HNS Newsletter
Issue 194 - 29.12.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


----------------------------------------------------------------
Get Thawte’s NEW Step-by-Step SSL Guide for Apache
----------------------------------------------------------------
In this guide you will find out how to test, purchase, install 
and use a Thawte Digital Certificate on you Apache web server. 

Throughout, best practices for set-up are highlighted to help 
you ensure efficient ongoing management of your encryption 
keys and digital certificates.

Get you copy of this new guide now:
http://ad.doubleclick.net/clk;6091061;8369142;h
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Webcasts
7) Conferences
8) Security world
9) Virus news


[ Security news ]

 
----------------------------------------------------------------

VIRUS ATTACKS INCREASE IN SEVERITY
While the number of virus attacks decreased in the last year, 
the scale and the impact they have had on the Internet have 
increased significantly, says security software developer, 
Kaspersky Labs.
http://www.net-security.org/news.php?id=4310


AN UNENCRYPTED LOOK AT FILEVAULT
When Apple introduced Panther and its 150 new features, who 
would have thought that FileVault, an extra-strength security 
technology, would raise so many questions and lead to so many 
debates?
http://www.net-security.org/news.php?id=4311


HAS SECURITY COME TO THIS?
There are many costs associated with security, or the lack of it. 
Sometimes that cost is to the spirit.
http://www.net-security.org/news.php?id=4312


IS WIRELESS SECURITY A LOST CAUSE?
"WPA is better than WEP, but we still have a way to go before 
true wireless network security," Robert Moskowitz, senior technical 
director of ICSA Labs at TruSecure, told the E-Commerce Times. 
"A lot of cryptologists don't like WPA because it's based on older 
ciphers."
http://www.net-security.org/news.php?id=4313


CAN SPAM? OR NEW CAN OF WORMS?
On New Year's Day, Americans will wake up to more than a crushing 
hangover; they will have a new federal antispam law and, according 
to one commercial group, a new definition of spam.
http://www.net-security.org/news.php?id=4314


GERMAN EMBASSIES CONNECTED BY SECURE NETWORK
By connecting the German embassies in Hanoi, Libreville, Nairobi, 
Taipei and Tirana, Secunet has successfully completed a global 
Gigabit Ethernet network of the German Federal Foreign Office.
http://www.net-security.org/news.php?id=4316


BUILD A GRID APP WITH PYTHON, PART 3: SECURITY
This tutorial, the third part in our Python grid series, focuses on 
the issues surrounding the security within your grid when developing 
a grid solution with Python.
http://www.net-security.org/news.php?id=4317


LEGAL VICTORY FOR 'DVD HACKER'
An appeals court has cleared a Norwegian man of DVD piracy charges.
http://www.net-security.org/news.php?id=4320


EU TRAVEL PRIVACY BATTLE HEATS UP
Some European leaders, concerned about inadequate privacy 
protections, are mounting an effort to stop EU governments from 
sharing travelers' personal information with the United States.
http://www.net-security.org/news.php?id=4321


A VERY SMALL STEP FOR MUSIC-KIND
The District of Columbia Court of Appeals' decision in the Verizon 
v. RIAA case will likely be a small and pyrrhic victory for 
downloaders.
http://www.net-security.org/news.php?id=4322


SECURE WIRELESS MAKES SENSE
Problems encountered by wireless more a training than a 
technology issue.
http://www.net-security.org/news.php?id=4323


MERGING MANAGED SECURITY
Verisign Inc.'s acquisition of Guardent Inc. last week not only brought 
together the two strongest managed security services providers, but 
it may also spark a new wave of consolidation and innovation in the 
MSSP sector as the remaining players scramble to hold customers.
http://www.net-security.org/news.php?id=4324


TERMINATING A SYSTEMS ADMINISTRATOR
When it's time for an employee to go, eliminate all the ways that 
person can access your network.
http://www.net-security.org/news.php?id=4325


HOW DO YOU STOP THE THREAT FROM WITHIN?
The biggest threat to security is not from outside, it is from the 
company employee. Julie Jervis from SC Magazine asked security 
experts throughout the U.S. how they are educating these end-users.
http://www.net-security.org/news.php?id=4326


SECURITY FEARS OVER SPYWARE
Consumers are under threat from a devious form of software that 
could become as rampant as spam. Mike Barton reports.
http://www.net-security.org/news.php?id=4327


DDOS: IN DEPTH
Distributed Denial of Service Attacks have recently emerged as 
one of the most newsworthy, if not the greatest, weaknesses 
of the Internet.
http://www.net-security.org/news.php?id=4328


OH DAN GEER, WHERE ART THOU?
Remember Dan Geer-Dr. Dan Geer to you-who was fired from security 
firm @stake in late September for sounding off against Microsoft.
http://www.net-security.org/news.php?id=4329


NET MAP SERVICES SPARK STALKING FEARS
Type a phone number into Google or other sites for a map with 
door-to-door directions. Now those resources are provoking a 
backlash. Spooked people worried about stalkers are striking 
their particulars from Internet listings.
http://www.net-security.org/news.php?id=4332


COMPUTER SLEUTHS PLY INTERNET
A 13-year-old girl sat at a computer in Orangeburg, making 
arrangements to have sex with an older man from Charleston. 
At least that's what the man thought.
http://www.net-security.org/news.php?id=4333


SOBER WORM THREATENS HOLIDAY
Antivirus vendors post fixes for family of Sober viruses.
http://www.net-security.org/news.php?id=4334


XMAS ISSUE OF THE "THE HITCHHIKER'S WORLD" E-ZINE IS HERE
The e-zine features mainly open source/coding and various projects 
relevant to security technology, though as well a forum for personal 
expression.
http://www.net-security.org/news.php?id=4335


NETWORK MONITORING WITH ETHEREAL
We all hope that our networks just do what they are supposed to 
but that often is not the case. Two systems that should talk to 
each other, don't; a network becomes saturated with traffic for 
no apparent reason; you need to know what some non-Linux 
device is doing. Ethereal may be the tool that saves the day.
http://www.net-security.org/news.php?id=4336


ONLINE CRIME UP IN 2003
It seems 2003 was a productive year for phishers, online auction 
scammers and Nigerians professing a deep sense of purpose and 
utmost sincerity, judging from the latest stats from the Internet 
Fraud Complaint Center.
http://www.net-security.org/news.php?id=4338


IT ENTHUSIASTS TAKING UP 'SELF-DEFENCE' HACKING COURSES
More IT professionals and enthusiasts are learning how to hack 
into computer systems in order to protect their own.
http://www.net-security.org/news.php?id=4339


JAIL THREAT MIGHT TIGHTEN CYBERSECURITY
Perhaps producers of substandard software should face jail, now 
that corrupt accounting carries a heavy penalty.
http://www.net-security.org/news.php?id=4340


PROLIFERATION OF WIRELESS DATA FORMS NEW SECURITY MARKET
Wireless carriers are expanding their data services, and more 
consumer and business devices are supporting wireless connectivity. 
There are a number of security risks associated with wireless data, 
which has driven the creation of a new wireless security market.
http://www.net-security.org/news.php?id=4341

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Landesk Management Suite ircrboot.dll Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3157


OpenBB 1.06 SQL Injection Vulnerability
http://www.net-security.org/vuln.php?id=3156


Psychoblogger Beta1 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3155


QuikStore Shopping Cart Path Disclosure Vulnerability
http://www.net-security.org/vuln.php?id=3154


Opera 7 Arbitrary File Delete Vulnerability
http://www.net-security.org/vuln.php?id=3153


DCAM Server 8.2.5 Directory Traversal Vulnerability
http://www.net-security.org/vuln.php?id=3152


osCommerce Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3151


XOOPS 2.0.5.1 "weblinks" Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3150


My Little Forum Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3149


BES-CMS File Including Vulnerability
http://www.net-security.org/vuln.php?id=3148


Subscribe Me Pro/Enterprise Remote Code Execution Vulnerability
http://www.net-security.org/vuln.php?id=3147


Muliple ASPapp.com Product Vulnerabilities
http://www.net-security.org/vuln.php?id=3146


Autorank PHP SQL Multiple Injection Vulnerabilities
http://www.net-security.org/vuln.php?id=3145


CyberGuard Proxy Firewall Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3144


bMachine v2.6 Cross Site Scripting Vulnerability 
http://www.net-security.org/vuln.php?id=3143

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Apple Security Advisory - Security Update 2003-12-19 for Jaguar 
(APPLE-SA-2003-12-19)
http://www.net-security.org/advisory.php?id=2832


Apple Security Advisory - Security Update 2003-12-19 for Panther 
(APPLE-SA-2003-12-19)
http://www.net-security.org/advisory.php?id=2831

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------

LOOKING BACK AT WIRELESS SECURITY IN 2003
This article covers some of the most interesting wireless security 
topics and events in 2003. Find out about wireless security 
happenings, software tools, interesting books, a brief positive 
rant on corporate security world and a Q&A with three wireless 
security experts working at Funk Software, AirScanner 
Corporation and IBM.
http://www.net-security.org/article.php?id=624


REFLECTING ON LINUX SECURITY IN 2003
Here's a look at some interesting happenings with Linux security 
in 2003 with comments by Bob Toxen (one of the 162 recognized 
developers of Berkeley UNIX and author of "Real World Linux 
Security") and Marcel Gagne (President of Salmar Consulting, 
Inc. and author of "Linux System Administration - A User's 
Guide" and "Moving to Linux").
http://www.net-security.org/article.php?id=623


A LOOK INTO THE VIRUSES THAT CAUSED HAVOC IN 2003
Discover the malicious code that infected millions machines 
worldwide with insightful comments from people such as 
Mikko H. Hypponen (Director of Anti-Virus Research, 
F-Secure Corporation) and Graham Cluley (Senior 
Technology Consultant, Sophos).
http://www.net-security.org/article.php?id=622


AN IN-DEPTH LOOK INTO WINDOWS SECURITY IN 2003
Find out what were the hottest topics related to Windows 
security in 2003. The experts that voice their opinion for 
this article are Russ Cooper (Surgeon General of TruSecure 
Corporation/NTBugtraq Editor), Ed Skoudis (a security geek 
who is focused on computer attacks and defenses, author 
of "Counter Hack" and "Malware: Fighting Malicious Code") 
and Arne Vidstrom (a security researcher and author of 
many security tools for Windows).
http://www.net-security.org/article.php?id=621


TOP FIVE TECHNOLOGIES TO FIGHT SPAM IN 2004
In 2004, the threat of spam will continue to grow, with some 
industry experts estimating that spam will comprise as much 
as 70 per cent of business email. Secure content providers 
Nemx, provide their point of view on spam fighting.
http://www.net-security.org/article.php?id=620

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2


----------------------------------------------------------------

NMAP PARSER XML 0.71
This is a PERL module that makes developing security tools using 
nmap and PERL easy.
http://www.net-security.org/software.php?id=532


VTHROTTLE 0.30
vthrottle is an implementation of an SMTP throttling engine for 
Sendmail servers. It allows the administrator to control how 
much email users and hosts may send, hindering the rapid 
spread of viruses, worms, and spam.
http://www.net-security.org/software.php?id=533


ENFORCER 0.3 ALPHA
The Enforcer is a Linux Security Module designed to improve 
integrity of a computer running Linux by ensuring no tampering 
of the file system.
http://www.net-security.org/software.php?id=534

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at: 
http://www.net-security.org/webcasts.php


----------------------------------------------------------------

Security Enhancements for Internet Information Services 6.0
Organized by Microsoft on 6 January 2004, 9:30 AM PT
http://www.net-security.org/webcast.php?id=153


The Basics of WLAN Security
Organized by Funk Software on 6 January 2004, 1:00 PM EDT
http://www.net-security.org/webcast.php?id=148


Penetration Testing with CORE IMPACT
Organized by Core Security Technologies on 6 January 2004, 
2:00 PM ET
http://www.net-security.org/webcast.php?id=150


Microsoft Executive Circle: Implementing more security products 
won’t make you more secure, better management will
Organized by Microsoft on 19 January 2004, 9:00 AM PT
http://www.net-security.org/webcast.php?id=152


Monthly Update from Microsoft’s VP for Security
Organized by Microsoft on 20 January 2004, 8:30 AM PT
http://www.net-security.org/webcast.php?id=151


Best Practices: Taking Proactive Measures Before The Next Exploit
Organized by eEye on 22 January 2004, 2:00 PM PST
http://www.net-security.org/webcast.php?id=149

----------------------------------------------------------------




[ Conferences ]


All conferences are located at: 
http://www.net-security.org/conferences.php


----------------------------------------------------------------

Access Denied 2004
Organized by New Leaf Productions - 11 January-13 January 2004
http://www.net-security.org/conference.php?id=75


Spam Conference 2004
Organized by Gilberte Houbart - 16 January-16 January 2004
http://www.net-security.org/conference.php?id=80


Security Venture Fair
Organized by Infocast - 21 January-23 January 2004
http://www.net-security.org/conference.php?id=78


IT-Defense 2004
Organized by cirosec GmbH/dpunkt.Verlag - 28 January -
30 January 2004
http://www.net-security.org/conference.php?id=56


Infosecurity Italia 2004
Organized by Fiera Milano International - 13 February -
14 February 2004
http://www.net-security.org/conference.php?id=34


Southeast Cybercrime Summit 2004
Organized by ATLCCS - 2 March-5 March 2004
http://www.net-security.org/conference.php?id=77


InfoSec World Conference and Expo 2004
Organized by MIS Training Institute - 22 March-24 March 2004
http://www.net-security.org/conference.php?id=68


RSA Conference 2004 USA
Organized by RSA Security - 13 April-17 April 2004
http://www.net-security.org/conference.php?id=55


Infosecurity Europe 2004
Organized by Reed Exhibitions - 27 April-29 April 2004
http://www.net-security.org/conference.php?id=27


Dallascon Security Conference 2004
Organized by DallasCon - 1 May-2 May 2004
http://www.net-security.org/conference.php?id=73


BCS Birmingham IT Security Conference 2004
Organized by British Computer Society - 8 June-8 June 2004
http://www.net-security.org/conference.php?id=81


16th Annual FIRST Conference
Organized by FIRST - 13 June-18 June 2004
http://www.net-security.org/conference.php?id=22


NetSec 2004
Organized by Computer Security Institute - 14 June-16 June 2004
http://www.net-security.org/conference.php?id=20


2004 USENIX Annual Technical Conference
Organized by USENIX Association - 27 June-2 July 2004
http://www.net-security.org/conference.php?id=66


DIMVA 2004
Organized by German Informatics Society - 6 July-7 July 2004
http://www.net-security.org/conference.php?id=47

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

(ISC)2 Launches Publishing House With Release Of First Book, 
Offical (ISC)2 Guide To CISSP Exam
http://www.net-security.org/press.php?id=1902


Kaspersky Labs Strikes Another Blow Against Viruses
http://www.net-security.org/press.php?id=1901

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

AN OVERVIEW OF VIRUS ACTIVITY IN 2003
Kaspersky Labs, a leading information security software developer, 
presents the annual review of malicious programs. The material 
below contains information about major virus outbreaks which 
occurred in 2003, expert opinion about malicious program trends 
and Kaspersky Labs forecasts for the future.
http://www.net-security.org/virus_news.php?id=339

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
Get Thawte’s NEW Step-by-Step SSL Guide for Apache
----------------------------------------------------------------
In this guide you will find out how to test, purchase, install 
and use a Thawte Digital Certificate on you Apache web server. 

Throughout, best practices for set-up are highlighted to help 
you ensure efficient ongoing management of your encryption 
keys and digital certificates.

Get you copy of this new guide now:
http://ad.doubleclick.net/clk;6091061;8369142;h
----------------------------------------------------------------