HNS Newsletter
Issue 172 - 28.07.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


----------------------------------------------------------------
ALERT: How a Hacker Launches a SQL Injection Attack
----------------------------------------------------------------
It's as simple as placing additional SQL commands into an input 
box on a web form giving hackers complete access to all your 
backend data!

Firewalls and IDS will not stop SQL Injection attempts because 
they are NOT seen as intrusions.

Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection!
----------------------------------------------------------------
http://www.spidynamics.com/mktg/sqlinjection56
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Security world
6) Software
7) Virus news


[ Security news ]

 
----------------------------------------------------------------

FORENSIC LOG PARSING WITH MICROSOFT'S LOGPARSER
The purpose of this article is to demonstrate log file forensics 
for IIS using SQL queries with Microsoft's LogParser tool.
http://www.net-security.org/news.php?id=3157


HACKERS ATTACK CISCO FLAW
Hackers made some attempts Friday to bring down network routing 
gear by exploiting a flaw in Cisco Systems Inc. equipment that 
carries the bulk of the world's Internet traffic.
http://www.net-security.org/news.php?id=3158


MISSING COMPUTER ADDS TO AIRPORT SCREENERS' WOES
Federal officials are quietly scouring the Washington, D.C., area 
for a stolen laptop computer loaded with vital information on 
dozens of airport baggage and passenger screeners that could 
be used to forge IDs.
http://www.net-security.org/news.php?id=3159


WAITING FOR THE WORMS
The hole's been announced, the patch has been released. Now 
there's nothing to do but wait for the worm to come and wreak 
its ugly havoc.
http://www.net-security.org/news.php?id=3160


GUILTY PLEA IN KINKO'S KEYSTROKE CAPER
If you used a computer at a Kinko's in New York City last year, 
or the year before, there's a good chance that JuJu Jiang 
was watching.
http://www.net-security.org/news.php?id=3161


INCREASING WINDOWS 2000 AND XP SECURITY
This article will identify common security threats and services 
to disable.
http://www.net-security.org/news.php?id=3162


GETTING CERTIFIED IN INFORMATION SECURITY
The CISSP is a good complement to your BCI/DRII certifications.
http://www.net-security.org/news.php?id=3163


CONGRESS TAKES SMALL STEPS ON PRIVACY LEGISLATION
Bill's passing in doubt due to opposition from within 
technology industry.
http://www.net-security.org/news.php?id=3164


MAJOR BANKS TO MEET AFTER INTERNET BANKING FRAUD
Banking group Absa says it will have discussions with other 
major banks today about the challenges faced by internet 
banking fraud.
http://www.net-security.org/news.php?id=3165


CHAT CHANNELS MAKE ONLINE FRAUD EASIER
Groups use Net to sell credit-card data, swap hacking tips.
http://www.net-security.org/news.php?id=3166


STUDY: SECURITY ISSUES BLOCK WIDESPREAD MOBILE APP DEPLOYMENT
Fear of a security breach is hindering more widespread deployment 
of wireless applications, according to the latest Roundtable 
discussion hosted by Sage Research Inc.
http://www.net-security.org/news.php?id=3169


CRIME PAYS FOR IDENTITY THIEVES
The number of consumers who have fallen prey to identity 
thieves is severely underreported, market researcher 
Gartner said in a survey.
http://www.net-security.org/news.php?id=3170


WIRELESS LAN SECURITY FALLS SHORT OF EXPECTATIONS
Security is still the number-one inhibitor to enterprise adoption 
of wireless lan technologies, says META group.
http://www.net-security.org/news.php?id=3171


CON ARTISTS PRETENDING TO BE INTERNET COMPANIES
Stealing identities and credit card numbers with bogus e-mail 
and Web sites that appear to come from legitimate companies 
is an increasing problem on the Internet.
http://www.net-security.org/news.php?id=3172


THE NEXT BIG LINUX CONTROVERSY
It's the next big Linux controversy: Who should be liable if 
customers wind up using software that was created from 
misappropriated intellectual property?
http://www.net-security.org/news.php?id=3173


FEDS NAB TEEN WHO SCAMMED AOL
The Federal Trade Commission settles charges against a 
17-year-old boy who used spam to snooker AOL customers 
into giving him their credit-card numbers. After going on a 
shopping spree, he's agreed to repay the money and spam 
no more.
http://www.net-security.org/news.php?id=3174


PRIVATE-SECTOR IT EXECS SEE DIMINISHED CYBERSECURITY ROLE
A major DHS cyber security post remains vacant.
http://www.net-security.org/news.php?id=3175


PERVASIVE.SQL GETS SECURITY BOOST
Pervasive Software Inc. on Tuesday rolled out the beta of an 
update to its embeddable database engine that's bristling with 
security enhancements.
http://www.net-security.org/news.php?id=3176


HACKERS LOSE A PATRON SAINT
If there is a heaven, the angels are in for a hell of a time when 
Jude Milhon, the Internet's real and very earthy patron saint of 
hacking, shows up.
http://www.net-security.org/news.php?id=3177


HACKERS WARDRIVE INTO WIRELESS
DEFCON 11 is taking place at the Alexis Park Hotel, Las Vegas on 
August 1-3, 2003. Admission is $75 in U.S. currency at the door 
-- cash only.
http://www.net-security.org/news.php?id=3178


SECURITY WITHOUT THE SWEAT
SSL VPNs ease the burden of securing large-scale Internet 
applications.
http://www.net-security.org/news.php?id=3179


'PHISHING' E-MAIL SCAMS REEL IN IDS
The Web sites look real and the information sought seems 
justified. But it's really the latest form of e-mail scam, 
called "brand spoofing," "carding" or "Phishing."
http://www.net-security.org/news.php?id=3180


HACKING INTO BANK ACCOUNTS IS DEAD EASY, SAY EXPERTS
Hacking into a bank account is frighteningly easy. All one 
needs is a rudimentary know-ledge of computers, spy software 
easily downloaded from the internet and a vulnerable PC.
http://www.net-security.org/news.php?id=3181


WHY BIOMETRICS IS NO MAGIC BULLET
This promising ID technology works best in controlled situations - 
which are hardly the norm in the real world.
http://www.net-security.org/news.php?id=3182


UK.GOV URGED TO CRACK DOWN ON ID THEFT
The Government has been urged to take steps to help combat 
the growing problem of identity fraud, which costs the UK 
economy a massive £1.3 billion a year.
http://www.net-security.org/news.php?id=3183


WINDOWS PASSWORDS BROKEN IN SECONDS
Swiss researchers can crack a Windows password in 13.6 seconds.
http://www.net-security.org/news.php?id=3184


DETECTING SQL INJECTION IN ORACLE
This paper takes the subject of SQL injection further and 
investigates the possibilities for the Oracle Database 
Administrator to detect SQL injection in the wild.
http://www.net-security.org/news.php?id=3185


IF YOU CAN'T STAND THE HEAT, DON'T CALL 'EM
If you're not prepared to deal with the consequences of bringing 
in the authorities, making that phone call can be a bad business 
move.
http://www.net-security.org/news.php?id=3186


KEYS TO THE KINGDOM
Networks carry the lifeblood of the enterprise—and in so doing, 
offer increasingly porous defences against attack.
http://www.net-security.org/news.php?id=3187


CISCO FLAW: FEARS EASE
Despite fears that a flaw in the software that controls most of 
the routers and switches in the Internet would lead to widespread 
attacks and outages, security monitoring companies say they 
have seen little indication of that happening.
http://www.net-security.org/news.php?id=3188


WEB APPLICATIONS OPEN TO HACK ATTACKS
Resulting 'serious flaws' leave 97 per cent of sites open to abuse.
http://www.net-security.org/news.php?id=3191


PRIVACY: FOR EVERY ATTACK, A DEFENSE
Yes, it's a grueling battle. However, as threats pop up constantly 
on fronts old and new, concerned citizens and like-minded 
legislators quickly parry.
http://www.net-security.org/news.php?id=3192


AUSTRALIA TO BAN SPAM
Australia's government will ban unsolicited commercial email 
later this year.
http://www.net-security.org/news.php?id=3193


IDENTITY THEFT ROCKETS 80 PER CENT
And the danger isn't only on the internet, warns analyst.
http://www.net-security.org/news.php?id=3194


WELLS FARGO CUSTOMERS HIT WITH E-MAIL SCAM
Message included an attachment used to collect passwords 
from recipients' PCs.
http://www.net-security.org/news.php?id=3195


3 THINGS YOU DON'T WANNA KNOW ABOUT YOUR PERSONAL INFORMATION
Maybe it's time to start reading those long, boring and deliberately 
confusing privacy policies after all.
http://www.net-security.org/news.php?id=3196


BEST NETWORK PORT SCANNERS FOR LINUX
The important thing to remember about network scanning is that 
new security flaws come out every day. As with antivirus software, 
scanners need to be updated with new signatures, or "checks," 
to recognize a flaw.
http://www.net-security.org/news.php?id=3197


SECURITY THREATS THAT CAN'T BE STOPPED
"Companies sometimes attempt to secure everything to the same 
level," Bernie Cowens of Rainbow Technologies said. "As a result, 
either routine access becomes too hard or insufficient protection 
is afforded to highly sensitive data."
http://www.net-security.org/news.php?id=3198


SPAM CLIENTS OUTED, CREDIT CARD DETAILS PUBLISHED
Anti-spam activists have upped the ante in their fight against 
junk email by publishing the details - including credit card 
information - of people who've ordered spamming services 
online.
http://www.net-security.org/news.php?id=3200


LEARNING TO LIVE WITH SECURITY BUGS
Near-simultaneous vulnerability announcements from Microsoft 
and Cisco force IT professionals to make peace with vulnerable 
technology.
http://www.net-security.org/news.php?id=3201


DEMONSTRATING ROI FOR PENETRATION TESTING (PART ONE)
This is the first in a series of articles demonstrating ROI (return 
on investment) for a penetration test. You will have to step into 
the world of budgeting, cost justification, resource allocation, 
and learn a few unfamiliar terms.
http://www.net-security.org/news.php?id=3202


CSOS CREATING CULTURAL CHANGE
The convergence of physical and IT security is driving the 
appointment of chief security officers within the enterprise, 
a new title that is creating cultural change, the senior 
cybersecurity consultant at Pinkerton Australia Pty. 
Ltd., Atif Ahmad, said.
http://www.net-security.org/news.php?id=3203


PEERING OVER THE FIREWALL
Using Snort and a homemade read-only cable to follow 
network traffic.
http://www.net-security.org/news.php?id=3204


ORACLE, MICROSOFT WARN OF DATABASE FLAWS
Both Oracle Corp. and Microsoft Corp. have discovered new 
vulnerabilities in their databases, the two companies reported.
http://www.net-security.org/news.php?id=3205


CHARNEY TELLS CONGRESS VULNERABILITIES ARE A FACT OF LIFE
He acknowledged the arguments for and against single-vendor 
IT environments.
http://www.net-security.org/news.php?id=3206


SCIENTISTS: HIGH-TECH VOTES CAN BE HACKED
Software flaws in a high-tech voting system could allow vandals 
to tamper with election results in several US states, computer 
security researchers said on Thursday.
http://www.net-security.org/news.php?id=3207


CREDIT CARD HACKERS SWAP TRICKS ONLINE
Chatrooms used for sharing hints and tips in growing business 
of ID theft.
http://www.net-security.org/news.php?id=3208


PEOPLE WANT ANTISPAM REGISTRY, SENATOR SAYS
74% surveyed support national do-not-spam list.
http://www.net-security.org/news.php?id=3209

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Verizon Wireless .JSP Vulnerability
http://www.net-security.org/vuln.php?id=2847


Novell Netware Web Server PERL Handler Buffer 
Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2846


Microsoft IIS 6.0 Web Admin Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2845


Microsoft Windows 2000 RPC DCOM Interface Denial 
of Service and Privilege Escalation Vulnerabilities
http://www.net-security.org/vuln.php?id=2844


AtomicBoard-0.6.2 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2843


Netterm netftpd Remote Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=2842


WebCalendar Include File Vulnerability
http://www.net-security.org/vuln.php?id=2841


Drupal Cross Site Scripting Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2840


MSN Messenger 6.0 Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2839


Simpnews Include File Vulnerability
http://www.net-security.org/vuln.php?id=2838


Witango and Tango 2000 Application Server 
Remote System Buffer Overrun Vulnerability
http://www.net-security.org/vuln.php?id=2837

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

SGI Security Advisory - Emulex FibreChannel Hub 
Vulnerable to SNMP DoS Attack
http://www.net-security.org/advisory.php?id=2288


SCO Security Advisory - OpenServer 5.0.5 OpenServer 5.0.6: 
Samba security update available avaliable for download
http://www.net-security.org/advisory.php?id=2287


Red Hat Security Advisory - Updated stunnel packages 
fix signal vulnerability
http://www.net-security.org/advisory.php?id=2286


Mandrake Linux Security Update Advisory - kernel (update)
http://www.net-security.org/advisory.php?id=2285


SOT Linux Security Advisory - Updated xpdf package 
for SOT Linux 2003
http://www.net-security.org/advisory.php?id=2284


Conectiva Linux Security Announcement - apache
http://www.net-security.org/advisory.php?id=2283


Guardian Digital Security Advisory - kernel several 
local vulnerabilities
http://www.net-security.org/advisory.php?id=2282


Apple Security Advisory - Workgroup Manager in 
Mac OS X Server
http://www.net-security.org/advisory.php?id=2281


Mandrake Linux Security Update Advisory - mpg123
http://www.net-security.org/advisory.php?id=2280


Mandrake Linux Security Update Advisory - xpdf
http://www.net-security.org/advisory.php?id=2279


Microsoft Security Bulletin MS03-031 - Cumulative 
Patch for Microsoft SQL Server
http://www.net-security.org/advisory.php?id=2278


Microsoft Security Bulletin MS03-029 - Flaw in Windows 
Function Could Allow Denial of Service
http://www.net-security.org/advisory.php?id=2277


Microsoft Security Bulletin MS03-030 - Unchecked 
Buffer in DirectX Could Enable System Compromise
http://www.net-security.org/advisory.php?id=2276


Conectiva Linux Security Announcement - phpgroupware
http://www.net-security.org/advisory.php?id=2275


Red Hat Security Advisory - Updated semi packages 
fix vulnerability
http://www.net-security.org/advisory.php?id=2274


Mandrake Linux Security Update Advisory - phpgroupware
http://www.net-security.org/advisory.php?id=2273


Novell Security Advisory - Enterprise Web Server 
PERL Handler Buffer Overflow
http://www.net-security.org/advisory.php?id=2272


Turbolinux Security Announcement - nfs-utils xlog() 
off-by-one bug
http://www.net-security.org/advisory.php?id=2271


Debian Security Advisory - New fdclone packages fix 
insecure temporary directory usage
http://www.net-security.org/advisory.php?id=2270


Conectiva Linux Security Announcement - cups
http://www.net-security.org/advisory.php?id=2269


Conectiva Linux Security Announcement - kernel
http://www.net-security.org/advisory.php?id=2268


Conectiva Linux Security Announcement - nfs-utils
http://www.net-security.org/advisory.php?id=2267


SCO Security Advisory - OpenServer 5.0.6, OpenServer 5.0.7: 
Security vulnerability in Merge prior to Release 5.3.23a
http://www.net-security.org/advisory.php?id=2266


Mandrake Linux Security Update Advisory - nfs-utils
http://www.net-security.org/advisory.php?id=2265


Mandrake Linux Security Update Advisory - apache2
http://www.net-security.org/advisory.php?id=2264


Mandrake Linux Security Update Advisory - kernel
http://www.net-security.org/advisory.php?id=2263


SCO Security Advisory - OpenServer 5.0.x: Security 
vulnerability in Merge prior to Release 5.3.23a
http://www.net-security.org/advisory.php?id=2262


Conectiva Linux Security Announcement - apache
http://www.net-security.org/advisory.php?id=2261


Red Hat Security Advisory - Updated Mozilla packages 
fix security vulnerability
http://www.net-security.org/advisory.php?id=2260


Red Hat Security Advisory - Updated 2.4 kernel fixes 
vulnerabilities
http://www.net-security.org/advisory.php?id=2259


SOT Linux Security Advisory - Updated zlib package 
for SOT Linux 2003
http://www.net-security.org/advisory.php?id=2258


SOT Linux Security Advisory - Updated tcpdump 
package for SOT Linux 2003
http://www.net-security.org/advisory.php?id=2257


SOT Linux Security Advisory - Updated LPRng package 
for SOT Linux 2003
http://www.net-security.org/advisory.php?id=2256


SOT Linux Security Advisory - Updated kernel package 
for SOT Linux 2003
http://www.net-security.org/advisory.php?id=2255


SOT Linux Security Advisory - Updated gnupg package 
for SOT Linux 2003
http://www.net-security.org/advisory.php?id=2254


Gentoo Linux Security Announcement - nfs-utils
http://www.net-security.org/advisory.php?id=2253


Gentoo Linux Security Announcement - gnupg
http://www.net-security.org/advisory.php?id=2252

----------------------------------------------------------------




[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

INTERVIEW WITH RAFEEQ UR REHMAN
The author of "Intrusion Detection with SNORT: Advanced IDS 
Techniques Using SNORT, Apache, MySQL, PHP, and ACID" 
discusses open source security, intrusion detection and the 
disclosure of vulnerabilities.
http://www.net-security.org/article.php?id=527


AN OVERVIEW OF ISSUES IN TESTING INTRUSION DETECTION SYSTEMS
While intrusion detection systems are becoming ubiquitous defenses 
in today's networks, currently we have no comprehensive and 
scientifically rigorous methodology to test the effectiveness 
of these systems.
http://www.net-security.org/article.php?id=528


BLACK HAT BRIEFINGS 2003 KEYNOTE SPEAKERS ANNOUNCED
Read on to see who are the keynote speakers for this summer's 
Black Hat Briefings, the annual conference and workshop designed 
to help computer professionals better understand the security 
risks to their computer and information infrastructures by 
potential threats.
http://www.net-security.org/article.php?id=529


APACHE 1.3.28 HAS BEEN RELEASED
The Apache Group released version 1.3.28 of the Apache HTTP 
Server. This version of Apache is principally a security and bug 
fix release.
http://www.net-security.org/article.php?id=530

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

Verizon Wireless Bug allows Text Message Tapping
http://www.net-security.org/press.php?id=1557


PKI Thriving as Authentication and Authorisation Technology
http://www.net-security.org/press.php?id=1556


(ISC)2 Launches New Certification For U.S. National 
Security Information Security Professionals
http://www.net-security.org/press.php?id=1555


Sygate Names Former Cybersecurity Czar Howard 
Schmidt To Board Of Directors
http://www.net-security.org/press.php?id=1554


RSA Security Announces Resolution of SEC Inquiry
http://www.net-security.org/press.php?id=1553


GFI LANguard N.S.S. 3.3 Extends Patch Management 
to Other Language Versions
http://www.net-security.org/press.php?id=1552


Ubizen Wins Major North American Managed Security 
Services Deal
http://www.net-security.org/press.php?id=1551


Kaspersky Anti-Virus Solutions Enhance NETASQ 
Intrusion Prevention Firewalls
http://www.net-security.org/press.php?id=1550


Network Associates' Suite of Consumer Security Solutions 
Wins Smart Computing's 'Smart Choice' Award
http://www.net-security.org/press.php?id=1549


Meetinghouse Announces AEGIS Client 2.1 For Windows
http://www.net-security.org/press.php?id=1548


Sophos EM Reporter Highlights The Virus Hotspots 
Inside Companies
http://www.net-security.org/press.php?id=1547

----------------------------------------------------------------




[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

EXODUS 20030722-2336
Exodus is a tool designed to assist security practitioners and 
other curious people to observe and manipulate conversations 
between a browser and a server. It supports HTTP and HTTPS, 
and fakes the upstream SSL server to allow decrypting of 
the content.
http://www.net-security.org/software.php?id=504


THREATSENTRY 1.0
ThreatSentry is an advanced neural application that uses a 
complex automated learning process, a knowledge-base of 
documented exploits, and an analytic model specifically 
designed for Microsoft IIS, to continuously collect, analyze 
and organize server events into an evolving baseline of 
acceptable activity.
http://www.net-security.org/software.php?id=505


PRIVATEFIREWALL 3.0
Privatefirewall is a powerful desktop Firewall and intrusion 
detection application that eliminates unauthorized access 
to your PC and protects your computer and data from 
attackers.
http://www.net-security.org/software.php?id=506

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Virus Forecast for the Second Half of 2003
http://www.net-security.org/virus_news.php?id=276

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending the e-mail address you are subscribed
with to: info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
ALERT: How a Hacker Launches a SQL Injection Attack
----------------------------------------------------------------
It's as simple as placing additional SQL commands into an input 
box on a web form giving hackers complete access to all your 
backend data!

Firewalls and IDS will not stop SQL Injection attempts because 
they are NOT seen as intrusions.

Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection!
----------------------------------------------------------------
http://www.spidynamics.com/mktg/sqlinjection56
----------------------------------------------------------------