HNS Newsletter Issue 132 - 21.10.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- *** ALERT! *** ALL OF THE FOLLOWING APPLICATIONS ARE VULNERABLE TO ATTACK!: *** Oracle *** Microsoft SQL Server *** Sybase *** Lotus Domino QUESTION: How Vulnerable are Your Applications? ANSWER: Find out by downloading AppDetective from: ******* http://www.appsecinc.com/products/#pentest AppDetective will DISCOVER Rogue Installations; Perform Zero Knowledge PENETRATION TESTS without Administrative Rights; and Perform In-Depth SECURITY AUDITS from the Inside-Out without Agents. DOWNLOAD YOUR FREE EVALUATION VERSION TODAY FROM: http://www.appsecinc.com/products/#pentest ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Security world 6) Featured review 7) Security software 8) Virus news [ General security news ] ---------------------------------------------------------------- CHECK POINT CLAIMS VICTORY IN FIREWALL/VPN TESTS Tests of three market-leading firewall/virtual private networking devices by the engineer calibre testing outfit The Tolly Group puts Check Point Technologies Ltd's VPN-1 Pro ahead of rival systems. >> http://www.net-security.org/news.php?id=1227 PASSWORDS A RISKY BUSINESS A Kiwi executive with RSA Security, Mark Pullen, says New Zealand's remote geography gives a false sense of security to organisations. >> http://www.net-security.org/news.php?id=1228 HACKTIVISTS AGAINST CENSORSHIP Western hackers are developing programs to defeat the Internet censorship barriers of repressive countries overseas - and you can take part in the effort. >> http://www.net-security.org/news.php?id=1229 CHROOT JAILS MADE EASY WITH THE JAIL CHROOT PROJECT Once in a while, you can stumble on a real gem that simplifies even the most difficult system administration tasks. One such gem is the Jail Chroot Project. >> http://www.net-security.org/news.php?id=1230 WIRELESS - A SECURITY NIGHTMARE Wireless devices could soon be ubiquitous in american business, but the security of their transmissions still has a ways to go. >> http://www.net-security.org/news.php?id=1231 US COPYRIGHT OFFICE WAKES UP TO FLAWS IN ANTI-HACKING LAW It seems the US Copyright Office has finally realised that some parts of the Digital Millennium Copyright Act are just plain stupid. >> http://www.net-security.org/news.php?id=1232 BOOK REVIEW: UNIVERSAL COMMAND GUIDE FOR OPERATING SYSTEMS According to Emmett Dulaney, if there is one book the administrator of a mixed network needs on his shelf, it is Universal Command Guide for Operating Systems. >> http://www.net-security.org/news.php?id=1233 LINUX PLANET TALKS TO GENE SPAFFORD ABOUT OS SECURITY Is open source software more secure? To most Linux enthusiasts, the answer is yes. But noted security expert Gene Spafford says that this may not necessarily be true. >> http://www.net-security.org/news.php?id=1237 FORMER FBI CHIEF TAKES ON ENCRYPTION When Louis Freeh ran the FBI, he loved nothing more than launching into a heartfelt rant against the dangers of encryption technology. >> http://www.net-security.org/news.php?id=1238 SPAM FIGHTER DEFEATS JUNK EMAIL COMPANY A "fearless spam fighter" has won a David and Goliath legal battle against a junk email marketing company. >> http://www.net-security.org/news.php?id=1239 NASA CYBER PROGRAM BEARS FRUIT NASA has demonstrated that using a scanning and remediation program can turn the tide against hackers, according to a recent report. >> http://www.net-security.org/news.php?id=1240 GERMAN IT SECURITY EXPERT ROBS ATMS A German boffin who invented a security system for ATMs has been sentenced to nearly five years in prison for faking credit cards and using them to withdraw cash from the machines. >> http://www.net-security.org/news.php?id=1241 FEAR FACTOR Here's a reality check on your top five concerns about reporting security incidents. >> http://www.net-security.org/news.php?id=1242 DETECTING CYBERATTACKS BY PROFILING "NORMAL" COMPUTER HABITS A new software system that detects cyberattacks while they are in progress by drawing highly personalized profiles of users has proven successful 94% of the time in simulated attacks. >> http://www.net-security.org/news.php?id=1243 PHRACK MAGAZINE CALL FOR PAPERS New papers will be accepted up until Friday the 13th of December. Editorial changes to the papers can be submitted until Friday the 20th of December. >> http://www.net-security.org/news.php?id=1244 FREED HACKER MITNICK DEBUNKS MYTHS Kevin Mitnick claims that false accusations of breaking into top secret US installations were used to demonise him by law enforcement agencies in their fight to bring him to justice. >> http://www.net-security.org/news.php?id=1247 SPAM MASQUERADES AS ADMIN ALERTS Pop-up ads disguised as Windows system administration alerts annoy users and puzzle security experts. Spammers, on the other hand, say the tactic works. >> http://www.net-security.org/news.php?id=1248 EMBEDDING SECURITY INTO SERVERS Embedded systems control much of the world's critical infrastructure, which makes them a prime target for attack by everyone from hackers to terrorists. >> http://www.net-security.org/news.php?id=1249 THE CODE MAKERS GET CRACKING Wars have been won and lost by the cracking of secret codes. Now Australian scientists are involved in an international race to develop the ultimate secret weapon, an uncrackable code. >> http://www.net-security.org/news.php?id=1250 BOOK REVIEW: THE ART OF DECEPTION Rather than focusing on the writer's past, it is clear that Mitnick wishes the book to be viewed as an attempt at redemption. >> http://www.net-security.org/news.php?id=1251 OPENSSH 3.5 HAS BEEN RELEASED OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. >> http://www.net-security.org/news.php?id=1252 STUDY FINDS SPAM WORSE IN MANUFACTURING SECTOR A report analyzing e-mail messages sent during September found that the problem of viruses and spam continued to grow, hitting manufacturing, banking and finance, and health care very hard. >> http://www.net-security.org/news.php?id=1253 HIGHLIGHTING AN 'ETHICAL HACKER' Companies should bolster their computer network security by hiring hackers, said Ankit Fadia, a 17-year-old who is a popular "ethical hacker" from India. >> http://www.net-security.org/news.php?id=1255 MS BETA SITE CRACKED The server on which Microsoft makes its beta programs available for testing has been infiltrated by outsiders who have downloaded an unspecified cornucopia of programs. >> http://www.net-security.org/news.php?id=1257 SKLYAROV DENIED US VISA TO TESTIFY IN DMCA CASE Dmitry Sklyarov, the Russian programmer at the centre of the first DMCA prosecution, has been denied a US visa in a move that jeopardises his requirement to testify in the forthcoming trial of ElcomSoft. >> http://www.net-security.org/news.php?id=1258 VOICEPRINTS MAKE CRYPTO KEYS Researchers from Lucent Technologies' Bell Labs are tapping the individuality of the human voice to generate unique cryptographic keys for computer users. >> http://www.net-security.org/news.php?id=1259 WORLD CYBERCRIME EXPERTS SEE NEED FOR LAWS, TIES Top international cyber-crimebusters wrapped up a three-day conference in the world's most wired country with a call for greater global cooperation to fight online offences. >> http://www.net-security.org/news.php?id=1260 TRUST OF NET DECLINING, REPORT SAYS Americans are using and enjoying the Internet more than ever, a private research firm said Wednesday, even though they're still not entirely sure their personal information is secure. >> http://www.net-security.org/news.php?id=1261 STUDENT REMEMBERS HACKING EXPERIENCE Junior's experience highlights computer hacking concerns for C.U. technology offices. >> http://www.net-security.org/news.php?id=1262 OPENWALL GNU/*/LINUX AKA OWL 1.0 RELEASED Openwall GNU/*/Linux" aka Owl is a security-enhanced operating system with Linux and GNU software as its core, compatible with other distributions of GNU/*/Linux. >> http://www.net-security.org/news.php?id=1263 THE TECH INDUSTRY RESCUE SQUAD What makes CERT/CC unique is that it functions as an independent security reporting center that assumes anonymity with each client unless it receives permission to use the client's identity. >> http://www.net-security.org/news.php?id=1264 CAN A HACKER OUTFOX MICROSOFT? Cypherpunk Lucky Green files a defensive patent to prevent the software giant from using Palladium to block piracy efforts. Analysts say it just might work. >> http://www.net-security.org/news.php?id=1267 NET FORCES SCRUTINY OF OPEN RECORDS Crime victims, jurors and witnesses fear assailants can easily identify them. With many records now available on the Net, governments are revisiting public information policies. >> http://www.net-security.org/news.php?id=1268 TIF TO TAKE HACKERS TO TASK Blue-chip user group The Corporate IT Forum has set up a security taskforce to work with the police. >> http://www.net-security.org/news.php?id=1269 UK FIRM TOUTS ALTERNATIVE TO DIGITAL CERTIFICATES Two factor authentication, using secure tokens is being backed as an alternative to digital certificates by Quizid Technologies, which is enjoying support from the Parliamentary All Party Export Group. >> http://www.net-security.org/news.php?id=1270 BOGUS YAHOO EMAIL PICKS UP CREDIT CARD NUMBERS Yahoo says that some of its customers have been tricked into giving their credit card numbers to an unaffiliated third party that had posed as Yahoo in a mass e-mail. >> http://www.net-security.org/news.php?id=1271 CYBERTHREAT RESPONSE AND REPORTING GUIDELINES CIO Magazine worked with the Secret Service, the FBI and industry leaders to create guidelines for reporting security incidents - what to report, who to report it to, and how. >> http://www.net-security.org/news.php?id=1272 SECURE LINUX DESKTOP BEGINS SHIPPING TO UK POLICE FORCE A pilot scheme which could see police forces throughout England and Wales switching to Linux desktops has kicked off with delivery of the first systems to the West Yorkshire force. >> http://www.net-security.org/news.php?id=1273 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Solution: Kill a Unisys Clearpath with nmap Port Scan >> http://www.net-security.org/vuln.php?id=2151 ZoneLabs reply on ZoneAlarm Pro Denial of Service Vulnerability Thread >> http://www.net-security.org/vuln.php?id=2150 Microsoft SQL Server Webtasks Privilege Elevation Vulnerability >> http://www.net-security.org/vuln.php?id=2149 PhpToNuke Arbitary File Retrieving Vulnerability >> http://www.net-security.org/vuln.php?id=2148 SkyStream EMR5000 DVB router Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2147 Denial of Service in Sabre Desktop Reservation Client for Windows >> http://www.net-security.org/vuln.php?id=2146 ZoneAlarm Pro 3.1 and 3.0 Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2145 CoolForum Vulnerability Can Expose passwd File >> http://www.net-security.org/vuln.php?id=2144 TheServer Log File Readable Password Vulnerability >> http://www.net-security.org/vuln.php?id=2143 Account Vulnerability in Avaya Switches >> http://www.net-security.org/vuln.php?id=2142 Internet Explorer: The D-Day >> http://www.net-security.org/vuln.php?id=2141 Denial of Service and Directory Traversal Vulnerabilities in WebServer 4 Everyone >> http://www.net-security.org/vuln.php?id=2140 CoolForum v 0.5 beta PHP Files Disclosure vulnerability >> http://www.net-security.org/vuln.php?id=2139 Meunity 1.1 Script Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2138 Symantec Enterprise Firewall Secure Webserver Information Leak Vulnerability >> http://www.net-security.org/vuln.php?id=2137 Multiple Symantec Firewall Secure Webserver Timeout Denial of Service Vulnerabilities >> http://www.net-security.org/vuln.php?id=2136 Polycom ViaVideo Web Component Multiple Security Vulnerabilities >> http://www.net-security.org/vuln.php?id=2135 TelCondex SimpleWebServer Long URL Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2134 Mini Server Directory Traversal Vulnerability >> http://www.net-security.org/vuln.php?id=2133 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Red Hat Security Advisory - New kernel fixes local security issues >> http://www.net-security.org/advisory.php?id=1172 Red Hat Security Advisory - New kernel 2.2 packages fix local vulnerabilities >> http://www.net-security.org/advisory.php?id=1171 Red Hat Security Advisory - New kernel fixes local security issues >> http://www.net-security.org/advisory.php?id=1170 Debian Security Advisory - New PAM packages fix serious security violation in Debian/unstable >> http://www.net-security.org/advisory.php?id=1169 Debian Security Advisory - New Heimdal packages fix remote command execution >> http://www.net-security.org/advisory.php?id=1168 Gentoo Linux Security Announcement - ggv >> http://www.net-security.org/advisory.php?id=1167 EnGarde Secure Linux Advisory - syslog-ng buffer overflow in macro handling code >> http://www.net-security.org/advisory.php?id=1166 Microsoft Security Bulletin MS02-061 - Elevation of Privilege in SQL Server Web Tasks >> http://www.net-security.org/advisory.php?id=1165 Microsoft Security Bulletin MS02-060 - Flaw in Windows XP Help and Support Center Could Enable File Deletion >> http://www.net-security.org/advisory.php?id=1164 Microsoft Security Bulletin MS02-059 - Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure >> http://www.net-security.org/advisory.php?id=1163 Debian Security Advisory - New gv packages fix buffer overflow >> http://www.net-security.org/advisory.php?id=1162 Trustix Security Advisory - python >> http://www.net-security.org/advisory.php?id=1161 Trustix Security Advisory - postgresql >> http://www.net-security.org/advisory.php?id=1160 Trustix Security Advisory - glibc >> http://www.net-security.org/advisory.php?id=1159 Trustix Security Advisory - apache >> http://www.net-security.org/advisory.php?id=1158 Trustix Security Advisory - kernel >> http://www.net-security.org/advisory.php?id=1157 Conectiva Linux Security Announcement - XFree86 >> http://www.net-security.org/advisory.php?id=1156 Conectiva Linux Security Announcement - sendmail >> http://www.net-security.org/advisory.php?id=1155 Conectiva Linux Security Announcement - fetchmail >> http://www.net-security.org/advisory.php?id=1154 Cisco Security Advisory - Cisco CatOS Embedded HTTP Server Buffer Overflow >> http://www.net-security.org/advisory.php?id=1153 SGI Security Advisory - X Windows zlib/MIT-SHM/huge font DoS vulnerabilities >> http://www.net-security.org/advisory.php?id=1152 Compaq Security Bulletin - HP Tru64 UNIX V5.1A zlib Potential Security Vulnerability >> http://www.net-security.org/advisory.php?id=1151 Debian Security Advisory - New syslog-ng packages fix buffer overflow >> http://www.net-security.org/advisory.php?id=1150 Mandrake Linux Security Advisory - tar >> http://www.net-security.org/advisory.php?id=1149 Mandrake Linux Security Advisory - unzip >> http://www.net-security.org/advisory.php?id=1148 Gentoo Linux Security Announcement - apache >> http://www.net-security.org/advisory.php?id=1147 Gentoo Linux Security Announcement - tomcat >> http://www.net-security.org/advisory.php?id=1146 Red Hat Security Advisory - Updated xinetd packages fix denial of service >> http://www.net-security.org/advisory.php?id=1145 SGI Security Advisory - rpcbind/fsr_efs/mv/errhook/uux vulnerabilities (update) >> http://www.net-security.org/advisory.php?id=1144 Red Hat Security Advisory - Command execution vulnerability in dvips >> http://www.net-security.org/advisory.php?id=1143 SuSE Security Announcement - heartbeat >> http://www.net-security.org/advisory.php?id=1142 Gentoo Linux Security Announcement - heimdal >> http://www.net-security.org/advisory.php?id=1141 Debian Security Advisory - heartbeat >> http://www.net-security.org/advisory.php?id=1140 Gentoo Linux Security Announcement - net-snmp >> http://www.net-security.org/advisory.php?id=1139 Gentoo Linux Security Announcement - sendmail >> http://www.net-security.org/advisory.php?id=1138 Gentoo Linux Security Announcement - nss_ldap >> http://www.net-security.org/advisory.php?id=1137 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- INTERVIEW WITH SAUMIL SHAH Saumil Shah is a security researcher and is one of the authors of "Web Hacking: Attacks and Defense." >> http://www.net-security.org/article.php?id=208 SECURITY ONLINE - SOME BASIC IT HYGIENE TIPS To stay on top of security when connected to the Internet, there are several systems for finding out exactly what is happening to your PC at any moment. If you have a personal firewall and an up-to-date antivirus installed, much of this monitoring is carried out automatically by these applications. >> http://www.net-security.org/article.php?id=209 NETWORK ASSOCIATES LAUNCHES A PROFESSIONAL SERVICES ORGANIZATION "Network Associates Expert Services" compiles together experts, that worked in Sniffer Technologies and on McAfee Security products, into one strengthened unified organization poised to address the growing convergence of network and security management. >> http://www.net-security.org/article.php?id=210 INFOSECU ENTERPRISE LICENSING ANNOUNCED Pittsburgh based, privately owned security company RedSiren Technologies, announced enterprise licensing for their online information security training courses Security University, better known as InfoSecU. >> http://www.net-security.org/article.php?id=211 MICROSOFT RELEASES ANOTHER PACK OF SECURITY BULLETINS In another combo pack, Microsoft released three security bulletins. The bulletins which are labeled from moderate to critical, deal with Microsoft Word and Excel, Microsoft Windows XP, Microsoft SQL Server 7.0 and 2000. >> http://www.net-security.org/article.php?id=212 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- Intrusion Inc. Elects James P. Buchanan to Board of Directors >> http://www.net-security.org/press.php?id=1067 Diversinet Supplies SecureNet with Technology for Unique Trust Service Offering in Asia-Pacific >> http://www.net-security.org/press.php?id=1066 Netegrity Addresses Web Services Security With Release of TransactionMinder >> http://www.net-security.org/press.php?id=1065 Cyberguard Expands Presence In Northern Europe, Signs Distribution Agreement With Major European Partner >> http://www.net-security.org/press.php?id=1064 Systems 2002: Utimaco Safeware Is Banking Close Cooperation With Its Partners >> http://www.net-security.org/press.php?id=1063 Bear Stearns Selects Trend Micro Security Solutions for Full Virus Protection >> http://www.net-security.org/press.php?id=1062 Daon's Biometric Identity Management Solution Tightens Financial Companies' Security >> http://www.net-security.org/press.php?id=1061 F-Secure and Deutsche Telekom Announce New Security Services >> http://www.net-security.org/press.php?id=1060 ProCheckUp Launches European Partner Program >> http://www.net-security.org/press.php?id=1059 Prentice Hall PTR and HP Books Publish Second Edition of Computer Security Bestseller >> http://www.net-security.org/press.php?id=1058 Abtrusion Security Releases Intrusion Protection Software >> http://www.net-security.org/press.php?id=1057 Arcsight Introduces Next Generation Enterprise Security Management Software With ArcSight 2.0 >> http://www.net-security.org/press.php?id=1056 Sandia National Laboratories Selects Arcsight To Consolidate Security Infrastructure >> http://www.net-security.org/press.php?id=1055 Corsa Network Technologies Selects Arcsight as its Preferred Security Management Solution >> http://www.net-security.org/press.php?id=1054 ---------------------------------------------------------------- [ Review ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- INTERNET SITE SECURITY This book manages to shade a new light on the problems of security implementation. It's a good idea to give it to both your IT manager and your system administrator, they will both learn from it and in the process start to understand each other on a new level. >> http://www.net-security.org/review.php?id=14 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- MICRO NET UTILITIES 0.15 Micro Net Utilities is a Multi threaded GUI application that contains lots of internet and network tools, including Whois, Finger, DNS, IP Monitor, Ping, Trace Route, Port Scan, IP Scan, Net Stat, and Time synchronization. >> http://www.net-security.org/software.php?id=315 N.E.W.T. 99.2 N.E.W.T. scans all remote networked machines on single or all domains and attempts to retrieve a wealth of detailed information. It shows this data in a spreadsheet-like format for a concise, overall view of your network. >> http://www.net-security.org/software.php?id=316 CATTOOLS 1.3.8 CatTools is a freeware Windows utility for managing Cisco routers, Catalyst switches, LightStream ATM switches and other network devices. It provides automated configuration backups, password changing and scripted configuration commands. >> http://www.net-security.org/software.php?id=317 FOREMOST 0.64 Foremost is a Linux program to recover files based on their headers and footers. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. >> http://www.net-security.org/software.php?id=318 TCPVIEW 2.22 TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. >> http://www.net-security.org/software.php?id=319 1ST EMAIL ANTIVIRUS 3.0 Designed for discreet users who appreciate data integrity and privacy, 1st Email Anti-Virus is the only POP3-compatible content-filtering security software that copes with all threats of modern (HTML-based and MIME) email messages. >> http://www.net-security.org/software.php?id=320 PINGER 1.10 Pinger is a program for ping and trace internet host. Ping host that you choice. Show results in graph mode. Change delay time for pinging. Store hosts in a file. Minimized to system tray and background mode ping. Trace route to host. Whois support with advanced futures.Write result to log file. Customize limit points for ping graph. >> http://www.net-security.org/software.php?id=321 ACID 0.9.6 The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. >> http://www.net-security.org/software.php?id=322 IPLOG 2.2.3 iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP and ICMP traffic. Adding support for other protocols should be relatively easy. >> http://www.net-security.org/software.php?id=323 PATCHWORK 1.1 PatchWork checks for the vulnerabilities listed by the FBI, and if any are found, points you directly to the Microsoft patches. Then PatchWork allows you to verify that they were installed correctly. >> http://www.net-security.org/software.php?id=324 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Tips on protecting yourself from viruses >> http://www.net-security.org/virus_news.php?id=103 New worm pretends to be a BugBear antidote >> http://www.net-security.org/virus_news.php?id=102 Weekly Virus Report - Rodok and Bugbear Worms >> http://www.net-security.org/virus_news.php?id=101 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php