HNS Newsletter
Issue 155 - 31.03.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


--------------------------------------------------------------------
ALERT: How a Hacker Launches a SQL Injection Attack - Step-by-Step!
--------------------------------------------------------------------
It's as simple as placing additional SQL commands into an input 
box on a web form giving hackers complete access to all your 
backend data! Firewalls and IDS will not stop SQL Injection 
attempts because they are NOT seen as intrusions.

Download this *FREE* white paper from SPI Dynamics for a complete 
guide to protection! 
http://www.spidynamics.com/mktg/sqlinjection29 
--------------------------------------------------------------------


------------------------------------------------------
Accurate Anti-Spam Software - Download a Free Trial
>> http://www.surfcontrol.com/go/zhnsppl
------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Security world
6) Security software
7) Virus news


[ Security news ]

 
----------------------------------------------------------------

'HACKER-PROOF' AD A NO-GO FOR MICROSOFT
Authorities in South Africa have put the brakes on a Microsoft 
advertisement bearing the bold claim of making hackers extinct.
>> http://www.net-security.org/news.php?id=2227


APPLICATION-LEVEL FIREWALLS: SMALLER NET, TIGHTER FILTER
Application-layer firewalls differ from stateful packet-filtering 
and circuit-level gateways in several ways. Find out the details.
>> http://www.net-security.org/news.php?id=2228


E-MAIL WORM PRETENDS TO HAVE SPY SATELLITE IMAGES
A new e-mail worm has surfaced that purports to show screensavers 
of US spy satellite pictures of Iraq or animations that are 
either patriotic or that mock President Bush.
>> http://www.net-security.org/news.php?id=2229


HOTMAIL RESTRICTS OUTGOING MESSAGES
Microsoft’s MSN Hotmail, a free Web-based e-mail service, has 
tightened restrictions on daily outbound messages sent by 
subscribers, a tactic it says will help curb spam.
>> http://www.net-security.org/news.php?id=2236


SECURITY SPECS IN THE WORKS
Now that the federal government has shown its cards on the 
issue of Internet security, a newly formed task force of 
security company executives is planning a response.
>> http://www.net-security.org/news.php?id=2237


MICROSOFT ASKS COLLEGES TO TEACH HACKING
Students will learn how to hack into software and fix its bugs.
>> http://www.net-security.org/news.php?id=2238


IS SSL SAFE?
Czech security researchers this week claimed to have uncovered 
weaknesses in SSL that might permit crackers to decypher 
transmissions over supposedly secure links.
>> http://www.net-security.org/news.php?id=2239


IT MELTDOWN TOPS FEAR POLL
UK firms are more worried about losing IT capacity than people 
in the event of a terrorist attack, a survey has found.
>> http://www.net-security.org/news.php?id=2240


ANTI-WAR HACKERS STRIKE THE US NAVY
Virus writer and hacker activity has stepped up dramatically 
since the coalition armed forces started their war against Iraq.
>> http://www.net-security.org/news.php?id=2241


KEEP PACE WITH WLAN SECURITY DEVELOPMENTS
Wireless security is a complicated topic, and one that requires 
much education and know-how. Unfortunately, this education is 
largely lacking, according to experts.
>> http://www.net-security.org/news.php?id=2242


CHEAP KEYCORP SMARTCARD LAUNCHED
Smartcard developer Keycorp and MasterCard International have 
announced an affordable, high security smartcard, to address 
escalating debit and credit card fraud.
>> http://www.net-security.org/news.php?id=2245


BLAIR TAGGED AS PRIVACY THREAT
A U.K. civil liberties group announces its annual Big Brother 
awards for the people and companies who represent the country's 
biggest threats to privacy. The winners include British Prime
Minister Tony Blair.
>> http://www.net-security.org/news.php?id=2246


ENGLISH AL-JAZEERA WEBSITE ATTACKED
Arab satellite TV network Al-Jazeera launched an English-language 
website that was hit with a DoS attack.
>> http://www.net-security.org/news.php?id=2247


ARE WIRELESS NETWORKS SECURE YET?
Once vendors and standard-setters solve the encryption and 
authentication problems facing WLANs, they will be able to 
attack new areas of network management.
>> http://www.net-security.org/news.php?id=2248


VIRUS HOAXES AND THE REAL DANGERS THEY POSE
This article offers a brief overview of virus hoaxes, how users 
can spot them, and how they can protect themselves against them.
>> http://www.net-security.org/news.php?id=2249


INFORMATION SECURITY TOO IMPORTANT FOR IT
A new report from Henley Management College has found that few 
companies are giving security the board level attention it 
deserves, even though it is becoming an increasingly important 
corporate issue.
>> http://www.net-security.org/news.php?id=2250


DEFENSE, NSA MOVE ON 'OPEN SOURCE' SOFTWARE DEVELOPMENT
A senior research scientist at NSA, said that in spite of 
complaints from proprietary software vendors, the agency is 
continuing to improve its Security Enhanced Linux.
>> http://www.net-security.org/news.php?id=2251


SCAM CASTS DOUBT ON EBAY'S ANTI-FRAUD SOFTWARE
Robert Beck suspended his distrust of online auctions and went 
for a top-of-the-line speaker system. He cast a winning bid of 
$1,900, paid by credit card and waited for his first eBay 
purchase.
>> http://www.net-security.org/news.php?id=2255


TOO COOL FOR SECURE CODE
Until Unix and Linux programmers get over their macho love for 
low-level programming languages, security holes will continue 
to flow freely.
>> http://www.net-security.org/news.php?id=2256


COMMUTERS HACK WIRELESS NETWORKS
Wireless hacking is most likely to occur during the rush hour, 
a survey has found.
>> http://www.net-security.org/news.php?id=2257


HOW ANTISPAM SOFTWARE WORKS
You're getting more junk e-mail than ever? You can take comfort 
in the fact that so is everyone else. Or you can do something 
about it.
>> http://www.net-security.org/news.php?id=2258


DOJ INVESTIGATES NETWORK ASSOCIATES
The US Department of Justice will join an ongoing Securities 
and Exchange Commission investigation into Network Associates' 
accounting practices.
>> http://www.net-security.org/news.php?id=2259


WHY THE DOGS OF CYBERWAR STAY LEASHED
The United States could try out its much-hyped "cyberwarfare" 
capabilities in Iraq... but it would probably be illegal.
>> http://www.net-security.org/news.php?id=2260


IBM SECURITY EXECUTIVE IS FATHER OF ACCUSED "HACKER"
Loren Anderson, a 17-year-old accused of identity theft and 
fraud, is the son of a computer security executive at IBM.
>> http://www.net-security.org/news.php?id=2261


SECURITY - STILL IN ITS INFANCY
How immature is the IT security market? And what would it 
look like if it grew up?
>> http://www.net-security.org/news.php?id=2262


DON'T DISMISS POSSIBILITY OF MALICIOUS CODE ON LINUX
With Linux source code open to inspection, someone could 
remediate dangerous vulnerabilities to be exploited by 
malicious code.
>> http://www.net-security.org/news.php?id=2266


EU TO UNIFY E-CRIME RULES
To deter online attacks, forthcoming regulations will require 
EU states to harmonise anti-hacking laws and hand out custodial 
sentences for serious offences.
>> http://www.net-security.org/news.php?id=2267


WARTIME INTERNET SECURITY IS 'BUSINESS AS USUAL'
The Feds warned that the Iraq war may prompt crackers to 
attack. But Internet security firms aren't changing their 
standard procedures to accommodate the higher threat level - 
because for them, vigilance is par for the course.
>> http://www.net-security.org/news.php?id=2268


WHAT'S SO FREE ABOUT THIS DVD?
A documentary filmmaker who labored for years on a film about 
open-source software programmers, releases it on DVD without 
any copyright protection. He hopes people won't pirate it.
>> http://www.net-security.org/news.php?id=2269


INCIDENT RESPONSE TOOLS FOR UNIX, PART ONE: SYSTEM TOOLS
This article is the first in a three-part series on tools that 
are useful during incident response and investigation after a 
compromise has occurred on a OpenBSD, Linux, or Solaris system.
>> http://www.net-security.org/news.php?id=2270


A SPAM FIGHTER'S WORK IS NEVER DONE
Suresh Ramasubramanian's job is to stop junk e-mail from ever 
getting to your in box. But for every spammer he blocks, a 
dozen more rise up.
>> http://www.net-security.org/news.php?id=2271

----------------------------------------------------------------


-------------------------------------------------------
Stop Spam Now - Free SurfControl E-mail Filter Trial
>> http://www.surfcontrol.com/go/zhnsppl
-------------------------------------------------------


[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

RealPlayer PNG Deflate Heap Corruption Vulnerability
>> http://www.net-security.org/vuln.php?id=2561


GNOME's Eye of Gnome Vulnerability
>> http://www.net-security.org/vuln.php?id=2560


Multiple Vulnerabilities in Sambar Server
>> http://www.net-security.org/vuln.php?id=2559


Win32 PHP openlog() Function Buffer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2558


D-Link DSL Broadband Modem/Router SNMP Security Issues
>> http://www.net-security.org/vuln.php?id=2557


testcgi.exe Cross Site Scripting Vulnerability
>> http://www.net-security.org/vuln.php?id=2556


Symantec Enterprise Firewall HTTP URL Pattern 
Evasion Vulnerability
>> http://www.net-security.org/vuln.php?id=2555


PHP Memory Allocator Integer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2554


MyTaxexpress 2003 Does Not Encrypt Files
>> http://www.net-security.org/vuln.php?id=2553


PHP socket_iovec_alloc() function Integer Overflow Vulnerability
>> http://www.net-security.org/vuln.php?id=2552


JWalk Application Server Version 3.2c9 Directory 
Traversal Vulnerability
>> http://www.net-security.org/vuln.php?id=2551


PHPNuke viewpage.php Remote File Disclosure Vulnerability
>> http://www.net-security.org/vuln.php?id=2550


paFileDB 3.x SQL Injection Vulnerability
>> http://www.net-security.org/vuln.php?id=2549


3com Remote Access System 15000 Multiple Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2548


Digital Signature for Adobe Acrobat Reader Plug-in Can Be Forged
>> http://www.net-security.org/vuln.php?id=2547


SimpleChat! User Information Disclosure Vulnerability
>> http://www.net-security.org/vuln.php?id=2546


PostNuke Path Disclosure Vulnerability
>> http://www.net-security.org/vuln.php?id=2545


Stunnel RSA Timing Attacks and Key Discovery
>> http://www.net-security.org/vuln.php?id=2544


Edonkey2000 and Overnet Resources Consumption Vulnerabilities
>> http://www.net-security.org/vuln.php?id=2543


Check Point FW-1 NG FP3 and FP3 HF1 Syslog Daemon 
Denial of Service Vulnerability
>> http://www.net-security.org/vuln.php?id=2542

----------------------------------------------------------------


-----------------------------------------------------------
SurfControl E-mail Filter Stops Spam - Free 30-Day Trial
>> http://www.surfcontrol.com/go/zhnsppl
-----------------------------------------------------------


[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

CERT Advisory CA-2003-12 - Buffer Overflow in Sendmail
>> http://www.net-security.org/advisory.php?id=1818


Debian Security Advisory - New mutt packages fix 
arbitrary code execution
>> http://www.net-security.org/advisory.php?id=1817


Debian Security Advisory - New krb4 packages fix 
authentication failure
>> http://www.net-security.org/advisory.php?id=1816


CERT Advisory CA-2003-11 - Multiple Vulnerabilities 
in Lotus Notes and Domino
>> http://www.net-security.org/advisory.php?id=1815


Microsoft Security Bulletin MS03-010 - Flaw in RPC 
Endpoint Mapper Could Allow Denial of Service Attacks
>> http://www.net-security.org/advisory.php?id=1814


Gentoo Linux Security Announcement - zlib
>> http://www.net-security.org/advisory.php?id=1813


Trustix Secure Linux Security Advisory - glibc
>> http://www.net-security.org/advisory.php?id=1812


Trustix Secure Linux Security Advisory - openssl
>> http://www.net-security.org/advisory.php?id=1811


Red Hat Security Advisory - Updated kerberos packages 
fix various vulnerabilities
>> http://www.net-security.org/advisory.php?id=1810


Mandrake Linux Security Advisory - kernel22
>> http://www.net-security.org/advisory.php?id=1809


Mandrake Linux Security Advisory - kernel
>> http://www.net-security.org/advisory.php?id=1808


Debian Security Advisory - New dietlibc packages fix 
arbitrary code execution
>> http://www.net-security.org/advisory.php?id=1807


Debian Security Advisory - New ecartis and listar 
packages fix password change vulnerability
>> http://www.net-security.org/advisory.php?id=1806


Debian Security Advisory - New Linux kernel packages 
fix local root exploit
>> http://www.net-security.org/advisory.php?id=1805


Red Hat Security Advisory - Updated kerberos packages 
fix various vulnerabilities
>> http://www.net-security.org/advisory.php?id=1804


NetBSD Security Advisory - faulty length checks in xdrmem_getbytes
>> http://www.net-security.org/advisory.php?id=1803


NetBSD Security Advisory - RSA timing attack in OpenSSL code
>> http://www.net-security.org/advisory.php?id=1802


NetBSD Security Advisory - (Another) Encryption weakness 
in OpenSSL code
>> http://www.net-security.org/advisory.php?id=1801


NetBSD Security Advisory - Format string vulnerability 
in zlib gzprintf()
>> http://www.net-security.org/advisory.php?id=1800


Microsoft Security Bulletin MS03-010 - Flaw in RPC Endpoint 
Mapper Could Allow Denial of Service Attacks
>> http://www.net-security.org/advisory.php?id=1799


CERT Advisory CA-2003-11 - Multiple Vulnerabilities in 
Lotus Notes and Domino
>> http://www.net-security.org/advisory.php?id=1798


Debian Security Advisory - New heimdal packages fix 
authentication failure
>> http://www.net-security.org/advisory.php?id=1797


SuSE Security Announcement - apcupsd
>> http://www.net-security.org/advisory.php?id=1796


SCO Security Advisory - Linux: apcupsd remote root 
vulnerability and buffer overflows
>> http://www.net-security.org/advisory.php?id=1795


Mandrake Linux Security Advisory - glibc
>> http://www.net-security.org/advisory.php?id=1794


Mandrake Linux Security Advisory - netpbm
>> http://www.net-security.org/advisory.php?id=1793


Mandrake Linux Security Advisory - openssl
>> http://www.net-security.org/advisory.php?id=1792


Mandrake Linux Security Advisory - rxvt
>> http://www.net-security.org/advisory.php?id=1791


Gentoo Linux Security Announcement - stunnel
>> http://www.net-security.org/advisory.php?id=1790


SuSE Security Announcement - kernel
>> http://www.net-security.org/advisory.php?id=1789


Debian Security Advisory - New mutt packages fix 
arbitrary code execution
>> http://www.net-security.org/advisory.php?id=1788


Red Hat Security Advisory - New samba packages fix 
security vulnerabilities
>> http://www.net-security.org/advisory.php?id=1787


Gentoo Linux Security Announcement - glibc
>> http://www.net-security.org/advisory.php?id=1786


Red Hat Security Advisory - Updated Evolution packages 
fix multiple vulnerabilities (update)
>> http://www.net-security.org/advisory.php?id=1785


Apple Security Advisory - Samba, OpenSSL
>> http://www.net-security.org/advisory.php?id=1784


SGI Security Advisory - Multiple Vulnerabilities 
and Enhancements in ftpd
>> http://www.net-security.org/advisory.php?id=1783


Debian Security Advisory - New lpr packages fix local root exploit
>> http://www.net-security.org/advisory.php?id=1782


EnGarde Secure Linux Advisory - MySQL Root Exploit
>> http://www.net-security.org/advisory.php?id=1781


SuSE Security Announcement - mutt
>> http://www.net-security.org/advisory.php?id=1780


Debian Security Advisory - New krb5 packages fix 
several vulnerabilities
>> http://www.net-security.org/advisory.php?id=1779


Gentoo Linux Security Announcement - bitchx
>> http://www.net-security.org/advisory.php?id=1778


Gentoo Linux Security Announcement - openssl
>> http://www.net-security.org/advisory.php?id=1777


Gentoo Linux Security Announcement - mutt
>> http://www.net-security.org/advisory.php?id=1776


EnGarde Secure Linux Advisory - RPC XDR decoder vulnerability
>> http://www.net-security.org/advisory.php?id=1775


SCO Security Advisory - Linux: several recently 
discovered openssl vulnerabilities
>> http://www.net-security.org/advisory.php?id=1774


Gentoo Linux Security Announcement - evolution
>> http://www.net-security.org/advisory.php?id=1773


Debian Security Advisory - New bonsai packages fix 
several vulnerabilities
>> http://www.net-security.org/advisory.php?id=1772


FreeBSD Security Advisory - OpenSSL timing-based SSL/TLS attack
>> http://www.net-security.org/advisory.php?id=1771


SuSE Security Announcement - ethereal
>> http://www.net-security.org/advisory.php?id=1770


SuSE Security Announcement - qpopper
>> http://www.net-security.org/advisory.php?id=1769


SuSE Security Announcement - file
>> http://www.net-security.org/advisory.php?id=1768

----------------------------------------------------------------


---------------------------------------------------------------
SurfControl E-mail Filter - Try the Enterprise Spam Solution
>> http://www.surfcontrol.com/go/zhnsppl
---------------------------------------------------------------


[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

DESTROYING A CISCO ROUTER NETWORK: HOW A DISGRUNTLED 
EMPLOYEE CAN DO SOME SERIOUS DAMAGE
Cisco has other pretty good commands that are used for the right 
purposes and that makes them the routers and switches we have 
all grown to love. But used in the wrong way, they could take 
a large network down for months. So here is how it goes.
>> http://www.net-security.org/article.php?id=426


PROTECT YOUR PC FOR FREE! NO MORE EXCUSES!
With the resurgence of several email viruses and the proliferation 
of new ones, not to mention a host of new security vulnerabilities 
across several platforms, I thought I would take a step back and 
address protecting your system as a whole. I've discussed these 
individual portions separately in the past, but I thought it 
might be helpful to lump them together for quick and easy reference.
>> http://www.net-security.org/article.php?id=430


INTERVIEW WITH CHRIS NEGUS, AUTHOR OF "RED HAT LINUX 8 BIBLE"
Christopher Negus has been working with UNIX systems, the 
Internet, and (more recently) Linux systems for more than two 
decades. During that time, Chris worked at AT&T Bell Laboratories, 
UNIX Systems Laboratories, and Novell, helping to develop the 
UNIX operating system. Features from many of the UNIX projects 
Chris worked on at AT&T have found their way into Red Hat and 
other Linux systems.
>> http://www.net-security.org/article.php?id=422


HOW TO MAKE WIRELESS NETWORKS SECURE
Extremely secure WLAN access, that is easily managed, is now 
attainable by using the latest specialist software, supporting 
the innovative and advanced EAP-TTLS authentication type, to 
achieve a maximum return from an organisation's WLAN investment.
>> http://www.net-security.org/article.php?id=429


INTERVIEW WITH SCOTT MANN, CO-AUTHOR OF LINUX SYSTEM SECURITY: 
THE ADMINISTRATOR'S GUIDE TO OPEN SOURCE SECURITY TOOLS, 2/E
Scott has been working with UNIX and TCP/IP for nearly 25 
years. He talks about his book, Linux and computer security in
general.
>> http://www.net-security.org/article.php?id=427


HOW TO SECURE YOUR TELEWORKERS WITH A VPN
Many in the industry fear that the move towards teleworking and 
the corresponding change of the enterprise network from a closed, 
protected architecture to an open, Internet-based system leaves 
a lot of questions unanswered.
>> http://www.net-security.org/article.php?id=434


DON’T TAKE CODE RED LIGHTLY
This paper analyzes the patterns of emerging malware and presents 
a strategy to assist network and security administrators in 
addressing “new” yet old threats.
>> http://www.net-security.org/article.php?id=416


MAILFRONTIER RELEASES MATADOR 2.0 DESKTOP ANTI- SPAM SOLUTION
MailFrontier announced the latest release of their anti-spam 
product Matador. Matador 2.0 now supports Outlook Express and 
several web based e-mail solutions like Hotmail and MSN.
>> http://www.net-security.org/article.php?id=412


SAFENET ANNOUNCES NEWEST VERSION OF SOFTREMOTE VPN PRODUCT
SafeNet, Inc., announced the availability of the latest version 
of its VPN client software SoftRemote. 10.0 release of SoftRemote 
supports the latest IETF Network Address Translation Traversal 
(NAT-T) Draft which enhances the ability of IPSec sessions to 
transit IPSec-aware NAT devices.
>> http://www.net-security.org/article.php?id=413


MANAGING THE SECURITY OF DATA FLOW
Customer Relationship Management (CRM) systems are cited as 
one of the major technology successes of the last decade. 
Although these 'super databases' enable the real-time sharing 
of information across global organisations, enabling the delivery 
of superior customer experiences and establishing more profitable 
customer relationships, there are inherent security risks 
associated with the system that need to be thoroughly addressed 
and managed appropriately by the IT department.
>> http://www.net-security.org/article.php?id=414


SAP SELECTS UROAM'S NEWLY RELEASED FIREPASS 3.5 SOFTWARE
uRoam, a provider of web-based remote access solutions, announced 
the availability of FirePass 3.5 software for the FirePass 
1000/4000 server, the company's SSL Virtual Private Network 
appliance.
>> http://www.net-security.org/article.php?id=415


WHOLESECURITY LAUNCHES SOLUTION FOR ONLINE IDENTITY THEFT
During the second day of EDventure's PC Forum, Texas based security 
company WholeSecurity presented the first automatic and behavioral
based software to prevent Online Identity Theft.
>> http://www.net-security.org/article.php?id=417


VERIO ANNOUNCES CUSTOMER VIRTUAL PRIVATE NETWORK SERVICE
Verio, a leader in global IP solutions and the world's largest 
Web hosting provider, introduced a completely managed customer 
premise equipment based Virtual Private Network service. NTT/VERIO 
SafeGuard VPN.CPE service proactively handles all management 
functions remotely, making it easier for businesses with multiple 
locations requiring VPN services.
>> http://www.net-security.org/article.php?id=418


12TH USENIX SECURITY SYMPOSIUM COMING IN AUGUST
Alex Walker dropped us an e-mail with some information on the 
upcoming 12th USENIX Security Symposium. The conference will 
be held August 4-8, 2003 in Marriott Wardman Park Hotel in 
Washington, USA.
>> http://www.net-security.org/article.php?id=419


SYMANTEC LAUNCHES TECHNOLOGY PARTNER PROGRAM
The program simplifies Symantec's engagement process with 
technology partners and facilitates the delivery of comprehensive 
integration tools, development support, joint sales and marketing 
resources and product certification.
>> http://www.net-security.org/article.php?id=420


NETSCREEN FIREWALLING NETWORLD+INTEROP LAS VEGAS 2003
NetScreen Technologies Inc. announced that they will be the 
official network firewall provider for the upcoming InteropNet 
Event Network at NetWorld+Interop 2003 in Las Vegas.
>> http://www.net-security.org/article.php?id=424


STRIX SYSTEMS ANNOUNCES SECURE WIRELESS LAN SYSTEM
Strix Systems, Inc. released Access/One Network, its wireless 
LAN system technology. Built on distributed intelligence, routing 
and switching, the company's wireless LAN system dynamically 
self-discovers, self-tunes for ideal operation and finally 
self-heals to maintain full network coverage.
>> http://www.net-security.org/article.php?id=425


"HOW HACKERS DISCOVER YOUR VULNERABILITIES" SEMINAR 
AT INFOSECURITY EUROPE
During this year's InfoSecurity Europe conference, that will 
be held in London 29.04 - 01.05, Ubizen will provide one-to-one 
consultancy sessions on the latest Information Technology 
security threats.
>> http://www.net-security.org/article.php?id=428


SPAM CHECKLIST - APRIL FOOL'S DAY IS APPROACHING
As April Fool's day is less then a week away, filtering 
company Clearswift is advising organizations to take great 
care of spam emails that traditionally use this day as a 
"firestarter". Here you can find a simple checklist 
connected to spam prevention.
>> http://www.net-security.org/article.php?id=431


REACTIVITY XML FIREWALL TACKLES COSTS OF SECURING XML
Reactivity, Inc. recently introduced Reactivity XML Firewall, 
a network security appliance designed to protect new-generation 
applications, while tackling the operating costs of securing 
XML and Web services.
>> http://www.net-security.org/article.php?id=432


WHITE HAT SECURITY "HACKING WEB APPLICATIONS" TRAINING
White Hat Security announced a two day training session, 
dealing with topics related to hacking Web applications.
>> http://www.net-security.org/article.php?id=433

----------------------------------------------------------------


----------------------------------------------------------
Stop Spam & Controls E-mail Risks - Download Free Trial
>> http://www.surfcontrol.com/go/zhnsppl
----------------------------------------------------------


[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

GFI LANguard N.S.S. 3.2 Offers Complete Patch Management Solution
>> http://www.net-security.org/press.php?id=1314


UK Stages Biggest Information Security Educational Programme
>> http://www.net-security.org/press.php?id=1313


Symantec Enterprise Firewall Encounters URL Pattern 
Evasion Issues Within HTTP Proxy
>> http://www.net-security.org/press.php?id=1312


SafeNet and SSH Partner to Offer Complete Solutions 
for VPN Products
>> http://www.net-security.org/press.php?id=1311


Web Services to get a boost from Ingrian Networks’ 
e-Transaction Privacy Security Platform
>> http://www.net-security.org/press.php?id=1310


nCipher first company to be awarded FIPS 140-2 
certification for Hardware Security Modules
>> http://www.net-security.org/press.php?id=1309


Vexira Antivirus For Linux Defends Largest Dutch 
Web-hosting Company From Viruses
>> http://www.net-security.org/press.php?id=1308


Zix Corporation Selected by Blue Cross and Blue Shield of 
Kansas for Secure e-Messaging and Content Management before 
April HIPAA Deadline
>> http://www.net-security.org/press.php?id=1307


PQRemove, Panda Software's Free Tool for Combating 
the Most Dangerous Viruses
>> http://www.net-security.org/press.php?id=1306


Neoteris Closes $17.5 Million in Funding To Expand Instant, 
Secure Application Access Product Offerings
>> http://www.net-security.org/press.php?id=1305


NEA Announces Investment in WholeSecurity; Company 
Addressing Serious Problem of Online Identity
>> http://www.net-security.org/press.php?id=1304


Airscanner to Speak at Gobal Wireless Internet Forum
>> http://www.net-security.org/press.php?id=1303


Wave of Digital Retaliation as War Starts
>> http://www.net-security.org/press.php?id=1302

----------------------------------------------------------------




[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

SHELL INTRUSION DETECTION 0.1.0
SID is a Shell Intrusion Detection system. The kernel part 
plugs into a terminal-processing subsystem and logs hashed 
terminal lines. The user part reads log entries (hashes), 
consults a list of allowed entries, and takes appropriate 
action upon unexpected log entries.
>> http://www.net-security.org/software.php?id=473


W3PW 1.0
w3pw is a web based password management console written in 
PHP and using a MySQL database as storage for the encrypted 
password information.
>> http://www.net-security.org/software.php?id=474


IDMS FIREWALL 0.7.0A
This is a very powerful firewall configuration script. 
Originally designed for Linux based routers, but now 
supports basically any type of system. Supports easy 
to use configuration, traffic shaping/logging, spoof 
protection and dynamic table reloading.
>> http://www.net-security.org/software.php?id=475


QMAIL AUDITOR 0.3.2
This software provide a simple method for auditing e-mails in 
your company. Using regular expression for define the rules 
for auditing. In this version are accepting rules for mail 
from, to or subject.
>> http://www.net-security.org/software.php?id=476

----------------------------------------------------------------


--------------------------------------------------------------
Try the Most Accurate Anti-Spam Solution for the Enterprise
>> http://www.surfcontrol.com/go/zhnsppl
--------------------------------------------------------------


[ Virus News ] 


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Weekly Virus Report - Rolark, SFC, Lovgate.F and Lovgate.G Worms
>> http://www.net-security.org/virus_news.php?id=211


RAV AntiVirus for Mail Servers Now Available as Debian Installation
>> http://www.net-security.org/virus_news.php?id=210


Newly Found Rolark Trojan Exploits a Vulnerability in Microsoft IIS
>> http://www.net-security.org/virus_news.php?id=209


Panda AV Solutions Prevent Malformed E-mails from Exploiting Vulnerabilities
>> http://www.net-security.org/virus_news.php?id=208


AVERT WebImmune Online AntiVirus Gets an Upgrade
>> http://www.net-security.org/virus_news.php?id=207


Suspected Ganda Virus Author Questioned by Swedish Police
>> http://www.net-security.org/virus_news.php?id=206


Slammer, the Latest Worm to Follow in the Footsteps of Melissa
>> http://www.net-security.org/virus_news.php?id=205


New LovGate Worm Variant Intercepted
>> http://www.net-security.org/virus_news.php?id=204

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending your e-mail address to:
info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


--------------------------------------------------------------------
ALERT: How a Hacker Launches a SQL Injection Attack - Step-by-Step!
--------------------------------------------------------------------
It's as simple as placing additional SQL commands into an input 
box on a web form giving hackers complete access to all your 
backend data! Firewalls and IDS will not stop SQL Injection 
attempts because they are NOT seen as intrusions.

Download this *FREE* white paper from SPI Dynamics for a complete 
guide to protection! 
http://www.spidynamics.com/mktg/sqlinjection29 
--------------------------------------------------------------------