SECURITY Although Linux's native support for networking services is part of the OS's appeal, these services can also create a security risk. Stop unnecessary network services. >> http://www.net-security.org/news.php?id=1193 SHUTTING DOWN SPYWARE LOOPHOLES A recent court decision against AOL Netscape finally puts some limits on the clickwrap contracts that make spyware legal. >> http://www.net-security.org/news.php?id=1194 FIREWALLS - BACK TO BASICS The most frequently asked questions (and answers) about Firewalls without the frills. >> http://www.net-security.org/news.php?id=1198 UNIVERSITY TO STUDY COMBATING CYBERTERROR The Defense Department is giving Carnegie Mellon University $35.5 million to develop tools and tactics for fighting cyberterrorism. >> http://www.net-security.org/news.php?id=1199 USING HONEYPOT WIRELESS LAN The busiest journalist at the RSA Conference 2002, Peter Judge from ZDNet UK, did an article on another war* action - "wartrapping". >> http://www.net-security.org/news.php?id=1201 HACKER BOOK AUTHOR: COMPANIES TOO STINGY ABOUT SECURITY The author of a book on network security warns that most companies aren't spending enough money to adequately protect themselves and most IT administrators are out of control of their own networks. >> http://www.net-security.org/news.php?id=1202 VOIP: DON'T OVERLOOK SECURITY Corporations that are implementing VOIP technologies in a bid to cut communications costs shouldn't overlook the security risks that can crop up when the voice and data worlds converge. >> http://www.net-security.org/news.php?id=1205 FBI MEMO DETAILS SURVEILLANCE LAPSES IN TERROR, SPY CASES FBI agents illegally videotaped suspects, intercepted e-mails without court permission and recorded the wrong phone conversations during sensitive terrorism and espionage investigations. >> http://www.net-security.org/news.php?id=1207 VIRUS THREATS ON MOBILE TOOLS Handhelds are not yet targets for hostile code writers, but that will soon change. >> http://www.net-security.org/news.php?id=1208 MOZILLA'S 'CODE OF SILENCE' ISN'T Developers are accused of not publicizing the browser's security vulnerabilities enough. But do we really need world wide alerts for every bug? >> http://www.net-security.org/news.php?id=1209 LIGHT MAY BE KEY TO SAFEGUARDING SECRETS Advances in devices that emit the smallest possible amount of light may portend an era of guaranteed confidentiality in Digital Age communication, which until now has had almost no protection. >> http://www.net-security.org/news.php?id=1210 GUIDE TO INTRUSION PREVENTION Diverse security technologies deliver the same message: "Keep Out!" >> http://www.net-security.org/news.php?id=1211 ATTACHMENTS CAN CAUSE SEVERE DAMAGE FWD: FWD: FWD: Read Now! - How many times have you opened your e-mail inbox and found a similar message waiting for you? >> http://www.net-security.org/news.php?id=1212 VIRUSES ATTACK RAMPANT At least 80% of computers in China have been affected by viruses, which increasingly spread through file downloading and Internet surfing. >> http://www.net-security.org/news.php?id=1213 LIE DETECTORS DO TELL LIES TOO... In routine security screening, polygraph tests often mark innocent people as lying but miss actual security risks, says panel. >> http://www.net-security.org/news.php?id=1214 BUG WATCH: THE PRIMITIVE PROBLEM OF PASSWORDS Recent security breaches have highlighted the inadequacy of passwords as a means of securing sensitive information, says Baltimore's Stephen Byrne. >> http://www.net-security.org/news.php?id=1218 FINGERPRINTING EXPLOITS IN SYSTEM AND APPLICATION LOG FILES This article focuses on the identification of the footprints that exploits leave on system logfiles and what they mean, as well as some of the most common traces that some recent exploits leave. >> http://www.net-security.org/news.php?id=1219 CYBERCRIME VICTIMS HIT BACK As Web thieves get slicker, frustrated consumers are taking matters into their own hands to block further damage. >> http://www.net-security.org/news.php?id=1220 IS LINUX REALLY MORE SECURE THAN WINDOWS? Microsoft has organized a huge security program as a result of vocal complaints from users, while the Linux effort is, in Eric Hemmendinger's words, "less disciplined but more timely." >> http://www.net-security.org/news.php?id=1221 PRACTICAL LINUX SECURITY Developer Cameron Laird outlines strategies for keeping different types of users organized for secure account management. >> http://www.net-security.org/news.php?id=1222 PROGRAMMING PHP WITH SECURITY IN MIND Writing code that prevents some common types of attacks is rather easy - here are some guidelines. >> http://www.net-security.org/news.php?id=1223 APACHE LOG ANALYSIS USING PYTHON This article first explains the framework, and then describes two examples that use it. My hope is that by the end of this article you will be able to use this framework for analyzing your own text files. >> http://www.net-security.org/news.php?id=1224 AFTER SCHOOL SCAM A group of Long Island high-school students ran a cyber-fraud operation by using computers at a bank where they were interns. >> http://www.net-security.org/news.php?id=1225 PGP 8.0 PUBLIC BETA AVAILABLE FOR DOWNLOAD PGP 8.0 Public Beta is now offered for download. Two versions are available for your beta testing pleasures: PGP 8.0 for Windows Beta and PGP 8.0 for Mac OS X Beta. >> http://www.net-security.org/article.php?id=207 ---------------------------------------------------------------- ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- 43,136 security incidents have been reported through June, 2002. Last year 52,658 were reported for the entire year. The most common point of entry is exploitation of known operating system vulnerabilities. Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ----------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- My Web Server 1.0.2 Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2132 OpenOffice 1.0.1 Race Condition During the Installation >> http://www.net-security.org/vuln.php?id=2131 KDE Personal Fileserver Vulnerability >> http://www.net-security.org/vuln.php?id=2130 TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2129 Outlook Remote Code Execution in Preview Pane (S/MIME) >> http://www.net-security.org/vuln.php?id=2128 phpRank Multiple Security Vulnerabilities >> http://www.net-security.org/vuln.php?id=2127 MondoSearch Arbitary File Source Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=2126 Zorum 2.4 Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2125 Multiple Vendor ypxfrd Map Handling Vulnerability >> http://www.net-security.org/vuln.php?id=2124 php(Reactor) Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2123 Webserver 4D v3.6 Weak Password Preservation Vulnerability >> http://www.net-security.org/vuln.php?id=2122 Commentary: VBZooM Uploading Malicious Files Vulnerability >> http://www.net-security.org/vuln.php?id=2121 Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service >> http://www.net-security.org/vuln.php?id=2120 PowerFTP Personal FTP Server Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2119 VBZooM Uploading Malicious Files Vulnerability >> http://www.net-security.org/vuln.php?id=2118 IBM SecureWay FireWall Denial of Service Caused by Flood of ACK Packets >> http://www.net-security.org/vuln.php?id=2117 SurfControl SuperScout Email Filter Administrative Server Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=2116 Multiple Vendor PC Firewall Remote Denial of Services Vulnerability >> http://www.net-security.org/vuln.php?id=2115 LogSurfer Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=2114 WinXP Professional (Gold) Insecure System Restore File Permissions >> http://www.net-security.org/vuln.php?id=2113 phpLinkat Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2112 Xerox DocuShare Internal IP Address Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=2111 phpMyNewsletter Remote Code Execution Vulnerability >> http://www.net-security.org/vuln.php?id=2110 CommonName Toolbar Potentially Exposes LAN Web Addresses >> http://www.net-security.org/vuln.php?id=2109 Multiple Vendor Long ZIP Entry Filename Processing Problems >> http://www.net-security.org/vuln.php?id=2108 phpBBmod phpinfo.php System Information Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=2107 Authoria HR Suite Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2106 Windows Help Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2105 AIX Denial of Service Caused by Flood of ACK Packets >> http://www.net-security.org/vuln.php?id=2104 phpBB2 Reveals IP Addresses of Users >> http://www.net-security.org/vuln.php?id=2103 VBZoom Forums Resetting Users Passwords Vulnerabilty >> http://www.net-security.org/vuln.php?id=2102 Multiple Vendor PC Firewall Remote Denial Of Services Vulnerability >> http://www.net-security.org/vuln.php?id=2101 BearShare Directory Traversal Issue Resurfaces >> http://www.net-security.org/vuln.php?id=2100 Apache 1.3.x Shared Memory Scoreboard Vulnerabilities >> http://www.net-security.org/vuln.php?id=2099 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- KDE Security Advisory - kpf Directory traversal >> http://www.net-security.org/advisory.php?id=1136 KDE Security Advisory - KGhostview Arbitary Code Execution >> http://www.net-security.org/advisory.php?id=1135 NetBSD Security Advisory - sendmail smrsh bypass vulnerability >> http://www.net-security.org/advisory.php?id=1134 NetBSD Security Advisory - buffer overrun in pic(1) >> http://www.net-security.org/advisory.php?id=1133 NetBSD Security Advisory - rogue vulnerability >> http://www.net-security.org/advisory.php?id=1132 NetBSD Security Advisory - Buffer overrun in talkd >> http://www.net-security.org/advisory.php?id=1131 OpenPKG Security Advisory - apache >> http://www.net-security.org/advisory.php?id=1130 Conectiva Linux Security Announcement - XFree86 >> http://www.net-security.org/advisory.php?id=1122 Debian Security Advisory - New bugzilla packages fix privilege escalation >> http://www.net-security.org/advisory.php?id=1121 Debian Security Advisory - [SECURITY] [DSA 171-1] New fetchmail packages fix buffer overflows >> http://www.net-security.org/advisory.php?id=1120 Debian Security Advisory - New ht://Check packages fix cross site scripting problem >> http://www.net-security.org/advisory.php?id=1119 Microsoft Security Bulletin MS02-058 - Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise >> http://www.net-security.org/advisory.php?id=1118 Cisco Security Advisory - Predefined Restriction Tables Allow Calls to International Operator >> http://www.net-security.org/advisory.php?id=1117 Compaq Security Bulletin - HP Tru64 UNIX /usr/sbin/routed Potential Security Vulnerability >> http://www.net-security.org/advisory.php?id=1116 SCO Security Advisory - OpenServer 5.0.5 OpenServer 5.0.6: Buffer Overflow in Multiple DNS Resolver Libraries >> http://www.net-security.org/advisory.php?id=1115 SuSE Security Announcement - hylafax >> http://www.net-security.org/advisory.php?id=1114 Red Hat Security Advisory - Updated squirrelmail packages close cross-site scripting vulnerabilities >> http://www.net-security.org/advisory.php?id=1113 Red Hat Security Advisory - Updated packages fix PostScript and PDF security issue >> http://www.net-security.org/advisory.php?id=1112 SCO Security Advisory - OpenServer 5.0.5 OpenServer 5.0.6: ypxfrd remote file access vulnerability >> http://www.net-security.org/advisory.php?id=1111 Mandrake Linux Security Advisory - kdelibs >> http://www.net-security.org/advisory.php?id=1110 Compaq Security Bulletin - SSRT2339 (ypxfrd) and SSRT2368 (ypserv) HP Tru64 UNIX Potential Security Vulnerability >> http://www.net-security.org/advisory.php?id=1109 NetBSD Security Advisory - (another) buffer overrun in libc/libresolv DNS resolver >> http://www.net-security.org/advisory.php?id=1108 NetBSD Security Advisory - buffer overrun in pic(1) >> http://www.net-security.org/advisory.php?id=1107 Debian Security Advisory - New tkmail packages fix insecure temporary file creation >> http://www.net-security.org/advisory.php?id=1106 Debian Security Advisory - New ht://Check packages fix cross site scripting problem >> http://www.net-security.org/advisory.php?id=1105 NetBSD Security Advisory - sendmail smrsh bypass vulnerability >> http://www.net-security.org/advisory.php?id=1104 EnGarde Secure Linux Advisory - apache: potential DoS, cross-site scripting, and buffer overflow vulnerabilities >> http://www.net-security.org/advisory.php?id=1103 CERT Advisory CA-2002-28 -Trojan Horse Sendmail Distribution >> http://www.net-security.org/advisory.php?id=1102 Conectiva Linux Security Announcement - hylafax >> http://www.net-security.org/advisory.php?id=1101 Conectiva Linux Security Announcement - apache >> http://www.net-security.org/advisory.php?id=1100 SuSE Security Announcement - mod_php4 >> http://www.net-security.org/advisory.php?id=1099 Cisco Security Advisory - Predefined Restriction Tables Allow Calls to International Operator >> http://www.net-security.org/advisory.php?id=1098 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- This week we have many articles since we attended the ˛ RSA Conference 2002 in Paris. Enjoy! Scope on Attix5 secure backuping software >> http://www.net-security.org/article.php?id=206 Bridicum receives 4.2 million Euros investment >> http://www.net-security.org/article.php?id=205 How the press spreads FUD (Fear, Uncertainty and Doubt) >> http://www.net-security.org/article.php?id=204 Gemplus digital signature solution awarded >> http://www.net-security.org/article.php?id=203 Wireless Security Threats >> http://www.net-security.org/article.php?id=202 NetScreen opens new EMEA offices >> http://www.net-security.org/article.php?id=201 RSA Conference - The Exhibitors >> http://www.net-security.org/article.php?id=200 RSA Conference 2002 Grand Opening >> http://www.net-security.org/article.php?id=199 News from the RSA Security press conference >> http://www.net-security.org/article.php?id=198 Microsoft CTO talks about security and open source. What security? >> http://www.net-security.org/article.php?id=197 RSA Conference 2002 Paris - Tutorial day >> http://www.net-security.org/article.php?id=196 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- SSH Updates Revenue Estimate For Fiscal Year 2002 >> http://www.net-security.org/press.php?id=1053 IntelliSafe Vault Now Integrated with Rainbow Technologies' CryptoSwift HSM and iKey USB Authentication Keys >> http://www.net-security.org/press.php?id=1052 London City Secures Airport Access With Daon's Biometric Fingerprint Scanners >> http://www.net-security.org/press.php?id=1051 Rainbow Begins Worldwide Shipments of NetSwift iGate Web Security Appliance for Instant Private Web >> http://www.net-security.org/press.php?id=1050 RSA Security Announces Strategic Agreement with Microsoft on Security Initiatives >> http://www.net-security.org/press.php?id=1049 RSA Security Introduces RSA ClearTrust 5.0, One of the Industry’s Most Comprehensive Web Access Management Solutions >> http://www.net-security.org/press.php?id=1048 RSA Security and iRevolution Join Forces to Offer Two-Factor Authentication for Companies Using Microsoft Passport >> http://www.net-security.org/press.php?id=1047 Windows and .NET Magazine Name Trend Micro ScanMail for Exchange 6.0 MEC 2002 Best of Show Finalist >> http://www.net-security.org/press.php?id=1046 Trend Micro introduces industry-first Virus Response Service Level Agreement >> http://www.net-security.org/press.php?id=1045 Trusecure’s Essential Practices Proactively Defend Against The Sans/fbi Top 20 Internet Security Vulnerabilities >> http://www.net-security.org/press.php?id=1044 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- CRYPTOEXPERT 2003 2.01.01 CryptoExpert uses an on-the-fly encryption system to encrypt and decrypt data. Data is stored in the encrypted form, but when it is requested by any application, it gets decrypted on-the-fly. >> http://www.net-security.org/software.php?id=305 ACSV 1.0.0 The handy and fast program with an clear interface for calculation and verifying the MD5 and CRC32 checksums of files in specified folder. >> http://www.net-security.org/software.php?id=306 FIREHOL R5 1.6 FireHOL is a Linux iptables firewall generator. It's goal is to be extremely abstracted so that the administrators can design firewalls of any complexity without the need to know all the details about protocols, sockets, ports, etc. >> http://www.net-security.org/software.php?id=307 TINYCA 0.4.4 TinyCA is a simple graphical userinterface written in Perl/Tk to manage a small CA (Certification Authority). >> http://www.net-security.org/software.php?id=308 RATEMASK 1.0.0 Ratemask is a small program that will make it easier to create ICMP type masks, as used in the icmp_ratemask sysctl, viewable through the /proc filesystem. >> http://www.net-security.org/software.php?id=309 IPSHUTTER 0.2 IPShutter listens for connections on one port, and upon proper authentication temporarily unlocks a second port. The unlocking is brief (by default two minutes) and only applies to the IP address from which the authentication occurred. >> http://www.net-security.org/software.php?id=310 BITDEFENTER ANTIOPASERV This easy to use tool detects and removes the Opaserv virus from your system. >> http://www.net-security.org/software.php?id=311 MMFTPD 0.0.11 mmftpd is a secure FTP server that runs as a normal user, and supports virtual users only. Each user may have specific permissions, including the maximum home directory size limit and download/upload speeds. >> http://www.net-security.org/software.php?id=312 PASSWORDS PLUS 3.68 Passwords Plus allows an unlimited number of users* to each keep an individual password-protected encrypted list of their passwords. >> http://www.net-security.org/software.php?id=313 FIREPARSE 2.0 Fireparse is a Perl script that emails a report of all packets that have been logged by the kernel's ipchains or iptables packet filtering subsystems. >> http://www.net-security.org/software.php?id=314 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Opaserv Worm Removal Tool (11 October 2002) >> http://www.net-security.org/virus_news.php?id=100 Update for Sophos MailMonitor and SAVI Users (11 October 2002) >> http://www.net-security.org/virus_news.php?id=99 Weekly Virus Report - Bugbear and Opaserv Infections (07 October 2002) >> http://www.net-security.org/virus_news.php?id=98 Network Worms Continue To Attack Linux (07 October 2002) >> http://www.net-security.org/virus_news.php?id=97 ---------------------------------------------------------------- [ Winners Announcement ] ---------------------------------------------------------------- The winners of the latest HNS Book Contest have been chosen. The lucky ones are: Mislav Gluscevic Anne Carasik Abraham Lincoln Hao Jason Beauford Wael Ghandour Pieter Swart Paul Laudanski Teemu Suopelto A big thanks goes to Addison Wesley to making this contest possible. Visit them at http://www.awprofessional.com ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php