HNS Newsletter Issue 171 - 21.07.2003. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://net-security.org. ---------------------------------------------------------------- ALERT: How a Hacker Launches a SQL Injection Attack ---------------------------------------------------------------- It's as simple as placing additional SQL commands into an input box on a web form giving hackers complete access to all your backend data! Firewalls and IDS will not stop SQL Injection attempts because they are NOT seen as intrusions. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! ---------------------------------------------------------------- http://www.spidynamics.com/mktg/sqlinjection56 ---------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Reviews 6) Security world 7) Software 8) Virus news [ Security news ] ---------------------------------------------------------------- SECURITY STAFF - DON'T BOOK THAT VACATION YET There are promoters of security event management tools, and then there are skeptics such as META Group Inc. analyst Chris King. http://www.net-security.org/news.php?id=3101 HONEYNET: CARDERS ARE GETTING SLICK Researchers live among online credit card thieves for a month. http://www.net-security.org/news.php?id=3102 CYBERSECURITY LAWS EXPECTED Congress considers imposing security standards on businesses. http://www.net-security.org/news.php?id=3103 SECRETS TO THE BEST PASSWORDS Variety makes them easy to remember, hard to guess. http://www.net-security.org/news.php?id=3104 WHO'S REALLY RESPONSIBLE FOR HACKER ATTACKS A new book postulates that it's human error--not hardware or software glitches--that leaves networks vulnerable to attack. Robert agrees--and explains how writing about hacks can make things more secure. http://www.net-security.org/news.php?id=3105 BRITISH MAN ARRESTED FOR HACKING INTO FERMILAB COMPUTERS Computers at Fermi National Accelerator Laboratory are regularly scanned by hackers trying to get in. Most of the time, they can't. But once in a while, someone succeeds in tapping into computers at the facility near Batavia. http://www.net-security.org/news.php?id=3106 SECURITY: YES, IT'S PART OF YOUR JOB If evil doesn't get you, ignorance will. Learn what everyone needs to know about SE Linux and TCPA. http://www.net-security.org/news.php?id=3107 HYPE, HACKS, AND BAD PRESS The media, like all Internet users, will be bitten in the backside by the loss of freedom. It's a pity so few bother seeking facts to balance the “cyberterror” headlines. http://www.net-security.org/news.php?id=3108 STATES PASS LAWS TO PROTECT IDENTITY State lawmakers, alarmed by high-profile identity-theft scams, are adopting measures that could become models for a federal law protecting victims from the nation's fastest-growing crime. http://www.net-security.org/news.php?id=3109 INKRA VIRTUALISES THE SECURITY SWITCH Organisations may have difficulty scaling infrastructure and operations sufficiently to address network security developments. Inkra is a company that provides some thought leadership in the area. http://www.net-security.org/news.php?id=3110 PIRATE BOOTY: 1 BILLION COMPACT DISCS More than one billion illegally copied compact discs were sold last year, the latest sign that the beleaguered music industry is failing in its bid to wipe out piracy. http://www.net-security.org/news.php?id=3113 THE PERSISTENCE OF HOAX Vmyths.com is fading into the sunset, while the virus hoaxes it steadfastly debunked seem to live on forever. http://www.net-security.org/news.php?id=3114 COULD HACKERS LAUNCH A DENIAL-OF-SPAM ATTACK? I received several tempting offers in my e-mail inbox this morning. "Get free information on how a $10,000 investment could return $25,000 in less than 30 days." Others promise untold pleasures or reveal how I can reduce my debt. http://www.net-security.org/news.php?id=3115 PHYSICAL AND IT SECURITY 'WILL CONVERGE' Links between physical and virtual security must be thought through, according to Computer Associates' head of security software. http://www.net-security.org/news.php?id=3116 WALK-BY HACKING Most users don't realize that left untended, the wireless technology that can quickly connect computers will literally broadcast every bit of transmitted information to anyone with a computer and a $40 wireless networking card. http://www.net-security.org/news.php?id=3117 YOU'VE BEEN HACKED: WHAT TO DO IN THE FIRST HOUR What you do in the first hour after a hack attack can make a big difference to the ongoing security of your network - here are the most important steps to take. http://www.net-security.org/news.php?id=3118 SECURING FINANCIAL TRANSFERS Integration software provider Sterling Commerce Inc. announced new software capabilities that enable community banks to meet federal rules of privacy and security when moving financial data between banks and other financial institutions. http://www.net-security.org/news.php?id=3119 A QUANTUM LEAP IN CRYPTOGRAPHY Visionaries are using photons to develop data-security systems that may prove the ultimate defense against eavesdropping hackers. http://www.net-security.org/news.php?id=3120 HACKERS, SOFTWARE COMPANIES FEUD OVER DISCLOSURE OF WEAKNESSES As Muhammad Faisal Rauf Danka recalls it, he tried 10 times to call a software maker about a devastating security flaw in one of its most popular programs. http://www.net-security.org/news.php?id=3121 LINUX FIREWALL-RELATED /PROC ENTRIES This article will discuss Linux kernel variables and the effect they have on network security for your host or firewall. These variables determine the handling of network packets and are independent of any kernel filtering rules. http://www.net-security.org/news.php?id=3122 VIRUS ACTIVITY DURING THE FIRST HALF OF 2003 The first half of 2003 was generally quiet in terms of virus activity. However, this does not mean there was total calm, as in these first six months there were two major epidemics. http://www.net-security.org/virus_news.php?id=273 INTERVIEW: MORITZ SAYS CA WILL PLAY WITH BIG BOYS IN SECURITY CA's chief security strategist discusses company's security challenges. http://www.net-security.org/news.php?id=3124 STUDENTS SETTLE DEBIT-CARD CHEATING SUIT Two computer hackers admitted in a settlement Monday that they never completed a device that could cheat university campus debit card systems out of food, laundry machine use or sports tickets. http://www.net-security.org/news.php?id=3125 WIRELESS HAS ITS PROS, BUT IS NOT WITHOUT SECURITY IMPLICATIONS According to Chris Davis, executive at NamITrust, the enterprise security division within NamITech, WLANs have distinct security implications for organisations. http://www.net-security.org/news.php?id=3126 Microsoft toolkit helps build more secure web services Microsoft announced the release of a technology preview of the next version of its free toolkit for developers building Web services, Microsoft Web Services Enhancements 2.0. http://www.net-security.org/news.php?id=3127 SECURING CYBERSPACE: A SHARED DUTY Old equipment, poor practices, slow response blamed for sloppy security. http://www.net-security.org/news.php?id=3128 RED ALERT ON THE E-WAR FRONT Is it possible to take down a superpower using only a keyboard, a mouse and an internet connection? http://www.net-security.org/news.php?id=3129 PROGRAM FOCUSES ON SECURITY RESPONSE CERT introduced a program to certify information technology professionals in incident handling and response. http://www.net-security.org/news.php?id=3130 'OVERWHELMING' INCREASE IN HACK ATTACKS Report finds companies still failing to patch well-known vulnerabilities. http://www.net-security.org/news.php?id=3131 SYMANTEC 'SECURITY SCAN' DISTRIBUTES ROOTKIT Symantec Security Check has also been installing an on-line threat of its own in the form of a dangerous ActiveX control. http://www.net-security.org/news.php?id=3132 TEN WAYS TO DEFEND AGAINST VIRUSES Here are some ways to help prevent malicious code from wreaking havoc at your company. http://www.net-security.org/news.php?id=3133 ISPS RUSH TO FIX CISCO FLAW nternet service providers are vulnerable to a flaw in Cisco routers that could cause some Web sites and servers to become inaccessible, according to a major telecommunications company and network administrators familiar with the issue. http://www.net-security.org/news.php?id=3135 BLOGS: ANOTHER TOOL IN THE SECURITY PRO'S TOOLKIT (PART ONE) You can feed your addiction to information, get better security results, and spend less time doing it. My name is Scott, and I'm an information addict. http://www.net-security.org/news.php?id=3136 NETWORK SECURITY WARNINGS RING OUT The public sector's commitment to network security has evaporated since the President's Critical Infrastructure Protection Board was folded into the nation's Department of Homeland Security. http://www.net-security.org/news.php?id=3137 TOTALLY RANDOM How two math geeks with a lava lamp and a webcam are about to unleash chaos on the Internet. http://www.net-security.org/news.php?id=3138 BURDEN OF SPOOF If you got an e-mail from someone you didn't know asking for credit card numbers and personal financial information, would you give it to them? Actually, you might, if you're not careful. http://www.net-security.org/news.php?id=3139 HACKERS EXPLOIT LAX HOME WORKER SECURITY 350,000 remote workers' PCs are back doors into corporate networks, claims survey. http://www.net-security.org/news.php?id=3140 A NEW TOOL FOR COMBATING SPAM Users on GNU/Linux boxes have long enjoyed the comfort of battling spam using tools like SpamAssasin. Those living life on Redmond way have not been fortunate. The company's flagship products OutlookExpress and Microsoft Outlook are ill-equipped to filter out spam. The 'Rule' logic is woefully inadequate. http://www.net-security.org/news.php?id=3141 HOW TO COMBAT CYBERSTALKING Stalking is defined as "willful, malicious and repeated following and harassing of another person." http://www.net-security.org/news.php?id=3142 SENATE MOVES TO KILL PENTAGON TERRORISM SURVEILLANCE PROGRAM Without fanfare, senators debating defense spending for next year have proposed eliminating all money for the Pentagon's development of a vast computerized terrorism surveillance program that has raised privacy concerns. http://www.net-security.org/news.php?id=3143 MICROSOFT ADMITS FLAW IN WINDOWS SOFTWARE "This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Security. http://www.net-security.org/news.php?id=3144 UPLOAD A FILE, GO TO PRISON Two congressmen introduce a bill to criminalize the uploading of copyright works to peer-to-peer networks. The penalty: five years in prison and $250,000 in fines. Critics say the law goes too far. http://www.net-security.org/news.php?id=3146 BILL AIMS TO CURB NET CENSORSHIP Would-be Internet censors in places such as China and Myanmar could have a tougher time restricting the free flow of information, according to a measure that the U.S. House of Representatives approved. http://www.net-security.org/news.php?id=3147 WPA TO WHIP WIRELESS SECURITY INTO SHAPE Wired Equivalent Privacy, better known as WEP, has been one of the security industry's laughingstocks for years. However, a fix is in the works—again. Still, this time, the results look promising. http://www.net-security.org/news.php?id=3148 POOR FUNDING IS BIGGEST OBSTACLE TO EFFECTIVE IT SECURITY Inadequate funding remains the single largest obstacle to implementing effective IT security measures at most companies, according to a global survey by Ernst & Young International. http://www.net-security.org/news.php?id=3149 DON'T LET YOUR BABIES GROW UP TO BE HACKERS If there's one thing Sarah Gordon understands, it's the mind of the virus writer. In her current position as a senior research fellow for the Symantec Antivirus Research Center, Gordon conducts research on the ethical implications of technology and the psychological aspects of human-computer interaction. http://www.net-security.org/news.php?id=3150 THE LONG AND SHORT OF SNORT INTRUSION DETECTION Snort is not for the faint of heart. It requires a high level of technical aptitude, as well as knowledge about software security. And like most intrusion-detection products, it requires time to be tuned to a particular network environment. http://www.net-security.org/news.php?id=3151 HACKER TARGETS SOPHOS MOUTHPIECE A row has once again broken out between two of the virus world's best known characters -- Sophos senior technology consultant and mouthpiece Graham Cluley, and Gigabyte, a female Belgian hacker. http://www.net-security.org/news.php?id=3152 TROJAN TURNS VICTIMS INTO DDOS, SPAM ZOMBIES Anti-virus vendors are warning of the mass mailing of a new Trojan program "Webber" (aka "Heloc" and "Berbew") which is capable of turning infected PCs into pr0n or spam propagating zombies. http://www.net-security.org/news.php?id=3153 UNSHACKLING THE XBOX: HACKERS AND THE RIGHT TO TINKER The Xbox is a particularly attractive target for hackers because while it is essentially a standard PC modified to do only a few things, like play Xbox games, it is much cheaper than a PC. http://www.net-security.org/news.php?id=3154 LET'S SEE SOME ID The best candidate for the next temporary panic is RFID, the radio frequency ID tags that will one day replace barcodes. http://www.net-security.org/news.php?id=3155 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Bypassing ServerLock Protection on Windows 2000 http://www.net-security.org/vuln.php?id=2836 RAV Online Scanning ActiveX Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=2835 eStore SQL Injection Vulnerability and Path Disclosure Vulnerabilities http://www.net-security.org/vuln.php?id=2834 netCart Information Disclosure Vulnerability http://www.net-security.org/vuln.php?id=2833 Mail System 0.9 Beta Messages Database Retrieval Vulnerability http://www.net-security.org/vuln.php?id=2832 IBM U2 UniVerse uvadm User Can Exploit uvadmsh Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=2831 Microsoft Windows Operating Systems Shell Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=2830 Microsoft ISA Server Error Page Cross Site Scripting Vulnerability http://www.net-security.org/vuln.php?id=2829 Splatt Forum Post Icon HTML Injection Vulnerability http://www.net-security.org/vuln.php?id=2828 Grub Distributed Client Cleartext Passwords http://www.net-security.org/vuln.php?id=2827 ImageMagick Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=2826 NeoModus Direct Connect Remote Denial of Service Vulnerability http://www.net-security.org/vuln.php?id=2825 Linux nfs-utils xlog() Off-by-One Bug http://www.net-security.org/vuln.php?id=2824 Netscape 7.02 Client Detection Tool Plug-in Buffer Overrun Vulnerability http://www.net-security.org/vuln.php?id=2823 Asus AAM6000EV ADSL Router Information Disclosure Vulnerability http://www.net-security.org/vuln.php?id=2822 StoreFront 6.0 SQL Injection Vulnerability http://www.net-security.org/vuln.php?id=2821 ASP-DEV Discussion Forum V2.0 Information Disclosure Vulnerability http://www.net-security.org/vuln.php?id=2820 Invision Power Board v1.1.2 Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=2819 W-Agora 4.1.5 Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=2818 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- CERT Advisory CA-2003-17 - Exploit available for for the Cisco IOS Interface http://www.net-security.org/advisory.php?id=2251 Trustix Secure Linux Security Advisory - nfs-utils http://www.net-security.org/advisory.php?id=2250 Cisco Security Advisory - Cisco IOS Interface Blocked by IPv4 Packet (Update) http://www.net-security.org/advisory.php?id=2249 Cisco Security Advisory - Cisco IOS Interface Blocked by IPv4 Packet http://www.net-security.org/advisory.php?id=2248 CERT Advisory CA-2003-16 - Buffer Overflow in Microsoft RPC http://www.net-security.org/advisory.php?id=2247 CERT Advisory CA-2003-15 - Cisco IOS Interface Blocked by IPv4 Packet http://www.net-security.org/advisory.php?id=2246 Turbolinux Server Security Announcement - Ypserv denial of service attack http://www.net-security.org/advisory.php?id=2245 Debian Security Advisory - New php4 packages fix cross-site scripting vulnerability http://www.net-security.org/advisory.php?id=2244 SGI Security Advisory - Login Vulnerabilities http://www.net-security.org/advisory.php?id=2243 SGI Security Advisory - Multiple Vulnerabilities in Name Service Daemon (nsd) http://www.net-security.org/advisory.php?id=2242 Conectiva Linux Security Announcement - phpgroupware http://www.net-security.org/advisory.php?id=2241 Microsoft Security Bulletin MS03-027 - Unchecked Buffer in Windows Shell Could Enable System Compromise http://www.net-security.org/advisory.php?id=2240 Microsoft Security Bulletin MS03-028 - Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack http://www.net-security.org/advisory.php?id=2239 Microsoft Security Bulletin MS03-026 - Buffer Overrun In RPC Interface Could Allow Code Execution http://www.net-security.org/advisory.php?id=2238 Mandrake Linux Security Update Advisory - kernel http://www.net-security.org/advisory.php?id=2237 Immunix Secured OS Security Advisory - nfs-utils http://www.net-security.org/advisory.php?id=2236 Slackware Security Advisory - nfs-utils packages replaced http://www.net-security.org/advisory.php?id=2235 Debian Security Advisory - New falconseye packages fix buffer overflow http://www.net-security.org/advisory.php?id=2234 Conectiva Linux Security Announcement - ucd-snmp http://www.net-security.org/advisory.php?id=2233 Conectiva Linux Security Announcement - mpg123 http://www.net-security.org/advisory.php?id=2232 SuSE Security Announcement - nfs-utils http://www.net-security.org/advisory.php?id=2231 Red Hat Security Advisory - Updated Mozilla packages fix security vulnerability http://www.net-security.org/advisory.php?id=2230 Slackware Security Advisory - nfs-utils off-by-one overflow fixed http://www.net-security.org/advisory.php?id=2229 Apple Security Advisory - Screen Effects Password http://www.net-security.org/advisory.php?id=2228 Red Hat Security Advisory - Updated nfs-utils packages fix denial of service http://www.net-security.org/advisory.php?id=2227 CERT Advisory CA-2003-14 - Buffer Overflow in Microsoft Windows HTML Conversion Library http://www.net-security.org/advisory.php?id=2226 Debian Security Advisory - New nfs-utils package fixes buffer overflow http://www.net-security.org/advisory.php?id=2225 Debian Security Advisory - New traceroute-nanog packages fix integer overflow http://www.net-security.org/advisory.php?id=2224 Conectiva Linux Security Announcement - gnupg http://www.net-security.org/advisory.php?id=2223 Gentoo Linux Security Announcement - gtksee http://www.net-security.org/advisory.php?id=2222 Gentoo Linux Security Announcement - ypserv http://www.net-security.org/advisory.php?id=2221 Gentoo Linux Security Announcement - unzip http://www.net-security.org/advisory.php?id=2220 Gentoo Linux Security Announcement - cistonradius http://www.net-security.org/advisory.php?id=2219 Trustix Secure Linux Security Advisory - apache http://www.net-security.org/advisory.php?id=2218 ---------------------------------------------------------------- [ Featured articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to staff@net-security.org ---------------------------------------------------------------- SECURE SHARED HOSTING WITH IIS 5.0 This guide provides technical solutions, methodologies and a step-by-step explanation on how to build secure IIS 5.0 servers. http://www.net-security.org/article.php?id=525 CHANGING THE GAME The e-enabled workplace is constantly demanding more from its creators. Geoff Haggart, VP for EMEA at Websense explains how employee Internet management (EIM) has come of age. http://www.net-security.org/article.php?id=526 ---------------------------------------------------------------- [ Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- MASTERING RED HAT LINUX 9 Here it is again, another book dedicated to Red Hat Linux. As a fan of the operating system I jumped right on it to see what it can offer compared to the other books on the same subject. Is it worth having on your bookshelf? Read on to find out. http://www.net-security.org/review.php?id=88 MPLS AND VPN ARCHITECTURES, CCIP EDITION If you are a regular Help Net Security visitor, you are probably familiar with Cisco Press titles, that are intended for the readers interested in getting some kind of a Cisco Systems certification. Due to the solely technical content of this book, the review is slightly different, as it provides the readers with an overview on this publication. http://www.net-security.org/review.php?id=87 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php ---------------------------------------------------------------- ActivCard Announces Close of Follow-on Exchange Offer http://www.net-security.org/press.php?id=1546 Zone Labs Products Protect Against Latest Microsoft Vulnerability http://www.net-security.org/press.php?id=1545 Internet Risk Impact Summary Report for Q2 2003 http://www.net-security.org/press.php?id=1544 Siemens Leads Healthcare Industry in Protecting Privacy of Medical Information http://www.net-security.org/press.php?id=1543 Zix Corporation Provides Cole Vision with e-Messaging Protection Services http://www.net-security.org/press.php?id=1542 DigiGAN Discusses National Security with US Rep. Christopher Shays (R-CT) and Intelligence and Defense Communities http://www.net-security.org/press.php?id=1541 Who Changed Your Active Directory And Group Policy Settings? http://www.net-security.org/press.php?id=1540 Tumbleweed Releases E-Mail Firewall Appliance For Fighting Spam http://www.net-security.org/press.php?id=1539 Utimaco Safeware becomes active Member of Trusted Computing Group http://www.net-security.org/press.php?id=1538 Kaspersky Labs and Multi-Tech Combine Products for Added Anti-Virus Protection http://www.net-security.org/press.php?id=1537 ActivCard Announces Extension of Follow-on Tender Offer Period for Exchange Of ActivCard S.A. Securities http://www.net-security.org/press.php?id=1536 The Administrator Shortcut Guide to Email Protection Immediately Available http://www.net-security.org/press.php?id=1535 Huntsman Selects Ubizen to Provide Outsourced Managed Security Services http://www.net-security.org/press.php?id=1534 Sophos Brings Industrial-Strength Virus Protection to Mac OS X http://www.net-security.org/press.php?id=1533 Panda Software Launches VirusPortal, a New Global Virus Observatory Service For All Users http://www.net-security.org/press.php?id=1532 ---------------------------------------------------------------- [ Security Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- MPSCAN 0.1.0 mpscan is a parallel network scanner that checks for open ports. It uses select() to increase its speed and was designed for rapidly scanning large networks, but also works with a single IP. http://www.net-security.org/software.php?id=503 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Weekly Virus Report - Klys, Gruel.B, Lohack.B and Mofei.C Worms http://www.net-security.org/virus_news.php?id=275 Gruel Worm Pretends to Patch Latest Microsoft Windows Security Hole http://www.net-security.org/virus_news.php?id=274 Virus Activity During the First Half of 2003 http://www.net-security.org/virus_news.php?id=273 Lohack.B Worm Pretends to be From Panda Software http://www.net-security.org/virus_news.php?id=272 New Viral Marketing Stunt Has Similar Impact to a Real Virus http://www.net-security.org/virus_news.php?id=271 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Subscribe to this weekly digest on: http://www.net-security.org/subscribe.php Unsubscribe by sending the e-mail address you are subscribed with to: info@net-security.org with UNSUBSCRIBE in the message body. The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ---------------------------------------------------------------- ALERT: How a Hacker Launches a SQL Injection Attack ---------------------------------------------------------------- It's as simple as placing additional SQL commands into an input box on a web form giving hackers complete access to all your backend data! Firewalls and IDS will not stop SQL Injection attempts because they are NOT seen as intrusions. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! ---------------------------------------------------------------- http://www.spidynamics.com/mktg/sqlinjection56 ----------------------------------------------------------------