HNS Newsletter Issue 137 - 25.11.2002. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Security world 6) Featured review 7) Security software 8) Virus news [ General security news ] ---------------------------------------------------------------- GET BACK TO SECURITY BASICS Attempting to do too much without sufficient resources and an awareness of some basic security practices can put an organisation's security in jeopardy. >> http://www.net-security.org/news.php?id=1461 THE PEON'S GUIDE TO SECURE SYSTEM DEVELOPMENT Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion. >> http://www.net-security.org/news.php?id=1462 TRISENTRY, A UNIX INTRUSION DETECTION SYSTEM Network administrators have a wide range of sophisticated tools to improve auditing, and to report and block intrusion. The TriSentry suite is one such free tool. >> http://www.net-security.org/news.php?id=1463 THE SSH CRYPTOSYSTEM This article shows how the SSH cryptosystem provides privacy protection, integrity, and authenticity of data as it traverses a network. >> http://www.net-security.org/news.php?id=1464 HACKING THE XSERVE Mac Observer editor Brian Chaffin said an administrator must know what he or she is doing because the default configuration renders the Xserve secure - and effectively useless. >> http://www.net-security.org/news.php?id=1465 JAPAN MAY DROP WINDOWS TO BOOST SECURITY The Japanese government may replace Windows with another operating system to bolster security. The planned move came in the wake of recent event of leakage of secure data from Japan's military network. >> http://www.net-security.org/news.php?id=1466 DON'T BE A DOORMAT FOR VIRUSES It's essential that anyone voyaging through cyberspace install a first-class antivirus program and a decent firewall. >> http://www.net-security.org/news.php?id=1471 SMART CARDS ALSO OPEN TO ATTACK Sydney University engineering student Ryan Junee has demonstrated a smart card attack for his final year thesis, using a method called "differential power analysis". >> http://www.net-security.org/news.php?id=1472 BIN LADEN ASSOCIATE WARNS OF CYBERATTACKS Sheikh Omar Bakri Muhammad, spokesman for Osama bin Laden, said all types of technology, including the Internet, are being studied for use in the global jihad against the West. >> http://www.net-security.org/news.php?id=1473 KEY FACTORS FOR SECURE WEB SERVICES To successfully implement Web services, every piece must be in place. This means that certain components, including security, reliability, and architecture, can make or break a Web services implementation. >> http://www.net-security.org/news.php?id=1474 STOP WASTING MONEY ON SECURITY Organizations can prevent costly attacks on their infrastructure when they stop following security dogma and chasing vulnerabilities and fancy new security devices. >> http://www.net-security.org/news.php?id=1480 US GOVERNMENT FLUNKS COMPUTER SECURITY: PANEL Most US government agencies - including the Defence and Justice Departments - have woefully inadequate computer security, according to a congressional panel. >> http://www.net-security.org/news.php?id=1481 COMDEX: PANEL PREDICTS BIOMETRICS SHAKEOUT The United States government is lagging behind those of other nations in the adoption of biometric technology, participants said during a panel discussion on the topic. >> http://www.net-security.org/news.php?id=1482 CISCO EXPANDS SAFE BLUEPRINT Cisco Systems Inc said it has added a dozen upgrades to its products with the aim of enhancing its SAFE Blueprint security strategy. >> http://www.net-security.org/news.php?id=1483 HOW MUCH HACK INFO IS TOO MUCH? To disclose or not disclose - it's a question that's been under heavy discussion in the computer security industry over the past year. >> http://www.net-security.org/news.php?id=1484 WIRED SECURITY MENTALITY FOR WLANS Latis Networks, a company known more for its wireline network security applications, is taking its wired mentality into the Wi-Fi realm with the release of its StillSecure Border Guard Wireless application. >> http://www.net-security.org/news.php?id=1485 HOW MICROSOFT MAKES ITS OWN WLAN SECURE Security Chief John Biccum said: "Reality is that if you have 3,500 access points, you can't just say "On Monday we will switch keys!" Read to see what Microsoft did. >> http://www.net-security.org/news.php?id=1486 MICROSOFT SPILLS CUSTOMER DATA A server glitch makes internal Microsoft documents, including a massive database of customer names and addresses, accessible online. >> http://www.net-security.org/news.php?id=1487 HOMELAND SECURITY’S TECH EFFECTS The vote by the Senate approving a Homeland Security Department clears the way for massive reorganization of the federal government that will have a dramatic impact on computer and network security. >> http://www.net-security.org/news.php?id=1488 REMOTE NET PROBE REVEALS SLOPPY SOFTWARE UPKEEP A unique study of hundreds of live internet servers shows that many computer administrators do not repair even the most serious computer bugs. >> http://www.net-security.org/news.php?id=1489 MASK YOUR WEB SERVER FOR ENHANCED SECURITY Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. >> http://www.net-security.org/news.php?id=1490 THE CULT OF HACKERS How did hacker myths arise? What sparks our fascination with those who illicitly explore computer systems? >> http://www.net-security.org/news.php?id=1498 COMDEX'S SECURE SIDE Here's a sampling of the information security products on the menu at Comdex. >> http://www.net-security.org/news.php?id=1499 LIGHT AT END OF ENCRYPTION TUNNEL Quantum encryption is about to make life much more difficult for Internet spies. >> http://www.net-security.org/news.php?id=1500 WHY IS MI2G SO UNPOPULAR? Richard Forno has launched a broadside against mi2g, accusing the UK-based security consultancy of spreading fear, uncertainty and doubt about cyberterrorism risks. >> http://www.net-security.org/news.php?id=1501 PATCH SLIPUP RAISES SECURITY QUESTIONS The questionable handling of a fix for a recent widespread software vulnerability has some administrators worried that developers can't be trusted to make security a top priority. >> http://www.net-security.org/news.php?id=1502 SQL INJECTION AND ORACLE The objective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack. >> http://www.net-security.org/news.php?id=1503 VPN, FIREWALL SALES EXPECTED TO BOOM Worldwide revenue from sales of VPN and firewall hardware and software will grow by 31% from $668 million in the 3rd quarter of 2002 to $874 million in the 3rd quarter of 2003. >> http://www.net-security.org/news.php?id=1504 T-MOBILE INSTALLS GPRS NETWORK FIREWALL In a move to head off hacker probes detected earlier this month on its GPRS cellular network, T-Mobile USA has installed a firewall. >> http://www.net-security.org/news.php?id=1505 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Remotely Exploitable Buffer Overflow in Microsoft MDAC >> http://www.net-security.org/vuln.php?id=2236 phpBB Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2235 iPlanet WebServer Remote Root Compromise >> http://www.net-security.org/vuln.php?id=2234 QNX Multiple Incorrect Permissions >> http://www.net-security.org/vuln.php?id=2233 Internet Explorer "BadParent" Vulnerability >> http://www.net-security.org/vuln.php?id=2232 Linksys Router Management Interface Vulnerabilty >> http://www.net-security.org/vuln.php?id=2231 Macromedia Flash ActiveX Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=2230 TFTPD32 Directory Traversal Vulnerability >> http://www.net-security.org/vuln.php?id=2229 TFTPD32 Long Name Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2228 Surecom Broadband Router Default SNMP Community >> http://www.net-security.org/vuln.php?id=2227 phpBB Advanced Quick Reply Mod Code Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2226 Perception LiteServe HTTP CGI Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=2225 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Mandrake Linux Security Advisory - ypserv >> http://www.net-security.org/advisory.php?id=1323 CERT Advisory CA-2002-32 - Backdoor in Alcatel OmniSwitch AOS >> http://www.net-security.org/advisory.php?id=1322 CERT Advisory CA-2002-33 - Heap Overflow Vulnerability in Microsoft Data >> http://www.net-security.org/advisory.php?id=1321 SCO Security Advisory - Linux: sendmail smrsh bypass vulnerabilities >> http://www.net-security.org/advisory.php?id=1320 SCO Security Advisory - Linux: fetchmail remote vulnerabilities in multidrop mode >> http://www.net-security.org/advisory.php?id=1319 Gentoo Linux Security Announcement - samba >> http://www.net-security.org/advisory.php?id=1318 Gentoo Linux Security Announcement - gtetrinet >> http://www.net-security.org/advisory.php?id=1317 Gentoo Linux Security Announcement - php & mod_php >> http://www.net-security.org/advisory.php?id=1316 Gentoo Linux Security Announcement - courier >> http://www.net-security.org/advisory.php?id=1315 NetBSD Security Advisory - named(8) multiple denial of service and remote execution of code >> http://www.net-security.org/advisory.php?id=1314 NetBSD Security Advisory - Buffer overrun in getnetbyname/getnetbyaddr >> http://www.net-security.org/advisory.php?id=1313 NetBSD Security Advisory - ftpd STAT output non-conformance can deceive firewall devices >> http://www.net-security.org/advisory.php?id=1312 Cisco Security Advisory - Cisco PIX Multiple Vulnerabilities >> http://www.net-security.org/advisory.php?id=1311 SuSE Security Announcement - samba >> http://www.net-security.org/advisory.php?id=1310 Microsoft Security Bulletin MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing (Update) >> http://www.net-security.org/advisory.php?id=1309 Microsoft Security Bulletin MS02-066 - Cumulative Patch for Internet Explorer >> http://www.net-security.org/advisory.php?id=1308 Microsoft Security Bulletin MS02-065 - Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution >> http://www.net-security.org/advisory.php?id=1307 SCO Security Advisory - Linux: tcpdump denial-of-service in print-bgp.c >> http://www.net-security.org/advisory.php?id=1306 Sun Microsystems Security Bulletin - Double Free bug in zlib compression library >> http://www.net-security.org/advisory.php?id=1305 Debian Security Advisory - New mhonarc packages fix cross site scripting >> http://www.net-security.org/advisory.php?id=1304 SCO Security Advisory - Linux: lynx CRLF injection vulnerability >> http://www.net-security.org/advisory.php?id=1303 SCO Security Advisory - Linux: wwwoffled remote access vulnerability >> http://www.net-security.org/advisory.php?id=1302 Conectiva Linux Security Announcement - dhcpcd >> http://www.net-security.org/advisory.php?id=1301 Trustix Security Advisory - bind >> http://www.net-security.org/advisory.php?id=1300 Trustix Security Advisory - kernel >> http://www.net-security.org/advisory.php?id=1299 Debian Security Advisory - New nullmailer packages fix local denial of service >> http://www.net-security.org/advisory.php?id=1298 Conectiva Linux Security Announcement - windowmaker >> http://www.net-security.org/advisory.php?id=1297 SCO Security Advisory - Linux: KDE SSL and XSS vulnerabilities >> http://www.net-security.org/advisory.php?id=1296 OpenPKG Security Advisory - bind, bind8 >> http://www.net-security.org/advisory.php?id=1295 Debian Security Advisory - New sqwebmail packages fix local information exposure >> http://www.net-security.org/advisory.php?id=1294 FreeBSD Security Advisory - multiple vulnerabilities in BIND (revised) >> http://www.net-security.org/advisory.php?id=1293 FreeBSD Security Advisory - smrsh restrictions can be bypassed (revised) >> http://www.net-security.org/advisory.php?id=1292 Conectiva Linux Security Announcement - syslog-ng >> http://www.net-security.org/advisory.php?id=1291 FreeBSD Security Advisory - smrsh restrictions can be bypassed >> http://www.net-security.org/advisory.php?id=1290 Red Hat Security Advisory - New kernel fixes local denial of service issue >> http://www.net-security.org/advisory.php?id=1289 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- SECURITY HOLES... WHO CARES? This is an observational study of user response following the OpenSSL remote buffer overflows of July 2002 and the worm that exploited it in September 2002. >> http://www.net-security.org/article.php?id=263 AIRDEFENSE WIRELESS LAN SECURITY TO DEFLECT AND TRAP INTRUDERS ActiveDefense is a security appliance that shields 802.11 wireless LANs from intruders with pioneering technology that deflects intruders and traps them into wireless dead-end connections. >> http://www.net-security.org/article.php?id=264 TRUSTIX SECURE LINUX 2.0 TECHNOLOGY PREVIEW 1 RELEASED Trustix team announced that Trustix Secure Linux 2.0 Technology Preview 1 (aka Rainstorm) is available for download. As this is a technology preview, it is not intended for usage on production servers, but rather for testing it and sending your feedback to Trustix. >> http://www.net-security.org/article.php?id=265 IMPROVEMENTS TO MICROSOFT SECURITY REPONSE COMMUNICATIONS Steve Lipner, Director of Security Assurance at Microsoft, posted a message to the Security Notification mailing list about some new changes in the communications practices that they're making. >> http://www.net-security.org/article.php?id=266 INTERVIEW WITH LANCE SPITZNER Lance Spitzner is the founder of the Honeynet Project, moderator of the honeypot mailing list, co-author of "Know Your Enemy", author of "Honeypots: Tracking Hackers" and several whitepapers. >> http://www.net-security.org/article.php?id=267 WEB APPLICATION SECURITY SOFTWARE GOES OPEN SOURCE Butterfly Security, a developer of web application security infrastructure software, announced today the open source release of its web application security software CodeSeeker. >> http://www.net-security.org/article.php?id=268 MI2G INTELLIGENCE BRIEFING: "BRAZIL EXPORTS CYBER-CRIME" According to mi2g reports, one of the largest "cyber crime exporters" in the world is Brasil. >> http://www.net-security.org/article.php?id=269 PALM I705 AVAILABLE WITH GO.WEB ONPREM SECURITY SOLUTION GoAmerica, Inc., a leading developer of wireless data technology announced that it has integrated Go.Web OnPrem with Palm's i705 handheld. >> http://www.net-security.org/article.php?id=270 MASS-DISTRIBUTION TWO-FACTOR AUTHENTICATION SYSTEM Think of what changes when literally everyone in the developed world can have a strong network authenticator the way everyone has an ATM card. >> http://www.net-security.org/article.php?id=271 CRITICAL MICROSOFT VULNERABILITY ANNOUNCED In the 65th Security Bulletin this year, Microsoft announced a critical vulnerability in MDAC, a collection of components used to provide database connectivity on Windows platforms. >> http://www.net-security.org/article.php?id=272 INTERVIEW WITH JACOB CARLSON, CO-AUTHOR OF "INTERNET SITE SECURITY" Jacob Carlson is a senior security engineer for TrustWave Corporation. His primary role is leading the penetration testing and vulnerability assessment team. >> http://www.net-security.org/article.php?id=273 "SECURE E-MAIL AND DOCUMENT DELIVERY" WEB SEMINAR On Wednesday December 18 2002, ZixCorp will host a web seminar titled "Secure E-Mail and Document Delivery - Protecting Content, Authenticating Users". >> http://www.net-security.org/article.php?id=274 AUTHENTICATION - WHO'S SITE IS IT REALLY? Whilst a lot of work seems to have been done on personal authentiction, little or no work has been done over or about web site authentication to users. >> http://www.net-security.org/article.php?id=275 A MATTER OF TRUST OR IS IT? Who do you know who you are really dealing with when disclosing your personal details over the Internet? How can you ensure the credit card details you submit are to the site you expected? >> http://www.net-security.org/article.php?id=276 MANDRAKELINUX 9.0 INCLUDES RAV ANTIVIRUS MandrakeSoft teamed up with RAV Antivirus in order to include RAV Antivirus for Mail Servers protection in the commercial CD (packed) with the new distribution of MandrakeLinux, version 9.0. >> http://www.net-security.org/article.php?id=277 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- Kaspersky Labs Opens Regional Office in France >> http://www.net-security.org/press.php?id=1133 Taking a Crack at Hackers; New Book Helps Attorneys, Executives Combat Cyberthreats >> http://www.net-security.org/press.php?id=1132 SSH and eracom Partner To Provide High-Speed Cryptographic Processing With Digital Certificate Management >> http://www.net-security.org/press.php?id=1131 F-Secure Protects US Taxpayers' Data at IRS >> http://www.net-security.org/press.php?id=1130 Rainbow's Sentinel SuperPro 6.3.0 Offers Cross-platform Support to Make Security Simple for Windows, Macintosh, Linux Software >> http://www.net-security.org/press.php?id=1129 ICSA Labs Announces First Certification To Use Digital Certificates For Interoperable IPSed Products >> http://www.net-security.org/press.php?id=1128 Ubizen Pioneers The Security Dashboard And Leads The Market With Third Generation Managed Security Services Environment >> http://www.net-security.org/press.php?id=1127 GlobalSign First Pan-European Certification Authority Receiving Webtrust Accreditation >> http://www.net-security.org/press.php?id=1126 SSH Announces Partnership with Rainbow Technologies to Provide Cost Effective and Flexible PKI-Based Token Deployment for Enterprises >> http://www.net-security.org/press.php?id=1125 Zone Labs Announces Zone Labs Integrity 2.0 >> http://www.net-security.org/press.php?id=1124 RSA Security Submits Expert Commentary on National Strategy To Secure Cyberspace >> http://www.net-security.org/press.php?id=1123 USAF Selects PureEdge To Provide Secure XML Information Management Tools >> http://www.net-security.org/press.php?id=1122 TruSecure Names John Becker Chairman and CEO >> http://www.net-security.org/press.php?id=1121 Qualys Introduces Per-Scan Pricing for Vulnerability Assessment >> http://www.net-security.org/press.php?id=1120 Trend Micro Announces PC-cillin 2003 >> http://www.net-security.org/press.php?id=1119 ---------------------------------------------------------------- [ Featured Review ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- REAL WORLD LINUX SECURITY, 2/E In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Greatly written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work. >> http://www.net-security.org/review.php?id=17 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- NETCAT 1.10 (Linux) Netcat has been dubbed the network swiss army knife. It is a simple utility which reads and writes data across network connections, using TCP or UDP protocol. >> http://www.net-security.org/software.php?id=365 GRL REALHIDDEN 1.0 (Windows) GRL RealHidden version 1.0 is a software utility that allows you to hide a file physically inside of another file, and then retrieve that hidden file. >> http://www.net-security.org/software.php?id=366 PARANOIA IPTABLES FIREWALL 1.53 (Linux) Paranoia Iptables Firewall is a firewall designed specifically for standalone computers in insecure networks such as campus LANs and co-location facilities. >> http://www.net-security.org/software.php?id=367 SPAMEATER PRO 3.65 (Windows) SpamEater Pro is an anti-spam application that will seek out and delete Spam from your mailbox before you download it to your mail client. >> http://www.net-security.org/software.php?id=368 ZOC 4.0.7 (Windows) This powerful terminal emulator and telnet/Secure Shell client is well known for it's outstanding user interface. It lets you access character based hosts via telnet, modem, Secure Shell (SSH/SSH2), ISDN and other means of communication. It can be used to connect to Unix/Linux hosts and shell accounts, BBSes, 3270 mainframes (via TN3270 emulation) or internet muds. >> http://www.net-security.org/software.php?id=369 STEALTHDISK 3.3 StealthDisk is a security system enabling you to completely hide any kind of data on your computer. Any type of files, folders, including complete applications may be hidden. >> http://www.net-security.org/software.php?id=370 KILLDISK 1.1 KillDisk is powerful and compact DOS software that allows you to destroy all data on hard and floppy drives completely, excluding any possibility of future recovery of deleted files and folders. It's a hard drive eraser utility. >> http://www.net-security.org/software.php?id=371 JOES FIREWALL 0.1 Joes Firewall is a simple and easy framework for manage a firewall policy with Linux iptables. >> http://www.net-security.org/software.php?id=372 KPASSCARD 0.1.2 KPassCard is a KDE application for storing several passwords to a chipcard encrypted by a master password. >> http://www.net-security.org/software.php?id=373 LOGHOG 0.1 LogHog was designed to take a proactive stance on Snort output. It supports multilog processing and is optimized for high volume traffic and responds to events by conducting actions such as email and blocking. >> http://www.net-security.org/software.php?id=374 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- RAV AntiVirus for Samba (Linux) Released >> http://www.net-security.org/virus_news.php?id=128 Computer Virus Families: Origins and Differences >> http://www.net-security.org/virus_news.php?id=127 Sophos to Advise on Virus Threat at AVAR 2002 >> http://www.net-security.org/virus_news.php?id=126 Viruses and File Extensions >> http://www.net-security.org/virus_news.php?id=125 New Panda Antivirus Platinum 7.0 >> http://www.net-security.org/virus_news.php?id=124 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php