HNS Newsletter
Issue 152 - 10.03.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


---------------------------------------------------------------------
QUESTION: How Vulnerable are Your Applications and Databases?

ANSWER: Find out by downloading a vulnerability assessment 
scanner that can empower you with all of the answers.

DOWNLOAD YOUR FREE EVALUATION VERSION of AppDetective from:
http://www.appsecinc.com/helpnetsecurity

FREE DATABASE AND APPLICATION VULNERABILITY ASSESSMENT 
EVALUATION FREE WHITE PAPERS ON DATABASE SECURITY, 
SQL INJECTION, AND WORMS

Download your FREE EVALUATION VERSION of AppDetective and 
INFORMATIVE WHITE PAPERS on database/application security from:
http://www.appsecinc.com/helpnetsecurity/
---------------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Security world
7) Security software
8) Virus news


[ Security news ]

 
----------------------------------------------------------------

HOW TO GUARD AGAINST TODAY'S TROJAN HORSES
These days malicious users aren't after your data - they want to 
use your PC to attack other systems. The best way to protect 
yourself? Use antivirus software AND a firewall.
>> http://www.net-security.org/news.php?id=2097


CREATING AN APACHE SITE WITH PUBLIC AND SECURE ACCESS
If you want Apache to do anything useful, you have to write a 
config file. And, although we all know very well just how to do 
it in our heads, 99 times out of 100, we start out with an 
existing file and modify it.
>> http://www.net-security.org/news.php?id=2098


HOW YOU CAN HELP 'JAM' SPAM
Junk e-mail is a scourge for all of us. Now, industry leaders 
are joining forces to fight the spam plague. But they can't do 
it alone. You can help. Here's how.
>> http://www.net-security.org/news.php?id=2099


SECURE UNTRUSTED APPLICATIONS WITH CHROOT
Supported by all Linux and Unix systems, application jails put 
up a nearly impenetrable barrier between the "jailed" software 
and the rest of the system.
>> http://www.net-security.org/news.php?id=2100


THE CONSEQUENCES OF CRIMINALIZING CRYPTO
The Justice Department's plan to make routine encryption illegal 
in the hands of criminals will hurt law abiding citizens, and 
prove catastrophic for Internet security.
>> http://www.net-security.org/news.php?id=2101


SECRECY AND SECURITY
There's considerable confusion between the concepts of secrecy 
and security, and it is causing a lot of bad security and some 
surprising political arguments.
>> http://www.net-security.org/news.php?id=2102


SENDMAIL FLAW TESTS NEW SECURITY BODY
The US' new Department of Homeland Security has carried out 
its first cyberdefence project, dealing with a serious flaw 
in the ubiquitous email server.
>> http://www.net-security.org/news.php?id=2107


EU CYBERCRIME CODE COULD PUNISH ONLINE DEMONSTRATIONS
Legal experts have voiced their concern about new EU cybercrime 
rules because they say the rules don't differentiate between a 
real criminal and political protesters expressing their views 
by e-mail.
>> http://www.net-security.org/news.php?id=2108


HOW TO SELL: SECURITY - SCALING DEFENCES
Antivirus software companies have often been accused of writing 
viruses to keep themselves in business, rather like a bouncer 
starting fights at a nightclub so that he can then break them up.
>> http://www.net-security.org/news.php?id=2109


KLEZ WON'T STOP MAKING NET ROUNDS
Few e-mail viruses last as long as the Klez virus has. It seems 
to have the longest legs, topping the antivirus charts for almost 
a full year. What's a security-conscious Net user to do?
>> http://www.net-security.org/news.php?id=2110


NET HACKER TOOL DU JOUR: GOOGLE
Hackers often use underground software to gain access to private 
information on the Net or private computer networks. But the 
newest trick up their sleeves is a tool all Web users are 
familiar with.
>> http://www.net-security.org/news.php?id=2111


ONCE MORE CYBER WAR HAS BEEN PREDICTED
Imagine Iraqi commanders getting misleading text messages on 
their cell phones. They appear to contain orders from Saddam but 
are actually sent by the U.S. military in disguise, directing 
Iraqi troops to a trap.
>> http://www.net-security.org/news.php?id=2112


TRUSTWORTHY COMPUTING: WHAT'S NEXT?
The Code Red and Nimda worms convinced Microsoft that security 
needed to become its top priority. That decision led directly 
to the creation of the company's Trustworthy Computing initiative.
>> http://www.net-security.org/news.php?id=2113


HOW TO "SPEAK SECURITY" TO EXECUTIVES
Security Strategies sat down with Ernst & Young security expert 
Mark Doll to discuss how to communicate security issues with 
upper management among other topics.
>> http://www.net-security.org/news.php?id=2116


ESCAPE FROM SQL HELL
Quick response to SQL Slammer deflects potential disaster.
>> http://www.net-security.org/news.php?id=2117


THE PERIL WITHIN
WLANs are inherently insecure and can serve as the open window 
through which attackers could easily penetrate a system.
>> http://www.net-security.org/news.php?id=2118


IS ANY CERTIFICATION WORTH PURSUING?
Given that the current economic market in the IT field is the 
weakest it has been in a while, many people are considering 
certification. Emmett discusses the cost vs. the value of 
Unix/Linux certification.
>> http://www.net-security.org/news.php?id=2119


CYBERCRIME FOLLOWS MONEY TRAIL
Financial services firms face a particularly high threat of 
cyberattack, a federal agency reports. The findings can be 
attributed to criminals' well-documented attraction to money.
>> http://www.net-security.org/news.php?id=2120


E-PUNISHMENT: HOW MUCH IS TOO MUCH?
Is fear the motivation behind the sentencing of cybercrooks? 
That's the opinion of some legal experts, who say the penalties 
handed down to hackers are way too harsh.
>> http://www.net-security.org/news.php?id=2121


WINDOWS ROOT KITS A STEALTHY THREAT
Hackers are using vastly more sophisticated techniques to 
secretly control the machines they've cracked, and experts 
say it's just the beginning.
>> http://www.net-security.org/news.php?id=2124


STRATEGIES & ISSUES: JUSTIFYING SECURITY SPENDING
To get the dollars they need, security administrators have to 
start speaking the language of business.
>> http://www.net-security.org/news.php?id=2125


SPAM WARS MAKE STRANGE BEDFELLOWS
The open-source community is closer than ever to curing the 
spam problem, but they'll have to hold their noses and help 
out Windows users to get there.
>> http://www.net-security.org/news.php?id=2126


WIRELESS LAN ANALYZERS: THE ULTIMATE HACKING TOOLS?
A Wi-Fi protocol analyzer can help you plan and secure your 
network even if you don't use Wi-Fi.
>> http://www.net-security.org/news.php?id=2127


TIGHTER SECURITY IN OFFICE 2003
Microsoft's next version of Office will offer help to companies 
and government departments that have fallen foul of malicious 
leaks of information.
>> http://www.net-security.org/news.php?id=2129


EXPLORING RSA ENCRYPTION
This is an explanation of how and why RSA encryption works, 
plus examples on how to use it for yourself.
>> http://www.net-security.org/news.php?id=2130


GOOGLE CLOSES BLOGGER SECURITY HOLES
Google closed several security holes that could have allowed 
hackers to substitute their own musings for any of the over 
one-million electronic diaries maintained through the 
"Blogger" online publishing tool.
>> http://www.net-security.org/news.php?id=2131


INTRUDERS STEAL STUDENTS' PERSONAL INFO
Someone broke into a database and stole the names, Social 
Security numbers and e-mail addresses of more than 55,000 
students, former students and employees at the University 
of Texas at Austin.
>> http://www.net-security.org/news.php?id=2132


SCO SUES BIG BLUE OVER UNIX, LINUX
SCO Group, inheritor of the intellectual property for the Unix 
operating system, has sued IBM for more than $1 billion, 
alleging Big Blue misappropriated SCO's Unix technology 
and built it into Linux.
>> http://www.net-security.org/news.php?id=2133


TWO HELD OVER THEFT THAT CRACKED ONLINE BANKING
Tokyo police arrested two men on suspicion of stealing 16 
million yen through an online banking scheme that might 
involve hundreds of victims, officials said Thursday.
>> http://www.net-security.org/news.php?id=2134


CREDIT-CARD CO. VISA TO MASK CARD NUMBERS
Visa said it will require merchants that take Visa payments to 
display only the last four digits of a card number on receipts 
in an effort to thwart a surge in financial identity theft.
>> http://www.net-security.org/news.php?id=2135


THE BEST SPYWARE STOPPER
According to Fred Felman from Zone Labs, ZoneAlarm "shuts down 
Internet connectivity instead of losing control of the system" 
when an unauthorized application tries to send information 
from a PC.
>> http://www.net-security.org/news.php?id=2137

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

PHP Ping Remote Command Execution Vulnerability
>> http://www.net-security.org/vuln.php?id=2500


3Com SuperStack 3 Firewall Content Filter Exploitable Via Telnet
>> http://www.net-security.org/vuln.php?id=2499


Shopfactory Order Details Alteration Vulnerability
>> http://www.net-security.org/vuln.php?id=2498


Multiple Webservers and Log Analyzers Log Corruption Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2497


file(1) Locally Exploitable Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2496


Uploader Version 1.1 Arbitary File Uploading Vulnerability
>> http://www.net-security.org/vuln.php?id=2495


Snort RPC Preprocessor Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2494


HP Jetdirect SNMP Password Vulnerability When Using Web JetAdmin
>> http://www.net-security.org/vuln.php?id=2493


GTcatalog Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2492


Adobe Document Server for Reader Extensions Implementation Flaws
>> http://www.net-security.org/vuln.php?id=2491


PY-Livredor Cross Site Scripting And Script 
Injection Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2490


Sendmail Remote Header Processing Vulnerability
>> http://www.net-security.org/vuln.php?id=2489


web-erp 0.1.4 Database Access Vulnerability
>> http://www.net-security.org/vuln.php?id=2488


PHP-Nuke config.php File Disclosure Vulnerability
>> http://www.net-security.org/vuln.php?id=2487

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

SCO Security Advisory - Linux: slocate command line 
buffer overflows
>> http://www.net-security.org/advisory.php?id=1690


Red Hat Security Advisory - Updated OpenSSL packages 
fix timing attack
>> http://www.net-security.org/advisory.php?id=1689


Red Hat Security Advisory - Updated im packages fix 
insecure handling of temporary files
>> http://www.net-security.org/advisory.php?id=1688


Mandrake Linux Security Advisory - file
>> http://www.net-security.org/advisory.php?id=1687


Mandrake Linux Security Advisory - snort
>> http://www.net-security.org/advisory.php?id=1686


SGI Security Advisory - Mail Header Buffer Overflow 
In Sendmail
>> http://www.net-security.org/advisory.php?id=1685


SCO Security Advisory - UnixWare 7.1.1 Open UNIX 
8.0.0 UnixWare 7.1.3 : Lax permissions on /dev/X
>> http://www.net-security.org/advisory.php?id=1684


Red Hat Security Advisory - Updated squirrelmail 
packages close cross-site scripting vulnerabilities
>> http://www.net-security.org/advisory.php?id=1683


Gentoo Linux Security Announcement - snort
>> http://www.net-security.org/advisory.php?id=1682


SCO Security Advisory - Linux: php bypass safe_mode 
and injected control chars vulnerabilities
>> http://www.net-security.org/advisory.php?id=1681


OpenPKG Security Advisory - file
>> http://www.net-security.org/advisory.php?id=1680


OpenPKG Security Advisory - sendmail
>> http://www.net-security.org/advisory.php?id=1679


OpenPKG Security Advisory - zlib
>> http://www.net-security.org/advisory.php?id=1678


Compaq Security Bulletin - HP Tru64 UNIX, HP-UX, 
sendmail Potential Security Vulnerability
>> http://www.net-security.org/advisory.php?id=1677


Gentoo Linux Security Announcement - tcpdump
>> http://www.net-security.org/advisory.php?id=1676


FreeBSD Security Advisory - sendmail header parsing 
buffer overflow (Revised)
>> http://www.net-security.org/advisory.php?id=1675


Apple Security Advisory - Sendmail
>> http://www.net-security.org/advisory.php?id=1674


NetBSD Security Advisory - Malformed header Sendmail Vulnerability
>> http://www.net-security.org/advisory.php?id=1673


NetBSD Security Advisory - Encryption weakness in OpenSSL code
>> http://www.net-security.org/advisory.php?id=1672


Slackware Security Advisory - Sendmail buffer overflow fixed
>> http://www.net-security.org/advisory.php?id=1671


Gentoo Linux Security Announcement - sendmail
>> http://www.net-security.org/advisory.php?id=1670


Debian Security Advisory - sendmail remote exploit
>> http://www.net-security.org/advisory.php?id=1669


OpenPKG Security Advisory - tcpdump
>> http://www.net-security.org/advisory.php?id=1668


Gentoo Linux Security Announcement - vte
>> http://www.net-security.org/advisory.php?id=1667


Gentoo Linux Security Announcement - eterm
>> http://www.net-security.org/advisory.php?id=1666


IBM Security Advisory - sendmail buffer overflow vulnerability
>> http://www.net-security.org/advisory.php?id=1665


SGI Security Advisory - Mail Header Buffer Overflow In Sendmail
>> http://www.net-security.org/advisory.php?id=1664


SCO Security Advisory - UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 
7.1.3 : ftp vulnerability with pipe symbols in filenames
>> http://www.net-security.org/advisory.php?id=1663


Red Hat Security Advisory - Updated vte packages 
fix gnome-terminal vulnerability
>> http://www.net-security.org/advisory.php?id=1662


Conectiva Linux Security Announcement - sendmail
>> http://www.net-security.org/advisory.php?id=1661


Mandrake Linux Security Advisory - sendmail
>> http://www.net-security.org/advisory.php?id=1660


SuSE Security Announcement - sendmail, sendmail-tls
>> http://www.net-security.org/advisory.php?id=1659


Mandrake Linux Security Advisory - tcpdump
>> http://www.net-security.org/advisory.php?id=1658


CERT Advisory CA-2003-07 - Remote Buffer Overflow in Sendmail
>> http://www.net-security.org/advisory.php?id=1657


OpenBSD Announcement - Remote Buffer Overflow In Sendmail
>> http://www.net-security.org/advisory.php?id=1656


FreeBSD Security Advisory - sendmail header parsing 
buffer overflow
>> http://www.net-security.org/advisory.php?id=1655


Red Hat Security Advisory - Updated sendmail packages 
fix critical security issues
>> http://www.net-security.org/advisory.php?id=1654

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

INTERVIEW WITH CARLISLE ADAMS, SENIOR CRYPTOGRAPHER AND 
PRINCIPAL OF SECURITY AT ENTRUST, INC.
Carlisle Adams is recognized internationally for his many 
contributions to the design, specification, and standardization 
of public-key infrastructures. He is senior cryptographer and 
principal of security at Entrust, Inc. He has been an active 
participant in the IETF Public-Key Infrastructure X.509 (PKIX) 
and Common Authentication Technology (CAT) working groups.
>> http://www.net-security.org/article.php?id=403


SECURITY PLANNING BEST PRACTICES
When we begin to plan how best to protect our systems and 
organizations from intruders, it helps to think of those who 
maliciously attack the security of our organizations as 
entrepreneurs in their own right--though entrepreneurs of 
havoc and, in extreme cases, evil.
>> http://www.net-security.org/article.php?id=401


GUARDIAN DIGITAL RELEASES OPEN SOURCE SECURE MAIL SUITE
Guardian Digital, company well known in the security field for 
the LinuxSecurity.com web site and EnGarde Secure Linux product 
line, announced the release of the first secure open source 
enterprise solution for corporate messaging, spam and viruses 
protection.
>> http://www.net-security.org/article.php?id=402


IBM HAS RELEASED 6 NEW PREP TUTORIALS FOR DB2 CERTIFICATION
The new tutorials will teach you the basics of the DB2 products 
and tools, DB2 security, and much more. You need to make a FREE 
registration to view the tutorials.
>> http://www.net-security.org/article.php?id=404


TRIPWIRE SECURITY SEMINARS IN MARCH 2003
During March, Tripwire is holding several product and security 
related web seminars. These are some of the most interesting 
seminars.
>> http://www.net-security.org/article.php?id=405

----------------------------------------------------------------




[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

MANAGING CISCO NETWORK SECURITY
This book presents all the topics covered in the instructor-led 
certification preparation course with the same name - Managing 
Cisco Network Security (MCNS). The goal of this book is to help 
readers implement Cisco supported network security technologies 
as well as design networks that are more secure. Does it deliver? 
Read on to find out.
>> http://www.net-security.org/review.php?id=36


THE COMPLETE LINUX SHELL PROGRAMMING TRAINING COURSE
So, you want to learn Linux shell programming? This text and 
CD-ROM package covers the essential Linux shells (bash and tcsh) 
and three key Linux shell programming utilities (grep, sed, GNU 
awk). Ellie Quigley - Silicon Valley's top shell programming 
instructor starts from scratch and gets you all the way to 
expert-level techniques.
>> http://www.net-security.org/review.php?id=37

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

Panda Software Enters the Australian Market, Extending its 
Presence to all Five Continents
>> http://www.net-security.org/press.php?id=1277


BitDefender Will Show New Antivirus Technologies at CeBIT
>> http://www.net-security.org/press.php?id=1276


Advanced Oxygen Technologies, Inc. Acquires IP Service ApS
>> http://www.net-security.org/press.php?id=1275


GFI Launches Freeware version of Exchange Server Anti-Spam Product
>> http://www.net-security.org/press.php?id=1274


Kaspersky Security for PDA - A New Level Of Protection For 
Handheld Computers
>> http://www.net-security.org/press.php?id=1273


ISNET A.S. Uses Vexira Antivirus And Linux To Protect Over 
100,000 E-mail Users From Viruses
>> http://www.net-security.org/press.php?id=1272


SSH Communications Security Expands Global Presence 
With New Office In Sweden
>> http://www.net-security.org/press.php?id=1271


Trend Micro and Postini Join Forces to Offer Gateway-Based 
Anti-Spam Service for the Enterprise
>> http://www.net-security.org/press.php?id=1270


Trend Micro Introduces Enterprise Spam Prevention Service 
to Stop Unsolicited Email at the Internet Gateway
>> http://www.net-security.org/press.php?id=1269


Tim Russell named CEO of Datakey Inc.
>> http://www.net-security.org/press.php?id=1268

----------------------------------------------------------------




[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

KAVCLIENT 0.2 (Linux)
The libkavclient library is a C language interface to Kaspersky 
Anti-Virus Daemon (KAVDaemon), a part of Kaspersky Anti-Virus 
for Linux, a popular anti-virus software.
>> http://www.net-security.org/software.php?id=462


SCRIPT IDENTIFIER 0.0.3 (Linux)
Scriptid is a program and a library that can be used to 
determine whether a given text file contains code of a 
specified programming language.
>> http://www.net-security.org/software.php?id=463


DISKZAPPER 1.0
DiskZapper is a Linux-based bootable (floppy or CD-ROM) tool 
intended to wipe all hard drives on the machine it runs on 
to binary zero. This is intended for uses such as making sure 
old computers or hard drives being sold or trashed are clear 
of any confidential data.
>> http://www.net-security.org/software.php?id=464


GHERKIN 0.1 (Linux)
Gherkin is a free web-enabled, multi-threaded, centralized 
security scan manager incorporating Nessus vulnerability 
scanning, dns and nmb lookup host resolving, nmap fingerprinting 
and scanning, and customized traceroute-based network node 
detection with all the output stored in a normailzed Postgres 
database.
>> http://www.net-security.org/software.php?id=465

----------------------------------------------------------------




[ Virus News ] 


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Worm/Trojan "Randon" Threatens Port 445
>> http://www.net-security.org/virus_news.php?id=196


Kaspersky Labs: Virus Top 20 for February 2003
>> http://www.net-security.org/virus_news.php?id=195


Sophos: Top 10 Viruses and Hoaxes in February 2003
>> http://www.net-security.org/virus_news.php?id=194

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending your e-mail address to:
info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


---------------------------------------------------------------------
QUESTION: How Vulnerable are Your Applications and Databases?

ANSWER: Find out by downloading a vulnerability assessment 
scanner that can empower you with all of the answers.

DOWNLOAD YOUR FREE EVALUATION VERSION of AppDetective from:
http://www.appsecinc.com/helpnetsecurity

FREE DATABASE AND APPLICATION VULNERABILITY ASSESSMENT 
EVALUATION FREE WHITE PAPERS ON DATABASE SECURITY, 
SQL INJECTION, AND WORMS

Download your FREE EVALUATION VERSION of AppDetective and 
INFORMATIVE WHITE PAPERS on database/application security from:
http://www.appsecinc.com/helpnetsecurity/
---------------------------------------------------------------------