HNS Newsletter Issue 153 - 17.03.2003. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. --------------------------------------------------------------------- QUESTION: How Vulnerable are Your Applications and Databases? ANSWER: Find out by downloading a vulnerability assessment scanner that can empower you with all of the answers. DOWNLOAD YOUR FREE EVALUATION VERSION of AppDetective from: http://www.appsecinc.com/helpnetsecurity FREE DATABASE AND APPLICATION VULNERABILITY ASSESSMENT EVALUATION FREE WHITE PAPERS ON DATABASE SECURITY, SQL INJECTION, AND WORMS Download your FREE EVALUATION VERSION of AppDetective and INFORMATIVE WHITE PAPERS on database/application security from: http://www.appsecinc.com/helpnetsecurity/ --------------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Reviews 6) Security world 7) Security software 8) Virus news [ Security news ] ---------------------------------------------------------------- NOT SOFT ON SPAM: TOUGHER TOOLS Software company Trend Micro releases a new blocking technology to keep junk e-mail out of inboxes. >> http://www.net-security.org/news.php?id=2139 CAN THE FEDS MAKE SOFTWARE MORE SECURE? YUP! At first, Robert was skeptical about the new Department of Homeland Security and its ability to deal with software security flaws. But so far, it looks like he was wrong. >> http://www.net-security.org/news.php?id=2140 ORACLE: LOOK AT TOTAL COST OF SECURITY How do companies prevent potentially crippling Internet-based virus and worm attacks? They might want to look at what needs protecting first, and then building protection around the critical areas. >> http://www.net-security.org/news.php?id=2141 CRYPTOGRAPHIC FILESYSTEMS: DESIGN AND IMPLEMENTATION This article discusses some of the background and technology of cryptographic filesystems and covers some example implementations of these filesystems. >> http://www.net-security.org/news.php?id=2142 IRAQI CYBERWAR: AN AGELESS JOKE Did U.S. infowar commandos smuggle a deadly computer virus into Iraq inside a printer? Of course not. Why does it keep getting reported? >> http://www.net-security.org/news.php?id=2143 RUSSIAN HACKER GETS 3 YEARS IN JAIL A Russian hacker, lured to the US by the FBI under the ruse of a job interview in a case that prompted a sharp rebuke from Moscow, was sentenced on Friday to three years in prison for computer crime. >> http://www.net-security.org/news.php?id=2144 NETWORK WORM USES WEAK WINDOWS PASSWORDS Say hello to a network worm which attempts to compromise and spread through Windows machines with weak, default passwords. Called Deloder, the worm also tries to drop a backdoor component. >> http://www.net-security.org/news.php?id=2149 NEW FACE RECOGNITION TECHNOLOGY APPARENTLY WORKS The technology records the surface of a person's face by scanning it with a series of light patterns and stores the data as a three-dimensional image in a computer. >> http://www.net-security.org/news.php?id=2150 SECURITY ALERT POSTED FOR PEOPLESOFT A serious security flaw in business management software from PeopleSoft leaves sensitive corporate data vulnerable to attackers. >> http://www.net-security.org/news.php?id=2151 WHEN BAD THINGS HAPPEN TO GOOD DEMOS A slick security product demonstration only serves to prove that vendors often don't think enough about what security managers need. >> http://www.net-security.org/news.php?id=2152 IP SPOOFING: AN INTRODUCTION This article examines the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it. >> http://www.net-security.org/news.php?id=2153 HACKERS COME OUT TO PLAY The public will get a rare glimpse into the computer underground next month when some of the country's most talented hackers and crackers gather in Sydney for the inaugural Ruxcon conference. >> http://www.net-security.org/news.php?id=2154 SANS INSTITUTE LAUDS MICROSOFT SECURITY EFFORTS Microsoft, long at the receiving end of widespread user criticism for buggy products, last week received a rare pat on the back for its security efforts from the SANS Institute. >> http://www.net-security.org/news.php?id=2155 TEACH CUSTOMERS TO BE SECURITY-CONSCIOUS While security is at the top of most companies' agendas, the headlines continue to report sky-high numbers of security incidents. >> http://www.net-security.org/news.php?id=2156 HUNDREDS WARNED AS DATA DISAPPEARS Despite their country's permissive reputation, the Dutch don't have a license to swap copyrighted files, legal experts say. Recent publicity for the Honest Thief fed the misconception. >> http://www.net-security.org/news.php?id=2159 MILITARY TO CLAMP DOWN ON E-MAIL Concerned that sensitive information might leak out, some units of the US military are starting to clamp down on e-mail communication from their soldiers and sailors. >> http://www.net-security.org/news.php?id=2160 BUFFER OVERFLOW ATTACKS AND THEIR COUNTERMEASURES What is buffer overflow, why is it dangerous and how is it preventable? >> http://www.net-security.org/news.php?id=2161 SLIM PICKINGS FOR CYBERSECURITY IN DHS BUDGET As the new Department of Homeland Security swallows nearly every cybersecurity office in the U.S. government, high-profile leaders are jumping ship. >> http://www.net-security.org/news.php?id=2162 NOW THEY'RE AFTER YOU: MUSIC COPS TARGET USERS Whatever happens legislatively, the days when you could download all the songs or movies you wanted for free, without fear of prosecution, seem nearly at an end. >> http://www.net-security.org/news.php?id=2163 U.K. PLANS TO EXPAND INTERNET SURVEILLANCE POWERS The government said that it plans to give more officials and local authorities the power to monitor private e-mail and mobile telephone records in a bid to tackle organized crime and terrorism in Britain. >> http://www.net-security.org/news.php?id=2164 GROUP RESUMES XBOX CRACKING PROJECT A group of computer hobbyists has resumed its effort to crack the main security code for Microsoft's Xbox video game console. >> http://www.net-security.org/news.php?id=2167 CERT REPORTS RISE IN ATTACKS ON WEAK ADMIN PASSWORDS The CERT Coordination Center has noticed an uptick in the number of Windows 2000 and Windows XP PCs compromised by attacks on weak administrator passwords. >> http://www.net-security.org/news.php?id=2168 DEPLOYING HONEYD IN THE WILD In this paper we we will deploy Honeyd on the Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. >> http://www.net-security.org/news.php?id=2169 CODE RED OFFSHOOT PACKS MILD PUNCH There was little cause for alarm from a minor new variant of the destructive Code Red worm that began circulating this week. >> http://www.net-security.org/news.php?id=2170 SNORT SURVIVES FIRST VULNERABILITY Sourcefire CEO Wayne Jackson provides the details on how Sourcefire and ISS joined forces, along with the FBI's NIPC, to mitigate the flaw, patch sensitive government systems and issue a patch. >> http://www.net-security.org/news.php?id=2171 MANAGE PASSWORDS SAFELY AND SIMPLY Plagued by a plethora of passwords? Here's how to deal with them without driving yourself nuts. >> http://www.net-security.org/news.php?id=2172 'HONEST, WE'RE THE GOOD GUYS' The government wants access to personal information collected by businesses. The businesses want to help out with homeland security, but don't want to turn over confidential info to the government. >> http://www.net-security.org/news.php?id=2175 HI-TECH SURVEILLANCE FIRM PROSPERS If you're under FBI surveillance, there's a good chance your phone calls and Internet traffic are traveling over the equipment of Verint Systems - a company that's doing very well these days. >> http://www.net-security.org/news.php?id=2176 PAKISTAN CREATES CYBER CRIME WING A Pakistani security agency establishes a special arm to combat cyber crimes. Officials want to avoid having to rely on foreign investigators to track criminals who use the Internet. >> http://www.net-security.org/news.php?id=2177 DOES FILE TRADING FUND TERRORISM? Industry execs claim peer-to-peer networks pose more than just legal problems. >> http://www.net-security.org/news.php?id=2178 REMOTE TIMING ATTACKS ARE PRACTICAL Timing attacks are usually used to attack weak computing devices such as smartcards. This paper shows that timing attacks apply to general software systems. >> http://www.net-security.org/news.php?id=2180 ---------------------------------------------------------------- ---------------------------------------------------------------- HNS Book Giveaway: http://net-security.org/news.php?id=2187 > Mission-Critical Security Planner: When Hackers Won't Take No for an Answer > Personal Firewalls for Administrators and Remote Users > Writing Information Security Policies ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Nokia SGSN (DX200 Based Network Element) SNMP Security Issue >> http://www.net-security.org/vuln.php?id=2519 Sun ONE (iPlanet) Application Server Connector Module Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2518 H&R Tax Cut Information Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=2517 Intuit TurboTax Information Disclosure Vulnerability >> http://www.net-security.org/vuln.php?id=2516 PostgreSQL Denial of Service Vulnerability >> http://www.net-security.org/vuln.php?id=2515 VPOPMail Account Administration (Squirrel Mail) Multiple Vulnerabilities >> http://www.net-security.org/vuln.php?id=2514 Wordit Logbook Remote Code Execution Vulnerability >> http://www.net-security.org/vuln.php?id=2513 man Arbitary Code Execution Vulnerability >> http://www.net-security.org/vuln.php?id=2512 SOHO Routefinder 550 VPN Denial of Service and Buffer Overflow Vulnerabilities >> http://www.net-security.org/vuln.php?id=2511 Opera Web Browser Long Filename Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2510 Internet Explorer .MHT Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2509 Cross Referencing Linux Vulnerability >> http://www.net-security.org/vuln.php?id=2508 PHP-Nuke 6.0 And 6.5RC2 SQL Injection Vulnerability >> http://www.net-security.org/vuln.php?id=2507 DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code >> http://www.net-security.org/vuln.php?id=2506 Smoothwall Firewall SNORT Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2505 DBTools DBManager Information Leak Vulnerability >> http://www.net-security.org/vuln.php?id=2504 SQLBase Buffer Overflow Vulnerability >> http://www.net-security.org/vuln.php?id=2503 SimpleBBS 1.0.6 Default Permissions Vulnerability >> http://www.net-security.org/vuln.php?id=2502 Clearswift MAILsweeper MIME Attachment Vulnerability >> http://www.net-security.org/vuln.php?id=2501 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- SCO Security Advisory - Linux: KDE rlogin.protocol and telnet.protocol url kio Vulnerability >> http://www.net-security.org/advisory.php?id=1714 OpenPKG Security Advisory - qpopper >> http://www.net-security.org/advisory.php?id=1713 Debian Security Advisory - New tcpdump packages fix denial of service vulnerability >> http://www.net-security.org/advisory.php?id=1712 SCO Security Advisory - OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer >> http://www.net-security.org/advisory.php?id=1711 SuSE Security Announcement - tcpdump >> http://www.net-security.org/advisory.php?id=1710 Debian Security Advisory - New file package fixes buffer overflow >> http://www.net-security.org/advisory.php?id=1709 SuSE Security Announcement - lprod >> http://www.net-security.org/advisory.php?id=1708 NetBSD Security Advisory - Buffer Overflow in file(1) >> http://www.net-security.org/advisory.php?id=1707 Debian Security Advisory - qpopper user privilege escalation >> http://www.net-security.org/advisory.php?id=1706 Mandrake Linux Security Advisory - usermode >> http://www.net-security.org/advisory.php?id=1705 CERT Advisory CA-2003-08 - Increased Activity Targeting Windows Shares >> http://www.net-security.org/advisory.php?id=1704 Red Hat Security Advisory - Updated file packages fix vulnerability >> http://www.net-security.org/advisory.php?id=1703 SCO Security Advisory - UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : REVISED: Lax permissions on /dev/X >> http://www.net-security.org/advisory.php?id=1702 SCO Security Advisory - Linux: format string vulnerability in zlib (gzprintf) >> http://www.net-security.org/advisory.php?id=1701 SCO Security Advisory - Linux: remote buffer overflow in sendmail (CERT CA-2003-07) >> http://www.net-security.org/advisory.php?id=1700 Debian Security Advisory - New ethereal packages fix arbitrary code execution >> http://www.net-security.org/advisory.php?id=1699 Gentoo Linux Security Announcement - ethereal >> http://www.net-security.org/advisory.php?id=1698 Red Hat Security Advisory - Updated file packages fix vulnerability >> http://www.net-security.org/advisory.php?id=1697 EnGarde Secure Linux Advisory - snort RPC preprocessor buffer overflow >> http://www.net-security.org/advisory.php?id=1696 EnGarde Secure Linux Advisory - ELF parsing routine buffer overflow vulnerability >> http://www.net-security.org/advisory.php?id=1695 SCO Security Advisory - UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : remote buffer >> http://www.net-security.org/advisory.php?id=1694 Gentoo Linux Security Announcement - netscape-flash >> http://www.net-security.org/advisory.php?id=1693 Gentoo Linux Security Announcement - mysqlcc >> http://www.net-security.org/advisory.php?id=1692 Gentoo Linux Security Announcement - snort >> http://www.net-security.org/advisory.php?id=1691 ---------------------------------------------------------------- ---------------------------------------------------------------- HNS Book Giveaway: http://net-security.org/news.php?id=2187 > Mission-Critical Security Planner: When Hackers Won't Take No for an Answer > Personal Firewalls for Administrators and Remote Users > Writing Information Security Policies ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- A PRACTICAL APPROACH FOR DEFEATING NMAP OS-FINGERPRINTING This paper describes different solutions to defeat Nmap and behave like another chosen operating system, as well as a demonstration on how this can be accomplished. >> http://www.net-security.org/article.php?id=406 INFORMATION SECURITY EXCELLENCE AWARDS WINNERS ANNOUNCED Information Security Magazine announced this years' winners of prestige Information Security Excellence Awards. Winners were chosen to represent 10 different thematic categories and 'top product of the year' and 'best new product' titles were given to the outstanding solutions. >> http://www.net-security.org/article.php?id=407 INTERVIEW WITH CHRISTOPHER ALBERTS The senior member of the technical staff in the Networked Systems Survivability Program at the Software Engineering Institute talks about his book and security in general. >> http://www.net-security.org/article.php?id=408 INTERVIEW WITH RICHARD BOYER The Vice President of Program Management of NetFrameworks talks about the company and identity management. >> http://www.net-security.org/article.php?id=409 ---------------------------------------------------------------- ---------------------------------------------------------------- HNS Book Giveaway: http://net-security.org/news.php?id=2187 > Mission-Critical Security Planner: When Hackers Won't Take No for an Answer > Personal Firewalls for Administrators and Remote Users > Writing Information Security Policies ---------------------------------------------------------------- [ Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- A PRACTICAL GUIDE TO RED HAT LINUX 8 In the last few years, Red Hat has become the market-leading Linux distribution. This is exactly why there are many books about Red Hat Linux, with this one being one of the newest. The material presented here is specifically written for Red Hat users but the majority of the information presented can be applied to other Linux distributions. This review is going to be a bit more concentrated on the security aspects of this book. >> http://www.net-security.org/review.php?id=38 WRITING INFORMATION SECURITY POLICIES If you are planning on starting or enforcing the security policies in your organization and don't know much about their structure and usage, this book will serve as a wonderful guide. >> http://www.net-security.org/review.php?id=39 PERSONAL FIREWALLS FOR ADMINISTRATORS AND REMOTE USERS Many users think that their personal computers are not susceptible to any kind of attack. Despite their belief, many computers, especially those behind a permanent broadband connection, suffer attacks. What can you do to protect yourself? One of the things you can do is install a personal firewall and this book is here to teach you all about it. >> http://www.net-security.org/review.php?id=40 LINUX SYSTEM SECURITY: THE ADMINISTRATOR'S GUIDE TO OPEN SOURCE SECURITY TOOLS, 2/E Choosing "Linux System Security" for a title of your book is surely a pretentious step. But usually, when someone picks this kind of name for a planned publication, he or she is sure to deliver the quality readers expect. I'm satisfied to say that, in this case, the authors do provide the level of information suitable for the book's title. >> http://www.net-security.org/review.php?id=41 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- ActivCard Appoints Former NSA Deputy Director William Crowell to Board of Directors >> http://www.net-security.org/press.php?id=1291 Datakey Europe Expands to Benelux Region >> http://www.net-security.org/press.php?id=1290 Kaspersky Anti-Virus Lite 4.5 - More Convenient, More Effective, Easier >> http://www.net-security.org/press.php?id=1289 ElcomSoft Releases Advanced EFS Data Recovery 1.0 for Windows NT/2000/XP >> http://www.net-security.org/press.php?id=1288 Protegrity's Secure.Data Database Security Software To Offer Rsa Bsafe Encryption Software >> http://www.net-security.org/press.php?id=1287 Security Company-PivX, Releases TurboTax and TaxCut Information Disclosure Vulnerability, Potential Identity Theft >> http://www.net-security.org/press.php?id=1286 F-Secure and Leading European Service Providers Offer New Security Services to Consumers and Small Businesses >> http://www.net-security.org/press.php?id=1285 CyberGuard To Enter Evaluation For Department Of Defense's Rigorous New Medium Robustness Protection Profile For Firewalls >> http://www.net-security.org/press.php?id=1284 Network Box Announces UK Channel Recruitment Programme for Internet Security Device >> http://www.net-security.org/press.php?id=1283 Cobion to Unveil Anti-Spam Product for Businesses and Home Web Filtering Product for ISPs >> http://www.net-security.org/press.php?id=1282 Corsaire Warn Clearswift of Issues with MIME Evasion Within CS MAILsweeper >> http://www.net-security.org/press.php?id=1281 Powerful Protection for Email Attachments from Pointsec Mobile Technologies >> http://www.net-security.org/press.php?id=1280 Freeman Health System Selects Zix Corporation for System-wide Email Protection Services >> http://www.net-security.org/press.php?id=1279 Utimaco Safeware Integrates eToken from Aladdin Knowledge Systems with SafeGuard Line of Products >> http://www.net-security.org/press.php?id=1278 ---------------------------------------------------------------- ---------------------------------------------------------------- HNS Book Giveaway: http://net-security.org/news.php?id=2187 > Mission-Critical Security Planner: When Hackers Won't Take No for an Answer > Personal Firewalls for Administrators and Remote Users > Writing Information Security Policies ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- LIBNIDS 1.17 Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection. >> http://www.net-security.org/software.php?id=466 JMAP 0.21 JMap is a Java network portscanner, a security tool to identify open ports on any host or network subnet. It features the ability to scan every host in a given network segment, for a range of ports or a specified network service. Supported protocols are TCP and UDP. >> http://www.net-security.org/software.php?id=467 PACKIT 0.5.0 Packit is a network auditing tool that allows you to monitor, manipulate, and inject customized IP traffic into your network. >> http://www.net-security.org/software.php?id=468 COMLOG 1.01 This is a command prompt capture utility for Windows NT/2K. Ideal to maintain a log history of commands typed at the command prompt by users, or to capture intruder activity with IIS abuse or netcat tunnels. >> http://www.net-security.org/software.php?id=469 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Weekly Virus Report - NiceHello, CodeRed.F, Deloder.A and Prom Worms >> http://www.net-security.org/virus_news.php?id=199 First Incidents Involving the 'Deloder' Worm >> http://www.net-security.org/virus_news.php?id=198 Weekly Virus Report - Random, Lentin and Opaserv Worms >> http://www.net-security.org/virus_news.php?id=197 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending your e-mail address to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php --------------------------------------------------------------------- QUESTION: How Vulnerable are Your Applications and Databases? ANSWER: Find out by downloading a vulnerability assessment scanner that can empower you with all of the answers. DOWNLOAD YOUR FREE EVALUATION VERSION of AppDetective from: http://www.appsecinc.com/helpnetsecurity FREE DATABASE AND APPLICATION VULNERABILITY ASSESSMENT EVALUATION FREE WHITE PAPERS ON DATABASE SECURITY, SQL INJECTION, AND WORMS Download your FREE EVALUATION VERSION of AppDetective and INFORMATIVE WHITE PAPERS on database/application security from: http://www.appsecinc.com/helpnetsecurity/ ---------------------------------------------------------------------