HNS Newsletter
Issue 180 - 22.09.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


-------------------------------------------------------------------
ALERT: ARE YOU "POSITIVE" THAT YOUR SECURITY POLICY WORKS? 
-------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web 
application attacks - the most common form of online exploitation - 
resulting in Web defacement, data theft, sabotage and fraud. KaVaDo 
provides the first and only integrated Web application Scanner and 
Firewall security suite. 

Download a FREE whitepaper on Security Policy Automation for 
Web Applications - http://www.net-security.org/v/kavado 
-------------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Webcasts
7) Conferences
8) Security world
9) Virus news


[ Security news ]

 
----------------------------------------------------------------

SECURITY ROLLUP PLANNED FOR WINDOWS XP
Microsoft is hurrying to produce a post Service Pack 1 security 
rollup package for Windows XP, reversing its August decision to 
rely solely on Windows Update to deliver individual patches.
http://www.net-security.org/news.php?id=3574


WHY YOU MUST INSTALL A FIREWALL NOW
If you haven't already installed a personal firewall on your Windows 
computer, consider this your last warning.
http://www.net-security.org/news.php?id=3575


SECURE TRANSACTIONS WITH NO STRINGS ATTACHED
Security vendors pitch PKI alternatives that cut costs and 
management headaches.
http://www.net-security.org/news.php?id=3576


PAYING SPAMMERS NOT TO SPAM
Based on the idea that junk e-mailers will do anything for money, 
a new company is offering spammers cash for each name they 
add to a do-not-spam list.
http://www.net-security.org/news.php?id=3577


WI-FI WHISTLE BLOWER FACES CRIMINAL CHARGES
A North Carolina man faces criminal charges after his attempt 
to expose the insecurity of his local medical facility's wireless 
network landed him in hot water with the authorities.
http://www.net-security.org/news.php?id=3578


TOTAL SECURITY?
Think your PC is protected by those passwords you key in every 
time you start up or log on to your e-mail client or Web 
applications? Think again.
http://www.net-security.org/news.php?id=3579


VIRUS ATTACKS: WHO IS TO BLAME?
August was possibly the busiest month in the history of 
computer viruses: 800 new viruses were detected.
http://www.net-security.org/news.php?id=3582


QUANTUM CRYPTOGRAPHY FINALLY COMMERCIALIZED?
Start-up MagiQ Technologies, from Somerville, Massachusetts, 
has released the first commercial implementation of quantum 
cryptography, the much-heralded solution to the perfect 
encryption cipher.
http://www.net-security.org/news.php?id=3583


UK SECURITY GROUP GROWS FIVEFOLD
Since its launch at the Infosecurity exhibition and conference in 
April, the UK branch of the US-based Information Systems Security 
Association (ISSA) has boosted membership fivefold, from about 
20 founder members to more than 120 organisations and individuals.
http://www.net-security.org/news.php?id=3584


DYNAMIC HONEYPOTS
Instead of discussing what honeypots can do and how they work, 
we will take a look into the crystal ball and see what honeypots 
should do, how they could work.
http://www.net-security.org/news.php?id=3585


ENCRYPTED EMAIL COOKBOOK
Using a cookbook approach, the author demonstrates how to set 
up various email clients to use authentication and encryption.
http://www.net-security.org/news.php?id=3586


SECURITY WOES THREATEN INDUSTRY SAYS BALLMER
Is the increase in security threats good or bad for the computer 
industry? Apparently it’s both.
http://www.net-security.org/news.php?id=3587


NEW CYBERSECURITY CHIEF PICKED
The Bush administration on Monday selected Amit Yoran, a 
respected software executive from Symantec Corp., as the 
nation's new cybersecurity chief inside the Department of 
Homeland Security.
http://www.net-security.org/news.php?id=3588


FEARS OF NEW WINDOWS EXPLOIT GROW
Fears are growing that vulnerabilities detailed by Microsoft 
on September 4 may be exploited soon, after a research 
company published a paper providing guidance on how 
these could be exploited.
http://www.net-security.org/news.php?id=3589


PGP MAKES EMAIL ENCRYPTION EASIER
PGP Corporation today introduced simpler email encryption in 
which the burden of securing email messages is shifted from 
the client to the network.
http://www.net-security.org/news.php?id=3590


DOES MICROSOFT GIVE A DAMN?
The software-maker's dismal security record seems to have
left it immune to criticism and shame.
http://www.net-security.org/news.php?id=3591


HACKERS DISTRIBUTING NEW WINDOWS EXPLOIT
Security researchers on Tuesday detected hackers distributing 
software to break into computers using flaws announced last 
week in some versions of Microsoft Corp.'s Windows operating 
system.
http://www.net-security.org/news.php?id=3594


DON'T RELY ON MICROSOFT AV, WARNS ANALYST
Gartner advises companies not to bank on future Windows 
OS for virus protection.
http://www.net-security.org/news.php?id=3595


ACCELERATING SECURITY CERTIFICATION
Can information security professionals really get certified in 
half the ordinary time?
http://www.net-security.org/news.php?id=3596


BANKS IN U.K, CANADA HIT WITH E-MAIL SCAM
British officials and the Royal Canadian Mounted Police are 
investigating.
http://www.net-security.org/news.php?id=3597


IF THESE NETWORKS GET HACKED, BEWARE
America's critical transportation, power, and communications 
systems remain quite vulnerable and lack funds to remedy that.
http://www.net-security.org/news.php?id=3598


INTEL BACKS OFF SECURITY PLAN
LaGrande architecture will appear in only some chips, and 
can be disabled.
http://www.net-security.org/news.php?id=3599


CRON TUTORIAL
What is cron? It is the scheduling daemon of the Linux operating 
system. Learn how to use it.
http://www.net-security.org/news.php?id=3600


FORMER ANTI-SPY CHIEF SAYS GADGETRY FAILING
Despite the introduction of ever-improving surveillance 
technologies and snooping gadgets, today's spies were failing 
to gain the upper hand in "the war on terrorism," the former 
head of Britain's national security agency, MI5, said on Monday.
http://www.net-security.org/news.php?id=3601


ADRIAN LAMO SPEAKS OUT
The past two years have been a wild ride for Adrian Lamo: The 
22-year-old has publicly taken credit for tunneling into networks 
belonging to Yahoo, Microsoft, Excite@Home and WorldCom.
http://www.net-security.org/news.php?id=3602


EXPERTS PLOT TACTICS TO BEAT WEB CRIME
The UK government's first e-crime conference in London talked 
tough on computer crime.
http://www.net-security.org/news.php?id=3603


CRACKER PUT DETAILS ON WEB IN SPITE
A 14-year-old hacker put 895 customer records of Hamilton 
internet provider Net4U on the web in an act of spite.
http://www.net-security.org/news.php?id=3606


VIRUSES A BLESSING IN DISGUISE, SAYS OPEN UNIVERSITY
The SoBig and Blaster viruses could be a "blessing in disguise" 
as they can help IT departments apply a security policy to 
home users, according to the software manager at the Open 
University (OU).
http://www.net-security.org/news.php?id=3607


AMERICA FAILS ON INFORMATION SECURITY
We've all seen the mass disruption caused by the recent Sobig, 
Nachi and MSBlast worms--costing American companies $3.5 
billion in August alone. Where's the outrage? Where's the action?
http://www.net-security.org/news.php?id=3608


SOLARIS TO ENLIST MILITARY SECURITY
The next release of Sun's operating system will add security 
features from Trusted Solaris, which was developed in partnership 
with the US government and military.
http://www.net-security.org/news.php?id=3609


VIRUS SENDER AGREED TO WORK WITH FBI
Federal prosecutors credited the man responsible for transmitting 
the Melissa virus with helping the FBI bring down several major 
international hackers.
http://www.net-security.org/news.php?id=3610


DISTRIBUTORS OF DVD-COPY SOFTWARE SUED
Hollywood studios Paramount Pictures and 20th Century Fox sued 
a handful of small software companies Wednesday, alleging that 
their distribution of DVD-copying software violates copyright law.
http://www.net-security.org/news.php?id=3612


BLASTER TRIAL SET FOR NOVEMBER 17
The Minnesota teenager accused of unleashing a variant of the 
Blaster worm pleaded not guilty yesterday to a federal charge 
that carries a maximum sentence of 10 years imprisonment.
http://www.net-security.org/news.php?id=3614


VERISIGN'S 'SITEFINDER' FINDS PRIVACY HULLABALOO
Already reviled by network operators, Verisign's ambitious 
typosquatting project is raising hackles with privacy 
advocates too.
http://www.net-security.org/news.php?id=3615


IN BRITAIN, SPAMMERS WILL PAY
Instead of the latest U.S. tactic in the spam war - paying spammers 
not to spam - Britain looks at the flip side the coin. A new law 
makes spamming a criminal act worthy of jury trials and the 
potential for unlimited fines.
http://www.net-security.org/news.php?id=3616


BEWARE THE FAKE SECURITY PATCH
A new Internet worm masquerading as a security patch sent 
by Microsoft is spreading fast around the world.
http://www.net-security.org/news.php?id=3617


IBM, GE LOCK UP SECURITY PARTNERSHIP
IBM and GE's Interlogix business unit announced a joint agreement 
to provide integrated computer and physical security systems to 
large customers.
http://www.net-security.org/news.php?id=3618


WAITING FOR A DIGITAL SEPT. 11
After a rash of security flaws had wreaked havoc upon millions 
of users of Microsoft's operating systems, Steve Ballmer blew 
into Silicon Valley to make a public mea culpa in front of a 
roomful of industry executives.
http://www.net-security.org/news.php?id=3619


SECURITY APPLIANCES BENEFIT FROM SCARES
Security-server sales were up by 10 per cent in the second 
quarter, with a spate of viruses forcing firms to become more 
security conscious.
http://www.net-security.org/news.php?id=3620


WIRELESS POLICY DEVELOPMENT (PART ONE)
This is the first of a two-part series that will help create a 
framework for the most important aspect of any wireless 
security strategy -- policy development.
http://www.net-security.org/news.php?id=3621


SUN BOOSTS SUPPORT FOR RFID
Another major enterprise IT vendor has further embraced the 
move toward using radio frequency identification (RFID) tags 
in manufacturing and retailing.
http://www.net-security.org/news.php?id=3622


INTERIOR ADMITS SECURITY FLAWS IN TRUST SYSTEMS
Interior secretary Gale Norton told the Office of Management 
and Budget recently that the department’s financial systems 
are riddled with security weaknesses, even after she had told 
the U.S. District Court for the District of Columbia last month 
that they were secure.
http://www.net-security.org/news.php?id=3623

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Community Wizard Admin Access Vulnerability
http://www.net-security.org/vuln.php?id=2942


IBM DB2 Discovery Service Denial of Service Vulnerability
 http://www.net-security.org/vuln.php?id=2941


IBM DB2 Stack Multiple Overflow Vulnerabilities
http://www.net-security.org/vuln.php?id=2940


Mambo 4.0.14 Stable Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2939


JDK 1.4.x XALAN Packages Injectable Xsl Template Vulnerability
http://www.net-security.org/vuln.php?id=2938


Plug & Play Web Server Directory Traversal Vulnerability
http://www.net-security.org/vuln.php?id=2937


Rcon Plaintext Passwords Vulnerability
http://www.net-security.org/vuln.php?id=2936


Sendmail 8.12.9 prescan() Remotely Exploitable Vulnerability
http://www.net-security.org/vuln.php?id=2935


Nokia Electronic Documentation Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2934


WideChapter Browser Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2933


MyServer Web Server Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2932


Yak! 2.0.1 Default Account Vulnerability 
http://www.net-security.org/vuln.php?id=2931

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Gentoo Linux Security Announcement - sendmail (200309-13)
http://www.net-security.org/advisory.php?id=2536


Immunix Secured OS Security Advisory - sendmail 
(IMNX-2003-7+-021-01)
http://www.net-security.org/advisory.php?id=2535


Debian Security Advisory - New gopher packages fix buffer overflows
http://www.net-security.org/advisory.php?id=2534


Mandrake Linux Security Update Advisory - MySQL (MDKSA-2003:094)
http://www.net-security.org/advisory.php?id=2533


Mandrake Linux Security Update Advisory - gtkhtml (MDKSA-2003:093)
http://www.net-security.org/advisory.php?id=2532


OpenPKG Security Advisory - sendmail (OpenPKG-SA-2003.041)
http://www.net-security.org/advisory.php?id=2531


Debian Security Advisory - New libmailtools-perl packages 
fix input validation bug (DSA-386-1)
http://www.net-security.org/advisory.php?id=2530


Debian Security Advisory - New hztty packages fix buffer 
overflows (DSA-385-1)
http://www.net-security.org/advisory.php?id=2529


Conectiva Linux Security Announcement - MySQL (CLA-2003:743)
http://www.net-security.org/advisory.php?id=2528


Conectiva Linux Security Announcement - sendmail (CLA-2003:742)
http://www.net-security.org/advisory.php?id=2527


SuSE Security Announcement - openssh (SuSE-SA:2003:039 update)
http://www.net-security.org/advisory.php?id=2526


Guardian Digital Security Advisory - mysql buffer overflow 
(ESA-20030918-025)
http://www.net-security.org/advisory.php?id=2525


Guardian Digital Security Advisory - openssh additional 
buffer management bugs (ESA-20030918-024)
http://www.net-security.org/advisory.php?id=2524


CERT Advisory CA-2003-25 - Buffer Overflow in Sendmail
http://www.net-security.org/advisory.php?id=2523


Turbolinux Security Announcement - sendmail buffer 
overflows (18/Sep/2003)
 http://www.net-security.org/advisory.php?id=2522


SOT Linux Security Advisory - Updated sendmail package 
for SOT Linux 2003 (SLSA-2003:43)
http://www.net-security.org/advisory.php?id=2521


SOT Linux Security Advisory - Updated openssh package 
for SOT Linux 2003 (SLSA-2003:42)
http://www.net-security.org/advisory.php?id=2520


NetBSD Security Advisory - Insufficient argument checking 
in sysctl(2) (2003-014)
http://www.net-security.org/advisory.php?id=2519


NetBSD Security Advisory - Kernel memory disclosure 
via ibcs2 (2003-013)
http://www.net-security.org/advisory.php?id=2518


NetBSD Security Advisory - Out of bounds memset(0) 
in sshd (2003-012)
http://www.net-security.org/advisory.php?id=2517


Debian Security Advisory - New sendmail packages fix 
buffer overflows (DSA-384-1)
http://www.net-security.org/advisory.php?id=2516


FreeBSD Security Advisory - a third sendmail header parsing 
buffer overflow (FreeBSD-SA-03:13.sendmail)
http://www.net-security.org/advisory.php?id=2515


FreeBSD Security Advisory - OpenSSH buffer management 
error (FreeBSD-SA-03:12.openssh revised)
http://www.net-security.org/advisory.php?id=2514


Conectiva Linux Security Announcement - openssh (CLA-2003:741)
http://www.net-security.org/advisory.php?id=2513


Red Hat Security Advisory - Updated OpenSSH packages 
fix potential vulnerabilities (RHSA-2003:279-02)
 http://www.net-security.org/advisory.php?id=2512


OpenBSD Security Announcement - sendmail
http://www.net-security.org/advisory.php?id=2511


Slackware Security Advisory - Sendmail vulnerabilities 
fixed (SSA:2003-260-02)
http://www.net-security.org/advisory.php?id=2510


Slackware Security Advisory - OpenSSH updated again 
(SSA:2003-260-01)
http://www.net-security.org/advisory.php?id=2509


Mandrake Linux Security Update Advisory - openssh 
(MDKSA-2003:090-1)
http://www.net-security.org/advisory.php?id=2508


Debian Security Advisory - OpenSSH buffer management 
fix (DSA-383-1)
http://www.net-security.org/advisory.php?id=2507


Trustix Secure Linux Security Advisory - mysql (2003-0034)
http://www.net-security.org/advisory.php?id=2506


Trustix Secure Linux Security Advisory - openssh (2003-0033)
http://www.net-security.org/advisory.php?id=2505


Cisco Security Advisory: OpenSSH Server Vulnerabilities 
(1.0 INTERIM v2)
http://www.net-security.org/advisory.php?id=2504


Cisco Security Advisory: OpenSSH Server Vulnerabilities 
(1.0 INTERIM)
http://www.net-security.org/advisory.php?id=2503


Debian Security Advisory - OpenSSH buffer management 
fix (DSA-382-2)
http://www.net-security.org/advisory.php?id=2502


Turbolinux Security Announcement - openssh Buffer 
management errors (17/Sep/2003)
http://www.net-security.org/advisory.php?id=2501


OpenPKG Security Advisory - openssh (OpenPKG-SA-2003.040)
http://www.net-security.org/advisory.php?id=2500


Mandrake Linux Security Update Advisory - kdebase
http://www.net-security.org/advisory.php?id=2499


Gentoo Linux Security Announcement - openssh (200309-12)
http://www.net-security.org/advisory.php?id=2498


Immunix Secured OS Security Advisory - openssh (IMNX-2003-7+-020-02)
http://www.net-security.org/advisory.php?id=2497


Gentoo Linux Security Announcement - openssh (200309-11)
http://www.net-security.org/advisory.php?id=2496


CERT Advisory CA-2003-24 - Buffer Management Vulnerability 
in OpenSSH
http://www.net-security.org/advisory.php?id=2495


SGI Security Advisory - IRIX 6.5.21 NFS export vulnerability 
(20030901-01-P)
http://www.net-security.org/advisory.php?id=2494


KDE Security Advisory - KDM vulnerabilities (2003-09-16)
http://www.net-security.org/advisory.php?id=2493


Immunix Secured OS Security Advisory - openssh (IMNX-2003-7+-020-01)
http://www.net-security.org/advisory.php?id=2492


Red Hat Security Advisory - Updated KDE packages fix 
security issues (RHSA-2003:269-01)
http://www.net-security.org/advisory.php?id=2491


SuSE Security Announcement - openssh (SuSE-SA:2003:038)
http://www.net-security.org/advisory.php?id=2490


Mandrake Linux Security Update Advisory - openssh (MDKSA-2003:090)
http://www.net-security.org/advisory.php?id=2489


Slackware Security Advisory - OpenSSH Security Advisory 
(SSA:2003-259-01)
http://www.net-security.org/advisory.php?id=2488


Conectiva Linux Security Announcement - openssh (CLA-2003:739)
http://www.net-security.org/advisory.php?id=2487


Debian Security Advisory - OpenSSH buffer management fix (DSA-382-1)
http://www.net-security.org/advisory.php?id=2486


Red Hat Security Advisory - Updated OpenSSH packages 
fix potential vulnerability (RHSA-2003:279-01)
http://www.net-security.org/advisory.php?id=2485


FreeBSD Security Advisory - OpenSSH buffer management 
error (FreeBSD-SA-03:12)
http://www.net-security.org/advisory.php?id=2484


SCO Security Advisory - OpenServer 5.0.7 OpenServer 5.0.6 
OpenServer 5.0.5: SCO Internet Manager - local users can 
gain root level privileges
http://www.net-security.org/advisory.php?id=2483


HP Security Advisory - OpenVMS Potential security 
vulnerability with DCE/COM
http://www.net-security.org/advisory.php?id=2482


Guardian Digital Security Advisory - openssh, openssh-clients, 
openssh-server (ESA-20030916-023)
http://www.net-security.org/advisory.php?id=2481


Gentoo Linux Security Announcement - net-mail/pine (200309-10)
 http://www.net-security.org/advisory.php?id=2480


OpenPKG Security Advisory - perl (OpenPKG-SA-2003.039)
http://www.net-security.org/advisory.php?id=2479


Gentoo Linux Security Announcement - exim (200309-09)
http://www.net-security.org/advisory.php?id=2478


OpenPKG Security Advisory - mysql (OpenPKG-SA-2003.038)
http://www.net-security.org/advisory.php?id=2477


Gentoo Linux Security Announcement - mysql (200309-08) 
http://www.net-security.org/advisory.php?id=2476

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------

WIRELESS SECURITY: PREVENTING YOUR DATA FROM VANISHING 
INTO THIN AIR
Despite its many exciting possibilities for new business 
opportunities, cost-savings, and user freedom, wireless 
technology presents serious challenges to information security.
http://www.net-security.org/article.php?id=560


INTERVIEW WITH THE AUTHOR OF THE "RED HAT LINUX SURVIVAL GUIDE"
Mohammed J. Kabir discusses various Linux and security issues, 
his books and the future of Linux as he sees it.
http://www.net-security.org/article.php?id=562


NEW AUTOMATED 802.11 WIRELESS SECURITY SOFTWARE
A limited free download of the AirBlock 802.11 Wireless Security 
Software for residential and small business networks has been 
made available by Code Red Systems, a provider of wireless 
security solutions.
http://www.net-security.org/article.php?id=563


EXPOSING YOUR LIFE - THE TOP FACTS ON PDA USAGE
One in three PDA users keep their PDA's unprotected by not 
bothering with passwords which could end with the same dire 
consequences as keeping their doors open at night.
http://www.net-security.org/article.php?id=564

----------------------------------------------------------------




[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

WINDOWS XP SECRETS
This is a book that will help you learn a lot of features and 
possibilities, aimed to investigate a background of many 
operations. Its mission is to make you understand your 
operating system and get the best of it.
http://www.net-security.org/review.php?id=101


RED HAT LINUX ADMINISTRATION: A BEGINNER'S GUIDE
There are many books dedicated to Linux system administration. 
The one I'm taking a look at today is written specifically for Red 
Hat Linux although much of the material can be applied to other 
Linux distributions. Is it worth reading? Go on and find out.
http://www.net-security.org/review.php?id=102


MANAGING LINUX SYSTEMS WITH WEBMIN: SYSTEM ADMINISTRATION 
AND MODULE DEVELOPMENT
What to expect from a Webmin system administration book that's 
written by the same guy that developed Webmin? Cameron combined 
all the knowledge and experience on the subject and transformed 
it into this complete Webmin companion guide.
http://www.net-security.org/review.php?id=103

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at: 
http://www.net-security.org/webcasts.php


----------------------------------------------------------------
SPONSORED WEBCAST: Anatomy of a Database Attack
----------------------------------------------------------------
Organized by Application Security on 25 September 2003, 11:00 AM EDT
----------------------------------------------------------------
The webcast will provide a detailed example of how an attacker 
can break into a database. Real world visuals together with 
step-by-step explanations in layman's terms will be used to 
detail this attack on a fictional company's database.
http://www.net-security.org/webcast.php?id=15
----------------------------------------------------------------


Microsoft Security Offerings for the Banking Industry
Organized by Microsoft on 23 September 2003, 12:30 PM ET
http://www.net-security.org/webcast.php?id=35


Identity & Access Management: Transforming e-Security into 
a Catalyst for Competitive Advantage
Organized by RSA Security on 24 September 2003, 2:00 PM ET
http://www.net-security.org/webcast.php?id=49


Anatomy of a Database Attack
Organized by Application Security, Inc. on 25 September 2003, 
11:00 AM EDT
http://www.net-security.org/webcast.php?id=15


Reducing Risk with Ongoing Vulnerability Assessment
Organized by eEye on 25 September 2003, 11:00 AM EST
http://www.net-security.org/webcast.php?id=25


AppDetective Product Features
Organized by Application Security on 26 September 2003, 11:00 AM
http://www.net-security.org/webcast.php?id=17


Top 5 Ways to Make Your IDS Better
Organized by SANS on 1 October 2003, 1:00 PM EDT
http://www.net-security.org/webcast.php?id=6


Managed Security Services
Organized by eSecure Live on 2 October 2003, 3:00 PM ET
http://www.net-security.org/webcast.php?id=50


A Layered Approach to Wireless LAN Security & Management
Organized by AirDefense, Inc. on 7 October 2003, 2:00 PM EST
http://www.net-security.org/webcast.php?id=8


How to Get Your Network Hacked in 10 Easy Steps
Organized by Microsoft on 8 October 2003, 12:30 PM ET
http://www.net-security.org/webcast.php?id=36


Windows Server 2003 Security Improvements
Organized by Microsoft on 8 October 2003, 1:00 PM ET
http://www.net-security.org/webcast.php?id=37


How to Simplify Message-Level Exchange Recovery
Organized by Aelita Software on 9 October 2003, 1:00 PM ET
http://www.net-security.org/webcast.php?id=48


Identity Management
Organized by eSecure Live on 14 October 2003, 3:00 PM ET
http://www.net-security.org/webcast.php?id=51


Secure Wireless LANs with Windows Server 2003 PKI
Organized by Microsoft on 15 October 2003, 1:00 PM ET
http://www.net-security.org/webcast.php?id=38


Installing and Troubleshooting Microsoft SQL Server 
2000 Service Packs
Organized by Microsoft on 16 October 2003, 10:00 AM PT
http://www.net-security.org/webcast.php?id=28


Installing, Securing and Maintaining Wireless Networks
Organized by Microsoft on 17 October 2003, 12:30 PM ET
http://www.net-security.org/webcast.php?id=39

----------------------------------------------------------------




[ Conferences ]


All conferences are located at: 
http://www.net-security.org/conferences.php


----------------------------------------------------------------

2003 SF ISACA Fall Conference
Organized by SF ISACA - 22 September-24 September 2003
http://www.net-security.org/conference.php?id=48


Conference on Mobile and Wireless Security
Organized by MIS Training Institute - 23 September-25 September 2003
http://www.net-security.org/conference.php?id=5


PharmaSec 2003
Organized by MIS Training Institute - 23 September-25 September 2003
http://www.net-security.org/conference.php?id=6


HealthSec 2003
Organized by MIS Training Institute - 23 September-25 September 2003
http://www.net-security.org/conference.php?id=7


Seattle SecureWorld Expo
Organized by Seguro Group - 24 September-25 September 2003
http://www.net-security.org/conference.php?id=30


ToorCon 2003
Organized by ToorCon - 26 September-28 September 2003
http://www.net-security.org/conference.php?id=13


Wi-Fi Planet Conference & Expo Europe 2003
Organized by Jupitermedia Corp. - 29 September-30 September 2003
http://www.net-security.org/conference.php?id=39


SANS Los Angeles 2003
Organized by SANS - 29 September-4 October 2003
http://www.net-security.org/conference.php?id=41


InfowarCon 2003
Organized by Reed Exhibitions - 30 September-3 October 2003
http://www.net-security.org/conference.php?id=51


Black Hat Federal 2003 Briefings
Organized by Black Hat, Inc. - 1 October-2 October 2003
http://www.net-security.org/conference.php?id=4


6th Information Security Conference
Organized by Hewlett-Packard - 1 October-3 October 2003
http://www.net-security.org/conference.php?id=10


Biometrics 2003
Organized by Computers & Security Publication - 
1 October-1 October 2003
http://www.net-security.org/conference.php?id=16


Cyber Security in the Financial Services Sector Executive Summit
Organized by IMN - 9 October-10 October 2003
http://www.net-security.org/conference.php?id=35


SANS New York 2003
Organized by SANS - 9 October-14 October 2003
http://www.net-security.org/conference.php?id=44


Information Security Summit 2003
Organized by ISSA, ISACA, HTCIA and ASIS -
14 October-15 October 2003
http://www.net-security.org/conference.php?id=11

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

Blue Coat Raises $13 Million in Private Financing with Sprout Group
http://www.net-security.org/press.php?id=1690


iS3 Inc. Secures Series B Round of Funding
http://www.net-security.org/press.php?id=1689


Panda Software Releases the PQREMOVE Application to 
Deal With The New Worm Gibe.C
http://www.net-security.org/press.php?id=1688


Avecho Winning the Fight Against Spam
http://www.net-security.org/press.php?id=1687


Clearswift’s ThreatLab Warns W32/Sobig Worm Variants Imminent
http://www.net-security.org/press.php?id=1686


SSH Communications Security Unveils Global Vision 
for Managed Security Middleware
 http://www.net-security.org/press.php?id=1685


Aelita Enterprise Directory Manager Wins Windows 
& .NET Magazine Readers' Choice Award
http://www.net-security.org/press.php?id=1684


Core Security Technologies Announces Vulnerability
in IBM's DB2 Database
http://www.net-security.org/press.php?id=1683


Blue Coat Study Reveals Abusive Language, Job Gripes 
and Sexual Advances Rampant Among IM Use at Work
 http://www.net-security.org/press.php?id=1682


Datakey Delivers Integrated Smart ID Badge to US 
Patent and Trademark Office
http://www.net-security.org/press.php?id=1681


Smart Card Reader Market Hunts For Elusive Killer Application
http://www.net-security.org/press.php?id=1680


Pointsec Mobile Technologies and F-Secure Enters 
Into A Strategic Partnership
http://www.net-security.org/press.php?id=1679


Aventail Announces End-Point Control to Secure Remote Access 
Based on a User’s Environment, Identity, and Level of Risk
 http://www.net-security.org/press.php?id=1678


SonicWALL Announces New High Performance, Low 
Cost Pro Series Platforms
http://www.net-security.org/press.php?id=1677


Vexira Antivirus Provides Enterprise-Class Virus Protection 
For Linux Samba, Netatalk and NFS File Servers
http://www.net-security.org/press.php?id=1676


Schlumberger Provides Physical Access Security 
Solution to Transpetro
http://www.net-security.org/press.php?id=1675


Secure Email Service Powered by Hongkong Post Mobile e-Cert 
and Diversinet Delivers Secure Corporate Email for Users On The Go
http://www.net-security.org/press.php?id=1674

Panda Antivirus GateDefender Protects Public And 
Private Sector Systems
http://www.net-security.org/press.php?id=1673


Cobion All-in-One E-mail Security Solution Adds Sophos Virus 
Detection to its Arsenal to Protect Companies' Networks
http://www.net-security.org/press.php?id=1672


Wave Systems To Demonstrate EMBASSY Trust Suite Services With 
the Trusted Computing Group Community at the Intel Developer Forum
http://www.net-security.org/press.php?id=1671


PGP Corporation Ships New Self-Managing Security Architecture, 
Delivering Automatic Secure Messaging and Information Storage
http://www.net-security.org/press.php?id=1670


Zix Corporation Offers Free Web Seminar on the Risks of 
HIPAA Email Security Policies
http://www.net-security.org/press.php?id=1669


Panda Software: Fifth Strongest Growth in Europe
http://www.net-security.org/press.php?id=1668


Reliant Behavioral Health Deploys Tumbleweed's E-mail 
Firewall for HIPAA Compliance
http://www.net-security.org/press.php?id=1667


Tumbleweed and Tunitas Group Partner To Offer Quick-Start 
Program For HIPAA-Compliant Secure E-mail
http://www.net-security.org/press.php?id=1666


Registration Opens for ApacheCon 2003, the Global Hub 
for All Things Apache
http://www.net-security.org/press.php?id=1665


Sophos Continues to Grow at Twice the Market Rate
http://www.net-security.org/press.php?id=1664


Schlumberger Reveals Strong Security Policies Increase 
Supply Chain Performance 
http://www.net-security.org/press.php?id=1663

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Gibe-F Worm is Wake Up Call for Companies
http://www.net-security.org/virus_news.php?id=309


Weekly Virus Report - Gibe.C, Opaserv.X, Backterra, 
Reksa.A and Blaster.G Worms
http://www.net-security.org/virus_news.php?id=308


Panda Software Warns About the New Gibe.C Worm
http://www.net-security.org/virus_news.php?id=307


Vulnerabilities in Windows RPCSS Service Could be 
Exploited By Viruses
http://www.net-security.org/virus_news.php?id=306

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


-------------------------------------------------------------------
ALERT: ARE YOU "POSITIVE" THAT YOUR SECURITY POLICY WORKS? 
-------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web 
application attacks - the most common form of online exploitation - 
resulting in Web defacement, data theft, sabotage and fraud. KaVaDo 
provides the first and only integrated Web application Scanner and 
Firewall security suite. 

Download a FREE whitepaper on Security Policy Automation for 
Web Applications - http://www.net-security.org/v/kavado 
-------------------------------------------------------------------