HNS Newsletter
Issue 191 - 08.12.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


----------------------------------------------------------------
Get Thawte’s NEW Step-by-Step SSL Guide for Apache
----------------------------------------------------------------
In this guide you will find out how to test, purchase, install 
and use a Thawte Digital Certificate on you Apache web server. 

Throughout, best practices for set-up are highlighted to help 
you ensure efficient ongoing management of your encryption 
keys and digital certificates.

Get you copy of this new guide now:
http://ad.doubleclick.net/clk;6091061;8369142;h
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Webcasts
7) Conferences
8) Security world
9) Virus news


[ Security news ]

 
----------------------------------------------------------------

BILL GATES TALKS SEAMLESS COMPUTING, SECURITY, AND LINUX
In an interview, Microsoft's chief software architect says customers 
will be open to new uses of technology once security problems are 
under control.
http://www.net-security.org/news.php?id=4155


EXCHANGE TO RECEIVE ANTI-SPAM FILTER
Microsoft to build in similar technology as in Outlook and Hotmail.
http://www.net-security.org/news.php?id=4156


PRIVATE RECORDS MAY BE AT RISK
Someone in Asia may be looking at your income tax returns or 
reading sensitive doctors' notes about your medical history.
http://www.net-security.org/news.php?id=4157


.NAME REGISTRY WEBSITE DEFACED
On Saturday, November 29, 2003 a post on the GNSO mailing list 
indicated that the .name registry website had been defaced.
http://www.net-security.org/news.php?id=4158


RED HAT LINUX TO GAIN SECURITY STAMP OF APPROVAL
Red Hat is pushing to have its commercial Enterprise Linux software 
certified under the Common Criteria (CC) Scheme worldwide, and 
has anticipated the OS solution will gain accreditation by the end 
of this year.
http://www.net-security.org/news.php?id=4159


THE TEN COMMANDMENTS OF PC SECURITY
Fight off nasty viruses, worms, and Trojan horses by following 
these simple rules.
http://www.net-security.org/news.php?id=4160


SYMANTEC CALLS FOR PARTNER TEAMWORK
Vendors and resellers urged to collaborate on end-to-end 
security products.
http://www.net-security.org/news.php?id=4161


PASSWORD HINT: THINK WHETHER YOURS IS GOOD ENOUGH
Problems and costs, tips and alternatives. Tony Hallett reports on 
what the industry is saying - and whether passwords are enough.
http://www.net-security.org/news.php?id=4162


READERS WOULDN'T BUY SECURITY PRODUCTS FROM MICROSOFT
Microsoft's latest security initiative, "Securing the Perimeter," 
shows it hasn't given up in its battle against hackers and virus 
writers.
http://www.net-security.org/news.php?id=4163


DEBIAN ATTACKER MAY HAVE USED NEW EXPLOIT
An as-yet-unknown security exploit in Linux may have been 
responsible for a recent compromise of Debian.org's servers, 
according to a system administrator with the Debian 
operating system project.
http://www.net-security.org/news.php?id=4164


A TWO-PRONGED APPROACH TO CYBERSECURITY
In September, Amit Yoran became the United States' top 
cybersecurity defender.
http://www.net-security.org/news.php?id=4166


GOVERNMENT ROLE IN IT SECURITY - FREE HAND OR IRON FIST
Cyberspace is not what it used to be. The on-line world is hostage 
to a motley crew of unsavory characters determined to milk it for 
all it is worth.
http://www.net-security.org/news.php?id=4167


ROGUE DIALLERS NOW USE SATELLITE
The German site Dialerschutz (Dialler Protection) warns Internet 
users against new rogue diallers which connect through Emsat, 
Eutelsat's satellite system. Internet users have been faced with 
exceptionally high phone bills.
http://www.net-security.org/news.php?id=4168


NORTH KOREA LAUNCHES 'SECURE' EMAIL
Little is known about how many people are online in North Korea, 
but the country is claiming to have have launched an email 
service with 'guaranteed' security.
http://www.net-security.org/news.php?id=4169


CRIME SOMETIMES PAYS
Most spam is simply advertising. However, a small proportion of 
messages have a malicious purpose, which can range from simple 
vandalism through to theft and industrial espionage.
http://www.net-security.org/news.php?id=4170


EXPLOITING CISCO ROUTERS: PART 2
This is the second of a two-part series that focuses on identifying 
and then exploiting vulnerabilities and poor configurations in Cisco 
routers. This article will look at what we can do once we've gotten 
in.
http://www.net-security.org/news.php?id=4171


SPAMMERS TURN TO CLASSIC PROSE
Poetry is probably not top of the list of things you expect to see 
in the spam and junk mail messages landing in your inbox everyday.
http://www.net-security.org/news.php?id=4172


THE PERFECT SETUP - DEBIAN
This is a detailed description about the steps to be taken to setup 
a Debian based server that offers all services needed by ISPs and 
hosters.
http://www.net-security.org/news.php?id=4173


SQL SERVER SECURITY TIPS: PART 1
Greg Robidoux, a Microsoft SQL Server expert who focuses on 
security, is chairman of the Professional Association for SQL 
Server DBA Special Interest Group (PASS DBA SIG).
http://www.net-security.org/news.php?id=4174


KERNEL EXPLOIT CAUSE OF DEBIAN COMPROMISE
The cause of the recent Debian Project server compromise has 
been published by the Debian security team.
http://www.net-security.org/news.php?id=4175


STUDY: FIREWALL SALES TO SPREAD
The market for firewall software and devices will jump 25 percent 
in the next two years to nearly $2.5 billion in worldwide sales, 
research firm Meta Group has predicted in its latest report.
http://www.net-security.org/news.php?id=4177


BIGGEST SECURITY PROBLEM--IT'S HUMAN
If we can rely on one other certainty in this world other than 
death and taxes, it is forgotten passwords.
http://www.net-security.org/news.php?id=4178


WINDOWS ATMS RAISE SECURITY CONCERNS
Use of general-purpose platform expected to increase risks.
http://www.net-security.org/news.php?id=4179


CHINA IMPLEMENTS NEW WI-FI SECURITY STANDARD
Chinese government agencies are prohibiting the import, manufacture 
and sale of Wi-Fi gear that does not use China's new security 
specification, which is incompatible with standards technology 
industry groups developed.
http://www.net-security.org/news.php?id=4180


LINUX USERS: ARE YOU AT RISK FROM KERNEL EXPLOIT?
Using this bug it is possible for a userland program to trick 
the kernel into giving access to the full kernel address space.
http://www.net-security.org/news.php?id=4181


AGENCIES TO GET SECURITY SCORES
Agencies will soon receive grades for their progress in 
information security.
http://www.net-security.org/news.php?id=4182


A PLAGUE ON ALL OUR NETWORKS
The number of attacks on UK networks is soaring, with even the 
smallest firms facing an average 500 assaults each month from 
viruses, worms and denial of service attempts.
http://www.net-security.org/news.php?id=4183


BEST PRACTICES: AVOIDING COMPUTER WORMS
Despite the stories pervading headlines about computer criminals, 
a disproportionate number of security incidents occur because 
that age-old problem: user error.
http://www.net-security.org/news.php?id=4184


DELL TO TECHS: DON'T HELP CUSTOMERS REMOVE SPYWARE
As seen in the latest newsletter from SpyWareInfo, Dell sent 
an internal memo to its tech support minions which says in part: 
"NOTICE: Use of spyware removal software may conflict with 
user license agreements of other applications installed on your 
system. Please consult your user license agreements for further 
information. Dell does not endorse the use of spyware removal 
software and cannot provide support on these products."
http://www.net-security.org/news.php?id=4185


VIRUS ATTACKS ANTI-SPAM SITES
Security experts have warned that yet another new variant 
of the malicious computer worm Mimail is on the loose.
http://www.net-security.org/news.php?id=4186


TECH INDUSTRY PUT ON SECURITY NOTICE
At first blush, the National Cyber Security Summit had all 
the makings of a tech industry love fest.
http://www.net-security.org/news.php?id=4189


TECH INDUSTRY WORKS TO STEM NEW SECURITY RULES
Large vendors are trying to persuade the government that 
the rules are unnecessary because they're already taking 
aggressive steps to defend against hackers.
http://www.net-security.org/news.php?id=4190


CRACKERS STRIKE GENTOO LINUX SERVER, CODE UNHARMED
In the latest of what is becoming a string of high-profile 
attacks on Linux, someone broke into one of the servers 
used to distribute versions of Gentoo Linux on Tuesday.
http://www.net-security.org/news.php?id=4191


HECKENKAMP CHALLENGES COMPUTER BAN
Accused eBay hacker Jerome Heckenkamp is back in federal 
court in California this month, but it isn't for his ever-slipping 
trial date.
http://www.net-security.org/news.php?id=4192


CISCO WI-FI KIT IN MINOR SECURITY FLAP
Cisco yesterday warned of a security vulnerability in the 
software running on its popular line of Aironet wireless 
LAN access points.
http://www.net-security.org/news.php?id=4193


LINUX SECURITY EXPERT DEFENDS DEBIAN
Debian Project leaders did a good job before and after a 
breach that took down their servers Nov. 21 said Jay Beale, 
lead developer on the Bastille Linux project and a consultant 
at JJB Security Consulting & Training.
http://www.net-security.org/news.php?id=4194


MICROSOFT OFFICIAL: WEB VIRUS AUTHORS WINNING BATTLE
Creators of computer viruses are winning the battle with law 
enforcers and getting away with crimes that cost the global 
economy some $13 billion this year, a Microsoft official said 
on Wednesday.
http://www.net-security.org/news.php?id=4195


CYBERSECURITY TALK IS CHEAP
Less than a year after the Bush administration unveiled its 
National Strategy to Secure Cyberspace, the finger pointing 
over who is to blame for failing to implement its 
recommendations has already begun.
http://www.net-security.org/news.php?id=4196


SECURITY FLAW FOUND IN YAHOO MESSENGER
Vulnerability in popular instant messaging app rated critical.
http://www.net-security.org/news.php?id=4197


REPORTER'S NOTEBOOK: AT THE DHS NATIONAL CYBER 
SECURITY SUMMIT
Officials urged the IT community to take the threat of 
cyberterrorism seriously.
http://www.net-security.org/news.php?id=4199


THE GROWING PROBLEM OF IDENTITY THEFT
Losses from identity theft in the US in the past year 
are estimated to have amounted to around $50 billion.
http://www.net-security.org/news.php?id=4200


HOLLYWOOD: NORWEGIAN HACKER A BURGLER
A Norwegian hacker who has angered Hollywood by cracking 
a DVD copy protection code is a cyberspace version of a 
burglar, plaintiffs told an Oslo appeals court Thursday.
http://www.net-security.org/news.php?id=4201


WI-FI PRODUCTS ROLL DESPITE SECURITY DEBATE
A Cisco security problem punctuates arguments for and 
against widespread deployment of wireless networks.
http://www.net-security.org/news.php?id=4202


TIME IS RIGHT FOR DATABASE ENCRYPTION
Are data-privacy regulations and dreams about stolen 
employee data keeping you up at night? It may be time 
to protect your data where it lives--in your database.
http://www.net-security.org/news.php?id=4203


15 COMPANY NETWORKS PENETRATED
A computer expert who hacked into the networks of 15 
Londonderry firms in an afternoon, today defended his 
illegal bid to expose lax computer security.
http://www.net-security.org/news.php?id=4204


LIMITED CHOICE FOR LINUX VIRUS PROTECTION
Boxall's CC, the South African distributor of Norway's Norman 
data security products, says Norman Virus Control (NVC) is 
the only locally supported anti-virus solution specifically 
for Linux.
http://www.net-security.org/news.php?id=4206


COPPING OUT ON CYBERSECURITY
After convincing the government to back off, it's now 
time for Silicon Valley to come up with a way to plug 
the lingering security holes in the national network 
infrastructure.
http://www.net-security.org/news.php?id=4207

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Linksys WRT54G Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3106


Websense Blocked Sites Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3105


XBoard Pxboard Insecure tmp File Handling Vulnerability
http://www.net-security.org/vuln.php?id=3104


Yahoo Instant Messenger YAUTO.DLL Buffer 
Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3103


Linux kernel do_brk() Lacks Argument Bound Checking
http://www.net-security.org/vuln.php?id=3102


IBM Directory Server 4.1 Web Admin Gui Cross Site 
Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3101


Virtual Programming VP-ASP Shopping Cart 5.0 
Multiple SQL Injection Vulnerabilities
http://www.net-security.org/vuln.php?id=3100


Surfboard 1.1.8 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3099


Cutenews 1.3 Information Disclosure Vulnerability
http://www.net-security.org/vuln.php?id=3098


RNN Guestbook 1.2 Multiple Vulnerabilities 
http://www.net-security.org/vuln.php?id=3097

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

SOT Linux Security Advisory - Updated rsync package for 
SOT Linux 2003 (SLSA-2003:55)
http://www.net-security.org/advisory.php?id=2792


Mandrake Linux Security Update Advisory - rsync (MDKSA-2003:111)
http://www.net-security.org/advisory.php?id=2791


Red Hat Security Advisory - New rsync packages fix remote 
security vulnerability (RHSA-2003:398-01)
http://www.net-security.org/advisory.php?id=2790


Conectiva Security Announcement - rsync (CLA-2003:794)
http://www.net-security.org/advisory.php?id=2789


Gentoo Linux Security Announcement - kernel (200312-02)
http://www.net-security.org/advisory.php?id=2788


Gentoo Linux Security Announcement - rsync (200312-03)
http://www.net-security.org/advisory.php?id=2787


Guardian Digital Security Advisory - rsync (ESA-20031204-032)
http://www.net-security.org/advisory.php?id=2786


SUSE Security Announcement - rsync (SuSE-SA:2003:050)
http://www.net-security.org/advisory.php?id=2785


Debian Security Advisory - New rsync packages fix unauthorised 
remote code execution (DSA 404-1)
http://www.net-security.org/advisory.php?id=2784


OpenPKG Security Advisory - rsync (OpenPKG-SA-2003.051)
http://www.net-security.org/advisory.php?id=2783


SUSE Security Announcement - Linux Kernel (SuSE-SA:2003:049)
http://www.net-security.org/advisory.php?id=2782


Trustix Secure Linux Security Advisory - rsync (2003-0048)
http://www.net-security.org/advisory.php?id=2781


Slackware Security Advisory - rsync security update 
(SSA:2003-337-01)
http://www.net-security.org/advisory.php?id=2780


SGI Security Advisory - Multiple OpenSSH/OpenSSL 
Vulnerabilities Update (20030904-02-P)
http://www.net-security.org/advisory.php?id=2779


HP Security Bulletin - Tru64 UNIX CDE libdthelp.so potential 
privileged access and Denial of Service (SSRT3657)
http://www.net-security.org/advisory.php?id=2778


Gentoo Linux Security Announcement - rsync.gentoo.org 
rotation server compromised (200312-01)
http://www.net-security.org/advisory.php?id=2777


SUSE Security Announcement - gpg (SuSE-SA:2003:048)
http://www.net-security.org/advisory.php?id=2776


Turbolinux Security Announcement - kernel Integer overflow 
(03/Dec/2003)
http://www.net-security.org/advisory.php?id=2775


SGI Security Advisory - do_brk() vulnerability on SGI 
Altix systems (20031201-01-A)
http://www.net-security.org/advisory.php?id=2774


Red Hat Security Advisory - Updated Net-SNMP packages 
fix security and other bugs (RHSA-2003:335-01)
http://www.net-security.org/advisory.php?id=2773


Slackware Security Advisory - Kernel security update 
(SSA:2003-336-01)
http://www.net-security.org/advisory.php?id=2772


Cisco Security Advisory: SNMP trap Reveals WEP Key in 
Cisco Aironet AP (20031202)
http://www.net-security.org/advisory.php?id=2771


HP Security Bulletin - Tru64 UNIX Bind Version 8 potential 
security (SSRT3653)
http://www.net-security.org/advisory.php?id=2770


SCO Security Advisory - UnixWare 7.1.1 : Bind: cache poisoning 
BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2 (CSSA-2003-SCO.33)
http://www.net-security.org/advisory.php?id=2769


Red Hat Security Advisory - Updated 2.4 kernel fixes 
privilege escalation security (RHSA-2003:392-00)
http://www.net-security.org/advisory.php?id=2768


Trustix Secure Linux Security Advisory - kernel (#2003-0046)
http://www.net-security.org/advisory.php?id=2767


Mandrake Linux Security Update Advisory - kernel (MDKSA-2003:110)
http://www.net-security.org/advisory.php?id=2766


Debian Security Advisory - userland can access Linux 
kernel memory (DSA-403-1)
http://www.net-security.org/advisory.php?id=2765


SOT Linux Security Advisory - Updated postgresql package 
for SOT Linux 2003 (SLSA-2003:54)
http://www.net-security.org/advisory.php?id=2764


FreeBSD Security Advisory - bind8 negative cache poison 
attack (FreeBSD-SA-03:19.bind)
http://www.net-security.org/advisory.php?id=2763


Mandrake Linux Security Update Advisory - gnupg (MDKSA-2003:109)
http://www.net-security.org/advisory.php?id=2762


SUSE Security Announcement - bind8 (SuSE-SA:2003:047)
http://www.net-security.org/advisory.php?id=2761

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------

REAL WORLD XSS
This paper covers most aspects of XSS attacks including: injection 
points, attack scenarios, attacker motivations and techniques, 
code obfuscation examples, starts laying a foundation on proper 
filtering framework.
http://www.net-security.org/article.php?id=608


CIRCUMVENTING VALIDATION
Web developers spend a lot of time planning out complex chains 
of events to make thier web applications work. Within the planning 
and outlines, implicit control over the chain of events is often 
assumed. This paper is an introduction to breaking those 
assumptions and realizing just how vulnerable those chaulk 
board outlines can be in the real world.
http://www.net-security.org/article.php?id=609


IMPROVING THE DATABASE LOGGING PERFORMANCE OF THE 
SNORT NETWORK INTRUSION DETECTION SENSOR
The performance requirements of the popular Snort NIDS has been 
studied before. However, in addition to the performance of the 
NIDS sensor itself, the database that receives and stores alerts 
can play a role in determining overall performance.
http://www.net-security.org/article.php?id=610

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

QWIK-FIX 0.57
Qwik-Fix is designed to pro-actively prevent known software 
vulnerabilities in Windows and Internet Explorer from being 
exploited by malicious hackers, virus writers and worm writers.
http://www.net-security.org/software.php?id=525


NUFW 0.6
NuFW is an "authenticating gateway". This means it requires 
authentication for any connections to be forwarded through 
the gateway.
http://www.net-security.org/software.php?id=526


LINUX-VSERVER 1.1.6
Linux-VServer allows you to create virtual private servers and 
security contexts which operate like a normal Linux server, but 
allow many independent servers to be run simultaneously in 
one box at full speed.
http://www.net-security.org/software.php?id=527


LOGIDS 2.0
LogIDS is a real-time log-analysis based intrusion detection 
system. The graphical interface presents you with a representation 
of your network map, where each node (host or subnet) have its 
own little console window, where the logs belonging to it can 
eventually be displayed (depending on your rules).
http://www.net-security.org/software.php?id=528

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at: 
http://www.net-security.org/webcasts.php


----------------------------------------------------------------

Spam: The Real Four-Letter Word
Organized by Network Associates on 9 December 2003, 8:00 AM PT
http://www.net-security.org/webcast.php?id=84


Securing Your Business Enterprise with Patch Management 
using SMS 2003
Organized by Microsoft on 9 December 2003, 9:30 AM PT
http://www.net-security.org/webcast.php?id=117


Top Five Web Server Protection Strategies
Organized by eEye on 9 December 2003, 2:00 PM EST
http://www.net-security.org/webcast.php?id=88


Secure Your Networks: Building Your Microsoft Security Toolkit
Organized by Microsoft on 11 December 2003, 9:00 AM PT
http://www.net-security.org/webcast.php?id=118


Network Forensics Made Easy
Organized by eEye on 11 December 2003, 2:00 PM EST
http://www.net-security.org/webcast.php?id=136


Closing the Loop in Change Management
Organized by Tripwire on 12 December 2003, 11:00 AM PDT
http://www.net-security.org/webcast.php?id=137


Applying Technology to Regulatory Compliance
Organized by Network Associates on 16 December 2003, 11:00 AM PT
http://www.net-security.org/webcast.php?id=85

----------------------------------------------------------------




[ Conferences ]


All conferences are located at: 
http://www.net-security.org/conferences.php


----------------------------------------------------------------

Infosecurity 2003
Organized by Information Security Magazine /ISSA - 9 December -
11 December 2003
http://www.net-security.org/conference.php?id=3


HITBSecConf2003
Organized by Hack In The Box - 12 December-14 December 2003
http://www.net-security.org/conference.php?id=64


Access Denied 2004
Organized by New Leaf Productions - 11 January-13 January 2004
http://www.net-security.org/conference.php?id=75


IT-Defense 2004
Organized by cirosec GmbH/dpunkt.Verlag - 28 January -
30 January 2004
http://www.net-security.org/conference.php?id=56


Infosecurity Italia 2004
Organized by Fiera Milano International - 13 February -
14 February 2004
http://www.net-security.org/conference.php?id=34


Southeast Cybercrime Summit 2004
Organized by ATLCCS - 2 March-5 March 2004
http://www.net-security.org/conference.php?id=77


InfoSec World Conference and Expo 2004
Organized by MIS Training Institute - 22 March-24 March 2004
http://www.net-security.org/conference.php?id=68


RSA Conference 2004 USA
Organized by RSA Security - 13 April-17 April 2004
http://www.net-security.org/conference.php?id=55


Infosecurity Europe 2004
Organized by Reed Exhibitions - 27 April-29 April 2004
http://www.net-security.org/conference.php?id=27


Dallascon Security Conference 2004
Organized by DallasCon - 1 May-2 May 2004
http://www.net-security.org/conference.php?id=73


16th Annual FIRST Conference
Organized by FIRST - 13 June-18 June 2004
http://www.net-security.org/conference.php?id=22


NetSec 2004
Organized by Computer Security Institute - 14 June-16 June 2004
http://www.net-security.org/conference.php?id=20


2004 USENIX Annual Technical Conference
Organized by USENIX Association - 27 June-2 July 2004 
http://www.net-security.org/conference.php?id=66

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

GFI Network Server Monitor Keeps Servers Up and Running
http://www.net-security.org/press.php?id=1881


Corestreet and nCipher Develop Integrated Real-Time 
Digital Credentials Validation Solution
http://www.net-security.org/press.php?id=1880


Bluesocket Ships WG-5000 Wireless Gateway
http://www.net-security.org/press.php?id=1879


SANS, TippingPoint Technologies, and Qualys Deliver Consensus 
Security Alert Digest to Over 200,000 Network Security 
Professionals
http://www.net-security.org/press.php?id=1878


(ISC)2 Announces Addition To International Board Of Directors
http://www.net-security.org/press.php?id=1877


Information Security Forum Launches Standard Of Good Practice
http://www.net-security.org/press.php?id=1876


Kaspersky Anti-Virus Secures WinGate Proxy Server
http://www.net-security.org/press.php?id=1875


SafeGuard PDA with new Security Functions for Pocket 
PCs under Windows Mobile 2003
http://www.net-security.org/press.php?id=1874


US Department of Treasury Selects Datakey CIP To 
Access Secure Payment System
http://www.net-security.org/press.php?id=1873


Sigaba Wins Accolades For Secure Mission-Critical 
War Communications Solution In JWID 2003 Trial
http://www.net-security.org/press.php?id=1872


GFI Slashes Prices for Gateway Content Security 
and Anti-Virus Software by Over 75%
http://www.net-security.org/press.php?id=1871


Diversinet Signs On Consist International To Realize A Growing 
Market For Digital Certification and Secure Wireless Infrastructure 
In Brazil And Argentina
http://www.net-security.org/press.php?id=1870


KaVaDo and STG Security to Protect Web Applications 
in South Korea
http://www.net-security.org/press.php?id=1869


Sophos Offers Free Computer Security Assessments 
For The NHS
http://www.net-security.org/press.php?id=1868


CyberGuard Completes Snapgear Acquisition 
http://www.net-security.org/press.php?id=1867

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Sobig-F Wins 2003 War Of The Worms
http://www.net-security.org/virus_news.php?id=333

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
Get Thawte’s NEW Step-by-Step SSL Guide for Apache
----------------------------------------------------------------
In this guide you will find out how to test, purchase, install 
and use a Thawte Digital Certificate on you Apache web server. 

Throughout, best practices for set-up are highlighted to help 
you ensure efficient ongoing management of your encryption 
keys and digital certificates.

Get you copy of this new guide now:
http://ad.doubleclick.net/clk;6091061;8369142;h
----------------------------------------------------------------