HNS Newsletter Issue 141 - 23.12.2002 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Featured review 6) Security world 7) Security software 8) Virus news [ General security news ] ---------------------------------------------------------------- KEEPING TRACK OF JOHN POINDEXTER Online pranksters have turned the tables on the man behind the government's controversial Total Information Awareness effort. >> http://www.net-security.org/news.php?id=1647 2003 SURVIVOR'S GUIDE TO SECURITY Identify what you need to protect, from physical assets to digital data. Then consider how your applications function, what access these applications and your users need, and who will be using the information. >> http://www.net-security.org/news.php?id=1648 ELCOMSOFT JURY ASKS FOR LAW TEXT There's no verdict yet in the trial of Russian softare maker ElcomSoft for criminal violations of the Digital Millennium Copyright Act. Instead, jurors request a copy of the law -- all 100-plus pages of it. >> http://www.net-security.org/news.php?id=1649 VPNS AND IPSEC DEMYSTIFIED This article will give you enough background information to create an IPSec VPN on your FreeBSD box. >> http://www.net-security.org/news.php?id=1650 IDC PREDICTS STRONG SECURITY APP SALES Market forecasts made by researchers with International Data Corp suggest that integrated hardware appliances will next year become the primary purchase target for enterprises buying security software. >> http://www.net-security.org/news.php?id=1651 E-MAIL SECURITY WARNING FOR MPS Urgent steps are needed to improve awareness among MPs and civil servants over which e-mails are secure and which are not, ministers have been warned. >> http://www.net-security.org/news.php?id=1652 BURIED BY THE AUTHENTICATION AVALANCHE With identity theft on the rampage, network managers are being hit by an increasing barrage of software, hardware and services for user authentication. >> http://www.net-security.org/news.php?id=1657 INFOSECURITY: ATTENDANCE UP, SOME VENDORS WERE NO-SHOWS Although attendees and exhibitors spoke of a subdued Infosecurity 2002 show, attendance was up across the board at the annual trade show, according to show organizers. >> http://www.net-security.org/news.php?id=1658 IF IT AIN'T BROKE SEE IF IT'S FIXED Attackers are still compromising servers with well-known attacks. General awareness can assist the busy administrators and users to protect their systems from these kinds of attacks. >> http://www.net-security.org/news.php?id=1659 DEA DATA THIEF SENTENCED TO 27 MONTHS Federal agent earned cash on the side with his own information awareness program. >> http://www.net-security.org/news.php?id=1660 SOFTWARE, SECURITY, AND ETHNICITY The U.S. government's probe at software maker Ptech, owned by a Lebanese, has lots in common in with the 1998 Wen Ho Lee case. >> http://www.net-security.org/news.php?id=1661 NEARLY $7M AWARDED IN SPAM CASE America Online has won a court judgment for nearly $7 million in damages against what it termed a "spam ring" that bombarded AOL members with junk e-mail pitching adult Web sites. >> http://www.net-security.org/news.php?id=1664 RUSSIAN FIRM FOUND INNOCENT IN COPYRIGHT TRIAL A federal jury acquitted Elcomsoft that was charged with digital copyright violation for creating a program that cracks the security features of Adobe Systems' electronic book software. >> http://www.net-security.org/news.php?id=1665 MICROSOFT'S PATCHING PROBLEM "They're good at responding when you start bashing them in public," Larholm said of Microsoft. "They can be a bit slow sometimes when you write them privately." >> http://www.net-security.org/news.php?id=1666 COMPUTER CRIME CENTER OPENS The state's new computer- crime center signals greater cooperation between federal and state police, which is key to the future of the FBI, its director said Tuesday. >> http://www.net-security.org/news.php?id=1667 OPENAV: DEVELOPING OPEN SOURCE ANTIVIRUS ENGINES This article will take a look at the OpenAntiVirus AV engine, assess its progress so far, and offer some suggestions of how the developers can continue to develop it. >> http://www.net-security.org/news.php?id=1668 F-SECURE CORPORATION'S DATA SECURITY SUMMARY FOR 2002 In 2002, the data security world was characterized by new types of threats. Virus outbreaks in Linux systems, attacks utilizing open source code, breaks into home computers kept data security companies busy. >> http://www.net-security.org/news.php?id=1669 SECURITY RESPONSE IN A MIDSIZE OFFICE How can you make security more effective under the constraints of a small or medium-size company? >> http://www.net-security.org/news.php?id=1673 E-CARD VIRUS WARNING FOR CHRISTMAS As every year, computer viruses are hiding behind some Christmas e-cards, wrecking the season of goodwill. >> http://www.net-security.org/news.php?id=1674 THE SNOOP-PROOF LAPTOP Losing a laptop computer is one of the hazards of the mobile age. But laptops and the data they contain do not have to be lost for snoopers to get hold of their secrets. >> http://www.net-security.org/news.php?id=1675 WEB SERVICES SPECS FOCUS ON SECURITY A group of companies led by IBM and Microsoft published a series of specifications designed to make Web services more secure. >> http://www.net-security.org/news.php?id=1676 KEEP SMARTCARDS STUPID Neil Barrett writes: "For as long as I can recall - and I once worked for a major smartcard company - next year has always been 'the year that smartcards finally make it'". >> http://www.net-security.org/news.php?id=1677 TERRORISTS ON THE NET? WHO CARES? A former tech expert for the feds claims in a report that the threat that terrorist-hackers might "bring the nation to its knees" is overblown. >> http://www.net-security.org/news.php?id=1683 ENCRYPTION IN THE ENTERPRISE Although point-to-point encryption can keep competitors and would-be crackers at bay, internal encryption can cause some security problems of its own. >> http://www.net-security.org/news.php?id=1684 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Common Unix Printing System (CUPS) Multiple Security Vulnerabilities >> http://www.net-security.org/vuln.php?id=2322 Openwebmail 1.71 Remote Root Compromise Vulnerability >> http://www.net-security.org/vuln.php?id=2321 Cisco Systems IOS EIGRP Network Denial of Service >> http://www.net-security.org/vuln.php?id=2320 WAnewsletter Remote File Including Vulnerability >> http://www.net-security.org/vuln.php?id=2319 Exploitable Windows XP Media Files >> http://www.net-security.org/vuln.php?id=2318 Multiple Exploitable Buffer Overflows in Winamp >> http://www.net-security.org/vuln.php?id=2317 PHP-Nuke Code Execution and Cross Site Scripting Vulnerabilities >> http://www.net-security.org/vuln.php?id=2316 Okena StormWatch SQL Admin Account Vulnerability >> http://www.net-security.org/vuln.php?id=2315 Linux kernel 2.2.x /proc/pid/mem mmap() vulnerability >> http://www.net-security.org/vuln.php?id=2314 Macromedia Shockwave Flash Malformed Header Overflow #2 >> http://www.net-security.org/vuln.php?id=2313 Directory Traversal Vulnerabilities in Archivers Processing .tar Files >> http://www.net-security.org/vuln.php?id=2312 Captaris WebMail Cross Site Vulnerability >> http://www.net-security.org/vuln.php?id=2311 Multiple Vendors SSH2 Implementations Vulnerabilities >> http://www.net-security.org/vuln.php?id=2310 Cryptainer Password Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=2309 PHP-Nuke Path Disclosure and Cross Site Scripting Vulnerabilities >> http://www.net-security.org/vuln.php?id=2308 zkfingerd Format String Vulnerability >> http://www.net-security.org/vuln.php?id=2307 Multiple Vendors XML Parser Denial of Service >> http://www.net-security.org/vuln.php?id=2306 Macromedia Cold Fusion 5.0 Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2305 Fetchmail Remote Vulnerability >> http://www.net-security.org/vuln.php?id=2304 Reading XOOPS Private Messages >> http://www.net-security.org/vuln.php?id=2303 MyPHPLinks SQL Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2302 Eserv Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2301 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- SuSE Security Announcement - cyrus-imapd >> http://www.net-security.org/advisory.php?id=1431 Debian Security Advisory - New kdentwork packages fix buffer overflows >> http://www.net-security.org/advisory.php?id=1430 Gentoo Linux Security Announcement - canna >> http://www.net-security.org/advisory.php?id=1429 Gentoo Linux Security Announcement - wget >> http://www.net-security.org/advisory.php?id=1428 Gentoo Linux Security Announcement - perl >> http://www.net-security.org/advisory.php?id=1427 Cisco Security Advisory - SSH Malformed Packet Vulnerabilities >> http://www.net-security.org/advisory.php?id=1426 CERT Advisory CA-2002-37 - Buffer Overflow in Microsoft Windows Shell >> http://www.net-security.org/advisory.php?id=1425 SCO Security Advisory - Linux: multiple vulnerabilities in BIND >> http://www.net-security.org/advisory.php?id=1424 Debian Security Advisory - New libpng packages fix buffer overflow >> http://www.net-security.org/advisory.php?id=1423 Conectiva Linux Security Announcement - openldap >> http://www.net-security.org/advisory.php?id=1422 Trustix Security Advisory - wget >> http://www.net-security.org/advisory.php?id=1421 Trustix Security Advisory - perl >> http://www.net-security.org/advisory.php?id=1420 Trustix Security Advisory - mysql >> http://www.net-security.org/advisory.php?id=1419 Trustix Security Advisory - lynx-ssl >> http://www.net-security.org/advisory.php?id=1418 Trustix Security Advisory - tcpdump >> http://www.net-security.org/advisory.php?id=1417 Trustix Security Advisory - kernel >> http://www.net-security.org/advisory.php?id=1416 Microsoft Security Bulletin MS02-072 - Unchecked Buffer in Windows Shell Could Enable System Compromise >> http://www.net-security.org/advisory.php?id=1415 Mandrake Linux Security Advisory - MySQL >> http://www.net-security.org/advisory.php?id=1414 Mandrake Linux Security Advisory - apache >> http://www.net-security.org/advisory.php?id=1413 OpenPKG Security Advisory - fetchmail >> http://www.net-security.org/advisory.php?id=1412 Conectiva Linux Security Announcement - MySQL >> http://www.net-security.org/advisory.php?id=1411 Debian Security Advisory - Multiple MySQL vulnerabilities >> http://www.net-security.org/advisory.php?id=1410 Red Hat Security Advisory - Updated Net-SNMP packages fix security and other bugs >> http://www.net-security.org/advisory.php?id=1409 Red Hat Security Advisory - Updated Fetchmail packages fix security vulnerability >> http://www.net-security.org/advisory.php?id=1408 CERT Advisory CA-2002-36 - Multiple Vulnerabilities in SSH Implementations >> http://www.net-security.org/advisory.php?id=1407 Conectiva Linux Security Announcement - fetchmail >> http://www.net-security.org/advisory.php?id=1406 Conectiva Linux Security Announcement - kernel 2.4 >> http://www.net-security.org/advisory.php?id=1405 Gentoo Linux Security Announcement - exim >> http://www.net-security.org/advisory.php?id=1404 OpenPKG Security Advisory - tetex >> http://www.net-security.org/advisory.php?id=1403 OpenPKG Security Advisory - perl >> http://www.net-security.org/advisory.php?id=1402 OpenPKG Security Advisory - mysql >> http://www.net-security.org/advisory.php?id=1401 Gentoo Linux Security Announcement - mysql (update) >> http://www.net-security.org/advisory.php?id=1400 Gentoo Linux Security Announcement - squirrelmail >> http://www.net-security.org/advisory.php?id=1399 Gentoo Linux Security Announcement - fetchmail >> http://www.net-security.org/advisory.php?id=1398 Gentoo Linux Security Announcement - mysql >> http://www.net-security.org/advisory.php?id=1397 Conectiva Linux Security Announcement - wget >> http://www.net-security.org/advisory.php?id=1396 SGI Security Advisory - Directory Traversal Vulnerability in FTP Client >> http://www.net-security.org/advisory.php?id=1395 EnGarde Secure Linux Advisory - Several MySQL vulnerabilities >> http://www.net-security.org/advisory.php?id=1394 Debian Security Advisory - New mICQ packages fix denial of service >> http://www.net-security.org/advisory.php?id=1393 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- INTERVIEW WITH BOB TOXEN, AUTHOR OF "REAL WORLD LINUX SECURITY" Bob Toxen has 28 years of UNIX/Linux experience, he's one of the 162 recognized developers of Berkeley UNIX. He is the author of the acclaimed book "Real World Linux Security" already in its 2nd edition. >> http://www.net-security.org/article.php?id=309 SECURITY YEAR IN REVIEW: HONEYPOTS This has been a great year for honeypots, finally this method of collecting security information got its deserved place under the spotlight. Lance Spitzner shares his thoughts on the subject. >> http://www.net-security.org/article.php?id=310 BACKUP SECURELY WITH BACKUP PROFESSIONAL At the RSA Conference 2002 we talked with Roy Davies, Director of Corporate Affairs at Attix5. Attix5 is the market leader in the development of remote, managed and secure backup and retrieval software. >> http://www.net-security.org/article.php?id=311 PROTECTING PORT 80 WITH "SECURITY GATEWAY" Blue Coat Systems Security Gateway appliances are made for organizations to accelerate the content coming from and going to the Internet and to make the Internet access as secure as possible. >> http://www.net-security.org/article.php?id=313 SECURITY YEAR IN REVIEW: VPNS AND FIREWALLS Here's an overview of happenings in the VPN and firewall market during 2002 with exclusive comments from David Flynn, Vice President of Marketing at NetScreen Technologies. >> http://www.net-security.org/article.php?id=314 UBIZEN ON E-BUSINESS SECURITY At the RSA Conference 2002 we met up with Ubizen people and talked about their company, managed security services and the state of security in general. >> http://www.net-security.org/article.php?id=315 Session Fixation Vulnerability in Web-based Applications The paper provides detailed information about exploiting vulnerable systems as well as recommendations for protecting them against session fixation attacks. >> http://www.net-security.org/article.php?id=316 INTERNET CLEANUP 3.0 PROTECTS YOUR PRIVACY Aladdin Systems, Inc. (not to be confused with Aladdin Knowledge Systems) announced a new version of Internet Cleanup, software recently acquired from Kroll Ontrack. >> http://www.net-security.org/article.php?id=317 NT OBJECTIVES - FOCUSING ON SECURING WEB SERVICES NT OBJECTives released the Fire & Water Toolkit - a collection of cohesive, interactive command line tools that perform network discovery, mapping, assessment, reporting and strong web server defense. >> http://www.net-security.org/article.php?id=318 SOFAWARE RELEASES SAFE@ 3.0 SofaWare Technologies launched Safe@ 3.0, bringing enterprise-class security to the small businesses and consumers. >> http://www.net-security.org/article.php?id=319 TIPS FOR SAFE HOLIDAY ONLINE PURCHASING While the shopping frenzy is at its all-year high, McAfee launched an educational campaign called Safe Holiday Online Purchasing (SHOP). >> http://www.net-security.org/article.php?id=320 RSA SECURITY ENHANCES SECURITY FOR WIRELESS LAN ENVIRONMENTS Organizations are now able to protect access to their wireless LANs with RSA SecurID two-factor authentication software. >> http://www.net-security.org/article.php?id=321 O'REILLY RELEASES A BOOK ON 802.11 SECURITY 802.11 Security by authors Bruce Potter and Bob Fleck gives you a broad basis in theory and practice of wireless security, dispelling some of the myths along the way. >> http://www.net-security.org/article.php?id=322 ZERO-INTERACTION AUTHENTICATION In order to have non-intrusive encryption the authors propose Zero-Interaction Authentication where a user wears a small authentication token that communicates with a laptop over a short-range, wireless link. >> http://www.net-security.org/article.php?id=323 ---------------------------------------------------------------- [ Featured Review ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- BOOK REVIEW: WIRELESS SECURITY AND PRIVACY Wireless security is certainly one of this year's hot topics. Everybody is talking about wardriving, warchalking, and so on. This is just the perfect time to release a book like this. >> http://www.net-security.org/review.php?id=20 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- RSA Security Enhances Security for Wireless LAN Environments >> http://www.net-security.org/press.php?id=1175 ActivCard and Precise Biometrics Expand Cooperation to Meet Demand For Biometric Smart Card ID Badges >> http://www.net-security.org/press.php?id=1174 InfoExpress Releases New Web Agent for CyberGatekeeper >> http://www.net-security.org/press.php?id=1173 PC Welt Recognizes Panda Activescan as the Best Online Antivirus >> http://www.net-security.org/press.php?id=1172 Diversinet Acquires DSS Software Technologies >> http://www.net-security.org/press.php?id=1171 PureEdge Solutions Achieves Entrust Ready Status with Entrust TruePass Software >> http://www.net-security.org/press.php?id=1170 Multi Network Firewall Provides Comprehensive User-Friendly Solution for Advanced VPN Networks >> http://www.net-security.org/press.php?id=1169 Trend Micro Receives Coveted Virus Bulletin 100% Award >> http://www.net-security.org/press.php?id=1168 Bitdefender Professional Was Selected As "The Product Of The Year 2002" >> http://www.net-security.org/press.php?id=1167 Helsinki University Of Technology Chooses SSH Certifier To Authenticate Electronic Services >> http://www.net-security.org/press.php?id=1166 Nemx Software Launches Advanced Edition of Power Tools for Exchange 2000 >> http://www.net-security.org/press.php?id=1165 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- WIPERASER XP 5.5 Wiperaser XP can protect your privacy by deleting data on your hard drive in such a way that no software or hardware recovery tool can actually recover destroyed files and folders. >> http://www.net-security.org/software.php?id=405 MY FIREWALL PLUS 5.0 My Firewall Plus allows only recognized network traffic and applications access to your computer. It prevents hostile programs such as malicious code and Trojans from accessing your computer through custom protocol drivers. >> http://www.net-security.org/software.php?id=406 PRIVACY MASTER 3.9 This program protects you from thieves and unauthorized users. You can lock out all keyboard and mouse input, sound an alarm, or completely erase certain files if anyone unauthorized attempts to access your protected data. >> http://www.net-security.org/software.php?id=407 LEPTON'S CRACK 1.0.1 Lepton's Crack is a generic password cracker, easily customizable with a simple plug-in system. >> http://www.net-security.org/software.php?id=408 DISTRIBUTED JOHN 0.9.6 With Distributed John you can crack passwords using several machines to get passwords sooner than using a single machine. >> http://www.net-security.org/software.php?id=409 EASY INTEGRITY CHECK SYSTEM 1.0A Easy integrity check system is designed primarily for system administrators for filesystem intergrity checkings. This system is easy to set up and use. Uses mcrypt/mhash libraries for encrypting the database. >> http://www.net-security.org/software.php?id=410 DMZS CARTE 0.9 DMZS Carte processes wireless scanning output information and creates inverse distance weighted overlays on top of TerraServer satellite maps. >> http://www.net-security.org/software.php?id=411 YET A SMART PROXY ENGINE 1.1 Yet A Smart Proxy Engine (Yasper) tweaks PORT and PASSIVE commands in a predefined way so you can route FTP data connections through any port you are forwarding or tunneling through your firewall. >> http://www.net-security.org/software.php?id=412 AXCRYPT 1.4 AxCrypt is a file encryption program for Windows 95/98/ME/NT/2K/XP using the AES algorithm with 128-bit keys. >> http://www.net-security.org/software.php?id=413 SIFEU 0.9 SiFEU is a program that in an easy way lets you encrypt files with very strong encryption. SiFEU uses the Blowfish algorithm for file encryption, SHA1 for calculating the hash sum of the password and the Gutman pass-35 pattern for shredding the source files. >> http://www.net-security.org/software.php?id=414 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Welsh Virus Writer Pleads Guilty for Creating Three Worms >> http://www.net-security.org/virus_news.php?id=147 Weekly Virus Report - Laroux Macro Virus, Napp, Lioten, Prestige and Lentin Worms >> http://www.net-security.org/virus_news.php?id=146 Viruses Disguised as Christmas Greetings >> http://www.net-security.org/virus_news.php?id=145 Iraq Oil Worm Targeting TCP Port 445 >> http://www.net-security.org/virus_news.php?id=144 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 -----------------------------------------------------------------