HNS Newsletter
Issue 142 - 30.12.2002
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


-----------------------------------------------------------------
SECURITY INCIDENT ALERT
-----------------------------------------------------------------
Check your Web servers, FTP servers, Mail servers , DNS servers,
firewalls, IDS systems, switchers and routers for over 900 up to 
date vulnerabilities. Secure your critical assets today!

FREE System Security Test and Detailed Report
http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1
-----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Security world
6) Security software
7) Virus news

[ General security news ]

 
----------------------------------------------------------------

THE CODE THAT CUTS BOTH WAYS
The focus on computer security has never been more intense, 
and the debate over disclosure has never been hotter.
>> http://www.net-security.org/news.php?id=1690


SKLYAROV REFLECTS ON DMCA TRAVAILS
Programmer Dmitry Sklyarov thinks it was unfair of prosecutors to 
play his videotaped deposition at the ElcomSoft trial rather than 
calling him to the stand.
>> http://www.net-security.org/news.php?id=1691


'TWAS THE NIGHT BEFORE CHRISTMAS, 2002
The year in review, in verse.
>> http://www.net-security.org/news.php?id=1692


US DEFENDS WEB SECURITY PLAN
A new plan to prevent cyberattacks has raised concerns that 
the US government will be prying into individuals' online activities.
>> http://www.net-security.org/news.php?id=1693


IDC: TECH BUCKS, HACK THREATS UP
Market researcher IDC pulls out its crystal ball and proclaims its 
technology market predictions for 2003. But what do competing 
analysts have to say about IDC's forecasts?
>> http://www.net-security.org/news.php?id=1699


WHO'S GOT ROOT? FIND OUT WITH TRIPWIRE
Your network groans under the weight of monitors and alarms. If 
an intruder slides through all the barriers and successfully cozies 
into a snug corner, how will you know?
>> http://www.net-security.org/news.php?id=1700


WHITE HOUSE PLANS WIDE MONITORING OF NET
The White House is proposing a monitoring center to detect and 
defend against major attacks, but the Bush administration sought 
to ease worries it might scrutinize individual users' e-mails.
>> http://www.net-security.org/news.php?id=1701


GOVERNMENT AGENCIES PLUG LEAKS IN WIRELESS NETWORKS
The Meteorological Agency and the Tokyo metropolitan government 
stopped using wireless local area networks after learning data 
was wide open to anyone with the will and the right software.
>> http://www.net-security.org/news.php?id=1703


SECURING OUTLOOK, PART TWO: MANY CHOICES TO MAKE
The first article offered a brief overview of Outlook, as well as 
some of the threats that undermine its security. This article will 
look at some more things that Outlook users can do to improve 
their e-mail security.
>> http://www.net-security.org/news.php?id=1704


SECURITY THROUGH ELBOW GREASE
One of the reasons infosecurity is so hard is that you have to 
know not only what to do--what products to deploy, what policies 
to implement, what compromises to make--but what not to do.
>> http://www.net-security.org/news.php?id=1705


THE CYBERSECURITY INDUSTRIAL COMPLEX
The Feds have a massive, multiagency plan to protect the national 
information infrastructure. Get ready for IT police and network 
smart bombs. 
>> http://www.net-security.org/news.php?id=1706

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Windows XP Registered AP Information Disclosure Vulnerability
>> http://www.net-security.org/vuln.php?id=2332


pdftops Integer Overflow Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2331


Microsoft Windows File Protection Arbitrary Certificate 
Chain Vulnerability
>> http://www.net-security.org/vuln.php?id=2330


W-Agora Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2329


Hyperion FTP Server Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2328


"printenv" CGI Cross Site Scripting Vulnerability
>> http://www.net-security.org/vuln.php?id=2327


RealNetworks HELIX Server Buffer Overflow Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2326


Web Server Vulnerability in Various Axis Network 
Hardware Devices
>> http://www.net-security.org/vuln.php?id=2325


Problems with mkstemp()
>> http://www.net-security.org/vuln.php?id=2324


Access Control Defects in nCipher PKCS#11 Keys
>> http://www.net-security.org/vuln.php?id=2323


Common Unix Printing System (CUPS) Multiple Security 
Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2322


Openwebmail 1.71 Remote Root Compromise Vulnerability
>> http://www.net-security.org/vuln.php?id=2321


Cisco Systems IOS EIGRP Network Denial of Service
>> http://www.net-security.org/vuln.php?id=2320


WAnewsletter Remote File Including Vulnerability
>> http://www.net-security.org/vuln.php?id=2319

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Gentoo Linux Security Announcement - openldap
>> http://www.net-security.org/advisory.php?id=1441


Gentoo Linux Security Announcement - cyrus-imapd
>> http://www.net-security.org/advisory.php?id=1440


Gentoo Linux Security Announcement - cyrus-sasl
>> http://www.net-security.org/advisory.php?id=1439


Conectiva Linux Security Announcement - cyrus-imapd
>> http://www.net-security.org/advisory.php?id=1438


Debian Security Advisory - New typespeed packages 
fix buffer overflow
>> http://www.net-security.org/advisory.php?id=1437


Gentoo Linux Security Announcement - kde-3.0.x
>> http://www.net-security.org/advisory.php?id=1436


Debian Security Advisory - New fetchmail packages 
fix buffer overflow
>> http://www.net-security.org/advisory.php?id=1435


Debian Security Advisory - New cyrus-imapd packages 
fix remote command execution
>> http://www.net-security.org/advisory.php?id=1434


Gentoo Linux Security Announcement - kde-3.0.x
>> http://www.net-security.org/advisory.php?id=1433


KDE Security Advisory - Multiple vulnerabilities in KDE
>> http://www.net-security.org/advisory.php?id=1432

----------------------------------------------------------------




[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

Interview with Eric Janszen
>> http://www.net-security.org/article.php?id=328


The Position of Sophos in the Anti-Virus World
>> http://www.net-security.org/article.php?id=327


Security Year in Review by Mark Finan
>> http://www.net-security.org/article.php?id=326


Security Year in Review by Mixter
>> http://www.net-security.org/article.php?id=325


Security Year in Review by Melisa LaBancz
>> http://www.net-security.org/article.php?id=324

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

CUNA Mutual Selects Zix Corporation as its Worldwide Secure 
e-Messaging Solutions Provider
>> http://www.net-security.org/press.php?id=1178


Panda Antivirus Platinum 7.0, Now Available from Tucows
>> http://www.net-security.org/press.php?id=1177


@stake Announces Release 2 of WebProxy
>> http://www.net-security.org/press.php?id=1176

----------------------------------------------------------------




[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

J2SSH 0.0.4 ALPHA
J2SSH is an object-orientated Java implementation of the SSH2 
protocol. Designed with developers in mind, it provides a cross 
platform toolkit for all areas of SSH development.
>> http://www.net-security.org/software.php?id=415


LE PUTTY 0.53B
Le Putty is a ssh suite for Windows based on the very popular 
Putty project, but with added functionality that can not be 
included in the regular Putty.
>> http://www.net-security.org/software.php?id=416


JSCH 0.0.9
JSch is a pure Java implementation of SSH2. JSch allows you to 
connect to an sshd server and use port forwarding, X11 forwarding, 
file transfer, etc., and you can integrate its functionality into 
your own Java programs.
>> http://www.net-security.org/software.php?id=417


WPOISON DEVEL
Wpoison is a tool primary designed for pen-testers and/or system 
administrators. The objective of this tool is to find any potential 
SQL-Injection vulnerabilities in dynamic web documents which 
deals with databases: PHP, ASP, etc.
>> http://www.net-security.org/software.php?id=418


NETECLIPSE 0.031
NetEclipse is a console-based sniffer/hijacker/poisoner.
>> http://www.net-security.org/software.php?id=419

----------------------------------------------------------------




[ Virus News ] 


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

"L" Variant of the Opaserv Worm Circulating Around
>> http://www.net-security.org/virus_news.php?id=148

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending your e-mail address to:
info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


-----------------------------------------------------------------
SECURITY INCIDENT ALERT
-----------------------------------------------------------------
Check your Web servers, FTP servers, Mail servers , DNS servers,
firewalls, IDS systems, switchers and routers for over 900 up to 
date vulnerabilities. Secure your critical assets today!

FREE System Security Test and Detailed Report
http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1
-----------------------------------------------------------------