HNS Newsletter Issue 135 - 11.11.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Security world 6) Featured review 7) Security software 8) Virus news [ General security news ] ---------------------------------------------------------------- FEDS GETTING IT TOGETHER Government security officials have begun a new era of interagency cooperation that has led to new levels of information sharing. >> http://www.net-security.org/news.php?id=1364 FUTURE HACKING: HOW VULNERABLE IS THE NET? As a new safety precaution, the organizations that operate the Internet's root servers will add more servers to each system. This will make each location less vulnerable to DDoS attacks. >> http://www.net-security.org/news.php?id=1365 SIMPLE THINGS TO IMPROVE YOUR SYSTEM'S SECURITY Here are some small and simple things that you can do to improve the security of your OpenBSD system. >> http://www.net-security.org/news.php?id=1366 FIRMS LEAVE FIREWALL GAPS Poorly configured firewalls make distributed denial-of-service attacks too easy for hackers. >> http://www.net-security.org/news.php?id=1367 HOW TO AVOID SECURITY PROBLEMS, LINUX VS. WINDOWS SECURITY If it's not the Slapper worm, it's the Mighty worm - if you're watching the technology press recently, you might think Linux is plagued with security problems lately. >> http://www.net-security.org/news.php?id=1368 HACKER TAKES ADVANTAGE OF DIALER BILLING SYSTEM A malicious hacker in Germany has increased revenues on his own premium rate telephone service by E400,000, by diverting calls from other companies to his service. >> http://www.net-security.org/news.php?id=1369 NSA TAPS VENDORS FOR ENCRYPTION NSA selected 3 vendor teams to develop Gigabit Ethernet encryptors to support the secure exchange of top-secret information via commercial IP-based, wide-area networks at speeds of at least 1 gigabit/sec. >> http://www.net-security.org/news.php?id=1374 SBC HAS PLANS FOR INTERNET SECURITY SBC Communications announced Monday that it is forming an Internet security project designed to improve network defenses. >> http://www.net-security.org/news.php?id=1375 NEW PCS LIKELY TO CEDE SOME CONTROL To thwart hackers and foster online commerce, the next generation of computers will almost certainly cede some control to software firms, Hollywood and other outsiders. >> http://www.net-security.org/news.php?id=1376 FTC: WHERE SPAM GOES OFF TO DIE For years, the Federal Trade Commission has been receiving forwarded spam from Internet users. What exactly has the agency been doing with it? >> http://www.net-security.org/news.php?id=1382 COURT RULES AGAINST AOL ON NET PRIVACY With laws on Internet privacy still unsettled, the ruling could have a significant effect on how users' anonymity is protected. >> http://www.net-security.org/news.php?id=1383 SMART SECURITY: NETWORK SCANNERS Don't wait for a hacker to show you where your network's vulnerabilities lie. Be smart, and use a network scanner with intelligence. >> http://www.net-security.org/news.php?id=1385 CHINA'S CYBERWALL NEARLY CONCRETE Thanks in large part to American technologies, Internet censorship in China is strong and far-reaching - much like the Great Wall itself. A commission urges the U.S. government to act fast. >> http://www.net-security.org/news.php?id=1386 MITIGATION OF COOKIE STEALING XSS ATTACKS Microsoft's Michael Howard discusses the points of scrubbing secret data from memory, as well as expounding on mitigating cross-site scripting issues using the HttpOnly cookie extension. >> http://www.net-security.org/news.php?id=1387 HACKING SYNDICATES THREATEN BANKING The number of hacking syndicates targeting financial institutions around the world is growing. And so is the number of banks willing to pay these high-tech extortionists hush money to protect their reputations. >> http://www.net-security.org/news.php?id=1388 IF MICROSOFT HAD WRITTEN NMAP This amusing article was written by security expert Ed Skoudis, author of "Counter Hack". >> http://www.net-security.org/news.php?id=1389 NOTRE DAME MATH GURU CRACKS CODE And you thought you had tough math homework? Consider the work that went into cracking a secret code developed by Certicom, which makes wireless encryption software... >> http://www.net-security.org/news.php?id=1394 NAVY SITES SPRING SECURITY LEAKS A group of French Internet security enthusiasts uncovers holes in two online databases owned by the U.S. Navy, exposing password information and reports on malfunctioning weapons equipment. >> http://www.net-security.org/news.php?id=1395 COMPLETE SNORT-BASED IDS ARCHITECTURE, PART ONE This two-part article will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software. >> http://www.net-security.org/news.php?id=1396 SECURITY STANDARD GAINS OASIS APPROVAL The Organization for the Advancement of Structured Information Standards formally approved a standard security protocol that is likely to become the building block for integrating corporate user access control systems over the Internet. >> http://www.net-security.org/news.php?id=1397 HACK ATTACKS ON RISE IN ASIA Attackers based in Indonesia and Malaysia have been launching attacks on neighbouring countries. >> http://www.net-security.org/news.php?id=1403 THE FBI'S CYBERCRIME CRACKDOWN In contrast to the teenage hackers of yore, today's perpetrators mount extremely sophisticated attacks. They don't brag, and they don't leave obvious tracks. >> http://www.net-security.org/news.php?id=1404 NETWORK SIGNALS JUST SCREAM TO BE EXPLOITED Organizations ignore the security risks of wireless networking at their peril. >> http://www.net-security.org/news.php?id=1405 INADEQUATE IT SECURITY TRAINING IN THE UK UK employees lack the appropriate IT security training necessary to combat potential threats to organisations such as viruses. >> http://www.net-security.org/news.php?id=1406 ---------------------------------------------------------------- ---------------------------------------------------------------- HNS BOOK GIVEAWAY - HONEYPOTS: TRACKING HACKERS We are giving away 3 copies of "Honeypots: Tracking Hackers" by Lance Spitzner. Want some knowledge? http://www.net-security.org/news.php?id=1413 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Lotus Domino HTTP Server Information Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=2204 Cutecast Forum v1.2 Plaintext Passwords Vulnerability >> http://www.net-security.org/vuln.php?id=2203 Remote Pine 4.44 Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2202 LuxMan Non-Explicit Path Vulnerability >> http://www.net-security.org/vuln.php?id=2201 Executing Programs with Parameters in Internet Explorer >> http://www.net-security.org/vuln.php?id=2200 ZoneEdit Account Hijack Vulnerability >> http://www.net-security.org/vuln.php?id=2199 Microsoft IIS Local Cross-site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2198 Networking Utils PHP Script Arbitary Command Execution Vulnerability >> http://www.net-security.org/vuln.php?id=2197 Microsoft IIS Out of Process Privilege Elevation Vulnerability >> http://www.net-security.org/vuln.php?id=2196 Pablo FTP Server Dednial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2195 Xeneo Web Server Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2194 Oracle iSQL*Plus Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2193 Prometheus Application Framework Code Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2192 PHP-Nuke SQL Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2191 Iomega NAS A300U Security Issues >> http://www.net-security.org/vuln.php?id=2190 EventSave and EventSave+ Vulnerability >> http://www.net-security.org/vuln.php?id=2189 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Debian Security Advisory - New squirrelmail packages fix cross site scripting bugs >> http://www.net-security.org/advisory.php?id=1246 Debian Security Advisory - Buffer overflow in Window Maker >> http://www.net-security.org/advisory.php?id=1245 SGI Security Advisory - Potential Denial of Service Vulnerability in RPC-based libc >> http://www.net-security.org/advisory.php?id=1244 Red Hat Security Advisory - Updated kerberos packages available >> http://www.net-security.org/advisory.php?id=1243 Red Hat Security Advisory - Updated glibc packages fix vulnerabilities in resolver >> http://www.net-security.org/advisory.php?id=1242 Conectiva Linux Security Announcement - XFree86 >> http://www.net-security.org/advisory.php?id=1241 Conectiva Linux Security Announcement - gv/kghostview >> http://www.net-security.org/advisory.php?id=1240 Conectiva Linux Security Announcement - mod_ssl >> http://www.net-security.org/advisory.php?id=1239 Conectiva Linux Security Announcement - heartbeat >> http://www.net-security.org/advisory.php?id=1238 Conectiva Linux Security Announcement - ypserv >> http://www.net-security.org/advisory.php?id=1237 Conectiva Linux Security Announcement - tar/unzip >> http://www.net-security.org/advisory.php?id=1236 Conectiva Linux Security Announcement - tetex >> http://www.net-security.org/advisory.php?id=1235 Conectiva Linux Security Announcement - glibc >> http://www.net-security.org/advisory.php?id=1234 Conectiva Linux Security Announcement - krb5 >> http://www.net-security.org/advisory.php?id=1233 Conectiva Linux Security Announcement - linuxconf >> http://www.net-security.org/advisory.php?id=1232 Debian Security Advisory - New luxman packages fix local root exploit >> http://www.net-security.org/advisory.php?id=1231 Gentoo Linux Security Announcement - MailTools >> http://www.net-security.org/advisory.php?id=1230 SGI Security Advisory - IRIX ToolTalk rpc.ttdbserverd vulnerabilities >> http://www.net-security.org/advisory.php?id=1229 SGI Security Advisory - CDE ToolTalk rpc.ttdbserverd vulnerabilities >> http://www.net-security.org/advisory.php?id=1228 Debian Security Advisory - New Apache-SSL packages fix several vulnerabilities >> http://www.net-security.org/advisory.php?id=1227 SuSE Security Announcement - perl-MailTools >> http://www.net-security.org/advisory.php?id=1226 Debian Security Advisory - New Apache packages fix several vulnerabilities >> http://www.net-security.org/advisory.php?id=1225 Mandrake Linux Security Advisory - mozilla >> http://www.net-security.org/advisory.php?id=1224 Cisco Security Advisory - Cisco ONS15454 and Cisco ONS15327 Vulnerabilities >> http://www.net-security.org/advisory.php?id=1223 Debian Security Advisory - New heimdal packages fix buffer overflows >> http://www.net-security.org/advisory.php?id=1222 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- THE DANGER OF PDAS PDAs (personal digital assistants), pocket-sized diaries that are becoming increasingly more powerful, can represent a serious threat to corporate security. >> http://www.net-security.org/article.php?id=233 "UNTANGLING WEB SERVICES SECURITY" WEB SEMINAR On Wednesday, November 20 2002, RSA Security will host a web seminar titled "Untangling Web Services Security". >> http://www.net-security.org/article.php?id=234 SECURITY ENHANCED LINUX BETA AVAILABLE A fully functioning distribution of Security Enhanced Linux is now available in BETA for community and industry evaluation. >> http://www.net-security.org/article.php?id=235 WIRELESS LAN SECURITY This paper addresses the security concerns raised by both current and upcoming 802.11 network technologies. >> http://www.net-security.org/article.php?id=236 GEMPLUS INTRODUCES RESIDENT Gemplus launched ResIDent, a smart card-based ID system designed for advanced e-Government programs. >> http://www.net-security.org/article.php?id=237 THE CROSS SITE SCRIPTING FAQ Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. >> http://www.net-security.org/article.php?id=238 NCIPHER AND CARDINAL PARTNER ON SECURE E-TRANSACTIONS Cardinal, a develop of e-transaction security products, is the latest e-payment company to use nCipher's hardware-based encryption products to secure online payments. >> http://www.net-security.org/article.php?id=239 "WIRELESS SECURITY: A CONTRADICTION IN TERMS?" WEB SEMINAR On Thursday, November 7, 2002, renowned security expert and TruSecure Chief Technical Officer, will host a webinar titled "Wireless Security: A Contradiction in Terms?". >> http://www.net-security.org/article.php?id=240 NOKIA AND TREND MICRO ESTABLISH A STRATEGIC ALLIANCE Nokia, and Trend Micro, announced a Memorandum of Understanding to establish a strategic alliance focused on delivering network based, best-of-breed content security solutions to enterprises. >> http://www.net-security.org/article.php?id=241 BUFFER OVERFLOWS: A TECHNICAL DISCUSSION - WEB SEMINAR SLIDES Buffer overflows comprise more than 60% of known vulnerabilities. Buffer overflow exploits are powerful and are the tool of choice for most hackers. Many buffer overflow exploit techniques are available, and new techniques have recently arisen. >> http://www.net-security.org/article.php?id=242 HONEYPOT BEST PRACTICES SECURITY CONFERENCE The very first security conference ever dedicated to honeypot technologies is starting today in Las Vegas. >> http://www.net-security.org/article.php?id=243 "ENTERPRISE VULNERABILITY ASSESSMENT AND REMEDIATION" WEB SEMINAR On Tuesday November 12, 2002 eEye will host a web seminar titled "Technical Demonstration: Enterprise Vulnerability Assessment and Remediation". >> http://www.net-security.org/article.php?id=244 SONY RELEASES NEW FINGERPRINT IDENTIFICATION UNIT Sony's new fingerprint identification device can serve as the basis for enterprise-wide employee identification solutions in work environments where employee mobility is critical. >> http://www.net-security.org/article.php?id=245 "KEEPING SECURE - MANAGING CYBERSPACE SECURITY RISK" WEBCAST Managing security risk is a two part process: Understanding the affects of a vulnerability and then patching systems to avoid threats. Learn about emerging industry standards for vulnerability reporting and assessment like CVE and Responsible Disclosure Process. >> http://www.net-security.org/article.php?id=246 THE PROBLEMS WITH SECURE EMAIL Find out why "Silver Bullet" Email security is problematic. Learn to fully protect your data simply and securely while avoiding complex interactions between proprietary systems. >> http://www.net-security.org/article.php?id=247 SELF-EXTRACTING EXE FILES - THE UNHIDDEN DANGERS The use of passwords to control access to self decrypting executable files is not defensible as a security technique and should be avoided in favor of much stronger techniques such as public key cryptography. The security issues are outlined in this paper. >> http://www.net-security.org/article.php?id=248 SOPHOS ANTI-VIRUS DETECTION: A TECHNICAL OVERVIEW This paper describes the main components of Sophos Anti-Virus and how they relate to each other. It discusses virus scanning, detection methods and the creation of virus descriptions. >> http://www.net-security.org/article.php?id=249 NOKIA FOCUSES ON PRIVACY, MOBILE WEB SERVICES AND SECURITY TOOLS Nokia introduced tools for managing subscriber privacy, mobile Web service interfaces and presence management enabling operators to enhance the service offering for their subscribers with new mobile applications and content. In addition, Nokia launched three new mobile enhancements and two mobile security tools for enterprises. >> http://www.net-security.org/article.php?id=250 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- Security Assertion Markup Language (SAML) Ratified as OASIS Open Standard >> http://www.net-security.org/press.php?id=1106 ActivCard Gold Wins Best Security Application Award At Cartes 2002 >> http://www.net-security.org/press.php?id=1105 ZixCorp Secure e-Messaging Services to be Offered to Bell Canada Internet Customers >> http://www.net-security.org/press.php?id=1104 Rainbow and Realtimepublishers Announce Free eBook - "The Definitive Guide to Identity Management" >> http://www.net-security.org/press.php?id=1103 Diversinet Supports Authentication Security For New Microsoft Windows For Smartphone >> http://www.net-security.org/press.php?id=1102 Intrusion SecureNet System Praised in Upcoming NSS Gigabit Network IDS Report >> http://www.net-security.org/press.php?id=1101 Nokia and Trend Micro Team Together to Deliver the First Enterprise-Strength, Secure Content Management System >> http://www.net-security.org/press.php?id=1100 A $18 Billion Problem Solved with the Launch of “Full Protection FileAssurity & Anonymizer Double Deal" >> http://www.net-security.org/press.php?id=1099 New Report says Rainbow's Sentinel is the World's Leading Hardware Solution for Software Security >> http://www.net-security.org/press.php?id=1098 Alpha Bank Goes Live With Cardinal's Platform >> http://www.net-security.org/press.php?id=1097 CardinalCommerce and nCipher Partner to Deliver Secure Online Authentication for MasterCard SecureCode, Visa 3-D Secure and EFT networks >> http://www.net-security.org/press.php?id=1096 SBC Launches Research and Development Test Bed to Develop New Layers of Internet Security >> http://www.net-security.org/press.php?id=1095 Check Point Awarded "World Class Winner" in Network World Magazine VPN Review >> http://www.net-security.org/press.php?id=1094 Activcard Introduces New Corporate Access Card (CAC) Solution Suites For Microsoft Windows And Sun Solaris At Cartes 2002 >> http://www.net-security.org/press.php?id=1093 AVIEN Creates New On-line Security Group, Announces AV Want Ads >> http://www.net-security.org/press.php?id=1092 Authenex Offers Seamless Two-Factor Authentication for Check Point Next Generation Solutions >> http://www.net-security.org/press.php?id=1091 Utimaco Safeware appoints Chief Executive Officer >> http://www.net-security.org/press.php?id=1090 Datakey Smart Card Technology Integrated with VASCO Digipass Desk 850 Secure Pin Pad Smart Card Reader >> http://www.net-security.org/press.php?id=1089 ---------------------------------------------------------------- [ Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- HONEYPOTS: TRACKING HACKERS Through the book we are presented with a variety of real-life examples. This, along with the numerous references and a CD-ROM packed with whitepapers, source code and data captures of real attacks, makes this book really complete. If you're serious about setting up a honeypot than this is THE book to read. It will give you all the necessary concepts, guidelines and tools to get you started. >> http://www.net-security.org/review.php?id=16 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- PHP FIREWALL GENERATOR 2.0 The PHP Firewall Generator is a simple PHP script that generates a firewall script for iptables or ipchains based firewalls. >> http://www.net-security.org/software.php?id=345 REMOTE ACCESS SESSION 0.7 BETA Remote Access Session is a security tool to analyze the integrity of systems. The program tries to gain access to a system using the most advanced techniques of remote intrusion. It can either work in normal mode (which is fast) or hard mode (which is more intensive). >> http://www.net-security.org/software.php?id=346 BSF 1.1.2ALPHA2 BSF is an non-intrusive ICMP/IP based stack fingerprinting tool. BSF is an open framework for remote Operating System detection for which anyone can contribute and/or build apon. >> http://www.net-security.org/software.php?id=347 SYSGUARD 1.5 Prevent people from accessing your computer by locking it with a password. When your computer is locked, the mouse is disabled, keys such as Ctrl+Alt+Delete are disabled, and the Desktop is optionally hidden. The only thing that is accessible is SysGuard, and the only way to regain access to the computer is to type in the password. >> http://www.net-security.org/software.php?id=348 ANGEL 0.9.0 AngeL is a Linux kernel module designed to work with version 2.4.0 or later. It uses the new netfilter firewalling facility in order to control all packets leaving from your host. AngeL will also compile on the old 2.2.xx family kernels, using the ipchains firewalling facilities. >> http://www.net-security.org/software.php?id=349 PURGE-IT! 1.2 Antivirus Software relies on Fingerprints which is inadequate for today's hacker tools. Those fingerprints are easily changeable/ modifiable and your Antivirus Software will not react. This is where Purge-It! comes into play. >> http://www.net-security.org/software.php?id=350 TOTALNET 1.4 TotalNet is network information and diagnostic tool that offers real-time network traffic data, active connections display (TCP and UDP), address table (ARP) and network statistics (UDP, TCP, IP, ICMP). >> http://www.net-security.org/software.php?id=351 CLAYMORE 0.3 Claymore is an intrusion detection and integrity monitoring system. To accomplish its task, it reads in a list of files stored in flat ASCII and uses Digest::MD5 to check their integrity against that recorded earlier in a database. >> http://www.net-security.org/software.php?id=352 GSHIELDCONF 0.40 gShield is an aggressive, modular, ipchains-based firewall script. It's a small program to edit the configuration files for it. It is written using the gtk toolkit. It is released under the GNU GPL. >> http://www.net-security.org/software.php?id=353 SINGLE-HONEYPOT 0.2-6 Single-honeypot simulates many services like SMTP, HTTP, POP-3, shell, and FTP. It can show many different faces, including those of Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions. >> http://www.net-security.org/software.php?id=354 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Oror Worm - Highest Threat Levels Since Bugbear >> http://www.net-security.org/virus_news.php?id=119 Network Worm "Roron"- Red Alert >> http://www.net-security.org/virus_news.php?id=118 OpenAntiVirus Project Interview on Virus Bulletin >> http://www.net-security.org/virus_news.php?id=117 Nokia Message Protector SC6600 Announced >> http://www.net-security.org/virus_news.php?id=116 Top Ten viruses detected by Panda ActiveScan in October >> http://www.net-security.org/virus_news.php?id=115 Weekly Virus Report - Opaserv, Oror and Mylka Worm >> http://www.net-security.org/virus_news.php?id=114 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php