HNS Newsletter
Issue 165 - 09.06.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


----------------------------------------------------------------
FREE Apache SSL Guide from Thawte
----------------------------------------------------------------
Are you worried about your web server security?  Click here to 
get a FREE Thawte Apache SSL Guide and find the answers to 
all your Apache SSL security needs.
----------------------------------------------------------------
http://gothawte.com/rd747.html
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Security world
7) Software
8) Virus news


[ Security news ]

 
----------------------------------------------------------------

INTERVIEW WITH FYODOR, AUTHOR OF NMAP
Slashdot readers asked Fyodor many excellent questions, and his 
answers are just as excellent. You'll want to set aside significant 
time to read and digest this interview, because Fyodor didn't just 
toss off a few words, but put some real time and energy into 
his answers.
http://www.net-security.org/news.php?id=2774


EUROPE IMPORTS AN AMERICAN PROBLEM - SPAM
The junk e-mail plaguing Europe has something decidedly in common 
with the American variety: Nearly all the messages are in English, 
originate in the U.S. and don't even bother to price their wares 
in Euros.
http://www.net-security.org/news.php?id=2775


802.11I SHORES UP WIRELESS SECURITY
The inadequacy of the Wired Equivalent Privacy protocol has 
delayed widespread adoption of wireless LANs in many corporations.
http://www.net-security.org/news.php?id=2776


HACKER TAKES A CRACK AT TIVO
An avid TiVo fan will release a book this summer detailing 100 ways 
to break into everyone's favorite digital video recorder. While the 
book's author says he isn't condoning anything illegal, TiVo, the 
company, said it doesn't encourage people to try the hacks at 
home.
http://www.net-security.org/news.php?id=2777


DO PDAS POSE A SECURITY RISK?
Virus writers aren't targeting handhelds yet, but risks remain.
http://www.net-security.org/news.php?id=2778


SCAMMERS USE TRUST TO OBTAIN YOUR PERSONAL INFORMATION
Social Engineering takes advantage of the human element of security.
http://www.net-security.org/news.php?id=2779


.NET, WEBSPHERE SECURITY TESTED
In the latest salvo in the Web services platform wars, Microsoft 
Corp. this week will announce that a major security company has 
found its .Net Framework better than IBM's WebSphere for building 
and deploying secure Web applications and services.
http://www.net-security.org/news.php?id=2780


NORTH KOREA'S SCHOOL FOR HACKERS
In North Korea's mountainous Hyungsan region, a military academy 
specializing in electronic warfare has been churning out 100 
cybersoldiers every year for nearly two decades.
http://www.net-security.org/news.php?id=2781


SPAM TSUNAMI
International task force testing solutions to stop the 
flood of junk e-mail.
http://www.net-security.org/news.php?id=2782


LANGA LETTER: EASY ENCRYPTION
Fred Langa looks at the universe of products that help you protect 
sensitive files and data from prying eyes and hackers.
http://www.net-security.org/news.php?id=2783


NET ATTACK OVERWHELMS COMPUTERS WITH COMPLEXITY
A type of internet attack that involves bamboozling a computer with 
specially crafted packets of data has been developed by a pair of 
US researchers.
http://www.net-security.org/news.php?id=2786


GREEDY STAFF POSE SECURITY THREAT
Security breaches in the future are likely to be driven by greedy 
employees, a report has found.
http://www.net-security.org/news.php?id=2787


SOURCEFIRE AIMS TO BOOST NETWORK SECURITY
New technology enhances intrusion-detection systems.
http://www.net-security.org/news.php?id=2788


3COM STARTS SECURITY PARTNER PROGRAMME
Vendor seeks reseller support as it attempts to boost presence in 
security market.
http://www.net-security.org/news.php?id=2789


SECURITY IS KEY AT IBM CONFERENCE
Dealing with internal and external security threats will be high 
on the agenda at the IBM Computer Users Association's security 
briefing.
http://www.net-security.org/news.php?id=2790


CRYPTO MAKER CHANGES COURSE
New leadership at security developer Ntru CryptoSystems Inc. is 
hoping a new services and consulting strategy will help mitigate 
the damage caused by problems with the company's core 
encryption algorithm.
http://www.net-security.org/news.php?id=2791


CORPORATE SPAM OVERTAKES LEGITIMATE E-MAIL
Spam has officially overtaken legitimate e-mail in the workplace, 
and there's little relief in sight.
http://www.net-security.org/news.php?id=2792


CORPORATIONS CRACK DOWN ON PIRATED SOFTWARE
Corporations cracked down on pirated software last year, trimming 
the glut by a percentage point, an industry report said Tuesday.
http://www.net-security.org/news.php?id=2793


ELECTRONIC VOTING 'OPEN TO ABUSE'
The results of a new electronic voting system, set to be used in all 
future elections, could be altered by rogue hackers, two prominent 
computer scientists have warned.
http://www.net-security.org/news.php?id=2794


CYBERSECURITY REPORT CARD - SERIOUS IMPROVEMENTS NEEDED
A Computer Security Institute and Federal Bureau of Investigation 
survey of 500 U.S. companies shows an increase in reported 
financial losses of 21 percent, or $455.8 million, for 2002.
http://www.net-security.org/news.php?id=2795


WORRY MORE ABOUT INSIDERS THAN CYBERTERRORISM
Enterprises worried about cybersecurity should pay more attention 
to their own employees than to the as-of-yet unrealized threat 
of cyberterrorism.
http://www.net-security.org/news.php?id=2796


AUTHENTICATION HAS A LONG WAY TO GO AT INDUSTRIAL SITES
A panel at Gartner's Sector5 conference examined the distinct 
issues facing energy, utility and water companies in deploying 
authentication and other information security measures.
http://www.net-security.org/news.php?id=2797


BOY HACKS INTO HOSTS PARENTS' BANK ACCOUNT
A teenage online computer-game junkie tried to steal $10,000 by 
hacking into his host parents' internet bank account.
http://www.net-security.org/news.php?id=2798


MICROSOFT FIXES UP PATCH SYSTEM
Microsoft has opened up its drive to improve software security with 
a redesigned software patch management system and a partnership 
with VeriSign to authenticate Web services.
http://www.net-security.org/news.php?id=2799


PROTECTING DATA WITH NORTON GHOST 2003
Symantec's Norton Ghost 2003 is the latest rendering of a product 
that has become many a Windows administrators' mainstay over the 
past few years. Emmett heard from a "trusted source" that the new 
version provides good results with Linux, too. Read his review to 
find out more.
http://www.net-security.org/news.php?id=2800


SECURITY NOW FIVE PER CENT OF IT BUDGET
Compound annual growth rate of 28 per cent since 2001, 
reports Gartner.
http://www.net-security.org/news.php?id=2801


SECURITY FEARS SLOW ONLINE BANKING UPTAKE
Long way to go before consumers will trust internet finance, 
says analyst.
http://www.net-security.org/news.php?id=2802


DEFCOM GOES TITSUP
London-based information security consultancy Defcom has been 
placed in administrative receivership.
http://www.net-security.org/news.php?id=2803


BIG BROTHER AND THE NEXT 50 YEARS
Bruce Sterling calls himself an author, a journalist and an editor--
and all that is true. But Sterling, who wrote "The Hacker 
Crackdown," is also a contrarian and a leading cultural 
critic of modern technology.
http://www.net-security.org/news.php?id=2804


SNORT SECURITY HOLES AND STRATEGIES FOR SAFE NETWORK MONITORING
In this article the author reviews the attacks that have been 
launched against Snort in the past, as well as the recent (and 
more serious) buffer overflows.
http://www.net-security.org/news.php?id=2805


GARTNER: WAR DRIVE ILLUSTRATES WIRELESS PROBLEM
It's not every day you get to ride shotgun on a war drive in the 
most strategic and sensitive city in the world...
http://www.net-security.org/news.php?id=2808


SOBIG: SPAM, VIRUS OR BOTH?
The quick spread of the recent Sobig.C virus may owe more to the 
advances in spamming techniques than to the skill of an anonymous 
virus writer, according to a leading antivirus company.
http://www.net-security.org/news.php?id=2809


OPENBSD GETS HARDER TO CRACK
On the security field, nothing is quite as revealing—or as taxing—
as the passage of time.
http://www.net-security.org/news.php?id=2810


Virus-writers spreading worms by spamming
At least that's the finding of two security firms that tracked 
the spread of Sobig.c, which debuted this weekend and was 
first noted for the bogus e-mail address of its sender, 
bill@microsoft.com.
http://www.net-security.org/news.php?id=2811


YOU'VE BEEN HACKED: NOW PREVENT FUTURE ATTACKS
We have already shown you what to do immediately following a 
hacker attack; now we will look at some longer term measures 
to prevent a future attacks.
http://www.net-security.org/news.php?id=2812


WINDOWS SERVER 2003 GETS FIRST SECURITY PATCH
Despite the embarrassment of having to release a security patch 
for its Server 2003 operating system barely two months after 
launch, Microsoft claims the details are a positive sign for 
trustworthy computing.
http://www.net-security.org/news.php?id=2813


GROUP RELEASES ANTI-DISCLOSURE PLAN
Security companies and software-makers want your opinion on a 
proposal to voluntarily limit discussion of security holes.
http://www.net-security.org/news.php?id=2814


CYBER ALERT: PORTRAIT OF KEVIN MITNICK
A journey into the mind of Kevin Mitnick shows just how 
vulnerable companies are to Internet crime.
http://www.net-security.org/news.php?id=2815


POSTFIX WITH SASL AUTHENTICATION OVER TLS
This article will show you how to force users to authenticate 
before sending mail through Postfix.
http://www.net-security.org/news.php?id=2816


U.S. REVIEWING OLD, SECRET SURVEILLANCE FILES
Government prosecutors are reviewing years worth of sensitive 
telephone and e-mail wiretaps and results from secret searches 
to decide whether they can file criminal charges against 
suspected terrorists in the United States.
http://www.net-security.org/news.php?id=2817


NEW BUGBEAR SPREADING FAST
A new variant of the Bugbear virus - Win32.Bugbear.B - has 
emerged and threatens corporate and home computer systems, 
according to anti-virus experts.
http://www.net-security.org/news.php?id=2818


EU SQUABBLE MAY SINK PLANNED CYBERCRIME AGENCY
Plans for a European agency to tackle cybercrime such as computer 
viruses and terror attacks may be scuppered by bureaucracy because 
governments want to monitor it too tightly, EU officials said.
http://www.net-security.org/news.php?id=2819


QUANTUM CRYPTOGRAPHY STRETCHES 100 KILOMETRES
Communications protected with the complete security of quantum 
cryptography are now possible over an ordinary 100-kilometre fibre 
optic cable, thanks to sophisticated photon detection equipment 
developed by UK researchers.
http://www.net-security.org/news.php?id=2820


NEW REGULATIONS HAVE COMPANIES TURNING TO RISK MANAGEMENT
Regulatory changes are causing financial services and health care 
companies to lead the way in rethinking the role of information 
security. The result is that security is finding a new home in the 
field of corporate risk management.
http://www.net-security.org/news.php?id=2821


LINUX SECURITY: THE SEVEN DEADLY SINS
"No firewall can keep all hackers out." With these words, security 
consultant Bob Toxen began his sermon, or workshop, on the "seven 
deadly sins" of Linux security. Any IT manager who commits one of 
these sins will "get nailed sooner or later," he said.
http://www.net-security.org/news.php?id=2822


HP DESKTOP EMBEDS SECURITY
Hewlett-Packard has launched new business desktops, including 
one with HP's first embedded security chip. The other is its first 
post-merger thin client.
http://www.net-security.org/news.php?id=2823


BEHIND BARS BUT LEARNING TO NETWORK
Italian inmates receive training in a Cisco computer program.
http://www.net-security.org/news.php?id=2824


NEW LAW AIDS COMPUTER SECURITY
After an incident last spring in which hackers obtained access to a 
computer system containing information on 265,000 state employees, 
Sacramento legislators passed a new law to help protect individuals 
from misuse of their personal data.
http://www.net-security.org/news.php?id=2825


WIRED MAGAZINE STORY TO DETAIL SLAMMER WEB ATTACK
Wired magazine is planning to publish the underlying code for the 
Slammer worm that slowed Internet traffic to a crawl in January, 
raising questions over whether such articles inspire future hackers 
or educate potential victims.
http://www.net-security.org/news.php?id=2826


$2 TRILLION FINE FOR MICROSOFT SECURITY SNAFU?
Microsoft's latest security lapse with its Passport information 
service could trigger a $2.2 trillion fine on the company 
courtesy of the US government.
http://www.net-security.org/news.php?id=2827

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

HPUX ftpd rRemote Issue Via REST
http://www.net-security.org/vuln.php?id=2734


AdSubtract Proxy ACL Bypass Vulnerability
http://www.net-security.org/vuln.php?id=2733


Microsoft Internet Explorer %USERPROFILE% Folder 
Disclosure Vulnerability
http://www.net-security.org/vuln.php?id=2732


OpenSSH Remote Clent Address Restriction Circumvention 
Vulnerability
http://www.net-security.org/vuln.php?id=2731


Solaris syslogd Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2730


Pablo Software Solutions FTP Service 1.2 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2729


Xpressions Software Multiple SQL Injection Attacks
http://www.net-security.org/vuln.php?id=2728


Internet Explorer Object Type Property Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2727


Crob FTP Server Subject Format String Vulnerability
http://www.net-security.org/vuln.php?id=2726


Mod_gzip Debug Mode Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2725


JBOSS 3.2.1 JSP Source Code Disclosure Vulnerability
http://www.net-security.org/vuln.php?id=2724


WebStore2000 SQL Injection Vulnerability
http://www.net-security.org/vuln.php?id=2723


iisCart2000 Administration Leak Vulnerability
http://www.net-security.org/vuln.php?id=2722


PHP Transparent Session ID Support Cross Site 
Scripting Vulnerability
http://www.net-security.org/vuln.php?id=2721


Microsoft IIS ssinc.dll Over-long Filename Buffer 
Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2720


Yahoo! Voice Chat Control Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2719

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Immunix Secured OS Security Advisory - LPRng
http://www.net-security.org/advisory.php?id=2097


Novell Security Advisory - iChain 2.1 Field Patch 3
http://www.net-security.org/advisory.php?id=2096


Novell Security Advisory - HTTPSTK DOS
http://www.net-security.org/advisory.php?id=2095


Novell Security Advisory - iChain 2.2 Field Patch 1a
http://www.net-security.org/advisory.php?id=2094


Debian Security Advisory - new eterm packages fix 
buffer overflow vulnerability
http://www.net-security.org/advisory.php?id=2093


Debian Security Advisory - New gzip packages fix 
insecure temporary file creation
http://www.net-security.org/advisory.php?id=2092


SuSE Security Announcement - pptpd
http://www.net-security.org/advisory.php?id=2091


SuSE Security Announcement - cups
http://www.net-security.org/advisory.php?id=2090


Red Hat Security Advisory - Updated hanterm packages 
provide security fixes
http://www.net-security.org/advisory.php?id=2089


Mandrake Linux Security Update Advisory - kon2
http://www.net-security.org/advisory.php?id=2088


Immunix Secured OS Security Advisory - file
http://www.net-security.org/advisory.php?id=2087


Immunix Secured OS Security Advisory - wget
http://www.net-security.org/advisory.php?id=2086


HP Security Advisory - HP Tru64 UNIX, HP-UX, Potential 
CDE Security Vulnerabilities
http://www.net-security.org/advisory.php?id=2085


Microsoft Security Bulletin MS03-020 - Cumulative 
Patch for Internet Explorer
http://www.net-security.org/advisory.php?id=2084


SGI Security Advisory - Updated SGI Apache Version Available
http://www.net-security.org/advisory.php?id=2083


OpenPKG Security Advisory - ghostscript
http://www.net-security.org/advisory.php?id=2082


Red Hat Security Advisory - Updated kon2 packages 
fix buffer overflow
http://www.net-security.org/advisory.php?id=2081


Red Hat Security Advisory - Updated 2.4 kernel fixes 
vulnerabilities and driver bugs
http://www.net-security.org/advisory.php?id=2080


Mandrake Linux Security Update Advisory - apache2
http://www.net-security.org/advisory.php?id=2079


SGI Security Advisory - Some Network Drivers May Leak Data
http://www.net-security.org/advisory.php?id=2078


Red Hat Security Advisory - Updated 2.4 kernel fixes vulnerability
http://www.net-security.org/advisory.php?id=2077


Gentoo Linux Security Announcement - tomcat
http://www.net-security.org/advisory.php?id=2076


Gentoo Linux Security Announcement - apache-2.x
http://www.net-security.org/advisory.php?id=2075


Gentoo Linux Security Announcement - uw-imapd
http://www.net-security.org/advisory.php?id=2074

----------------------------------------------------------------




[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

ANTIVIRUS AND EFS IN WINDOWS SERVER 2003
When installing an antivirus on a Windows Server 2003 system with 
EFS it should first be checked whether the antivirus is capable of 
scanning for viruses even in encrypted files. If not, encrypting a 
file would leave the antivirus disarmed in the face of malicious 
code.
http://www.net-security.org/article.php?id=501


ANALYSIS OF REMOTE ACTIVE OPERATING SYSTEM 
FINGERPRINTING TOOLS
There are many tools today that are used for remote active 
operating system fingerprinting. They all have their own 
fingerprinting techniques. This paper gives an in-depth analysis of 
three such tools: Nmap, RINGv2, and Xprobe2. The purpose of the 
paper is to show how these tools work, and to understand the 
advantages and disadvantages they each offer.
http://www.net-security.org/article.php?id=502

----------------------------------------------------------------




[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

NETWORK MONITORING AND ANALYSIS: A PROTOCOL 
APPROACH TO TROUBLESHOOTING
The title of this book is very descriptive, it tells you clearly 
what's this book about. Network analysis and monitoring consists 
of employing proper software and/or hardware tools to capture, 
decode, interpret, and react to the contents of data packets 
as they transit a network's medias.
http://www.net-security.org/review.php?id=72


WIRELESS SECURITY END TO END
The authors truly provided an end-to-end guide that should suite 
both the future wireless administrators (although the book isn't so 
technical), as well as the members of management interested in 
deploying wireless communications.
http://www.net-security.org/review.php?id=73


THE PRACTICE OF NETWORK SECURITY: DEPLOYMENT STRATEGIES 
FOR PRODUCTION ENVIRONMENTS
Last year in an interview for ZDNet, computer security expert Bruce 
Schneier said: "I think we're finally past the era where people 
believe in magic security dust, that all they need to do is buy the 
right set of products and their network will be imbued with the 
property of "secure." Security is a process. It's a journey." This 
is exactly what this book is all about as Allan Liska teaches you 
the best practices to secure your network.
http://www.net-security.org/review.php?id=74

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

Credit Card Details At Risk From New Bugbear-B Virus, 
Warns Sophos
http://www.net-security.org/press.php?id=1452


Bugbear Reloaded: New Variant Of Virus Spreading Widely, 
Warns Sophos
http://www.net-security.org/press.php?id=1451


A New Version Of The Tanatos (Aka Bugbear) Internet 
Worm Has Been Detected
http://www.net-security.org/press.php?id=1450


Panda Software Alerts Of The Dangers Of The 
New Worm Bugbear.B
http://www.net-security.org/press.php?id=1449


Bugbear.B Worm Targets the Banking Sector
http://www.net-security.org/press.php?id=1448


Zix Corporation Study Reveals Many Healthcare Industry 
Organizations Unaware of Their Non-compliance with 
New HIPAA Regulations
http://www.net-security.org/press.php?id=1447


Pointsec for Pocket PC Tested According To Important 
"Common Criteria"
http://www.net-security.org/press.php?id=1446


Siemens Chooses SSH Certifier To Authenticate 
Users In Hosted SAP Service Center
http://www.net-security.org/press.php?id=1445


Neoteris Instant Virtual Extranet Products Meet Stringent 
Application Security Evaluation By Trusecure Corporation
http://www.net-security.org/press.php?id=1444


F-Secure's Security Solutions to Glocalnet's Internet Customers
http://www.net-security.org/press.php?id=1443


ActivCard Launches Digital Identity Services for 
Novell Nsure Secure Identity
http://www.net-security.org/press.php?id=1442


Schlumberger Launches New Enterprise Security Solutions
http://www.net-security.org/press.php?id=1441


Sobig.C is Already One of the Ten Most Frequently 
Detected Viruses by Panda ActiveScan
http://www.net-security.org/press.php?id=1440


F-Secure Offers Virus Protection for Microsoft Exchange Server 2003
http://www.net-security.org/press.php?id=1439

----------------------------------------------------------------




[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

BITDEFENDER ANTI BUGBEAR.B
This is a removal tool for Bugbear.B, the latest executable 
infector mass mailer backdoor.
http://www.net-security.org/software.php?id=495

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Slammer Worm Code Publication Could Inspire More Virus Activity
http://www.net-security.org/virus_news.php?id=253


Weekly Virus Report - BugBear.B, Sobig.C, Redisto.B, Festival 
and Naco.D Worms
http://www.net-security.org/virus_news.php?id=252


BugBear.B Worm Information Roundup
http://www.net-security.org/virus_news.php?id=251


Stay on Guard Against the New Bugbear.B Worm
http://www.net-security.org/virus_news.php?id=250


New Viruses Reach High For Year
http://www.net-security.org/virus_news.php?id=249


Kaspersky Labs: Virus Top 20 for May 2003
http://www.net-security.org/virus_news.php?id=248


Bill at Microsoft is Sobig - New Virus Spreading Widely
http://www.net-security.org/virus_news.php?id=247

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending the e-mail address you are subscribed
with to: info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
FREE Apache SSL Guide from Thawte
----------------------------------------------------------------
Are you worried about your web server security?  Click here to 
get a FREE Thawte Apache SSL Guide and find the answers to 
all your Apache SSL security needs.
----------------------------------------------------------------
http://gothawte.com/rd747.html
----------------------------------------------------------------