HNS Newsletter
Issue 176 - 25.08.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


-------------------------------------------------------------------
ALERT: ARE YOU "POSITIVE" THAT YOUR SECURITY POLICY WORKS? 
-------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web 
application attacks - the most common form of online exploitation - 
resulting in Web defacement, data theft, sabotage and fraud. KaVaDo 
provides the first and only integrated Web application Scanner and 
Firewall security suite. 

Download a FREE whitepaper on Security Policy Automation for 
Web Applications - http://www.net-security.org/v/kavado 
-------------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Security world
7) Software
8) Virus news


[ Security news ]

 
----------------------------------------------------------------

CYBER-SECURITY: SET A THIEF TO CATCH A THIEF
The recent much-hyped internet hacks and "worm" virus that have 
hit banks in South Africa may have shocked most people but came 
as no surprise to a Cape Town teenager.
http://www.net-security.org/news.php?id=3357


WIRELESS NETWORKING
Remember how fun it was to get your first Net connection working? 
It's like that.
http://www.net-security.org/news.php?id=3358


FREEBSD ACCESS CONTROL LISTS
Unix permissions are flexible and can solve almost any access 
control problem, but what about the ones they can't?
http://www.net-security.org/news.php?id=3359


MICROSOFT.COM FALLS TO DOS ATTACK
Microsoft's main Web site was inaccessible for two hours Thursday 
evening, the victim of an Internet-borne DOS attack, the company 
said.
http://www.net-security.org/news.php?id=3360


THE END OF E-MAIL VIRUSES AND ANTIVIRUS APPS
The MSBlast worm that wreaked havoc last week signals a sea 
change in the virus world. E-mail viruses are on their way out, 
says Robert, and so are antivirus solutions as we know them 
today.
http://www.net-security.org/news.php?id=3361


CRYPTOGRAPHY LOCKS DOWN WAP AND P2P TRANSMISSIONS
Find out how you can make your wireless apps a little safer.
http://www.net-security.org/news.php?id=3362


THINK LIKE A HACKER: THE BEST SCANNING TOOLS
They may be the best way to make sure your network is safe, 
but today's scanning appliances are far more complex than the 
simple tools of yesteryear.
http://www.net-security.org/news.php?id=3363


FORENSIC PLAN KEY TO HACKER PROSECUTION: DETECTIVE
Having a forensic readiness plan is critical to a company's 
ability to prosecute a computer-based attacker, a detective 
of Victoria's computer crime squad has told the Hack 2003 
conference in Melbourne.
http://www.net-security.org/news.php?id=3364


LANGA LETTER: MANAGING YOUR WINDOWS XP PASSWORDS
Losing a Windows XP password is surprisingly common! Here 
are Fred's suggestions about how to get back into your 
accounts and files.
http://www.net-security.org/news.php?id=3365


GARTNER PREDICTS MORE SERIOUS INTERNET SECURITY INCIDENTS
With more than 600 million individuals worldwide now on the 
Internet, cybercriminals are taking advantage of users, 
enterprises and unsecured systems to usher in a new era 
of high-profit, low-overhead crimes, according to Gartner.
http://www.net-security.org/news.php?id=3366


MRTG FOR INTRUSION DETECTION WITH IIS 6
This article explains how to use a Multi Router Traffic Grapher 
(MRTG) to see the big picture of your network traffic and to 
help visually spot attacks.
http://www.net-security.org/news.php?id=3369


ARE YOU A GOOD OR A BAD WORM?
A new worm being circulated on the Internet is designed to kill 
MSBlaster, the worm that wreaked havoc on computers last 
week. Some security officials are not amused.
http://www.net-security.org/news.php?id=3370


THE IT SECURITY SPENDING CONUNDRUM
The market is growing, revenues are up, spending has not 
increased. Er, what's up?
http://www.net-security.org/news.php?id=3371


INTERNET INFORMATION SCAM USES CITI LOGO
Citigroup Inc.'s corporate logo is the latest one to be lifted 
by Internet scammers as a way to steal information from 
unwitting consumers.
http://www.net-security.org/news.php?id=3372


POCKET WI-FI SNIFFERS END MISSING HOTSPOT MISERY
Road warriors know the frustration: you're in a foreign city 
and want to find a Wi-Fi access point.
http://www.net-security.org/news.php?id=3373


NO NEW SERVICE PACK FOR WIN XP UNTIL LATE NEXT YEAR
Microsoft won't release a second service pack for Windows 
XP until the second half of next year, giving users more 
responsibility for applying individual patches and updates.
http://www.net-security.org/news.php?id=3374


DIRECTX ATTACK EXPECTED - PATCH WINDOWS NOW
Following last week's MSBlast worm attack, security experts 
at Microsoft and other firms are worried that a recently 
discovered vulnerability in DirectX could cause even 
more problems.
http://www.net-security.org/news.php?id=3375


SOBIG IS BACK, BADDER THAN EVER
The Sobig email virus which caused havoc two months ago 
has reappeared in a virulent new form, according to email 
service provider MessageLabs.
http://www.net-security.org/news.php?id=3376


VULNERABILITY ASSESSMENT IS NO LONGER AN AD HOC LUXURY
The risk of information security vulnerabilities in the global 
(and more specifically) South African business landscape, 
is unfortunately, an ever-increasing and alarmingly constant.
http://www.net-security.org/news.php?id=3377


MICROSOFT CELEBRATES FIFTEEN YEARS OF POOR SECURITY
That the Blaster worm should spread as rapidly as it did was 
testament to one thing only, the poor security in Microsoft's 
software.
http://www.net-security.org/news.php?id=3378


WORM AND VIRUS OVERLOAD NETWORKS
Corporate networks worldwide are struggling under the double 
burden of the "good" MSBlast variant and a new version of the 
malicious Sobig email virus.
http://www.net-security.org/news.php?id=3381


COMPUTER VIRUS HINDERS AIR CANADA OPERATIONS
A computer virus designed to inoculate against another 
infection brought down some computer networks Tuesday, 
forcing Air Canada to check in passengers manually at 
airports across the country.
http://www.net-security.org/news.php?id=3382


NAVY'S INTRANET CRIPPLED BY WORM OUTBREAK
The Navy confirmed today that its multibillion-dollar Navy/Marine 
Corps Intranet (N/MCI) has been taken off-line by what could be 
a combined onslaught of the Blaster worm variant and Sobig.F 
Internet worms, which are spreading fast.
http://www.net-security.org/news.php?id=3383


LEGISLATION HAS SPAM ON THE RUN
There is now a better understanding among lawmakers over 
how the Internet works -- a change from the early 1990s 
when a lack of knowledge resulted in such unpopular 
measures as the Communications Decency Act.
http://www.net-security.org/news.php?id=3384


HOST-HOPPING SCRIPTS IN PYTHON
How and why I used SSH, Python and Expect to transfer Web 
logs to a central computer for processing.
http://www.net-security.org/news.php?id=3385


PALM WI-FI PDA GETS AEGIS SECURITY
Palm's Tungsten C Wi-Fi PDA is now backed by Meetinghouse's 
Aegis enterprise-oriented WLAN access authentication software, 
the network security specialist said.
http://www.net-security.org/news.php?id=3386


SLAMMER WORM CRASHED OHIO NUKE PLANT NETWORK
A computerized safety monitoring system at the Davis-Besse 
nuclear plant was crippled after the worm entered through 
the business network of the plant's operator, FirstEnergy Corp.
http://www.net-security.org/news.php?id=3387


SCAMS THAT STING EVEN SMART PEOPLE
You can't avoid all of them but you can at least try 
to minimize the damage.
http://www.net-security.org/news.php?id=3388


SMALL FIRMS SHUN IT SECURITY
Despite large numbers of computer systems being struck down 
with deadly viruses over the past weeks, almost one-third of 
small firms do not think anti-virus or firewall protections is 
important to their business.
http://www.net-security.org/news.php?id=3389


POWERFUL WIRELESS SECURITY TOOLS FOR FREE
For a network administrator or curious end-user looking to do 
basic sniffing of the airwaves for WLAN traffic and locations, 
Kismet, NetStumbler and AirSnort have a price that's hard 
to beat.
http://www.net-security.org/news.php?id=3390


RISC PROCESSOR TAKES NETWORK SECURITY ONBOARD
The SH7710 32bit RISC microprocessor features an IPsec 
accelerator for fast encryption and communication processing.
http://www.net-security.org/news.php?id=3392


SMALL FIRMS IGNORE SECURITY PROTECTION
Survey finds firewall and antivirus software considered 
unimportant by SMEs.
http://www.net-security.org/news.php?id=3393


PASSWORDS ARE EVIL AND EXPENSIVE
Says a survey commissioned by the company with the solution.
http://www.net-security.org/news.php?id=3394


HASSLED TO DEATH: RAIN FOREST PUPPY, NERD OVERLORD
If you think famed security researcher Rain Forest Puppy's (RFP) 
recent announcement that he's stepping away from the limelight 
means he's precious, think again -- the guy has just had enough, 
and the problems he's been confronted with are fairly familiar.
http://www.net-security.org/news.php?id=3395


PENETRATION TESTING FOR WEB APPLICATIONS (PART THREE)
The third and final article in this series investigates session 
security issues and cookies, buffer overflows and logic flaws, 
and provides links to further resources for the web application 
penetration tester.
http://www.net-security.org/news.php?id=3396


WHY MICROSOFT'S SECURITY NEEDS A PATCH
Again, a virus threatens to bring down the Net. The Blaster worm 
shows us that Microsoft learned nothing from January's Slammer 
attack.
http://www.net-security.org/news.php?id=3397


HACKING THE HACKER
How a consultant shut down a malicious user on a client's 
FTP server.
http://www.net-security.org/news.php?id=3398


NEW E-MAIL SCAM TARGETS ST. GEORGE
Yet another online banking spam scam is doing the rounds, 
this time targeting St. George bank users.
http://www.net-security.org/news.php?id=3399


SOBIG-F IS FASTEST GROWING VIRUS EVER - OFFICIAL
Sobig-F has taken the record as the world's most rapidly 
spreading virus to date, according to managed services firm 
MessageLabs, which stopped more than one million copies 
of the email-borne nuisance since its first appearance 
earlier this week.
http://www.net-security.org/news.php?id=3400


MICROSOFT WATCHING NEWSGROUPS
Ever get the feeling your Usenet newsgroup list is being 
watched? By Microsoft?
http://www.net-security.org/news.php?id=3401


APATHY REMAINS A THREAT TO SECURITY
UK internet users dont appear to be worried about the effects 
of viruses until its almost too late. This is the latest from 
research into BT Openworlds customer base.
http://www.net-security.org/news.php?id=3402


WS-SECURITY SPEC NEARING COMPLETION
The draft specification designed to connect Web services with 
security measures can't be approved fast enough for companies 
eager to get Web services projects online.
http://www.net-security.org/news.php?id=3403


AUGUST: A REAL CAN OF WORMS
Spam, fame, opportunity fuel newest pests, but the blame 
goes around.
http://www.net-security.org/news.php?id=3404


SLOW DOWN INTERNET WORMS WITH TARPITS
This timely article discusses how to slow the spread of Internet 
worms using a tarpit and IPtables on Linux. A similar approach 
could potenially be used with tarpits on Windows platforms, 
Solaris, OpenBSD, and others.
http://www.net-security.org/news.php?id=3405


BOEING LAUNCHES MESSAGING SECURITY COMPANY
Boeing has spun off its internally developed messaging and 
compliance technology into a company called MessageGate.
http://www.net-security.org/news.php?id=3406


HI-TECH CRIME A 'SIGNIFICANT' THREAT, WARN POLICE
The potential for losses through hi-tech crime to grow is rising 
as criminals become more technically competent, according to 
an annual assessment of serious and organised crime in the UK.
http://www.net-security.org/news.php?id=3407


HOW I SURVIVED MSBLAST
The Blaster worm is affecting hundreds of thousands of Windows 
computers whose owners couldn't be bothered to patch them. 
But there's a very good reason why so many PCs are left 
insecure, as Matthew Broersma found out first-hand.
http://www.net-security.org/news.php?id=3408


DID BLASTER CAUSE THE BLACKOUT?
Rumours are circulating that the MSBLAST worm, also affectionately 
known as Blaster, may have been the cause of the blackout that 
killed the power in a whole swathe of states from the mid-west 
through to New York recently.
http://www.net-security.org/news.php?id=3409


WIRELESS ON LINUX, PART 1
Today let's take a look at which brands and devices work on Linux.
http://www.net-security.org/news.php?id=3410


OFFICIALS LOOKING TO UNEARTH INTERNET WORM WRITERS
Experts believe writers of malicious codes that snarl e-mail 
traffic are out to impress others.
http://www.net-security.org/news.php?id=3411

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Microsoft SQL Server Client Utilities UDP Broadcasts 
Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2899


Internet Explorer Object Data Remote Execution 
Vulnerability
http://www.net-security.org/vuln.php?id=2898


Internet Explorer Double-Byte Character Set Environment 
Object Type Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2897


The Return of the Content-Disposition Vulnerability in 
Microsoft Internet Explorer
http://www.net-security.org/vuln.php?id=2896


Piolet Client Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=2895


Omail Webmail Remote Command Execution Vulnerability
http://www.net-security.org/vuln.php?id=2894


Dropbear SSH Server Format String Vulnerability
http://www.net-security.org/vuln.php?id=2893


MatrikzGB Privilege Escalation Vulnerability
http://www.net-security.org/vuln.php?id=2892


eMule/lmule/xmule Multiple Remote Vulnerabilities
http://www.net-security.org/vuln.php?id=2891


phpBB Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=2890


OpenSLP initscript Symlink Vulnerability
http://www.net-security.org/vuln.php?id=2889


Best Buy Employee Toolkit Vulnerability
http://www.net-security.org/vuln.php?id=2888


Fusen News 3.3 Account Adding Vulnerability
http://www.net-security.org/vuln.php?id=2887


Poster.Version:Two Setup Vulnerability
http://www.net-security.org/vuln.php?id=2886

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

SOT Linux Security Advisory - Updated vim package for 
SOT Linux 2003 (SLSA-2003:36)
http://www.net-security.org/advisory.php?id=2396


Mandrake Linux Security Update Advisory - gdm (MDKSA-2003:085)
http://www.net-security.org/advisory.php?id=2395


Red Hat Security Advisory - GDM allows local user to read 
any file (RHSA-2003:258-01)
http://www.net-security.org/advisory.php?id=2394


Mandrake Linux Security Update Advisory - perl-CGI (MDKSA-2003:084)
http://www.net-security.org/advisory.php?id=2393


Microsoft Security Bulletin MS03-033 - Unchecked Buffer in 
MDAC Function Could Enable System Compromise
http://www.net-security.org/advisory.php?id=2392


Microsoft Security Bulletin MS03-032 - Cumulative Patch 
for Internet Explorer
http://www.net-security.org/advisory.php?id=2391


Microsoft Security Bulletin MS02-040: Unchecked Buffer in 
MDAC Function Could Enable System (update)
http://www.net-security.org/advisory.php?id=2390


Microsoft Security Bulletin MS03-030: Unchecked Buffer in 
DirectX Could Enable System Compromise (revised)
http://www.net-security.org/advisory.php?id=2389


Cisco Security Notice - Nachi Worm Mitigation Recommendations
http://www.net-security.org/advisory.php?id=2388


Mandrake Linux Security Update Advisory - eroaster (MDKSA-2003:083)
http://www.net-security.org/advisory.php?id=2387


Mandrake Linux Security Update Advisory - unzip (MDKSA-2003:073-1)
http://www.net-security.org/advisory.php?id=2386


Conectiva Linux Security Announcement - unzip
http://www.net-security.org/advisory.php?id=2385


Conectiva Linux Security Announcement - openslp
http://www.net-security.org/advisory.php?id=2384


Debian Security Advisory - New man-db packages fix 
segmentation fault
http://www.net-security.org/advisory.php?id=2383


SOT Linux Security Advisory - Updated mysql package 
for SOT Linux 2003
http://www.net-security.org/advisory.php?id=2382


SOT Linux Security Advisory - Updated php package 
for SOT Linux 2003
http://www.net-security.org/advisory.php?id=2381


Debian Security Advisory - New netris packages fix buffer overflow
http://www.net-security.org/advisory.php?id=2380


Debian Security Advisory - New autorespond packages 
fix buffer overflow
http://www.net-security.org/advisory.php?id=2379

----------------------------------------------------------------


-------------------------------------------------------------------
ALERT: ARE YOU "POSITIVE" THAT YOUR SECURITY POLICY WORKS? 
-------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web 
application attacks - the most common form of online exploitation - 
resulting in Web defacement, data theft, sabotage and fraud. KaVaDo 
provides the first and only integrated Web application Scanner and 
Firewall security suite. 

Download a FREE whitepaper on Security Policy Automation for 
Web Applications - http://www.net-security.org/v/kavado 
-------------------------------------------------------------------


[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

SURVEY: VIRUSES IMPACT ONE-THIRD OF AMERICAN INTERNET USERS
Edelman provides comprehensive public relations and marketing 
services to computer security companies in the US. They're 
recent survey shows that nearly one in three Internet users 
in the US has been affected by a computer virus or hacker in 
the past two years.
http://www.net-security.org/article.php?id=548


SYGATE ANNOUNCES SYGATE SECURE ENTERPRISE 3.5
The latest version of Sygate's enterprise solution includes 
strategic enhancements that enable Sygate agents to 
automatically enforce corporate security policies on both 
internal and external endpoints. 
http://net-security.org/article.php?id=547


POINTGUARD: PROTECTING POINTERS FROM BUFFER 
OVERFLOW VULNERABILITIES
This paper presents a compiler technique to defend against most 
kinds of buffer overflows by encrypting pointers when stored in 
memory, and decrypting them only when loaded into CPU registers.
http://www.net-security.org/article.php?id=546

----------------------------------------------------------------




[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

PRACTICAL UNIX & INTERNET SECURITY 3/E
The book contains numerous practical examples that help 
administrators understand what should be done about 
securing their systems and what is the best way to 
achieve security.
http://net-security.org/review.php?id=90


SECURE SHELL IN THE ENTERPRISE
There are still telnet users but a great number of users have 
realized that you can use SSH to encrypt all your traffic and thus 
eliminate many well-known attacks. No wonder SSH is being 
implemented in many enterprises Worldwide. This book promises 
to be the answer to your implementation problems. Does it 
deliver? Read on to find out.
http://www.net-security.org/review.php?id=91


HOW SECURE IS YOUR WIRELESS NETWORK?
Niels Ferguson, the author of the "Michael" message integrity code 
algorithm used in TKIP said - "Using a wireless netwok for mission
critical data is plain stupid. Using it for life-critical data is 
criminally negligent". Will this book help you secure your 
wireless LAN? Read on to find out.
http://www.net-security.org/review.php?id=92

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

Close Call - the Sobig.F Activation Was Prevented
http://www.net-security.org/press.php?id=1618


Ositis eShield Security Platform Protects Networks From 
Sobig.F with Antivirus and Antivulnerability Technology
http://www.net-security.org/press.php?id=1617


Intrusion PDS Appliances Approved for Use With ITSEC 
Certified Check Point Software
http://www.net-security.org/press.php?id=1616


A Potentially Massive Internet Attack Starts on Friday
http://www.net-security.org/press.php?id=1615


Websense Seminars Enable Companies to Clamp Down 
on Workplace Cyber-Espionage
http://www.net-security.org/press.php?id=1614


GFI Releases Freeware Anti-Virus Version of GFI 
MailSecurity for Exchange/SMTP
http://www.net-security.org/press.php?id=1613


Worm/Sobig.F May Establish A Trojan Cyber Army For Possible 
Attack; Potentially Millions Of Computers Awaiting Instructions
http://www.net-security.org/press.php?id=1612


Sobig-F Virus Spreading Fast
http://www.net-security.org/press.php?id=1611


WideXS Selects Vexira Antivirus To Protect Over 60,000 
Customer Domains From Email Viruses
http://www.net-security.org/press.php?id=1610


The Sobig.F Worm Infects Thousands of Computers 
Around The Globe
http://www.net-security.org/press.php?id=1609


Jupitermedia Target of the Sobig.F Worm
http://www.net-security.org/press.php?id=1608


Tumbleweed Granted Patent for E-mail Firewall
http://www.net-security.org/press.php?id=1607


Intrusion Inc. Simplifies Enterprise Network IDS with 
SecureNet Provider 2.2
http://www.net-security.org/press.php?id=1606


Excedent and SonMedia Partner to Offer Family-Safe 
Email to ISP Customers
http://www.net-security.org/press.php?id=1605


Rainbow Technologies Enters Into a Letter of Intent 
to Acquire Chrysalis-ITS for Cash
http://www.net-security.org/press.php?id=1604


Clerical Medical Europe Deploying Entrust GetAccess 
to Secure Financial Services Portal
http://www.net-security.org/press.php?id=1603


Next Stage of Blaster Worm to Threaten Service Availability
http://www.net-security.org/press.php?id=1602

----------------------------------------------------------------




[ Security Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

SOPHOS ANTI SOBIG-F
Protect yourself from the Sobig-F worm. This utility provides a 
simple way for businesses and home users to confirm their 
networks are clean and disinfect any infected files that 
are found.
http://www.net-security.org/software.php?id=513


KED PASSWORD MANAGER 0.1.0
Ked Password Manager helps to manage large amounts of 
passwords and related information and simplifies tasks of 
searching and entering password data.
http://www.net-security.org/software.php?id=514

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Weekly virus report - Nachi.A, Sobig.F, Panol.B Worms and Caraga Macro Virus
http://www.net-security.org/virus_news.php?id=291


Sobig-F Worm Spreading Fast, Sophos Suspects Author Is Using Spam Techniques
http://www.net-security.org/virus_news.php?id=290


New Worm Installs Security Patches
http://www.net-security.org/virus_news.php?id=289

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending the e-mail address you are subscribed
with to: info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


-------------------------------------------------------------------
ALERT: ARE YOU "POSITIVE" THAT YOUR SECURITY POLICY WORKS? 
-------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web 
application attacks - the most common form of online exploitation - 
resulting in Web defacement, data theft, sabotage and fraud. KaVaDo 
provides the first and only integrated Web application Scanner and 
Firewall security suite. 

Download a FREE whitepaper on Security Policy Automation for 
Web Applications - http://www.net-security.org/v/kavado 
-------------------------------------------------------------------