HNS Newsletter
Issue 178 - 08.09.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


-------------------------------------------------------------------
ALERT: ARE YOU "POSITIVE" THAT YOUR SECURITY POLICY WORKS? 
-------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web 
application attacks - the most common form of online exploitation - 
resulting in Web defacement, data theft, sabotage and fraud. KaVaDo 
provides the first and only integrated Web application Scanner and 
Firewall security suite. 

Download a FREE whitepaper on Security Policy Automation for 
Web Applications - http://www.net-security.org/v/kavado 
-------------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Webcasts
7) Conferences
8) Security world
9) Virus news


[ Security news ]

 
----------------------------------------------------------------

IBM SQUASHES WORMS
IBM researchers in Zurich, Switzerland, have developed novel 
worm-squashing software the company says it wants to turn 
into a product to help guard against computer-network 
attacks such as those that slowed Internet traffic 
earlier this month.
http://www.net-security.org/news.php?id=3473


SOCIAL SECURITY NUMBERS SOLD ON WEB
Group buys data on top U.S. officials to underscore need 
for tougher laws.
http://www.net-security.org/news.php?id=3474


NETWORK DEFENSE - DIVERSITY IS STRENGTH
One of my favourite quotes is: "He who fails to learn the 
lessons of history is doomed to repeat it". And I believe 
what is going on in the IT industry today is a good example.
http://www.net-security.org/news.php?id=3475


HACKING BY SUBPOENA RULED ILLEGAL
Issuing an egregiously overbroad subpoena for stored e-mail 
qualifies as a computer intrusion in violation of anti-hacking 
laws, a federal appeals court ruled.
http://www.net-security.org/news.php?id=3476


VIRUS ATTACKS SWITCHED OFF US POWER
August 2003 was the worst month for virus attacks in history 
– and one virus may have switched off the lights on America's 
East Coast, according to the experts.
http://www.net-security.org/news.php?id=3477


MOBILE SECURITY
Backing-up and encryption can alleviate some of the pain 
caused by losing a mobile device. 
http://www.net-security.org/news.php?id=3478


SMES TURN BLIND EYE TO PROTECTION
A third of SMEs in the UK ignore anti-virus or firewall security, 
says survey.
http://www.net-security.org/news.php?id=3481


VIRUSES BOOST 'BIG BROTHER' SOFTWARE
It has never been easier for employers to monitor the e-mails 
and Internet activity of their staff.
http://www.net-security.org/news.php?id=3482


BLASTER-B WORM AUTHOR RELEASED ON BAIL
Jeffrey Lee Parson, the American teenager charged with unleashing 
the MS Blast internet worm, was released on bail following a 
hearing Friday in the US Federal Court.
http://www.net-security.org/news.php?id=3483


SURVEY: FEARS GROW THAT CYBERATTACK MAY STRIKE AMERICA
Americans are increasingly worried that terrorists could launch 
cyberattacks against banks, transportation networks and other 
critical systems, a new survey shows.
http://www.net-security.org/news.php?id=3484


SECURITY: GIVING AN OUTSIDER THE KEYS
Michael Warrilow, analyst in security and risk strategy at META 
Group, says non-government expenditure on managed security 
services will reach about $100 million during 2003 in Australia.
http://www.net-security.org/news.php?id=3485


MICE SIGN ON THE DOTTED LINE
Soon the way you use your mouse could help prove who you are.
http://www.net-security.org/news.php?id=3486


BUSINESS CALLS IT MONITORING - CRITICS CALL IT SPYING
It's not government that is emerging as the clearest embodiment 
of Big Brother — the all-seeing all-knowing entity in Orwell's novel 
"1984" — but Corporate America.
http://www.net-security.org/news.php?id=3487


HOW MANY SECURITY VULNERABILITIES A MONTH ARE ACCEPTABLE?
Are twenty security vulnerabilities in one month an acceptable 
number for Sun customers? It seems to me rather a lot? But 
then, I know about them. The question is, do Sun customers?
http://www.net-security.org/news.php?id=3489


A SUPPORT GROUP FOR SPAMMERS
Spammers congregate online at the Bulk Club, a site where they 
trade tips and support. But a glitch reveals the club's roster, 
potentially exposing members to more backlash from those 
opposed to spam.
http://www.net-security.org/news.php?id=3490


INSIDE NIP HYPE
Though we think NIP systems can enhance an existing security 
infrastructure, we don't consider integrating intrusion prevention 
and firewalls into a single unit a desirable goal.
http://www.net-security.org/news.php?id=3491


COMPUTER VIRUS CREATORS RARELY FACE JAIL
Although nearly 63,000 viruses have rolled through the Internet, 
causing an estimated $65 billion in damage, criminal prosecutions 
have been few, penalties light and just a handful of people have 
gone to prison for spreading the destructive bugs.
http://www.net-security.org/news.php?id=3492


USE DSPAM TO REDUCE SPAM FROM A LINUX MAIL SERVER
DSPAM acts as the local delivery agent for the server and learns 
to recognize spam to ease the administrative burden of constantly 
keeping up with blacklists.
http://www.net-security.org/news.php?id=3493


BE AWARE AND THWART THEFT
While banks and the state's attorney general are taking steps to 
thwart identity theft, they say their safeguards can quickly be 
offset by carelessness by consumers.
http://www.net-security.org/news.php?id=3494


DEFCON - ALL IN GOOD FUN
There are no rules at DefCon, the world's largest computer 
hacker convention.
http://www.net-security.org/news.php?id=3495


ONLINE RETAILERS, SECURITY COMPANIES JOIN TO FIGHT WEB ID THEFT
The ITAA will help run the coalition, but it's not part of the 
technology trade group.
http://www.net-security.org/news.php?id=3496


TEEN CHARGED IN WORM ATTACK SAYS CASE IS INFLATED
A high school senior charged with modifying a version of the 
Internet worm that crippled computer networks worldwide said 
the government has exaggerated its case against him.
http://www.net-security.org/news.php?id=3497


IS YOUR NETWORK SAFE? TRY THESE TOOLS AND FIND OUT
You patch your web server and are mindful of your firewall 
configuration, but is your site really secure? How do you check it?
http://www.net-security.org/news.php?id=3498


SECURITY EXPERT TURNS POLITICAL
Wired News talks with Richard Forno about his latest book, a 
departure from his usual computer security work. In it, he 
warns that "the real danger facing America is what we're 
allowing ourselves to become."
http://www.net-security.org/news.php?id=3499


SECURITY FEARS OVER HOSPITAL DATA
A data protection expert has exposed a lack of security at one 
of Switzerland’s leading hospitals by hacking into confidential 
patient files in a matter of minutes.
http://www.net-security.org/news.php?id=3500


EXPLORING RHCT CERTIFICATION
In this article, Emmett explores what the RHCT certification is, 
how it fits into the acronym stream, and some things you should 
know when preparing for it.
http://www.net-security.org/news.php?id=3501


POCKET-SIZED WIRELESS DETECTION
This article provides a comparison of two tiny 802.11 detectors 
and discusses how they would fit into your overall WiFi security 
framework.
http://www.net-security.org/news.php?id=3502


HOW SOME SPAMMERS GET YOUR E-MAIL
While not as efficient as "spiders" which automatically crawl the 
Web in search of addresses, computer experts warn that some 
spammers are using chain letters to collect e-mail usernames.
http://www.net-security.org/news.php?id=3503


SOPHOS TECH CHIEF BLASTS EVER-SO-BIG VIRUS CLAIMS
Recent computer viruses, such as MSBlaster, SoBig-F and Nachi-A 
cause much alarm, "but some of us today tend to be a little cynical 
about the figures quoted on the financial damage created", says 
Paul Ducklin, head of technology in Australia for a major 
anti-virus company.
http://www.net-security.org/news.php?id=3504


ISRAELI SCIENTISTS CRACK GSM MOBILE CALL SECURITY
An Israeli scientist said his team had found a way to break into 
mobile phone calls made on the popular GSM network, allowing 
eavesdroppers to listen in on calls and even take on a caller's 
identity.
http://www.net-security.org/news.php?id=3505


SECOND SUSPECT ARRESTED FOR INTERNET VIRUS
Police in Romania on Wednesday arrested a 24-year-old former 
student in connection with a computer-crippling Internet worm, 
according to a computer security company that aided police.
http://www.net-security.org/news.php?id=3507


INTERVIEW WITH BRUCE SCHNEIER
Author Bruce Schneier discusses why the Patriot Act and other 
anti-terror measures mean "giving up a lot -- and not getting 
very much".
http://www.net-security.org/news.php?id=3508


VIRUSES, WORMS - WHAT'S IN A NAME?
Researchers who first discover viruses or worms get the honor 
of naming them. Sometimes, the names are easy to pick. But 
as more viruses are created, researchers are having a harder 
time coming up with catchy monikers.
http://www.net-security.org/news.php?id=3509


INTRUSION DETECTION TERMINOLOGY (PART ONE)
This is the first of a two-part series that discusses IDS 
terminology, including terms where there may be disagreement 
from within the security community.
http://www.net-security.org/news.php?id=3510


IDENTITY THIEVES CHEAT 27 MILLION IN UNITED STATES
FTC survey cites crime spike, though not all in cyberspace.
http://www.net-security.org/news.php?id=3511


COLLEGES MOVE TO THWART INTERNET VIRUSES
Still recovering from a summer of Internet infections, colleges 
are taking unusually aggressive steps to protect campus 
computer networks from virus outbreaks.
http://www.net-security.org/news.php?id=3513


FBI REPORTEDLY HUNTING ADRIAN LAMO
FBI agents armed with a federal arrest warrant out of New 
York were searching for Adrian Lamo Thursday, according 
to the hacker and his mother.
http://www.net-security.org/news.php?id=3514


ARE WE OUTSMARTING SPAM?
The increasing glut of unsolicted, unwanted e-mail is a frustrating 
fact of life for businesses. Fighting it is a very real, everyday 
job for IT personnel.
http://www.net-security.org/news.php?id=3515


CAN OPEN-SOURCE SOFTWARE PREVENT THE NEXT BIG BLACKOUT?
North America's power grid, creaking under loads it was never 
designed to handle, may be facing an even grimmer future thanks 
to security flaws in aging control systems that are increasingly 
interconnected with Microsoft-based enterprise systems.
http://www.net-security.org/news.php?id=3516


AUSTRALIA'S ANTI-TERROR FIGHTERS SUFFER SECURITY BREACH
On the night of August 27, two men dressed as computer technicians 
entered the cargo processing and intelligence centre at Sydney 
International Airport. They managed to disconnecting two 
mainfreme computers, which they wheeled out the building.
http://www.net-security.org/news.php?id=3517


LAWMAKERS MAY SEEK FULL DISCLOSURE
Spammers, scammers and child pornographers can hide easily on 
the Internet because regulators allow them to register under false 
names with stolen credit cards, lawmakers and technology experts 
said Thursday.
http://www.net-security.org/news.php?id=3518


TEACH WORMS A LESSON FROM WATERLOO
A world weary of computer viruses needs to take a tip from 
Nathan Rothschild.
http://www.net-security.org/news.php?id=3519

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

ISS Server Sensor Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=2915


Microsoft WordPerfect Document Converter Buffer 
Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2914


Visual Basic Design Time Environment Heap 
Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2913


Stunnel-3.x Daemon Hijacking Vulnerability
http://www.net-security.org/vuln.php?id=2912


PtHProductions Gastenboek Cross Site Scripting 
Vulnerability
http://www.net-security.org/vuln.php?id=2911


MPlayer Stack Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2910


XFree86 Multiple Integer Overflow Vulnerabilities
http://www.net-security.org/vuln.php?id=2909


SAP Internet Transaction Server Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2908

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Conectiva Linux Security Announcement - stunnel (CLA-2003:736)
http://www.net-security.org/advisory.php?id=2451


Conectiva Linux Security Announcement - exim (CLA-2003:735)
http://www.net-security.org/advisory.php?id=2450


Conectiva Linux Security Announcement - pam_smb (CLA-2003:734)
http://www.net-security.org/advisory.php?id=2449


HP Security Bulletin - Tru64 UNIX Internet Express wu-ftpd 
Potential Security Vulnerability
http://www.net-security.org/advisory.php?id=2448


Debian Security Advisory - New wu-ftpd packages fix 
insecure program execution (DSA 377-1)
http://www.net-security.org/advisory.php?id=2447


Debian Security Advisory - New exim, exim-tls packages 
fix buffer overflow (DSA 376-1)
http://www.net-security.org/advisory.php?id=2446


Red Hat Security Advisory - Updated httpd packages 
fix Apache security vulnerabilities
http://www.net-security.org/advisory.php?id=2445


Microsoft Security Bulletin MS03-035 - Flaw in Microsoft 
Word Could Enable Macros to Run Automatically
http://www.net-security.org/advisory.php?id=2444


Microsoft Security Bulletin MS03-038 - Unchecked buffer in 
Microsoft Access Snapshot Viewer Could Allow Code Execution
http://www.net-security.org/advisory.php?id=2443


Microsoft Security Bulletin MS03-036 - Buffer Overrun in 
WordPerfect Converter Could Allow Code Execution
http://www.net-security.org/advisory.php?id=2442


Microsoft Security Bulletin MS03-034 - Flaw in NetBIOS 
Could Lead to Information Disclosure
http://www.net-security.org/advisory.php?id=2441


SuSE Security Announcement - pam_smb (SuSE-SA:2003:036)
http://www.net-security.org/advisory.php?id=2440


Microsoft Security Bulletin MS03-037 - Flaw in Visual Basic 
for Applications Could Allow Arbitrary Code Execution
http://www.net-security.org/advisory.php?id=2439


Mandrake Linux Security Update Advisory - pam_ldap (MDKSA-2003:088)
http://www.net-security.org/advisory.php?id=2438


Gentoo Linux Security Announcement - gallery (200309-06)
http://www.net-security.org/advisory.php?id=2437


Gentoo Linux Security Announcement - atari800 (200309-07)
http://www.net-security.org/advisory.php?id=2436


Gentoo Linux Security Announcement - mindi (200309-05)
http://www.net-security.org/advisory.php?id=2435


Gentoo Linux Security Announcement - eroaster (200309-04)
http://www.net-security.org/advisory.php?id=2434


Gentoo Linux Security Announcement - phpwebsit (200309-03)
http://www.net-security.org/advisory.php?id=2433


Gentoo Linux Security Announcement - horde (200309-02.1)
http://www.net-security.org/advisory.php?id=2432


Gentoo Linux Security Announcement - horde (200309-02)
http://www.net-security.org/advisory.php?id=2431


Gentoo Linux Security Announcement - vmware (200308-03.1)
http://www.net-security.org/advisory.php?id=2430


Gentoo Linux Security Announcement - pam_smb (200309-01)
http://www.net-security.org/advisory.php?id=2429

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------

BLINDFOLDED SQL INJECTION
This whitepaper shows that supressing error messages does not 
provide real protection. The research reveales a set of techniques 
that attackers can use to bypass this obstacle, making it clear 
that more substantial measures must be taken against SQL 
injection attacks.
http://www.net-security.org/article.php?id=553


PRISON FOR COMPUTER CRIME
The Justice Ministers of the 15 Member States of the European 
Union have decided to modify their country laws, to include 
prison sentences for the authors of computer crime. This decision 
may have more implications than it may seem: there are many 
different types of computer crimes, and all of them can be 
seen from different perspectives.
http://www.net-security.org/articles_main.php

----------------------------------------------------------------




[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

INSTALLING, TROUBLESHOOTING, AND REPAIRING WIRELESS NETWORKS
When dealing with computer networks, we can expect a number of 
possible problems, so troubleshooting and repairing tips and tricks 
can come really handy in the moment of crisis. The book basically 
provides a detailed overview of general wireless network 
installations, with a scope on helping future wireless deployers 
to get the best out of their wireless networks.
http://www.net-security.org/review.php?id=98


LINUX+ CERTIFICATION BIBLE
The aim of this book is to provide you with all the information you 
need to pass the CompTIA Linux+ Certification exam. The Bible 
series of books is very popular and always a synonym of quality 
so I approached this title with great expectations.
http://www.net-security.org/review.php?id=97


GOOGLE HACKS: 100 INDUSTRIAL-STRENGTH TIPS & TOOLS
Even if you use Google all the time, this exceptional book will 
show you things you didn't know were possible. Since the 
Internet is developing and growing quite rapidly, the audience 
of this book is basically everyone. We all need to learn how 
to search more efficiently.
http://www.net-security.org/review.php?id=96

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at: 
http://www.net-security.org/webcasts.php


----------------------------------------------------------------
SPONSORED WEBCAST: Anatomy of a Database Attack
----------------------------------------------------------------
Organized by Application Security on 25 September 2003, 11:00 AM EDT
----------------------------------------------------------------
The webcast will provide a detailed example of how an attacker 
can break into a database. Real world visuals together with 
step-by-step explanations in layman's terms will be used to 
detail this attack on a fictional company's database.
http://www.net-security.org/webcast.php?id=15
----------------------------------------------------------------

Peer-To-Peer And Instant Messaging Software: A Time-Saver 
Or Are You Inviting Hackers Into Your Network?
Organized by ISS on 9 September 2003, 11:00 AM EDT
http://www.net-security.org/webcast.php?id=9


Best Practices: Taking Proactive Measures Before The Next Exploit
Organized by eEye on 9 September 2003, 11:00 AM PST
http://www.net-security.org/webcast.php?id=23


Architecting Your 802.1x-Based WLAN Deployment
Organized by Funk Software on 9 September 2003, 1:00 PM EDT
http://www.net-security.org/webcast.php?id=21


Security Checklist for SSL VPNs
Organized by Whale Communications on 9 September 2003, 3:00 PM ET
http://www.net-security.org/webcast.php?id=4


Manage the Email Beast
Organized by NetIQ Corporation on 10 September 2003, 10:00 AM PT
http://www.net-security.org/webcast.php?id=7


Top 5 Web Server Protection Strategies
Organized by eEye on 10 September 2003, 11:00 AM PST
http://www.net-security.org/webcast.php?id=24


Is Your Web App Secure? How Do You Know?
Organized by SANS on 10 September 2003, 1:00 PM EDT
http://www.net-security.org/webcast.php?id=5


Proactive Protection for the Desktop
Organized by ISS on 11 September 2003, 11:00 AM EDT
http://www.net-security.org/webcast.php?id=22


DbEncrypt Product Features
Organized by Application Security on 12 September 2003, 11:00 AM
http://www.net-security.org/webcast.php?id=18


Learn How to Expand Your VPN Sales
Organized by RSA Security on 12 September 2003, 11:30 AM ET
http://www.net-security.org/webcast.php?id=12


Penetration Testing with CORE IMPACT – Understanding the 
Attacker Perspective
Organized by Core Security Technologies on 16 September 
2003, 11:00 AM ET
http://www.net-security.org/webcast.php?id=19


The Hazards of Email Security Policies: How Companies Can 
Accurately Assess Effectiveness
Organized by Zix Corporation on 16 September 2003, 1:00 PM CST
http://www.net-security.org/webcast.php?id=3


The Basics of WLAN Security
Organized by Funk Software on 16 September 2003, 1:00 PM EDT
http://www.net-security.org/webcast.php?id=20


Spam and Email Threats
Organized by CipherTrust on 16 September 2003, 1:00 PM ET
http://www.net-security.org/webcast.php?id=26


An Introduction to Apache 2.0
Organized by Covalent on 16 September 2003, 2:00 PM EDT
http://www.net-security.org/webcast.php?id=14

----------------------------------------------------------------




[ Conferences ]


All conferences are located at: 
http://www.net-security.org/conferences.php


----------------------------------------------------------------

IDC IT Security 2003
Organized by IDC - 9 September-18 September 2003
http://www.net-security.org/conference.php?id=24


COSAC 2003 10th International Computer Security Symposium
Organized by COSAC - 14 September-18 September 2003
http://www.net-security.org/conference.php?id=9


Gartner IT Security Summit 2003
Organized by Gartner - 15 September-16 September 2003
http://www.net-security.org/conference.php?id=25


SANS New England 2003
Organized by SANS - 15 September-20 September 2003
http://www.net-security.org/conference.php?id=40


ConSec 2003
Organized by ConSec - 16 September-18 September 2003
http://www.net-security.org/conference.php?id=49


HIPAA Security and Privacy Conference
Organized by Data Connectors - 18 September-18 September 2003
http://www.net-security.org/conference.php?id=29


2003 SF ISACA Fall Conference
Organized by SF ISACA - 22 September-24 September 2003
http://www.net-security.org/conference.php?id=48


Conference on Mobile and Wireless Security
Organized by MIS Training Institute - 23 September-25 September 2003
http://www.net-security.org/conference.php?id=5


PharmaSec 2003
Organized by MIS Training Institute - 23 September-25 September 2003
http://www.net-security.org/conference.php?id=6


HealthSec 2003
Organized by MIS Training Institute - 23 September-25 September 2003
http://www.net-security.org/conference.php?id=7


Seattle SecureWorld Expo
Organized by Seguro Group - 24 September-25 September 2003
http://www.net-security.org/conference.php?id=30


ToorCon 2003
Organized by ToorCon - 26 September-28 September 2003
http://www.net-security.org/conference.php?id=13


Wi-Fi Planet Conference & Expo Europe 2003
Organized by Jupitermedia Corp. - 29 September-30 September 2003
http://www.net-security.org/conference.php?id=39


SANS Los Angeles 2003
Organized by SANS - 29 September-4 October 2003
http://www.net-security.org/conference.php?id=41


InfowarCon 2003
Organized by Reed Exhibitions - 30 September-3 October 2003
http://www.net-security.org/conference.php?id=51

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

"Kerberos: The Definitive Guide" Puts the Network 
Watchdog On the Prowl
http://www.net-security.org/press.php?id=1647


The Training Camp Opens Doors to InfoSec Academy
http://www.net-security.org/press.php?id=1646


GFI Adds Bayesian anti-spam filter to GFI MailEssentials 
for Exchange/SMTP 9
http://www.net-security.org/press.php?id=1645


Red Bull Technologies and Cipheroptics Announce Partnership
http://www.net-security.org/press.php?id=1644


Leading Care Management Firm Alere Medical Selects 
Tumbleweed's E-mail Firewall Appliance to Ensure 
HIPAA Compliance
http://www.net-security.org/press.php?id=1643


Zix Corporation Acquires Assets and Business of Elron Software Inc.
http://www.net-security.org/press.php?id=1642


F-Secure Launches First Truly Integrated Solution Against 
Viruses, Worms And Hackers In Corporate Environments
http://www.net-security.org/press.php?id=1641


SSH Partners With Government Technology Reseller 
Lyme Computer Systems
http://www.net-security.org/press.php?id=1640


F-Secure Internet Gatekeeper Stops the Modern 
Internet Based Security Threats
http://www.net-security.org/press.php?id=1639


Cleveland to Host First Information Security Summit 
in Great Lakes Region
http://www.net-security.org/press.php?id=1638


GFI releases DownloadSecurity for ISA Server 6 - 
Includes Trojan and Executable Analyzer
http://www.net-security.org/press.php?id=1637


Vigilar Partners with F5 Networks to Provide Complete 
Traffic Management Solutions for Enterprises
http://www.net-security.org/press.php?id=1636

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Weekly Virus Report - Blaster.F, Mapson.D, Darby.A, 
Apdoor.B, Daol.A and Surfbar
http://www.net-security.org/virus_news.php?id=304


Quaters Worm Attacks Blair's Immigration Policy
http://www.net-security.org/virus_news.php?id=303


Panda ActiveScan List of Top Viruses for August 2003
http://www.net-security.org/virus_news.php?id=302


Panda Software Announces PerimeterScan ISA Server Edition
http://www.net-security.org/virus_news.php?id=301


Sophos: Top 10 Viruses and Hoaxes in August 2003
http://www.net-security.org/virus_news.php?id=300


Kaspersky Labs: Virus Top 20 for August 2003
http://www.net-security.org/virus_news.php?id=299


Central Command: Top 12 Viruses For August 2003
http://www.net-security.org/virus_news.php?id=298

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


-------------------------------------------------------------------
ALERT: ARE YOU "POSITIVE" THAT YOUR SECURITY POLICY WORKS? 
-------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web 
application attacks - the most common form of online exploitation - 
resulting in Web defacement, data theft, sabotage and fraud. KaVaDo 
provides the first and only integrated Web application Scanner and 
Firewall security suite. 

Download a FREE whitepaper on Security Policy Automation for 
Web Applications - http://www.net-security.org/v/kavado 
-------------------------------------------------------------------