HNS Newsletter
Issue 157 - 14.04.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


--------------------------------------------------------------------
ALERT: How a Hacker Launches a SQL Injection Attack - Step-by-Step!
--------------------------------------------------------------------
It's as simple as placing additional SQL commands into an input 
box on a web form giving hackers complete access to all your 
backend data! Firewalls and IDS will not stop SQL Injection 
attempts because they are NOT seen as intrusions.

Download this *FREE* white paper from SPI Dynamics for a complete 
guide to protection! 
http://www.spidynamics.com/mktg/sqlinjection29 
--------------------------------------------------------------------


------------------------------------------------------
Accurate Anti-Spam Software - Download a Free Trial
>> http://www.surfcontrol.com/go/zhnsppl
------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Security world
7) Security software
8) Virus news


[ Security news ]

 
----------------------------------------------------------------

MICROSOFT MAKES A GOOD ARGUMENT FOR OPEN SOURCE
It's very hard for me to swallow the idea that Microsoft is 
unable to come up with a patch for the system. The company 
has legions of programmers and billions of dollars in the bank.
>> http://net-security.org/news.php?id=2313


FEAR OF A MILLION BIG BROTHERS
The U.S. government's surveillance push isn't the only thing 
on the minds of privacy advocates this year. Concern is growing 
about the trails netizens leave in routine Web server logs, 
and who's seeing them.
>> http://net-security.org/news.php?id=2314


SECURING LINUX FOR JAVA SERVICES
Enterprise Java expert Dennis Sosnoski starts with his view of 
how Java server technologies fit with Linux, then gives pointers 
on setting up the Tomcat Java servlet engine on Linux - securely.
>> http://net-security.org/news.php?id=2315


THE TRAILS LEFT IN WEB SERVER LOGS - AND WHO'S SEEING THEM
The privacy advocates and civil libertarians at the 13th annual 
Computers, Freedom and Privacy conference sometimes seem dwarfed 
by the enormity of the projects they oppose.
>> http://net-security.org/news.php?id=2317


ONLINE SECURITY WEEK AIMS TO EDUCATE
The online security week run by eBucks.com begins this week. 
The aim of the week is to educate consumers about online banking 
to improve security and break stigmas associated with the medium.
>> http://net-security.org/news.php?id=2318


HACKERS CRACK UK WIRELESS NETWORKS
Insecure wireless networks across London are being exploited 
by hackers on a daily basis exposing businesses to cyber 
attacks, research by RSA Security revealed today.
>> http://net-security.org/news.php?id=2323


ANYONE CAN BE A GOOGLE "HACKER"
What most of us know about computer hacking we learn from 
movies, and of course the moviemakers know nothing.
>> http://net-security.org/news.php?id=2324


CHEAP IP TAKEOVER
Accomplish IP takeover with ping, bash, and a simple network utility.
>> http://net-security.org/news.php?id=2325


E-MAILMAN TURNS AWAY SPAMMERS
Geller said WhatCounts' mailings are sometimes confused with 
spam. But the company requires customers to guarantee they'll 
send e-mail only to people who have requested it.
>> http://net-security.org/news.php?id=2326


FIREWALLS TO BE DRAWN BETWEEN INDUSTRY, FINANCE
The Fair Trade Commission (FTC) yesterday made it clear that 
a strict firewall will be set up between industrial giants and 
their financial subsidiaries in a move to prevent conglomerates 
from abusing financial units for business expansion and 
controlling the business arms.
>> http://net-security.org/news.php?id=2327


SECURITY START-UP TO BLOCK TROJANS
Start-up WholeSecurity debuts this week with Web server software 
designed to prevent remote-access Trojans or eavesdropping 
software from penetrating networks during e-commerce or 
employee interactions over the Internet.
>> http://net-security.org/news.php?id=2328


SYMBOL TECH. ENHANCES WIRELESS SECURITY ON HANDHELDS
Symbol Technologies today announced that it has integrated the 
Federal Information Processing Standard for cryptography (FIPS 
140-2) into its line of wireless mobile computing devices.
>> http://net-security.org/news.php?id=2329


HARDWARE-BASED SSL CERTIFICATES
VeriSign and hardware encryption specialist nCipher are coming 
to market with hardware-based SSL Certificates, designed to 
boost protection against online data theft and Web site spoofing.
>> http://net-security.org/news.php?id=2331


PDA SECURITY 101
Users are increasingly relying on PDAs to check e-mail, surf 
the Web, and a variety of other tasks. When you use PDAs for 
online tasks they become just as vulnerable as desktop systems 
to viruses, mobile code exploits, and other threats. What 
should organizations do to make keep their PDA users safe 
from the threats of the Internet?
>> http://net-security.org/news.php?id=2332


WLAN SECURITY: REDUCING THE RISKS
Therein lies the Wi-Fi rub. Even as enterprises equip their 
employees with Smartphones, PDAs, and wireless laptops, the 
data traversing the wireless LAN can be intercepted all too 
easily.
>> http://net-security.org/news.php?id=2333


ISS REVISES SECURITY INCIDENT NUMBERS
Internet Security Systems on Monday revised its take on the 
increase in security incidents and attacks to account for an 
error introduced in a report TechWeb reported last Friday.
>> http://net-security.org/news.php?id=2335


HOST INTRUSION-PREVENTION SOFTWARE MARKET EXPECTED TO GROW
The increasing threat of virus and hacker attacks is expected 
to drive the market for security software that acts as a gate 
to a computer's operating system kernel.
>> http://net-security.org/news.php?id=2336


POINT-TO-POINT ENCRYPTION FOR PRESERVING PRIVACY
This article describes a simple method of encrypting traffic 
as it travels across a potentially hostile LAN.
>> http://net-security.org/news.php?id=2339


TOP FIVE VIRUS PROTECTION TIPS
Keep yourself virus-free or you may face some crippling 
computer hassles.
>> http://net-security.org/news.php?id=2340


INSIDE THE WORLD OF SECURE OPERATING SYSTEMS
On a normal system, if an attacker gains root or administrator 
access, he or she can run rampant. Not so on a trusted system - 
at least so long as it is properly configured.
>> http://net-security.org/news.php?id=2342


LINUX SHADOW PASSWORD HOWTO AUTHOR DIES AT AGE 38
Mike Jackson, Linux Shadow Password HOWTO author, passed away 
on Friday, March 28th at the young age of 38. The Linux 
community has lost a great friend and advocate.
>> http://net-security.org/news.php?id=2343


SPECTER: A COMMERCIAL HONEYPOT SOLUTION FOR WINDOWS
In this paper we will look at a different honeypot, the 
commercially supported solution, Specter.
>> http://net-security.org/news.php?id=2344


SUN TOUTS NEW SECURITY SOFTWARE PACKAGE: TRUSTED SOLARIS
Sun Microsystems will begin offering a security software package 
to commercial customers that was originally developed for 
military and government intelligence use.
>> http://net-security.org/news.php?id=2345


WORLD'S MOST STUPID SECURITY MEASURES NAMED AND SHAMED
Privacy International today announced the results of its 
competition to find the world's most pointless security 
measures.
>> http://net-security.org/news.php?id=2346


ROLLING YOUR OWN FIREWALL
How to use Pebble, a Debian-lite distribution, to get your 
homemade firewall up and running.
>> http://net-security.org/news.php?id=2347


NEW WIRELESS SECURITY: WHY YOU SHOULD USE IT
While wireless networks continue to become more affordable and 
easier to set up, many users (as well as many companies) still 
have little regard for just how insecure those networks are.
>> http://net-security.org/news.php?id=2348


ANTISPAM ACTIVIST CLAIMS COURT VICTORY
An antispam activist who posted a purported spammer's contact 
information on his Web site is claiming a legal victory.
>> http://net-security.org/news.php?id=2349


DIGITAL DEFENSE REGRETS SAMBA DISCLOSURE
Digital Defense apologizes for prematurely disclosing the code 
needed to take advantage of a serious vulnerability in open
source file-sharing program.
>> http://net-security.org/news.php?id=2350


NOKIA TO DETAIL E-MAIL SECURITY SCHEME AT CONFERENCE
Nokia's Internet Communications Division will release first 
details on it's Message Protector architecture at the RSA 
Security Conference in San Francisco.
>> http://net-security.org/news.php?id=2351


SECURITY HOLES: PATCH AND PRAY?
IT pros know firsthand the pain of patching vulnerable software. 
With bulletins coming as frequently as once every five days or 
up to 80 times a year (depending on the study), they may feel 
as if they're drowning in a sea of notifications.
>> http://net-security.org/news.php?id=2352


PORTING THE PF STATEFUL PACKET FILTER
The upcoming release of OpenBSD 3.3 on May 1'st will include, 
among many other improvements, a notably enhanced version of 
PF, OpenBSD's stateful packet filter.
>> http://net-security.org/news.php?id=2353


US ARMY BUYS VIRUS BLOCKER
The Army's Chief Technology Office is using a trio of products 
from Trend Micro to help protect the more than 1.1 million Army 
Knowledge Online (AKO) users from viruses, malicious content 
and spam.
>> http://net-security.org/news.php?id=2358


US GOVT. MOVING TOO SLOWLY ON CYBERSECURITY
President Bush's former cybersecurity adviser came out swinging 
in testimony before Congress this week, saying that the 
Department of Homeland Security is moving too slowly to 
safeguard the nation's information infrastructure.
>> http://net-security.org/news.php?id=2359


INTERNET FRAUD COMPLAINTS TRIPLED IN 2002
Fraud on the Internet rose sharply in 2002, with the FBI 
reporting more than 48,000 complaints referred to prosecutors 
- triple the number of the year before.
>> http://net-security.org/news.php?id=2360


RESEARCHERS INFILTRATE DENIAL OF SERVICE NETWORKS
Security researchers have been infiltrating denial of service 
'botnets' in order to study a remarkably affective Distributed 
Denial of Service (DDoS) technique.
>> http://net-security.org/news.php?id=2361


ENCRYPTION, HASHING, AND OBFUSCATION
Encryption and one-way hashing have been part of passive-data 
protection for many years. With the advent of dynamically-linked, 
intermediately-compiled languages such as Java and C#, the 
research into obfuscation is sure to increase.
>> http://net-security.org/news.php?id=2362


GETTING TO KNOW FREEBSD 5.0
Here's an overview of FreeBSD 5.0. The author of the article 
notes: "Speed and stability are two keywords that describe 
FreeBSD with great accuracy."
>> http://net-security.org/news.php?id=2363


INTERNAL THREATS: KEEP AN EYE ON THE BACK DOOR
Systems are far more susceptible to internal threats than most 
companies realise. From a security point of view, businesses 
tend to overlook this aspect and concentrate on guarding 
against external threats.
>> http://net-security.org/news.php?id=2364


HOAXSTER HACKER DISCOVERS INFINITE-WEALTH ALGORITHM
Hacker stunt-double and convicted financial fraudster Kim 
Schmitz (aka Kimble) is up to his old tricks, this time 
with a package of techno trickery for making a killing 
in the stock market.
>> http://net-security.org/news.php?id=2365


PHYSICAL AND TECH SECURITY SHOULD MERGE
Enterprises need closer collaboration between their physical 
and IT security teams in order to cut costs and improve 
communications.
>> http://net-security.org/news.php?id=2367


COMPANIES JUST HAVE TO SPEND ON SECURITY, SAYS DATAPRO
In today's digital economy, where knowledge and information
based business is what it is all about, the need to establish 
and maintain high levels of security has never been more 
imperative - and this importance is only going to increase.
>> http://net-security.org/news.php?id=2368


STEGANOGRAPHY REVEALED
This article will offer a brief introductory discussion of 
steganography: what it is, how it can be used, and the true 
implications it can have on information security.
>> http://net-security.org/news.php?id=2369


ACLU LOSES FIRST DMCA CHALLENGE
The American Civil Liberties Union on Wednesday lost its first 
attempt to challenge a controversial 1998 copyright law.
>> http://net-security.org/news.php?id=2370


NEW CHARGES OVER WEB BANK SCAM
Eleven new charges relating to a $27,840 swindle in which users 
of an online banking site were persuaded to send their security 
passwords to an imposter were laid in court yesterday.
>> http://net-security.org/news.php?id=2373


GARTNER TIPS TOP 11 CYBERTHREAT ISSUES
Gartner said 11 looming issues should compel companies to dig 
through the promotional tip ­ and each came with its own bugbears.
>> http://net-security.org/news.php?id=2374


NEW YORKERS FACE OFF IN SPAM SPAT
A new anti-spam law pending in New York would fine senders of 
unsolicited e-mail sales pitches up to $500 for each message. 
The insurance industry says the bill gives ISPs too much power, 
and could prevent insurers from sending "important e-mail" to 
their customers.
>> http://net-security.org/news.php?id=2375


TECH ON PRIVACY: OFFENDER OR DEFENDER?
Although modern technology created many of society's most 
pressing threats to privacy, a group of researchers is out 
to prove that it is also the greatest defender of civil 
liberties.
>> http://net-security.org/news.php?id=2376


FEW TAKERS FOR SECURITY OUTSOURCING
As one analyst group predicts a boom in outsourcing, another 
says that few firms are prepared to hand over the security of 
their IT systems.
>> http://net-security.org/news.php?id=2377

----------------------------------------------------------------


-------------------------------------------------------
Stop Spam Now - Free SurfControl E-mail Filter Trial
>> http://www.surfcontrol.com/go/zhnsppl
-------------------------------------------------------


[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Microsoft VM Could System Compromise Vulnerability
>> http://net-security.org/vuln.php?id=2605


Super GuestBook Information Disclosure Vulnerability
>> http://net-security.org/vuln.php?id=2604


Microsoft Proxy Server 2.0 and Internet Security and 
Acceleration Server 2000 Denial of Service Vulnerability
>> http://net-security.org/vuln.php?id=2603


Hyperion FTP Server Remote Denial of Serviuce and 
Unauthorised Remote Access Vulnerabilities
>> http://net-security.org/vuln.php?id=2602


phPay Multiple Security Vulnerabilities
>> http://net-security.org/vuln.php?id=2601


ISC Guestbook Script Injection Vulnerability
>> http://net-security.org/vuln.php?id=2600


Apache HTTP Server 2.x Denial of Service Vulnerability
>> http://net-security.org/vuln.php?id=2599


Vignette Story Server Sensitive Information 
Disclosure Vulnerability
>> http://net-security.org/vuln.php?id=2598


Orplex Guestbook Script Injection Vulnerability
>> http://net-security.org/vuln.php?id=2597


JpegX 2.0.0.3 Password Bypass Vulnerability
>> http://net-security.org/vuln.php?id=2596


Java Agent Freezes Lotus Notes and Domino 6.0.1
>> http://net-security.org/vuln.php?id=2595


SETI@home Clients Information Leakage and Buffer 
Overflow Vulnerabilities
>> http://net-security.org/vuln.php?id=2594


Interbase/Firebird External File Password 
Retrieval Vulnerability
>> http://net-security.org/vuln.php?id=2593


SignHere Guestbook Script Injection Vulnerability
>> http://net-security.org/vuln.php?id=2592


Abyss Webserver Denial of Service Vulnerability
>> http://net-security.org/vuln.php?id=2591


AspJar Guestbook Script Injection Vulnerability
>> http://net-security.org/vuln.php?id=2590


Sakki Guestbook V.1.01 Script Injection Vulnerability
>> http://net-security.org/vuln.php?id=2589

----------------------------------------------------------------


-----------------------------------------------------------
SurfControl E-mail Filter Stops Spam - Free 30-Day Trial
>> http://www.surfcontrol.com/go/zhnsppl
-----------------------------------------------------------


[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

KDE Security Advisory - PS/PDF file handling vulnerability
>> http://net-security.org/advisory.php?id=1907


SGI Security Advisory - xfsdump creates files insecurely
>> http://net-security.org/advisory.php?id=1906


Gentoo Linux Security Announcement - kde-3.x
>> http://net-security.org/advisory.php?id=1905


Apple Security Advisory - Mac OS X 10.2.5 is now available
>> http://net-security.org/advisory.php?id=1904


Conectiva Linux Security Announcement - openssl
>> http://net-security.org/advisory.php?id=1903


Gentoo Linux Security Announcement - kde-2.x
>> http://net-security.org/advisory.php?id=1902


Debian Security Advisory - New xfsdump packages 
fix insecure file creation
>> http://net-security.org/advisory.php?id=1901


Immunix Secured OS Security Advisory - mysql
>> http://net-security.org/advisory.php?id=1900


Immunix Secured OS Security Advisory - postgresql
>> http://net-security.org/advisory.php?id=1899


Microsoft Security Bulletin MS03-012 - Flaw In 
Winsock Proxy Service And ISA Server Firewall 
Service Can Cause Denial Of Service
>> http://net-security.org/advisory.php?id=1898


Microsoft Security Bulletin MS03-011 -Flaw in 
Microsoft VM Could Enable System Compromise
>> http://net-security.org/advisory.php?id=1897


Mandrake Linux Security Update Advisory - kernel
>> http://net-security.org/advisory.php?id=1896


SGI Security Advisory - Samba Security Vulnerability
>> http://net-security.org/advisory.php?id=1895


Red Hat Security Advisory - Updated httpd packages 
fix security vulnerabilities
>> http://net-security.org/advisory.php?id=1894


Debian Security Advisory - New heimdal packages 
fix authentication failure
>> http://net-security.org/advisory.php?id=1893


Gentoo Linux Security Announcement - setiathome
>> http://net-security.org/advisory.php?id=1892


Gentoo Linux Security Announcement - samba
>> http://net-security.org/advisory.php?id=1891


Gentoo Linux Security Announcement - apache
>> http://net-security.org/advisory.php?id=1890


Red Hat Security Advisory - Updated 2.4 kernel 
fixes USB storage
>> http://net-security.org/advisory.php?id=1889


Red Hat Security Advisory - New samba packages 
fix security vulnerability (update)
>> http://net-security.org/advisory.php?id=1888


Slackware Security Advisory - Samba security problem fixed
>> http://net-security.org/advisory.php?id=1887


SGI Security Advisory - Multiple Vulnerabilities 
in libc RPC functions
>> http://net-security.org/advisory.php?id=1886


Red Hat Security Advisory - Updated mgetty packages available
>> http://net-security.org/advisory.php?id=1885


FreeBSD Security Notice - security issue in SETI@home client
>> http://net-security.org/advisory.php?id=1884


Debian Security Advisory - New xftp packages fix 
arbitrary code execution
>> http://net-security.org/advisory.php?id=1883


Conectiva Linux Security Announcement - samba
>> http://net-security.org/advisory.php?id=1882


Conectiva Linux Security Announcement - galeon
>> http://net-security.org/advisory.php?id=1881


Conectiva Linux Security Announcement - man
>> http://net-security.org/advisory.php?id=1880


Immunix Secured OS Security Advisory - cvs
>> http://net-security.org/advisory.php?id=1879


Immunix Secured OS Security Advisory - samba
>> http://net-security.org/advisory.php?id=1878


Trustix Secure Linux Security Advisory - samba
>> http://net-security.org/advisory.php?id=1877


Conectiva Linux Security Announcement - man
>> http://net-security.org/advisory.php?id=1876


Red Hat Security Advisory - New samba packages fix 
security vulnerability
>> http://net-security.org/advisory.php?id=1875


SuSE Security Announcement - samba
>> http://net-security.org/advisory.php?id=1874


Debian Security Advisory - Updated samba packages fix 
remote root vulnerability
>> http://net-security.org/advisory.php?id=1873


Mandrake Linux Security Update Advisory - samba
>> http://net-security.org/advisory.php?id=1872


OpenPKG Security Advisory - samba
>> http://net-security.org/advisory.php?id=1871


HP Security Bulletin - HP Tru64 UNIX, HP-UX sendmail 
buffer overflow Potential Security Vulnerability
>> http://net-security.org/advisory.php?id=1870


FreeBSD Security Advisory - security issue in samba ports
>> http://net-security.org/advisory.php?id=1869


Conectiva Linux Security Announcement - zlib
>> http://net-security.org/advisory.php?id=1868


Conectiva Linux Security Announcement - kernel
>> http://net-security.org/advisory.php?id=1867


Debian Security Advisory - New metrics packages fix 
insecure temporary file creation
>> http://net-security.org/advisory.php?id=1866


SOT Linux Security Advisory - Updated dhcp package 
for SOT Linux 2002
>> http://net-security.org/advisory.php?id=1865


SOT Linux Security Advisory - Updated openssl 
package for SOT Linux 2002
>> http://net-security.org/advisory.php?id=1864


Debian Security Advisory - New mutt packages fix 
arbitrary code execution in potato
>> http://net-security.org/advisory.php?id=1863

----------------------------------------------------------------


---------------------------------------------------------------
SurfControl E-mail Filter - Try the Enterprise Spam Solution
>> http://www.surfcontrol.com/go/zhnsppl
---------------------------------------------------------------


[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

INTERVIEW WITH EARL CARTER
The ember of Cisco's Security Technologies Assessment Team and
author of "Cisco Secure Intrusion Detection System" talks about
his book and general security issues.
>> http://net-security.org/article.php?id=447


IRAQ DRAGGED INTO THE INFAMOUS 419 SCAM
Scammers are not just persistent and shameless, but they are 
opportunistic as well, therefore it is only logical that they 
would now try to profit from the plight of Iraqis caught in 
a war.
>> http://net-security.org/article.php?id=448


THE QUICKSEC TOOLKIT INTEGRATES WITH MONTAVISTA LINUX
The SSH QuickSec Toolkit Family is specifically designed to 
let network device developers and OEMs quickly and easily 
implement IPSec functionality.
>> http://net-security.org/article.php?id=449


SECURING ONLINE PAYMENTS
Online shopping has the highest levels of fraud and proving that 
the cardholder actually conducted the authorised transaction 
over the Internet cost Visa member banks $250m to resolve 
disputed charges in 2000.
>> http://net-security.org/article.php?id=450


LINUX FORENSICS
This article explains how to use Linux VMware and SMART to create 
a virtual computer to recreate a suspect's computer.
>> http://net-security.org/article.php?id=451


A QUICK WAY TO SECURE A LINUX SYSTEM
In this article, Paul Christensen shows you some basic security 
measures you can implement to make your Linux system more secure.
>> http://net-security.org/article.php?id=452


MASS-MARKET AUTHENTICATION: THE GATEWAY TO ACCESS-HUNGRY CONSUMERS
Whether you're at the cash machine, online to your bank or credit 
card company or on the phone to your insurance or mortgage provider,
until now, the need for greater security has meant added complexity
and cost for user and provider alike.
>> http://net-security.org/article.php?id=453


BUSINESS CONTINUITY - MORE THAN SIMPLY RECOVERING FROM A DISASTER
It is wrong to think that Business Continuity is all about having 
back-up computers in the event of a disaster. Read about what 
turns an IT-centred Disaster recovery plan into a true Business 
Continuity plan.
>> http://net-security.org/article.php?id=454


CATAPULT COMMUNICATIONS SUPPORTS NETWORK SECURITY TESTS
Catapult Communications Corporation announced support for a SIP 
(Session Initiation Protocol) test suite that has been sanctioned 
by CERT.
>> http://net-security.org/article.php?id=455


INTERVIEW WITH SCOTT BARMAN
The author of "Writing Information Security Policies" and the 
information security and systems architecture analyst for The 
MITRE Corporation talks about his book, his life and general
security issues.
>> http://net-security.org/article.php?id=456


RSA SECURITY LAUNCHES DEVELOPER CENTRAL WEB SITE
RSA Security yesterday announced a grand opening of RSA Developer 
Central, a new web site concentrated on the content geared towards 
Information Security software developers.
>> http://net-security.org/article.php?id=457

----------------------------------------------------------------


----------------------------------------------------------
Stop Spam & Controls E-mail Risks - Download Free Trial
>> http://www.surfcontrol.com/go/zhnsppl
----------------------------------------------------------


[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

PTG INTERACTIVE'S TRAINING COURSE FOR RED HAT LINUX:
A DIGITAL SEMINAR ON CD-ROM 2/E
This interactive course will certainly introduce Red Hat Linux 
to a broader audience because it's definitely fun to learn this 
way. What's very handy is that the end of each lecture you'll 
be able to test your knowledge with self-assessment questions.
>> http://net-security.org/review.php?id=51



HACKER'S CHALLENGE 2: TEST YOUR NETWORK SECURITY & FORENSIC SKILLS
There is a number of ways to write a security related book, and 
from my perspective the authors did a great job. By combining 
both the technical security issues with nifty situation 
descriptions, they created a book so interesting, that 
you won't be able to put it down.
>> http://www.net-security.org/review.php?id=50


IT SECURITY: RISKING THE CORPORATION
What you get here is excellent advice packed into a book that's 
easy to follow and whose examples will certainly stick in your 
memory.
>> http://net-security.org/review.php?id=49

----------------------------------------------------------------


--------------------------------------------------------------
Try the Most Accurate Anti-Spam Solution for the Enterprise
>> http://www.surfcontrol.com/go/zhnsppl
--------------------------------------------------------------


[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

nCipher Enables Neoteris To Deliver First Application Security 
Appliance For Ssl-Based Secure Access That Meets U.S. And 
Canadian Government Standards
>> http://net-security.org/press.php?id=1338


Cisco Press CCSP Security Self-Study Products First 
Authorized Resources to Market
>> http://net-security.org/press.php?id=1337


Panda Software Expands into Argentina
>> http://net-security.org/press.php?id=1336


Neoteris Unveils FIPS Products For U.S. Government 
Certified Security Deployments
>> http://net-security.org/press.php?id=1335


SSH Inks Government Technology Reseller Agreement With IGOV.Com
>> http://net-security.org/press.php?id=1334


PfN Technologies Endorses SSH Sentinel VPN Client To 
Secure Remote Access Into The Corporate Network
>> http://net-security.org/press.php?id=1333


Neoteris Announces Availability Of Industry-Leading Instant 
Virtual Extranet Products Localized For Japanese Market
>> http://net-security.org/press.php?id=1332


Sophos To Build Oem Partner Network Still Further 
With Launch Of New Sophos Anti-Virus Interface
>> http://net-security.org/press.php?id=1331


Aventail Announces First SSL VPN to Secure PDAas 
Simply and Securely as Traditional Desktops
>> http://net-security.org/press.php?id=1330


VeriSign and nCipher Introduce Hardware-based SSL 
Certificate for Web Sites
>> http://net-security.org/press.php?id=1329


SSH Demonstrates Quicksec Toolkit Integration 
With Montavista Linux
>> http://net-security.org/press.php?id=1328


SecureInfo Corporation Provides Critical Information Security 
Assistance to Coalition Forces in Preparation for Deployment 
of Operation Iraqi Freedom
>> http://net-security.org/press.php?id=1327

----------------------------------------------------------------


------------------------------------------------------
Accurate Anti-Spam Software - Download a Free Trial
>> http://www.surfcontrol.com/go/zhnsppl
------------------------------------------------------


[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

GFI LANGUARD SECURITY EVENT LOG MONITOR 4.0
This program monitors the security event logs of all your 
Windows NT/2000/XP servers and workstations and alerts you 
to possible intrusions/attacks in real time.
>> http://www.net-security.org/software.php?id=480


GFI LANGUARD NETWORK SECURITY SCANNER 3.2
This is a freeware tool to audit network security and proactively 
secure it. It scans entire networks from an attacker's perspective, 
and analyses machines for open ports, shares, security alerts/
vulnerabilities, service pack level, installed hotfixes and 
other NETBIOS information such as hostname, logged on user 
name, users etc.
>> http://www.net-security.org/software.php?id=481

----------------------------------------------------------------


-----------------------------------------------------------
SurfControl E-mail Filter Stops Spam - Free 30-Day Trial
>> http://www.surfcontrol.com/go/zhnsppl
-----------------------------------------------------------


[ Virus News ] 


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Worms with their own SMTP engine: a threat to all e-mail clients
>> http://net-security.org/virus_news.php?id=216

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending your e-mail address to:
info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


--------------------------------------------------------------------
ALERT: How a Hacker Launches a SQL Injection Attack - Step-by-Step!
--------------------------------------------------------------------
It's as simple as placing additional SQL commands into an input 
box on a web form giving hackers complete access to all your 
backend data! Firewalls and IDS will not stop SQL Injection 
attempts because they are NOT seen as intrusions.

Download this *FREE* white paper from SPI Dynamics for a complete 
guide to protection! 
http://www.spidynamics.com/mktg/sqlinjection29 
--------------------------------------------------------------------