HNS Newsletter Issue 147 - 03.02.2003. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 ----------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Reviews 6) Security world 7) Security software 8) Virus news [ Security news ] ---------------------------------------------------------------- AN OVERVIEW OF THE SUN MICROSYSTEM FIREWALL This article is the first of a two-part series that will offer a brief overview of the implementation and administration of SunScreen. >> http://www.net-security.org/news.php?id=1887 ATTACKS FELL AN ONLINE COMMUNITY A barrage of denial-of-service attacks have forced DALnet, an online community whose existence predates the World Wide Web, to cease operations. The community's future remains in doubt. >> http://www.net-security.org/news.php?id=1888 WHAT WILL IT TAKE? What will it take for the computing industry and the population of computer users to look at Microsoft's security record and declare that it must go no further? >> http://www.net-security.org/news.php?id=1890 SPAM FILTERING WITH GZIP While many people see gzip as a compression tool, it also makes a credible spam filter. Here's how. >> http://www.net-security.org/news.php?id=1891 MOBILE VIRUS THREAT LOOMS LARGE By 2005 anti-virus experts expect that customers of one or more mobile networks will have been struck by a malicious program designed to exploit security failings on portable devices. >> http://www.net-security.org/news.php?id=1894 MICROSOFT ADMITS FAILING TO PATCH OWN SOFTWARE AGAINST THE SQL WORM A Microsoft spokesman declined to say which areas at Microsoft were affected. He acknowledged that some servers were left unfixed because administrators "didn't get around to it when they should have." >> http://www.net-security.org/news.php?id=1895 NETWORK RISK INSURANCE MARKET TO FLOURISH Network risk insurance has been on the market for about three years, but is expected to explode from a $100 million sideshow into a $2.5 billion behemoth by 2005, according to insurance industry projections. >> http://www.net-security.org/news.php?id=1896 A CRIME WAVE FESTERS IN CYBERSPACE Cybercrime, long a painful side effect of the innovations of Internet technology, is reaching new dimensions, security specialists say. >> http://www.net-security.org/news.php?id=1897 SECURITY BREACHES STILL BEING COVERED UP According to a survey by security consultant Defcom, firms are deciding to protect their reputations rather than report attacks to the police. >> http://www.net-security.org/news.php?id=1899 ARE WE NEARLY SECURE YET? David Coursey: One year ago, Bill Gates challenged his Microsoft troops to make the company's products more trustworthy. What's been accomplished? A bit. What still needs to be done? A lot. >> http://www.net-security.org/news.php?id=1900 MICROSOFT'S UPHILL SECURITY BATTLE If Uncle Bill is correct in his vision of a Digital Decade, in which billions of intelligent devices are interconnected, we may be in for an onslaught of new threats. >> http://www.net-security.org/news.php?id=1904 WHAT TO LOOK FOR WHEN BUYING A VPN VPN drivers range from securing corporate communications to reducing costs by replacing leased lines. Let's take a look at the various solutions and how they apply to different environments. >> http://www.net-security.org/news.php?id=1905 COMPUTER SLEUTH - THE INSIDE JOB Forensic IT expert Daniel Ayers flushes out hidden computer secrets. >> http://www.net-security.org/news.php?id=1906 FIREWALL GEEKS MEET THE NIGHT WATCHMEN The once-distinct realms of computer security and physical security are merging as they realize how interdependent they are. >> http://www.net-security.org/news.php?id=1907 LITCHFIELD'S NGSSOFTWARE CUTS TIES WITH CERT NGSSoftware will no longer work with CERT/CC, after CERT personnel gave advance notice of several new vulnerabilities to a software vendor and some government officials. >> http://www.net-security.org/news.php?id=1908 FORENSICS ON THE WINDOWS PLATFORM, PART 1 This article will examine some basic, non-technical concepts that are applicable to all forensic investigations. >> http://www.net-security.org/news.php?id=1909 LOCKING LINUX Learn how to secure local file systems, restrict insecure root access, and how to configure user authentication. >> http://www.net-security.org/news.php?id=1910 PROJECT CRENUM: REAL REMOTE SNIFFER DETECTION RESEARCH REPORT This is a project targeted towards Remote Sniffer Detection using commonly available network tools. >> http://www.net-security.org/news.php?id=1911 COMBATING THE AERIAL THREAT Kevin Hogan, security response programme manager at Symantec, looks at the security headaches caused by wireless Lans, and suggests ways that businesses and individuals can deal with them. >> http://www.net-security.org/news.php?id=1912 THE CASE OF SLAMMER AND THE BROKEN PATCHING PROCESS Many companies wait to install security patches until they have been fully tested, or they install them in the wrong order, which could undo earlier fixes. >> http://www.net-security.org/news.php?id=1913 SYMANTEC'S 'SUBMIT A DEAL' FLAWED Software giant Symantec's failure to secure a portion of its corporate site leaves an online database of acquisitions proposals exposed, including one from longtime industry critic Vmyths. >> http://www.net-security.org/news.php?id=1914 MICROSOFT PREPS FIREWALL UPGRADE Microsoft is preparing a second version of its enterprise firewall Internet Security and Acceleration (ISA) Server, focusing on application-level security and XML web services. >> http://www.net-security.org/news.php?id=1915 EXPOSED SERVER PROVES TO BE A MAGNET FOR ATTACKS PSINet Europe set up an anonymous 'dummy test' server and found it was maliciously attacked 467 times within 24 hours of being installed. >> http://www.net-security.org/news.php?id=1916 DEVELOPING A SECURITY POLICY Analyst IDC recently reported that fewer than 10 per cent of European companies have a security policy in place. >> http://www.net-security.org/news.php?id=1917 LINUX BOOST EXPECTED FOR TRUSTED COMPUTING SCHEME Linux-based APIs are on the roadmap of various vendors in support of the Trusted Computing Platform Alliance's security initiative. >> http://www.net-security.org/news.php?id=1918 SNEAKY TOOLBAR HIJACKS BROWSERS Internet users are mystified by a tricky browser add-on that installs itself without permission and defies attempts to remove it. Some are calling the program the most insidious thing on the Web. >> http://www.net-security.org/news.php?id=1919 CONSORTIUM PUSHES FOR CYBERSECURITY R&D A consortium of 23 security research institutions is calling on the government and private companies to put more research and development muscle into a host of cybersecurity problems. >> http://www.net-security.org/news.php?id=1921 MICROSOFT BOWS TO EU PRIVACY CONCERNS Microsoft has agreed to make substantial changes to its Passport online identity system to make it comply with European privacy laws. >> http://www.net-security.org/news.php?id=1922 ANTICIPATING THE UNKNOWN It's been one of the dirty little secrets of the security industry for years: Software patches don't work. >> http://www.net-security.org/news.php?id=1923 CERTIFY THIS! It's all about money for most companies offering these certifications, and it's a get-rich-over-time scheme for the person getting the letters appended to his or her title. >> http://www.net-security.org/news.php?id=1924 E-VOTING SECURITY DEBATE COMES HOME Why are some high-power technologists trying to keep fully electronic ballots out of Silicon Valley voting booths? They're worried that hackers might decide the next election. >> http://www.net-security.org/news.php?id=1925 BIOS MAKER BUILDS A BUNKER FOR PCS Phoenix Technologies, the maker of BIOS software for most of the world's PCs, will unveil a software environment for PCs and other devices that creates a "bunker" in which critical utilities can be stored. >> http://www.net-security.org/news.php?id=1926 KEY TO WI-FI SECURITY The arrival of WPA and eventually 802.11i will reduce the administrative burden of WLANs, integrating them with existing authentication mechanisms and making the security issue disappear. >> http://www.net-security.org/news.php?id=1927 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Locator Service Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2404 SSH2 Clients Insecurely Store Passwords >> http://www.net-security.org/vuln.php?id=2403 dotproject Remote Code Execution Vulnerability >> http://www.net-security.org/vuln.php?id=2402 FormMail.CGI Cross Site Scripting Vulnerabilities >> http://www.net-security.org/vuln.php?id=2401 Xynph FTP Server 1.0 Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=2400 dotproject Remote File Access Vulnerability >> http://www.net-security.org/vuln.php?id=2399 DC Cart Admin Compromise Vulnerability >> http://www.net-security.org/vuln.php?id=2398 Eudora Message Deletion Weakness >> http://www.net-security.org/vuln.php?id=2397 Astaro Security Linux Firewall HTTP Proxy Vulnerability >> http://www.net-security.org/vuln.php?id=2396 Blackboard 5.x & Patched 5.x Systems Password Retrieval Vulnerability >> http://www.net-security.org/vuln.php?id=2395 Slocate Local Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2394 Mailman Cross Site Scripting Vulnerability >> http://www.net-security.org/vuln.php?id=2393 SpamAssassin / spamc+BSMTP Rremote Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2392 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Debian Security Advisory - New courier packages fix SQL injection >> http://www.net-security.org/advisory.php?id=1560 Debian Security Advisory - New tomcat packages fix information exposure and cross site scripting >> http://www.net-security.org/advisory.php?id=1559 OpenPKG Security Advisory - mysql >> http://www.net-security.org/advisory.php?id=1558 MIT krb5 Security Advisory - Multiple vulnerabilities in old releases of MIT Kerberos >> http://www.net-security.org/advisory.php?id=1557 Debian Security Advisory - New dhcp3 packages fix potential network flood >> http://www.net-security.org/advisory.php?id=1556 Mandrake Linux Security Advisory - fetchmail >> http://www.net-security.org/advisory.php?id=1555 EnGarde Secure Linux Advisory - fetchmail-ssl heap overflow vulnerability >> http://www.net-security.org/advisory.php?id=1554 EnGarde Secure Linux Advisory - Several MySQL vulnerabilities >> http://www.net-security.org/advisory.php?id=1553 Debian Security Advisory - New noffle packages fix buffer overflows >> http://www.net-security.org/advisory.php?id=1552 Debian Security Advisory - New kdemultimedia packages fix several vulnerabilities >> http://www.net-security.org/advisory.php?id=1551 Debian Security Advisory - New kdebase packages fix several vulnerabilities >> http://www.net-security.org/advisory.php?id=1550 Debian Security Advisory - New kdeutils packages fix several vulnerabilities >> http://www.net-security.org/advisory.php?id=1549 Debian Security Advisory - New kdegames packages fix several vulnerabilities >> http://www.net-security.org/advisory.php?id=1548 Cisco Security Advisory - Microsoft SQL Server 2000 Vulnerabilities in Cisco >> http://www.net-security.org/advisory.php?id=1547 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- PKWARE AND RSA SECURITY ENTER A STRATEGIC ALLIANCE Under the strategic alliance agreement, PKWARE is licensing RSA BSAFE encryption software for use across all platforms and RSA Security is licensing PKZIP compression technology. >> http://www.net-security.org/article.php?id=371 INTERVIEW WITH THE AUTHOR OF "HALTING THE HACKER" In this interview, Donald L. Pipkin, the Information Security Architect for the Internet Security Division of Hewlett-Packard, talks about general security issues. >> http://www.net-security.org/article.php?id=373 COMPASS SECURITY FINJAN SURFINGATE ANALYSIS This article is focused in Finjan SurfinGate HTTP content filter protection - and gives you a better understanding of threats and risks. >> http://www.net-security.org/article.php?id=374 ---------------------------------------------------------------- [ Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- CISCO SECURE PIX FIREWALLS The authors state that the goal of this book is help users refresh their knowledge of basic PIX operation as well as to dwell into more advanced configurations. Do they succeed in accomplishing this? >> http://www.net-security.org/review.php?id=27 FIREWALLS AND INTERNET SECURITY: REPELLING THE WILY HACKER 2/E The title of the book, "Firewalls and Internet Security" may point someone into believing that the book is about firewalls and their part in the Internet Security sphere. That is not true, as the book provides a great deal of information on a wide specter of security topics. Written by an impressive trio of Information Security experts, this book is a long awaited sequel to the original "classic". >> http://www.net-security.org/review.php?id=28 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- Diversinet Granted Patent for Preventing Online Authentication System Downtime in the Event of an Attack >> http://www.net-security.org/press.php?id=1231 IP3 Inc. Launches 2003 Security Workshop >> http://www.net-security.org/press.php?id=1230 eGeneral and Diversinet Announce New Secure M-Payment Service >> http://www.net-security.org/press.php?id=1229 Trusecure Investigative Response Supports HIPAA Security Requirements >> http://www.net-security.org/press.php?id=1228 ActiveState PureMessage Deals Blow to New and More Threatening Spamming Technique >> http://www.net-security.org/press.php?id=1227 Panda: The First and Only Antivirus Developer to Integrate Protection Against SQLSlammer Type Worms >> http://www.net-security.org/press.php?id=1226 New NetScreen-200 Series Features Extend Security, Reduce Capital and Operational Costs >> http://www.net-security.org/press.php?id=1225 Protegrity Secure.Data For SQL Server 2000 Integration Certified For Use With PeopleSoft AppConnect >> http://www.net-security.org/press.php?id=1224 System Administrators Blame Each Other For Spread Of Slammer Internet Worm, Sophos Poll Reveals >> http://www.net-security.org/press.php?id=1223 Neoteris Increases Momentum In Europe With Signing Of ALLnet As UK Reseller Of Its Award-Winning Secure Access Products >> http://www.net-security.org/press.php?id=1222 ICSA Labs Announces 4th Quarter 2002 Product Certifications >> http://www.net-security.org/press.php?id=1221 ActivCard Unveils First Complete Secure Sign-On Solution with Biometrics >> http://www.net-security.org/press.php?id=1220 Damovo and Ceragon Networks Announce Global Agreement >> http://www.net-security.org/press.php?id=1219 Airscanner Names Wireless Security Icon Seth Fogie as Vice President of Product Management >> http://www.net-security.org/press.php?id=1218 Level 3's Acquisition of Genuity Earns Court Approval >> http://www.net-security.org/press.php?id=1217 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- MALLOC() WEBMINER 1.01 Malloc() Webminer is a tool used to find common webserver exposures (currently about 400) and also has the ability to mine webservers for hidden files/directories using a new bruteforce method and can easily be expanded apon. >> http://www.net-security.org/software.php?id=440 ALFANDEGA FIREWALL 2.0 Alfandega is an Iptables based Firewall. This provides high customization using the profiles, port-forwarding, block blacklisted adresses, protection for various types of tcp and udp scans, DHCP and PPP support and much more. >> http://www.net-security.org/software.php?id=441 W32.SQLEXP.WORM REMOVAL TOOL This is a removal tool for an Internet worm that spreads using a known vulnerability in MS SQL Server. >> http://www.net-security.org/software.php?id=442 SECURE LOCATE 2.7 Secure locate provides a secure way to index and quickly search for files on your system. >> http://www.net-security.org/software.php?id=443 AUDITUNLINK 0.1.1 Wonder who deleted that important file on your Linux box? Did your database files "mysteriously" disappear from that super secure Linux database server and you don't know how? Now your system logs will tell who, what, when, and how with Auditunlink. >> http://www.net-security.org/software.php?id=444 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Weekly Virus Report - SQLSlammer, Netspree Worms and Winpao Trojan >> http://www.net-security.org/virus_news.php?id=177 Sophos: Top 10 Viruses and Hoaxes in January 2003 >> http://www.net-security.org/virus_news.php?id=176 Far Too Many Viruses in January 2003 >> http://www.net-security.org/virus_news.php?id=175 Helkern - The Beginning of End As Anti-virus Experts Have Long Warned >> http://www.net-security.org/virus_news.php?id=174 Slammer (Helkern) Worm Epidemic - Events Chronology >> http://www.net-security.org/virus_news.php?id=173 Lack of Visible Symptoms Increases the Danger of SQLSlammer >> http://www.net-security.org/virus_news.php?id=172 SQLSlammer Could Block the Enterprise Activities >> http://www.net-security.org/virus_news.php?id=171 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ----------------------------------------------------------------- SECURITY INCIDENT ALERT ----------------------------------------------------------------- Check your Web servers, FTP servers, Mail servers , DNS servers, firewalls, IDS systems, switchers and routers for over 900 up to date vulnerabilities. Secure your critical assets today! FREE System Security Test and Detailed Report http://www.net-security.org/lm/ads/ads.pl?banner=scannerx1 -----------------------------------------------------------------