HNS Newsletter Issue 200 - 16.02.2004. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. ---------------------------------------------------------------- Get Thawte’s NEW Step-by-Step SSL Guide for Apache ---------------------------------------------------------------- In this guide you will find out how to test, purchase, install and use a Thawte Digital Certificate on you Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. Get your copy of this new guide now: http://ad.doubleclick.net/clk;6091061;8369142;h ---------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Reviews 6) Software 7) Webcasts 8) Conferences 9) Security world 10) Virus news [ Security news ] ---------------------------------------------------------------- SOUTH KOREAN COMPANIES FINED $55,000 FOR SENDING SPAM The South Korean Fair Trade Commission has fined 25 companies for sending unsolicited commercial messages via email and mobile phones. http://www.net-security.org/news.php?id=4578 NOKIA ADMITS MULTIPLE BLUETOOTH SECURITY HOLES Nokia has admitted that a number of its Bluetooth handsets are vulnerable to bluesnarfing - in which data can be stolen from a phone without the owner's knowledge. http://www.net-security.org/news.php?id=4579 INTERNET INDUSTRY ASSOCIATION FUNDS ANTI-VIRUS WEBSITE Australia's ISPs have called on local internet users to better protect themselves from viruses and worms, setting up a website that lets users download trial versions of anti-virus software. http://www.net-security.org/news.php?id=4580 E-VOTING SYSTEMS FACE SECURITY QUESTIONS A number of recent studies have raised questions about the security and reliability of electronic-voting machines that a growing number of cities, counties, and states are deploying. http://www.net-security.org/news.php?id=4581 THE VIRUS UNDERGROUND NYT has profiled several young computer virus writers around the world. A young Austrian wrote a Batch Trojan Generator which has simple options for constructing your next virus: fomat drive C? Overwrite every file? http://www.net-security.org/news.php?id=4582 JUNIPER'S $4B BUY SIGNALS SECURITY PUSH In a blockbuster telecom equipment deal underlining the growing importance of network security, Juniper Networks will buy NetScreen Technologies for $4 billion in stock. http://www.net-security.org/news.php?id=4583 VERISIGN SAYS ONLINE FRAUD GROWING FAST A report released Monday by VeriSign, the company that maintains the Internet's .com and .net domain registry, indicates that attempted site hacks, online fraud and identity theft are growing rapidly, as e-commerce proliferates. http://www.net-security.org/news.php?id=4585 HOW MICROSOFT BOTCHED ANOTHER SECURITY PATCH Will Microsoft ever learn? Just last week it quietly released another Internet Explorer fix--and caused headaches for both developers and end users. http://www.net-security.org/news.php?id=4586 LINUX SECURITY ON THE ROPES Veteran programmers have brought lifetimes of experience to Linux's development, including an awareness of the "gotchas" of OS security, says Paula Hunter, OSDL business-development director. "There are people who are working on [Linux] projects that probably have children that work at Microsoft." http://www.net-security.org/news.php?id=4587 SECURING A WIRELESS NETWORK Make sure contracts with Wi-Fi suppliers and users limit your liability. http://www.net-security.org/news.php?id=4588 VIRUSES TARGET MYDOOM INFECTIONS Two worms are attacking PCs already infected with the MyDoom virus. http://www.net-security.org/news.php?id=4589 NETWORK SECURITY SPECIALISTS SEEK SEAMLESS DEFENSE Day and night, the war of attrition rages in the beleaguered world of network security. Defenders throw up firewalls, download patches, and scramble to fend off the hundreds of thousands of attempted intrusions into worldwide enterprise data. http://www.net-security.org/news.php?id=4590 CON ARTISTS GO 'PHISHING' FOR PERSONAL INFORMATION Last month, thousands of Internet users got an urgent message: Update your bank account information now or your federal deposit insurance may lapse. http://www.net-security.org/news.php?id=4591 THE FIRST FALLOUT FROM CYBERGATE Did Republican staffers commit a crime by clicking on the "My Network Places" icon to access Democratic memos? http://www.net-security.org/news.php?id=4592 REVIEW: FORTIGATE ENTERPRISE SECURITY APPLIANCE The rack-mountable FortiGate-3600 does a good job providing enterprises with the six elements most vital for network security: firewall, anti-virus, VPN, intrusion detection, content filtering and traffic management. http://www.net-security.org/news.php?id=4593 ONLINE SEARCH ENGINES LIFT COVER OF PRIVACY Sitting at his laptop, Chris O'Ferrell types a few words into the Google search engine and up pops a link to what appears to be a military document listing suspected Taliban and al Qaeda members, date of birth, place of birth, passport numbers and national identification numbers. http://www.net-security.org/news.php?id=4594 MICROSOFT UNCOVERS CRITICAL WINDOWS SECURITY HOLE Microsoft on Tuesday warned of a serious security vulnerability in all of the current versions of Windows that not only allows an attacker to run code on vulnerable machines, but also enables him to install software and change and delete data. http://www.net-security.org/news.php?id=4596 PROGRAMMER CREATES MASK FOR FILE-SHARERS Wyatt Wasicek was so outraged by the recording industry's legal assault on users of free music-downloading sites that he decided to ride to the rescue. He created a program called AnonX that masks the Internet address of people who use file-sharing programs such as Kazaa. http://www.net-security.org/news.php?id=4597 VERISIGN WORKS TO ID KID SURFERS VeriSign plans to unveil on Wednesday a digital identity program for school-age children, which it says will bolster online safety for the growing number of young Web surfers. http://www.net-security.org/news.php?id=4598 SAFELY CREATING TEMPORARY FILES IN SHELL SCRIPTS This paper discusses how a programmer can write shell scripts that securely create temporary files in world/group writable directories. http://www.net-security.org/news.php?id=4599 FIREWALLING HTTP TRAFFIC USING REVERSE SQUID PROXY This article describes the case in which the Web server is on the local network and the client is connecting from the Internet. In other words, Squid is acting as a reverse proxy. http://www.net-security.org/news.php?id=4600 SECURING INTRANETS WITH IPCOP IPCop is an ideal, low-budget solution for intranets that require comprehensive network security. http://www.net-security.org/news.php?id=4601 SUN SECURES SOLARIS WITH KERNEL REWRITE In an effort to batten down its operating system, Sun Microsystems Inc. this week will unveil a sweeping set of security enhancements to Solaris, as well as new managed security services. http://www.net-security.org/news.php?id=4602 UK.GOV ANNOUNCES HI-TECH ELITE POLICE SQUAD The Home Office has announced a new team of specialist investigators that will take on the challenge of dealing with organised crime in a digital world. http://www.net-security.org/news.php?id=4603 MICROSOFT LAUDS IE AS 'THE MOST SECURE BROWSER' Internet Explorer is now just about the most secure browser available, says Microsoft - because so many security holes have been filled. http://www.net-security.org/news.php?id=4604 PRIVACY IS IN THE HOUSE The House is considering a bill that would require government agencies to explain how citizens' privacy might be affected by new regulations. After years of erosion, privacy may again be in fashion in D.C. http://www.net-security.org/news.php?id=4605 THE PAST IS PRESENT IN THE PRESENT PASSWORD The cardinal rule of password creation is skirting the obvious: No names of children or pets, no street addresses or car names. The ideal password is a random combination of letters and numbers, unfathomable to a potential intruder. http://www.net-security.org/news.php?id=4606 MYDOOM AUTHOR MAY BE COVERING TRACKS A worm that started spreading on Sunday places the source code for the original MyDoom virus on victims' hard drives, an action equivalent to planting evidence, antivirus experts said Tuesday. http://www.net-security.org/news.php?id=4608 SPAM AND VIRUSES - THE EMERGENCE OF CONVERGENCE The line between spammers and virus writers is becoming increasingly blurred. http://www.net-security.org/news.php?id=4609 DDOS ATTACKS GO THROUGH THE ROOF The growing prevalence of criminally motivated DDoS attacks calls for a fundamental rethink in how enterprises approach security. http://www.net-security.org/news.php?id=4610 IBM, CISCO PARTNER ON SECURITY TECHNOLOGY Computer maker IBM and Cisco Systems said Friday that they would tailor their security technology for computers and communications networks to work better together. http://www.net-security.org/news.php?id=4611 SECURITY-ENHANCED LINUX PROVIDES A LOCKED DOWN OS Don't be naive enough to think that because you run Linux you won't be a target for hackers. If you rely on Linux for hosting or transmitting sensitive data, you should check out Security-Enhanced Linux, created by the U.S. NSA and available for free. http://www.net-security.org/news.php?id=4612 IBM CENTRALIZES SECURITY FOR THE ZSERIES MAINFRAME Continuing its broad strategy of infrastructure simplification, IBM Thursday introduced new security features for its latest mainframe operating system software to help centralize control of an environment that requires several tiers of security. http://www.net-security.org/news.php?id=4613 WINDOWS CODE LEAK 'NOT A SECURITY THREAT' Security experts say Microsoft's embarrassing Windows 2000 source code leak is unlikely to have given hackers more ammunition. http://www.net-security.org/news.php?id=4614 CLIFF STANFORD CHARGED WITH HACKING REDBUS Redbus Interhouse founder Cliff Stanford was today charged with conspiracy to blackmail and computer crime offences by officers of the UK's National Hi-Tech Crime Unit. http://www.net-security.org/news.php?id=4615 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- XFree86 Project XFree86 Font Information File Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3255 Ratbag Engine Based Games Denial of Service Vulnerability http://www.net-security.org/vuln.php?id=3254 Monkey httpd Denial of Service Vulnerability http://www.net-security.org/vuln.php?id=3253 ezContents 2.0.2 PHP Code Injection Vulnerability http://www.net-security.org/vuln.php?id=3252 Red-M Red-Alert Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3251 Microsoft ASN.1 Library Bit String Heap Corruption Vulnerability http://www.net-security.org/vuln.php?id=3250 Microsoft ASN.1 Library Length Overflow Heap Corruption Vulnerability http://www.net-security.org/vuln.php?id=3249 RealPlayer Directory Traversal Vulnerability http://www.net-security.org/vuln.php?id=3248 XFree86 Font Information File Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3247 Nokia Phones Multiple Buffer Overflow Vulnerabilities http://www.net-security.org/vuln.php?id=3246 PHP-Nuke 7.1.0 Cross Site Scripting Vulnerability http://www.net-security.org/vuln.php?id=3245 PHP-Nuke 7.1.0 SQL Injection Vulnerability http://www.net-security.org/vuln.php?id=3244 The Palace 3.5 Client Stack Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3243 Open Journal Authentication Bypass Vulnerability http://www.net-security.org/vuln.php?id=3242 DotNetNuke Multiple Vulnberabilities http://www.net-security.org/vuln.php?id=3241 CactuSoft CactuShop 5.0 Lite Shopping Cart Backdoor Vulnerability http://www.net-security.org/vuln.php?id=3240 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Debian Security Advisory - New gnupg packages fix cryptographic weakness (DSA 429-2) http://www.net-security.org/advisory.php?id=2976 Mandrake Linux Security Update Advisory - mailman (MDKSA-2004:013) http://www.net-security.org/advisory.php?id=2975 Mandrake Linux Security Update Advisory - XFree86 (MDKSA-2004:012) http://www.net-security.org/advisory.php?id=2974 Red Hat Security Advisory - Updated PWLib packages fix protocol security issues (RHSA-2004:048-01) http://www.net-security.org/advisory.php?id=2973 Red Hat Security Advisory - Updated XFree86 packages fix privilege escalation (RHSA-2004:059-01) http://www.net-security.org/advisory.php?id=2972 Slackware Security Advisory - XFree86 security update (SSA:2004-043-02) http://www.net-security.org/advisory.php?id=2971 Slackware Security Advisory - mutt security update (SSA:2004-043-01) http://www.net-security.org/advisory.php?id=2970 Mandrake Linux Security Update Advisory - netpbm (MDKSA-2004:011) http://www.net-security.org/advisory.php?id=2969 Mandrake Linux Security Update Advisory - mutt (MDKSA-2004:010) http://www.net-security.org/advisory.php?id=2968 Debian Security Advisory - New cgiemail packages fix open mail relaying (DSA 437-1) http://www.net-security.org/advisory.php?id=2967 Gentoo Linux Security Advisory - Gallery <= 1.4.1 and below remote exploit vulnerability (GLSA 200402-04) http://www.net-security.org/advisory.php?id=2966 Gentoo Linux Security Advisory - Monkeyd Denial of Service vulnerability (GLSA 200402-03) http://www.net-security.org/advisory.php?id=2965 Gentoo Linux Security Advisory - XFree86 Font Information File Buffer Overflow (GLSA 200402-02) http://www.net-security.org/advisory.php?id=2964 SCO Security Advisory - OpenLinux: slocate local user buffer overflow (CSSA-2004-001.0) http://www.net-security.org/advisory.php?id=2963 Updated mutt packages fix remotely-triggerable crash (RHSA-2004:051-01) http://www.net-security.org/advisory.php?id=2962 SGI Security Advisory - SGI Advanced Linux Environment security update #10 (20040201-01-U) http://www.net-security.org/advisory.php?id=2961 US-CERT Technical Cyber Security Alert - Multiple Vulnerabilities in Microsoft ASN.1 Library (TA04-041A) http://www.net-security.org/advisory.php?id=2960 Microsoft Windows Security Bulletin Summary for February 2004 http://www.net-security.org/advisory.php?id=2959 Microsoft Macintosh Products Security Bulletin Summary for February 2004 http://www.net-security.org/advisory.php?id=2958 Conectiva Linux Security Announcement - gaim (CLA-2004:813) http://www.net-security.org/advisory.php?id=2957 Conectiva Linux Security Announcement - vim (CLA-2004:812) http://www.net-security.org/advisory.php?id=2956 Red Hat Security Advisory - Updated NetPBM packages fix multiple temporary file (RHSA-2004:030-01) http://www.net-security.org/advisory.php?id=2955 Red Hat Security Advisory - Updated mailman packages close cross-site scripting (RHSA-2004:020-01) http://www.net-security.org/advisory.php?id=2954 SOT Linux Security Advisory - Updated ethereal package for SOT Linux 2003 (SLSA-2004:1) http://www.net-security.org/advisory.php?id=2953 Apache-SSL Security Advisory - Apache-SSL optional client certificate vulnerability http://www.net-security.org/advisory.php?id=2952 Debian Security Advisory - New mailman packages fix several (DSA 436-1) http://www.net-security.org/advisory.php?id=2951 Gentoo Linux Security Advisory - PHP setting leaks from .htaccess files on virtual hosts (GLSA 200402-01) http://www.net-security.org/advisory.php?id=2950 Debian Security Advisory - New mpg123 packages fix heap overflow (DSA 435-1) http://www.net-security.org/advisory.php?id=2949 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- WIRELESS SECURITY VIDEO FEATURE In this video Johan Custers, Director of European Operations at Funk Software, discusses the biggest security issues affecting wireless networks today, various methods for securing public wireless networks, he offers tips for home users that want to achieve a satisfactory level of security for their private wireless networks, etc. http://www.net-security.org/article.php?id=639 SSL VPNS - YOU CAN'T AFFORD TO IGNORE THEM In this opinion piece, Calum Macleod explains what the manager should look for when deciding whether he/she should choose an SSL VPN over an IPsec VPN. http://www.net-security.org/article.php?id=638 ---------------------------------------------------------------- [ Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- SECURING WIRELESS LANS In "Securing Wireless LANs", the author brings a number of especially technical themes and transforms them into an easily readable material for all types of readers. http://www.net-security.org/review.php?id=124 ---------------------------------------------------------------- [ Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 ---------------------------------------------------------------- WEBGOAT 2.0 WebGoat is based on the concept of teaching a user a real world lesson and then asking the user to demonstrate their understanding by exploiting a real vulnerability on the local system. http://www.net-security.org/software.php?id=538 ---------------------------------------------------------------- [ Webcasts ] All webcasts are located at: http://www.net-security.org/webcasts.php ---------------------------------------------------------------- Monthly Update from Microsoft's VP for Security Organized by Microsoft on 17 February 2004, 8:30 AM PT http://www.net-security.org/webcast.php?id=197 Computer Crime and Security Organized by Microsoft on 17 February 2004, 9:00 AM PT http://www.net-security.org/webcast.php?id=198 Securing Your Exchange 2003 Environment Organized by Microsoft on 17 February 2004, 9:30 AM PT http://www.net-security.org/webcast.php?id=199 Network Forensics Made Easy Organized by eEye on 17 February 2004, 11:00 AM PST http://www.net-security.org/webcast.php?id=230 The Better Partner - Sophos Organized by Sophos on 17 February 2004, 12:00 PM PST http://www.net-security.org/webcast.php?id=224 Creating a Single Sign-on Enterprise Security Portal Organized by Microsoft on 17 February 2004, 1:00 PM PT http://www.net-security.org/webcast.php?id=173 The Basics of WLAN Security Organized by Funk Software on 17 February 2004, 1:00 PM EST http://www.net-security.org/webcast.php?id=221 Dave's Secure Remoting Chat Application Organized by Microsoft on 18 February 2004, 9:00 AM PT http://www.net-security.org/webcast.php?id=201 Consolidated Email Protection: An introduction to PureMessage Organized by Sophos on 18 February 2004, 10:00 AM PST http://www.net-security.org/webcast.php?id=225 Writing Secure Code - Best Practices Organized by Microsoft on 18 February 2004, 11:00 AM PT http://www.net-security.org/webcast.php?id=202 Cost Effective Anti-Virus Solution for K-12 Schools Organized by Sophos on 18 February 2004, 12:00 PM PST http://www.net-security.org/webcast.php?id=226 Protecting Your System From SQL Injection Attacks Organized by Microsoft on 18 February 2004, 1:00 PM http://www.net-security.org/webcast.php?id=203 Application Hacking Techniques and How to Stop Them Organized by Microsoft on 19 February 2004, 9:00 AM PT http://www.net-security.org/webcast.php?id=204 Tripwire for Servers: Overview and Product Demo Organized by Tripwire on 19 February 2004, 11:00 AM PDT http://www.net-security.org/webcast.php?id=223 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://www.net-security.org/conferences.php ---------------------------------------------------------------- RSA Conference 2004 USA Organized by RSA Security - 23 February-27 February 2004 http://www.net-security.org/conference.php?id=55 Southeast Cybercrime Summit 2004 Organized by Atlanta Chapter of the HTCIA and Kennesaw State University's Cybercrime Institute - 2 March-5 March 2004 http://www.net-security.org/conference.php?id=77 InfoSec World Conference and Expo 2004 Organized by MIS Training Institute - 22 March-24 March 2004 http://www.net-security.org/conference.php?id=68 cansecwest/core04 Conference Organized by Dursec Ltd. - 21 April-23 April 2004 http://www.net-security.org/conference.php?id=85 Infosecurity Europe 2004 Organized by Reed Exhibitions - 27 April-29 April 2004 http://www.net-security.org/conference.php?id=27 Dallascon Security Conference 2004 Organized by DallasCon - 1 May-2 May 2004 http://www.net-security.org/conference.php?id=73 RSA Conference 2004 Japan Organized by RSA Conference 2004 Japan Executive Comittee - 31 May-1 June 2004 http://www.net-security.org/conference.php?id=82 BCS Birmingham IT Security Conference 2004 Organized by British Computer Society - 8 June-8 June 2004 http://www.net-security.org/conference.php?id=81 16th Annual FIRST Conference Organized by FIRST - 13 June-18 June 2004 http://www.net-security.org/conference.php?id=22 NetSec 2004 Organized by Computer Security Institute - 14 June-16 June 2004 http://www.net-security.org/conference.php?id=20 2004 USENIX Annual Technical Conference Organized by USENIX Association - 27 June-2 July 2004 http://www.net-security.org/conference.php?id=66 DIMVA 2004 Organized by German Informatics Society - 6 July-7 July 2004 http://www.net-security.org/conference.php?id=47 13th USENIX Security Symposium Organized by USENIX Association - 9 August-13 August 2004 http://www.net-security.org/conference.php?id=67 The 14th Virus Bulletin International Conference (VB2004) Organized by Virus Bulletin - 29 September-1 October 2004 http://www.net-security.org/conference.php?id=83 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- Astaro Unveils Configuration Manager for Management of Security Policies on Astaro Firewalls http://www.net-security.org/press.php?id=1976 Kavado Accelerates Security Market Traction With Over 100% Growth http://www.net-security.org/press.php?id=1975 Blue Coat Stops IM 'Buddylinks' Spim http://www.net-security.org/press.php?id=1974 Network Associates Introduces McAfee AntiSpyware - Essential Protection Against Spyware for Consumers http://www.net-security.org/press.php?id=1973 Pointsec Becomes Only Vendor in its Sector To Receive Common Criteria http://www.net-security.org/press.php?id=1972 F-Secure Antivirus Sales Record High During The Last Quarter of 2003 http://www.net-security.org/press.php?id=1971 SSH and Entrust Announce Global Alliance To Secure Enterprises, Financial Institutions and Governments http://www.net-security.org/press.php?id=1970 Guardian Digital Launches Next Generation EnGarde Secure Linux http://www.net-security.org/press.php?id=1969 Syngress Publishing Announces the Release of "Security Assessment: Case Studies for Implementing the NSA IAM" http://www.net-security.org/press.php?id=1968 ERUCES, Inc. Announces Launch of Encryption Framework for Enterprises http://www.net-security.org/press.php?id=1967 NetScreen Sets Another SSL VPN Industry Benchmark with Powerful New Dynamic Access Management Feature Sets http://www.net-security.org/press.php?id=1966 Juniper Networks, Inc. to Acquire NetScreen Technologies, Inc. http://www.net-security.org/press.php?id=1965 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Watch out for Amorous Viruses and Mydoom Backdoors http://www.net-security.org/virus_news.php?id=368 Weekly Report on Viruses and Intrusions - Nine Worms, a Trojan, a Hacking Tool and an Adware Program http://www.net-security.org/virus_news.php?id=367 Doomjuice Saga Continues - Version B Enforces the Attack on Microsoft http://www.net-security.org/virus_news.php?id=366 Panda Software Reports the Appearance of Doomjuice.A http://www.net-security.org/virus_news.php?id=365 Authors of Mydoom Worm Launched Yet Another Attack http://www.net-security.org/virus_news.php?id=364 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ---------------------------------------------------------------- Get Thawte’s NEW Step-by-Step SSL Guide for Apache ---------------------------------------------------------------- In this guide you will find out how to test, purchase, install and use a Thawte Digital Certificate on you Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. Get your copy of this new guide now: http://ad.doubleclick.net/clk;6091061;8369142;h ----------------------------------------------------------------