HNS Newsletter
Issue 144 - 13.01.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


-----------------------------------------------------------------
SECURITY INCIDENT ALERT
-----------------------------------------------------------------
Check your Web servers, FTP servers, Mail servers , DNS servers,
firewalls, IDS systems, switchers and routers for over 900 up to 
date vulnerabilities. Secure your critical assets today!

FREE System Security Test and Detailed Report
http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1
-----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Security world
6) Security software
7) Virus news


[ General security news ]

 
----------------------------------------------------------------

STUDY: SPAM COSTS BUSINESSES $13 BILLION
All those junk e-mail messages may promise instant wealth, but 
they can be quite painful to the bottom line.
>> http://www.net-security.org/news.php?id=1741


ENCRYPTION INJUNCTION DROPPED
US Supreme Court Justice Sandra Day O'Connor has thrown out 
an emergency stay that barred a former webmaster from putting 
DVD decryption programs on the Internet.
>> http://www.net-security.org/news.php?id=1742


WHAT IT MEANS: VIRUSES OF 2002
Though there was no single big-name destroyer like the Anna 
Kournikova virus of 2001 or the Iloveyou from 2000, there were 
plenty of little guys last year, like one called Bugbear, or 
variations of the Klez worm.
>> http://www.net-security.org/news.php?id=1743


COMPUTER ASSOCIATES TARGETS SECURITY MANAGEMENT
Computer Associates is readying what could be among the most 
comprehensive product suites in the emerging security information 
management market.
>> http://www.net-security.org/news.php?id=1744


HELP WANTED: STEAL THIS DATABASE
A public relations firm accidentally posts server login information 
in an online job ad, exposing scads of clients' customer data and 
underscoring the need for companies to take Web security seriously.
>> http://www.net-security.org/news.php?id=1746


OUTSOURCED SOFTWARE BRINGS FEARS FOR SECURITY
As U.S. companies move software development tasks out of their 
own offices to computer programming companies in the U.S. and 
abroad, new concerns are being raised about the security risks 
involved.
>> http://www.net-security.org/news.php?id=1747


LESSONS FROM THE LABORATORY
Medical science's eradication of smallpox was easy compared to 
the Internet's efforts against nasty computer viruses. Here's why.
>> http://www.net-security.org/news.php?id=1748


WEB SERVICES SECURITY: MOVING UP THE STACK
Six new specifications add to the Web Services Security roadmap.
>> http://www.net-security.org/news.php?id=1749


STORAGE SECURITY - UNDER LOCK AND KEY
With more and more storage devices and networks becoming 
interconnected-not to mention the rise of IP-based storage
security is becoming a topic of increasing concern.
>> http://www.net-security.org/news.php?id=1751


MICROSOFT OFFERS SECURITY GUIDE
Microsoft has published a 20-page white paper that details how 
the company secured its portion of eWeek's OpenHack 4 test.
>> http://www.net-security.org/news.php?id=1752


ADMIN DIGEST: THE BASICS OF LINUX NETWORK SECURITY
You've heard Linux is supposed to be secure, but how do you 
make sure?
>> http://www.net-security.org/news.php?id=1753


STRANGLED BY SECURITY?
One prediction for 2003 we know will pan out in the coming months 
is that the specter of security vulnerabilities will continue to 
plague us.
>> http://www.net-security.org/news.php?id=1754


NTL IN ALLEGED HACK PROBE
NTL has launched an internal investigation following allegations 
that a Web site critical of the company was hacked by someone 
from within the cableco.
>> http://www.net-security.org/news.php?id=1755


PC ARMY TACKLES XBOX SECURITY CODE
A growing army of PC owners is hoping to use the power of the 
masses to crack the main security code of Microsoft's Xbox and 
claim $100,000 in the process.
>> http://www.net-security.org/news.php?id=1756


JON JOHANSEN FOUND NOT GUILTY OF DVD PIRACY
Jon Johansen was cleared of DVD piracy charges in a landmark 
trial brought on behalf of major Hollywood studios.
>> http://www.net-security.org/news.php?id=1760


LIRVA WORM ATTACHES TO AVRIL LAVIGNE
Lirva, also known as Naith, is a mass-mailing worm that arrives via 
e-mail either announcing a new Microsoft patch or offering fan 
access to Avril Lavigne.
>> http://www.net-security.org/news.php?id=1761


CLOSING THE FLOODGATES: DDOS MITIGATION TECHNIQUES
This article explores some techniques that systems administrators 
and security professionals can employ should they ever find 
themselves under DDoS attack.
>> http://www.net-security.org/news.php?id=1762


LIBERTY ALLIANCE: 2003 BRINGS PRODUCTS, SERVICES
A poll of Liberty Alliance Project members indicates that 2003 will 
see the emergence of new technology that applies identity 
management and user authentication standards developed by 
the industry consortium.
>> http://www.net-security.org/news.php?id=1763


OASIS PONDERS PKI SECURITY FOR WEB SERVICES
OASIS (Organization for the Advancement of Structured Information 
Standards) announced that it has formed a technical committee 
to advance PKI adoption for Web services and other applications.
>> http://www.net-security.org/news.php?id=1764


FED SITES HACKER COULD SPEND A DECADE IN JAIL
William Douglas Word faces up to 10 years in prison after entering 
guilty pleas to 17 counts of defacing government Web pages and 
one count of possessing counterfeit or unauthorized credit cards.
>> http://www.net-security.org/news.php?id=1765


NEW USER A SECURITY NIGHTMARE
A breach in internal security is less likely than an external breach, 
yet many admins don't devote enough attention to internal 
security practices.
>> http://www.net-security.org/news.php?id=1766


AMERICANS GIVE THUMBS UP TO BIOMETRICS
Most Americans are willing to accept increased use of biometric 
technologies by private sector firms, providing proper privacy 
safeguards are applied.
>> http://www.net-security.org/news.php?id=1771


IT RESISTS MANDATORY CYBER-SECURITY
As the Bush Administration prepares to release the National 
Strategy to Secure Cyberspace, the IT industry continues to 
resist efforts to include technology mandates or regulations.
>> http://www.net-security.org/news.php?id=1772


DECEPTION LESSONS FROM A PRO
Kevin Mitnick's book is an eye-opening, sometimes frightening, 
and always educational trip through a seamy underworld.
>> http://www.net-security.org/news.php?id=1773


CSOS PRIORITIZE SECURITY SPENDING FOR 2003
Companies expect to spend roughly 10% of their total IT budget 
on security in 2003, an 8% increase over 2002 levels, with 
employee education, business continuity and disaster recovery 
taking priority.
>> http://www.net-security.org/news.php?id=1774


CONCERNS MOUNT OVER SYMANTEC
Will Symantec be able to stand up to specialized competitors in 
the sector, such as Check Point, ISS and Cisco.
>> http://www.net-security.org/news.php?id=1775


CALIFORNIA DISCLOSURE LAW HAS NATIONAL REACH
This year a new California law will require businesses to notify 
their customers after being hacked. It could change intrusion 
response practices throughout the U.S.
>> http://www.net-security.org/news.php?id=1776


MAKE 2003 MORE SECURE
The challenges to info-tech security will surely be daunting, and 
companies' efforts to stay safe will have to keep increasing.
>> http://www.net-security.org/news.php?id=1777


SHORTER VERSION OF SNOOPING RULES A RELIEF TO EMPLOYERS
Small businesses will get a greatly simplified version of the code 
of practice on monitoring staff, the new privacy watchdog said 
yesterday, in an attempt to defuse bitter industry opposition.
>> http://www.net-security.org/news.php?id=1781


CHECK POINT ON PROWL FOR DEAL
Flush with cash but facing a decline in revenue, Check Point 
Software Technologies Ltd. is prowling for acquisitions, say 
analysts who follow the computer security company.
>> http://www.net-security.org/news.php?id=1782


FEDS ENLIST HACKER TO FOIL PIRACY RINGS
Federal prosecutors will tell a U.S. District Court in Tampa today 
of a plea deal with a man they call one of the most skillful pirates 
of DirecTV and EchoStar signals.
>> http://www.net-security.org/news.php?id=1783


HOTMAIL: A SPAMMER'S PARADISE?
Anti-spam advocates say spammers have found an effective way 
to mine new addresses from Hotmail.
>> http://www.net-security.org/news.php?id=1784


SSH ADVANCED TECHNIQUES
In his regular security column, Bill introduces some advanced 
techniques for ssh: tunneling through an ssh gateway, running a 
command on multiple systems at once, and the easy way to 
install ssh keys.
>> http://www.net-security.org/news.php?id=1785


THE VIEW FROM SYMANTEC'S SECURITY CENTRAL
An ordinary office building on Route 1 in Alexandria offers a rare 
window into the Internet hacker wars and a few clues to why 
Uncle Sam wants more monitoring capabilities in cyberspace.
>> http://www.net-security.org/news.php?id=1786


LINUX SECURITY STRONG AS EVER
Linux security is as strong as ever, despite recent statistics 
that say otherwise.
>> http://www.net-security.org/news.php?id=1787


HOW SECURE IS SECURE SHELL?
Despite its vulnerabilities, SSH is far better than its unsecure 
cousins, including Telnet, the "r" commands and FTP, which 
transmit everything as plain text.
>> http://www.net-security.org/news.php?id=1788


HOW WARCHALKING DIED
The purpose of this article is to explain how Warchalking has 
become obsolete. It is being replaced by Wi-Fi Zones that are 
being fueled by home networks, corporate networks, and even 
payphones.
>> http://www.net-security.org/news.php?id=1789

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

BRS WebWeaver FTP Server Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2357


Efficient Networks 5861 DSL Router Denial of Service Vulnerability
>> http://www.net-security.org/vuln.php?id=2356


WebIntelligence Session Hijacking Vulnerability
>> http://www.net-security.org/vuln.php?id=2355


IMP 2.x SQL Injection Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2354


a.shopKart Web Shopping Cart Insuficient Input Checking Vulnerability
>> http://www.net-security.org/vuln.php?id=2353


Bookmar4U and Active PHP Bookmarks Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2352


Directory Traversal Vulnerability in Communigate Pro 4.0b to 4.0.2
>> http://www.net-security.org/vuln.php?id=2351


Longshine WLAN Access-Point LCS-883R Vulnerability
>> http://www.net-security.org/vuln.php?id=2350


S8Forum Remote Command Execution Vulnerability
>> http://www.net-security.org/vuln.php?id=2349


OpenTopic Cross Site Scripting Vulnerability
>> http://www.net-security.org/vuln.php?id=2348


Nettelephone Dialer Security Vulnerability
>> http://www.net-security.org/vuln.php?id=2347


Bypassing Integrity Protection Driver
>> http://www.net-security.org/vuln.php?id=2346


Solaris 2.x /usr/sbin/wall Vulnerability
>> http://www.net-security.org/vuln.php?id=2345


S-plus /tmp Vulnerability
>> http://www.net-security.org/vuln.php?id=2344


CuteFTP Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2343


EServ v.2.97 Remote Denial of Service Vulnerability
>> http://www.net-security.org/vuln.php?id=2342


WinAmp v.3.0 Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2341


AN HTTPd v.1.41e Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2340


libmcrypt Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2339


OpenTopic Cross Site Scripting Vulnerability
>> http://www.net-security.org/vuln.php?id=2338


iCal 3.7 Remote Denial of Service Vulnerability
>> http://www.net-security.org/vuln.php?id=2337

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

SCO Security Advisory - UnixWare 7.1.1 Open UNIX 8.0.0: 
command line argument buffer overflow in ps
>> http://www.net-security.org/advisory.php?id=1476


SCO Security Advisory - Linux: Webmin Cross-site Scripting 
and Session ID Spoofing Vulnerabilities
>> http://www.net-security.org/advisory.php?id=1475


Debian Security Advisory - New xpdf-i packages fix arbitrary 
command execution
>> http://www.net-security.org/advisory.php?id=1474


Mandrake Linux Security Advisory - dhcpcd
>> http://www.net-security.org/advisory.php?id=1473


Mandrake Linux Security Advisory - cups
>> http://www.net-security.org/advisory.php?id=1472


FreeBSD Security Advisory - file descriptor leak in fpathconf
>> http://www.net-security.org/advisory.php?id=1471


SCO Security Advisory - Linux: fetchmail at-sign buffer 
overflow vulnerability
>> http://www.net-security.org/advisory.php?id=1470


Red Hat Security Advisory - Updated Ethereal packages are available
>> http://www.net-security.org/advisory.php?id=1469


Debian Security Advisory - New tomcat packages fix source 
disclosure vulnerability
>> http://www.net-security.org/advisory.php?id=1468


Gentoo Linux Security Announcement - libpng
>> http://www.net-security.org/advisory.php?id=1467


Debian Security Advisory - New canna packages fix buffer 
overflow and denial of service
>> http://www.net-security.org/advisory.php?id=1466


SGI Security Advisory - Netscape Browsers Vulnerabilities on IRIX
>> http://www.net-security.org/advisory.php?id=1465


Gentoo Linux Security Announcement - lcdproc
>> http://www.net-security.org/advisory.php?id=1464


Debian Security Advisory - New geneweb packages fix 
information exposure
>> http://www.net-security.org/advisory.php?id=1463


Red Hat Security Advisory - Updated cyrus-sasl packages 
fix buffer overflows
>> http://www.net-security.org/advisory.php?id=1462


Gentoo Linux Security Announcement - http-fetcher
>> http://www.net-security.org/advisory.php?id=1461


SGI Security Advisory - Multiple Vulnerabilities in Sendmail on IRIX
>> http://www.net-security.org/advisory.php?id=1460


Debian Security Advisory - New xpdf packages fix arbitrary 
command execution
>> http://www.net-security.org/advisory.php?id=1459


Gentoo Linux Security Announcement - monopd
>> http://www.net-security.org/advisory.php?id=1458


Gentoo Linux Security Announcement - libmcrypt
>> http://www.net-security.org/advisory.php?id=1457


Gentoo Linux Security Announcement - dhcpcd
>> http://www.net-security.org/advisory.php?id=1456


Red Hat Security Advisory - Updated pine packages available
>> http://www.net-security.org/advisory.php?id=1455


SGI Security Advisory - fam Vulnerability Update
>> http://www.net-security.org/advisory.php?id=1454


Debian Security Advisory - New mhonarc packages fix 
cross site scripting
>> http://www.net-security.org/advisory.php?id=1453

----------------------------------------------------------------




[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

INTERVIEW WITH LEO PLUSWICK AND AL POTTER
What do people in the security industry think of wireless security? 
Here's the opinion of two experts - Leo Pluswick and Al Potter, 
both from ICSA Labs, a division of TruSecure Corporation.
>> http://www.net-security.org/article.php?id=331


LINUX SECURITY: REFLECTIONS ON 2002
Bob Toxen writes: "Here are my reflections on Linux security in 
2002 and predictions for 2003. All statements not otherwise 
attributed are my opinions."
>> http://www.net-security.org/article.php?id=332


NETWORK ASSOCIATES ACQUIRES DEERSOFT ANTI-SPAM TECHNOLOGY
Network Associates, Inc. acquired Deersoft, Inc., a provider of 
anti-spam applications. The Deersoft acquisition is the first in a 
series of investments Network Associates is making in spam and 
content filtering technologies.
>> http://www.net-security.org/article.php?id=333


INTERVIEW WITH JAY CHAUDHRY
Jay Chaudhry is the CEO of AirDefense, a company exclusively 
focused on WLAN security with technology that is designed to 
monitor and analyze 802.11 Layer 1 and Layer 2 packets in 
the airwaves. Here's his take on wireless security.
>> http://www.net-security.org/article.php?id=334


KERIO RELEASES MAILSERVER 5.5 FOR MAC OS X
Kerio Technologies Inc. introduced its secure corporate messaging 
server Kerio MailServer 5.5 for Mac OS X at the Macworld expo 
in San Francisco.
>> http://www.net-security.org/article.php?id=335


NEW TYPE OF DATA SECURITY BY TENFOLD
TenFold Corporation made public a significant and unique feature 
of its Universal Application platform called SecurityByValue that 
introduces a simple way to manage a new type of data security.
>> http://www.net-security.org/article.php?id=336


ETHERLEAK: ETHERNET FRAME PADDING INFORMATION LEAKAGE
Multiple platform Ethernet Network Interface Card (NIC) device 
drivers incorrectly handle frame padding, allowing an attacker to 
view slices of previously transmitted packets or portions of 
kernel memory.
>> http://www.net-security.org/article.php?id=337


INTERVIEW WITH IAN CURRY
Ian Curry is the Vice President and Chief Marketing Officer of 
Entrust. Here's his take on wireless security.
>> http://www.net-security.org/article.php?id=338


NEW SECURITY INDUSTRY MARKET RESEARCH FIRM LAUNCHED
Quarterback Consulting, was founded by Cyrus Maaghul, a 
successful entrepreneur, market researcher and information 
technology professional. Their goal is to become the most 
comprehensive body of global security market information to 
help businesses and governments implement the best possible 
global security strategy.
>> http://www.net-security.org/article.php?id=339


INTERVIEW WITH JOSHUA WRIGHT
Joshua Wright is a Network Engineer for Johnson & Wales University.
He's been investigating wireless security and here are his thoughts
on the subject.
>> http://www.net-security.org/article.php?id=340

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

St. Bernard's Open File Manager to Be Included With Attix5 Backup
>> http://www.net-security.org/press.php?id=1189


SSH Communications Security Corp Stock Exchange Release 
January 8, 2003 10.30am
>> http://www.net-security.org/press.php?id=1188


Medepass Deploys Microsoft Software and Chrysalis-ITS Hardware 
to Ensure Security in Verifying Physician Identities
>> http://www.net-security.org/press.php?id=1187


Cyberguard Firewall Technology Passes Test To Provide Global 
Financial Security Solutions
>> http://www.net-security.org/press.php?id=1186


Datacard and Datakey join forces to offer solution for secure 
enterprise authentication and identification
>> http://www.net-security.org/press.php?id=1185


Sophos And Red Networks Deliver Virus Protection To Lynx Express
>> http://www.net-security.org/press.php?id=1184


Internet Security Systems� X-Force Releases Internet Risk Impact 
Summary Report for Q4 2002 and Year-end
>> http://www.net-security.org/press.php?id=1183


Blue Coat Systems and Websense Team to Accelerate Next
Generation Employee Internet Management
>> http://www.net-security.org/press.php?id=1182


Application Security, Inc. Releases AppDetective for IBM DB2
>> http://www.net-security.org/press.php?id=1181


Sophos and Red Networks deliver virus protection to LYNX Express
>> http://www.net-security.org/press.php?id=1180

----------------------------------------------------------------




[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

RSA ENCRYPTING TOOL 0.11
This is a simple RSA algorithm implementation.
>> http://www.net-security.org/software.php?id=424


JAY'S IPTABLES FIREWALL 0.8.2
Jay's Iptables Firewall is a script with support for multiple 
(external/internal) interfaces, TCP/UDP/ICMP control, masquerading, 
synflood control, spoofing control, port forwarding, upload limits 
(experimental), VPNs, ToS, denying hosts, ZorbIPTraffic.
>> http://www.net-security.org/software.php?id=425


PHPACCESS 0.01 ALPHA
The htaccess class manages the htaccess functions of Apache 
Webservers. Without knowing much about Apache, users can be 
added or deleted, groups can be created and deleted, .htaccess 
files can be created with this class, etc.
>> http://www.net-security.org/software.php?id=426


AGT 1.07
AGT is a powerful console frontend to iptables, supporting nearly 
all of the iptables extensions. All options can be specified in a 
configuration file with similar syntax to 'ipf' and 'ipfw'.
>> http://www.net-security.org/software.php?id=427


IP PERSONALITY 20020819
The Linux IP Personality patch adds to your Linux 2.4 kernel the 
ability to have different 'personalities' network wise, that is to 
change some characteristics of its network traffic, depending 
on different parameters (anything you can specify in an iptables 
rule: src/dst IP address, TCP or UDP port, etc.)
>> http://www.net-security.org/software.php?id=428

----------------------------------------------------------------




[ Virus News ] 


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Lirva starts to spread faster as two new variants emerge
>> http://www.net-security.org/virus_news.php?id=157


Panda Software reports the appearance of the 'N' variant of 
W32/Explorezip
>> http://www.net-security.org/virus_news.php?id=156


Panda Software reports the appearance of Lirva, a new and 
potentially fast-spreading worm
>> http://www.net-security.org/virus_news.php?id=155


Avril Lavigne Worm Needn't Be So Complicated, Says Sophos
>> http://www.net-security.org/virus_news.php?id=154


Weekly Virus Report - 'L' variant of the Lentin worm appears
>> http://www.net-security.org/virus_news.php?id=153

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending your e-mail address to:
info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


-----------------------------------------------------------------
SECURITY INCIDENT ALERT
-----------------------------------------------------------------
Check your Web servers, FTP servers, Mail servers , DNS servers,
firewalls, IDS systems, switchers and routers for over 900 up to 
date vulnerabilities. Secure your critical assets today!

FREE System Security Test and Detailed Report
http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1
-----------------------------------------------------------------