HNS Newsletter
Issue 205 - 22.03.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


----------------------------------------------------------------
ALERT: Hackers New Trick- LDAP Injection Attacks- FREE White Paper
----------------------------------------------------------------
It's as simple as placing additional LDAP query commands into a Web
form input box giving hackers complete access to all your backend
systems! Firewalls and IDS will not stop such attacks because LDAP
Injections are seen as valid data.

Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection!
http://download.spidynamics.com/1/ad/ld.asp?cs1_ContSupRef=I-N-hlpnt3.8.04ld
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Software
7) Webcasts
8) Conferences
9) Security world
10) Virus news


[ Security news ]

 
----------------------------------------------------------------

SECURITY GADGETS YET TO SEAL FATE OF JAPAN'S HANKO TRADITION
Old habits die hard. The use of carved personal seals in Japan 
has survived technological leaps which could have rendered them 
obselete despite their widely acknowledged vulnerability to fraud.
http://www.net-security.org/news.php?id=4821


NZ POLICE LAY FIRST CHARGE FOR HACKING
Police have laid the first charges for hacking under the 
controversial Crimes Amendment (No 6) Act, which was passed in 
mid-2003 and carries severe penalties for computer crime.
http://www.net-security.org/news.php?id=4822


LEAKED CODE STILL COULD BEAR MALICIOUS FRUIT
When news of the leak of a portion of Windows source code broke 
last month, many in the security community cautioned against 
overreacting, saying that the leak likely wouldn't lead to a slew 
of new vulnerability discoveries.
http://www.net-security.org/news.php?id=4823


WISCONSIN, NEW YORK UNPLUG MATRIX
Two more states pull out of the interstate criminal and antiterrorism 
database known as the Matrix. Wisconsin had joined just a few 
weeks ago, but once the cost and privacy ramifications became 
clear, the state reconsidered.
http://www.net-security.org/news.php?id=4824


WHY FIREWALLS AREN'T ALWAYS ENOUGH
You may think your computer systems are safe behind your firewall. 
But criminal hackers may still be able to access them--through 
what's called "social engineering." Robert explains.
http://www.net-security.org/news.php?id=4825


WIRELESS LAN SECURITY MONITORS
Network Computing examines tools from major vendors for keeping 
a wireless LAN secure after it's built. The tools watch out for rogue 
access points and denial-of-service attacks and perform other tasks 
to keep attackers at bay.
http://www.net-security.org/news.php?id=4826


COMPUTER-RELATED SECURITY BREACHES ARE ON THE RISE
A computer virus cost Arosnet Internet Services between $5,000 
and $8,000 in lost time this year when a client's computer infected 
its network.
http://www.net-security.org/news.php?id=4827


NEW TREND SEEN IN LATEST WORMS
Symantec, the anti-virus software company, said it tracked an 
average of seven new Internet security vulnerabilities per day 
in 2003.
http://www.net-security.org/news.php?id=4828


FEDS WANT WIRETAP-READY NET
Technology companies should be required to ensure that law 
enforcement agencies can install wiretaps on Internet traffic 
and new generations of digital communications, the Justice 
Department says.
http://www.net-security.org/news.php?id=4829


HACKING TESTS BEGIN ON NATIONAL ID DATABASE
Security experts have begun work on threat and vulnerability 
tests to ensure that the National Identity Register database, 
which will form the basis of the UK's controversial ID card scheme, 
is secure from hack attacks and unauthorised internal access.
http://www.net-security.org/news.php?id=4831


FLAWS LEVEL OFF, BUT WORMS STILL SQUIRMING
The number of public alerts about software security flaws leveled 
off over the last six months, but worms continue to threaten the 
Internet, according to a report security company Symantec 
released Monday.
http://www.net-security.org/news.php?id=4832


ZOMBIE PCS MUST DIE!
Comcast, the US cable giant, is threatening to disconnect customers 
whose infected PC are being used to relay spam messages.
http://www.net-security.org/news.php?id=4833


SECURITY CONSIDERATIONS FOR WEB-BASED MAIL
Many businesses don't deploy Web mail for fear of exposing 
corporate e-mail systems to external threats. With recent 
gvernment legislation, e-mail confidentiality has become a 
growing concern.
http://www.net-security.org/news.php?id=4834


THUMBS UP FOR LONGHORN SECURITY LOCKDOWN
As software security holds its place as a top priority among 
enterprise networks, engineers at Microsoft are building proactive 
PC monitoring capabilities into its next generation Longhorn 
operating system, a move that's being widely embraced.
http://www.net-security.org/news.php?id=4835


WHERE TO TURN FOR ANSWERS?
When everyone in the security world has something to sell, it's 
harder than ever to get straight answers about genuine threats.
http://www.net-security.org/news.php?id=4836


OUTSOURCING: LOSING CONTROL OVER SENSITIVE DATA
How do you protect sensitive data when it's in the hands of 
a third party?
http://www.net-security.org/news.php?id=4838


LINUX MEMORY FORENSICS
Forensic analysis is the investigation of an event that involves 
looking for evidence and interpreting that evidence. In the case 
of a computer crime in which a system was compromised, the
investigator needs to find out who, what, where, when, how, 
and why.
http://www.net-security.org/news.php?id=4839


WHAT TO WATCH OUT FOR WHEN WRITING PORTABLE SHELL SCRIPTS
This article reviews some of the issues shell programmers may 
run into when trying to write widely portable scripts.
http://www.net-security.org/news.php?id=4840


EUROPE CONSIDERS HARSH PIRACY LAW
The European Union will likely enact a law to give local police more 
power to seize the assets of suspected intellectual-property thieves. 
Opponents say the law is just too severe.
http://www.net-security.org/news.php?id=4841


VIRUSES STILL LIKE GERMS
Evidence that computer virus infections spread like biological 
disease was offered by security experts at Symantec Corp., 
which today released its semi-annual Internet Security 
Threat Report.
http://www.net-security.org/news.php?id=4842


RETHINKING IDS
False IDS alerts driving you nuts? The best protection against 
unwanted intrusion may be a layered defense that uses firewalls, 
IDS, and IPS.
http://www.net-security.org/news.php?id=4843


MICROSOFT TO BROADEN SECURITY-PATCH SOFTWARE
The company says data security is by far its most important area 
of investment.
http://www.net-security.org/news.php?id=4844


IMMUNIX STOPS SELLING SECURE LINUX OS
According to Immunix COO Frank Rego, his company's decision to 
stop selling Immunix Linux wasn't a sudden shift but "more of a 
gradual change.
http://www.net-security.org/news.php?id=4845


TALE OF A SPAM LOVER
For Orlando Soto, no day is complete without some spam.
http://www.net-security.org/news.php?id=4846


NOTHING EASY ABOUT SECURITY
Information security experts offer no easy answers for agencies 
trying to improve their security grades.
http://www.net-security.org/news.php?id=4847


THE VIRUS AVALANCHE
Jack Clark, technical consultant at McAfee Security, considers the 
deluge of recent virus activity and how security firms and users 
can protect themselves from further attacks.
http://www.net-security.org/news.php?id=4848


PHISHING STILL ON THE INCREASE
Finance, retail and ISP customers primary targets of attacks.
http://www.net-security.org/news.php?id=4849


TACKLING UNIX SECURITY IN LARGE ORGANISATIONS
Managing security in large organizations can be a challenge. Here 
are some practical tips for keeping your organization sealed tight.
http://www.net-security.org/news.php?id=4850


HACKERS EMBRACE P2P CONCEPT
Computer security experts in the private sector and U.S. government 
are monitoring the emergence of a new, highly sophisticated hacker 
tool that uses the same P2P networking abilities that power 
controversial file-sharing networks like Kazaa and BearShare.
http://www.net-security.org/news.php?id=4852


YOUR LDAP ADMINISTRATION TOOLBOX
Do you have what it takes to manage an LDAP infrastructure? 
Administration of a directory means having a thorough knowledge 
of the directory's structure, data, security, performance, and 
general configuration.
http://www.net-security.org/news.php?id=4853


BUILDING A PANTHER SERVER AS AN OD MASTER AND WINDOWS PDC
The setup of a Panther server as a PDC, however, is oriented 
mainly to Apple shops and those who wish to easily integrate 
Windows desktops without having to maintain a parallel server 
environment.
http://www.net-security.org/news.php?id=4854


FIXES ARE IN FOR OPENSSL
The group behind OpenSSL, a widely used open-source Web security 
program, released two patches for security flaws to block potential 
denial-of-service attacks, the organization's developers said on
Wednesday.
http://www.net-security.org/news.php?id=4855


EXPERTS DEBATE DANGER OF PHATBOT WORM
Security discussion lists and reports were abuzz Wednesday with 
talk of a new worm, named "Phatbot," that had spread to as many 
as hundreds of thousands of systems. But not all security experts 
agreed that the worm was widespread.
http://www.net-security.org/news.php?id=4856


THE KEY TO AUTHENTIC COMMUNICATION
Passwords are considered by some to be the weakest link in the 
security chain. They are hard to remember yet often disturbingly 
easy to steal or even guess, but developing an alternative is 
proving a challenge.
http://www.net-security.org/news.php?id=4857


THE 12KB BOMB
It only takes a 12kb virus for total system compromise and a highly 
effective spam engine. Anyone can make one. Some assembly 
required.
http://www.net-security.org/news.php?id=4858


MICROSOFT TIGHTENS XP'S SECURITY
Microsoft is nearing the finish line for its Service Pack 2 update, 
with the release of a near-final version that features centralised 
security management.
http://www.net-security.org/news.php?id=4859


FAKE ESCROW SITES ON THE RISE
Take basic precautions and you won't get fooled, advise 
online watchdogs.
http://www.net-security.org/news.php?id=4860


CASHING IN ON VIRUS INFECTIONS
After a recent epidemic of computer viruses that seemed much worse 
than usual, security experts are questioning whether the antivirus 
software industry is working hard enough -- or has enough incentive 
-- to develop new and better ways of stopping nasty software.
http://www.net-security.org/news.php?id=4861


DETECTION OF SQL INJECTION AND CROSS-SITE SCRIPTING ATTACKS
This article discusses techniques to detect SQL Injection and Cross 
Site Scripting (CSS) attacks against your networks using regular 
expressions with the open-source IDS, Snort.
http://www.net-security.org/news.php?id=4862


GAO OFFERS SECURITY GUIDE
A report from the General Accounting Office outlined the major 
types of commercial security technologies that agencies can use.
http://www.net-security.org/news.php?id=4863


IT INDUSTRY RELEASES SECURITY ACTION PLANS FOR DHS
Two of the five action plans are out; three more are due in April.
http://www.net-security.org/news.php?id=4865


TASK FORCE: CLASSES, SECURITY TOOL KIT NEEDED
A government industry working group released its initial report on 
Thursday, recommending that elementary schools teach online 
ethics, that companies observe a Cyber Security Month and that 
a security tool kit for home users be created.
http://www.net-security.org/news.php?id=4866


MICROSOFT-EU ANTI-TRUST TALKS COLLAPSE
The European Commission's competition talks with Microsoft Corp. 
have collapsed, European Competition Commission Mario Monti 
said Thursday.
http://www.net-security.org/news.php?id=4867


FRAUDSTERS PREY ON APATHETIC BRITS
An apathetic and careless approach to finances by some British 
consumers is making fraud far easier.
http://www.net-security.org/news.php?id=4868


SOFTWARE SECURITY FLAWS HIT PLATEAU
Seven new security vulnerabilities were identified in software 
products on average every day in 2003.
http://www.net-security.org/news.php?id=4869


BAGLE SPREADS NEW THREAT
The Bagle worm is exploiting an old Outlook flaw to spread even 
more quickly, while an ancient Trojan has gained a new name 
and a new lease of life.
http://www.net-security.org/news.php?id=4870


SYMANTEC TO LAUNCH NETWORK GATEKEEPER
Symantec plans to introduce on Monday a series of secure 
networking appliances that it hopes will help it pick up more 
small business customers.
http://www.net-security.org/news.php?id=4871


ANTI-PIRACY VIGILANTES TRACK FILE SHARERS
Crime-busting coders spark controversy when they circulate a 
Trojan horse on peer-to-peer networks designed to chastise 
pirates, and report back to a public website.
http://www.net-security.org/news.php?id=4872


CISCO BOOSTS SPEED AND SECURITY
Enhanced security and 10Gb Ethernet support for Catalyst 
Intelligent Switching range.
http://www.net-security.org/news.php?id=4873


ANTI-VIRUS COMPANIES MILKING THEIR CASH COW?
Right now, a war goes on between virus writers.
http://www.net-security.org/news.php?id=4874

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

JelSoft vBulletin 3.0.0 RC4 Cross Site Scripting Vulnerabilities
http://www.net-security.org/vuln.php?id=3339


Phorum 5.0.3 Beta Cross Site Scripting Vulnerabilities
http://www.net-security.org/vuln.php?id=3338


Mambo Open Source Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3337


ModSecurity 1.7.4 for Apache 2.x Remote Off-By-One 
Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3336


Multiple Vendor SOAP Server Array Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3335


YaBB/YaBBse Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3334


VocalTec Gateway 8 Reverse Directory Traversal and 
Authorization Bypass Vulnerabilities
http://www.net-security.org/vuln.php?id=3333


phpBB 2.0.6 SQL Injection Vulnerability
http://www.net-security.org/vuln.php?id=3332


Php-Nuke 7.1.0 Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3331


4nguestbook Multiple Security Vulnerabilities
http://www.net-security.org/vuln.php?id=3330


4nalbum Module Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3329


Metamail extcompose Script Symlink Vulnerability 
http://www.net-security.org/vuln.php?id=3328

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

SOT Linux Security Advisory - Updated openssl package for 
SOT Linux 2003 (SLSA-2004:7)
http://www.net-security.org/advisory.php?id=3106


US-CERT Technical Cyber Security Alert TA04-078A -- Multiple 
Vulnerabilities in OpenSSL
http://www.net-security.org/advisory.php?id=3105


Trustix Secure Linux Security Advisory - openssl (#2004-0012)
http://www.net-security.org/advisory.php?id=3104


Trustix Secure Linux Security Advisory - sysstat (#2004-0011)
http://www.net-security.org/advisory.php?id=3103


Gentoo Linux Security Advisory - Multiple OpenSSL Vulnerabilities 
(GLSA 200403-03)
http://www.net-security.org/advisory.php?id=3102


Cisco Security Advisory - Cisco OpenSSL Implementation Vulnerability
http://www.net-security.org/advisory.php?id=3101


Debian Security Advisory - kernel-source-2.2.10, 
kernel-image-2.2.10-powerpc-apus (DSA 466-1)
http://www.net-security.org/advisory.php?id=3100


Debian Security Advisory - openssl,openssl094,openssl095 (DSA 465-1)
http://www.net-security.org/advisory.php?id=3099


Guardian Digital Security Advisory - openssl (ESA-20040317-003)
http://www.net-security.org/advisory.php?id=3098


FreeBSD Security Advisory - Denial-of-service vulnerability in 
OpenSSL (FreeBSD-SA-04:05.openssl)
http://www.net-security.org/advisory.php?id=3097


Mandrakelinux Security Update Advisory - openssl (MDKSA-2004:023)
http://www.net-security.org/advisory.php?id=3096


OpenPKG Security Advisory - openssl (OpenPKG-SA-2004.007)
http://www.net-security.org/advisory.php?id=3095


Red Hat Security Advisory - Updated Mozilla packages fix security 
issues (RHSA-2004:112-01)
http://www.net-security.org/advisory.php?id=3094


Red Hat Security Advisory - Updated OpenSSL packages fix 
vulnerabilities (RHSA-2004:121-01)
http://www.net-security.org/advisory.php?id=3093


Slackware Security Advisory - OpenSSL security update 
(SSA:2004-077-01)
http://www.net-security.org/advisory.php?id=3092


SUSE Security Announcement - openssl (SuSE-SA:2004:007)
http://www.net-security.org/advisory.php?id=3091


Debian Security Advisory - New gdk-pixbuf packages fix denial 
of service (DSA 464-1)
http://www.net-security.org/advisory.php?id=3090


Debian Security Advisory - New samba packages fix privilege 
escalation in smbmnt (DSA 463-1)
http://www.net-security.org/advisory.php?id=3089


Debian Security Advisory - New xitalk packages fix local group 
utmp exploit (DSA 462-1)
http://www.net-security.org/advisory.php?id=3088


Debian Security Advisory - New calife packages fix buffer 
overflow (DSA 461-1)
http://www.net-security.org/advisory.php?id=3087


HP Security Bulletin - HP Web-enabled Management Software 
certificate compromise using HP HTTP Server (SSRT4679)
http://www.net-security.org/advisory.php?id=3086


OpenPKG Security Advisory - uudeview (OpenPKG-SA-2004.006)
http://www.net-security.org/advisory.php?id=3085


SGI Security Advisory - SGI Advanced Linux Environment 
security update #14 (20040302-01-U) 
http://www.net-security.org/advisory.php?id=3084

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------

MITIGATING THE COMPLEXITIES OF SECURITY MANAGEMENT
Without a holistic view of the current security structure, how 
do you go about managing security? Security tools may work 
well on their own, but how do they work together to protect 
your network, and how do you monitor their performance?
http://www.net-security.org/article.php?id=666


CREATING SECURE BACKUPS WITH GNUPG
Learn how to transfer your GnuPG keys to the server, encrypt 
data and decrypt it after a download. 
http://www.net-security.org/article.php?id=665

----------------------------------------------------------------




[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

THE ULTIMATE WINDOWS SERVER 2003 SYSTEM ADMINISTRATOR'S GUIDE
This book is a comprehensive guide that brings details of planning, 
deployment, administration, and management of a Windows Server 
2003 operating system.
http://www.net-security.org/review.php?id=127

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3


----------------------------------------------------------------

EWALLET 3.1 (Pocket PC)
Store, protect, and back up your important information.
http://www.net-security.org/software.php?id=553


POCKETSAFE 1.32 (Pocket PC)
This is a convenient tool for the safe storage of confidential 
information.
http://www.net-security.org/software.php?id=549


SYSTEM SECURITY MONITOR 2.2 (Pocket PC)
System Security Monitor monitors and track down hidden 
activity on your Pocket PC.
http://www.net-security.org/software.php?id=548


AIRSCANNER MOBILE ENCRYPTER 1.0 (Pocket PC)
This tool secures data residing on your PDA and lets you lock 
your device to keep others from using it.
http://www.net-security.org/software.php?id=547


IPER 2.0 (Pocket PC)
Capture all of the packets on the network and show traffic 
information.
http://www.net-security.org/software.php?id=546


SERVERWATCH 1.01 (Pocket PC)
ServerWatch monitors your SNMP-supported servers anytime, 
anywhere.
http://www.net-security.org/software.php?id=545


CRIPPIN 1.5 (Pocket PC)
Crippin was designed to protect confidential files in case a 
Pocket PC is lost or stolen.
http://www.net-security.org/software.php?id=544


SIGNWISE 2.51 (Pocket PC)
SignWise is an user authentication method based on the most 
natural and socially accepted form of biometric, your signature.
http://www.net-security.org/software.php?id=543


NETNOTIFY 1.1 (Pocket PC)
NetNotify keeps you informed of the state of your network 
connection.
http://www.net-security.org/software.php?id=542


SENTRY 2020 2.7 (Pocket PC)
Sentry 2020 provides transparent file encryption. 
http://www.net-security.org/software.php?id=541

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at: 
http://www.net-security.org/webcasts.php


----------------------------------------------------------------

Tripwire for Servers: Overview and Product Demo
Organized by Tripwire on 23 March 2004, 9:00 AM PDT
http://www.net-security.org/webcast.php?id=240


SB-1 and Responsible Information Management
Organized by Vontu on 23 March 2004, 10:00 AM PT
http://www.net-security.org/webcast.php?id=251


Using Enterprise Vulnerability Assessment to Detect, 
Prioritize And Remediate Vulnerabilities
Organized by eEye on 23 March 2004, 11:00 AM PST
http://www.net-security.org/webcast.php?id=246


Top Five Web Application Server Protection Strategies
Organized by eEye on 24 March 2004, 11:00 AM PST
http://www.net-security.org/webcast.php?id=247


Stop Internet Attacks in Their Tracks with Proventia
Organized by ISS on 25 March 2004, 12:00 PM EST
http://www.net-security.org/webcast.php?id=248


Tripwire Challenge Series: The IT Audit
Organized by Tripwire on 26 March 2004, 11:00 AM PDT
http://www.net-security.org/webcast.php?id=241


Sophos Anti-Virus: Stopping viruses in the educational environment
Organized by Sophos on 30 March 2004, 1:00 PM PST
http://www.net-security.org/webcast.php?id=235


Security with the Visual Studio Tools for the Microsoft 
Office System
Organized by Microsoft on 5 May 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=212

----------------------------------------------------------------




[ Conferences ]


All conferences are located at: 
http://www.net-security.org/conferences.php


----------------------------------------------------------------

InfoSec World Conference and Expo 2004
Organized by MIS Training Institute - 22 March-24 March 2004
http://www.net-security.org/conference.php?id=68


cansecwest/core04 Conference
Organized by Dursec Ltd. - 21 April-23 April 2004
http://www.net-security.org/conference.php?id=85


Infosecurity Europe 2004
Organized by Reed Exhibitions - 27 April-29 April 2004
http://www.net-security.org/conference.php?id=27


Dallascon Security Conference 2004
Organized by DallasCon - 1 May-2 May 2004
http://www.net-security.org/conference.php?id=73


Computer Security Mexico 2004
Organized by Computer Security Department and UNAM-CERT 
- 27 May-28 May 2004
http://www.net-security.org/conference.php?id=87


RSA Conference 2004 Japan
Organized by RSA Conference 2004 Japan Executive Comittee 
- 31 May-1 June 2004
http://www.net-security.org/conference.php?id=82


Infosecurity Canada Conference & Exhibition 2004
Organized by Reed Exhibitions - 1 June-3 June 2004
http://www.net-security.org/conference.php?id=86


BCS Birmingham IT Security Conference 2004
Organized by British Computer Society - 8 June-8 June 2004
http://www.net-security.org/conference.php?id=81


16th Annual FIRST Conference
Organized by FIRST - 13 June-18 June 2004
http://www.net-security.org/conference.php?id=22


NetSec 2004
Organized by Computer Security Institute - 14 June-16 June 2004
http://www.net-security.org/conference.php?id=20


2004 USENIX Annual Technical Conference
Organized by USENIX Association - 27 June-2 July 2004
http://www.net-security.org/conference.php?id=66


DIMVA 2004
Organized by German Informatics Society - 6 July-7 July 2004
http://www.net-security.org/conference.php?id=47


13th USENIX Security Symposium
Organized by USENIX Association - 9 August-13 August 2004
http://www.net-security.org/conference.php?id=67


The 14th Virus Bulletin International Conference (VB2004)
Organized by Virus Bulletin - 29 September-1 October 2004
http://www.net-security.org/conference.php?id=83

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

Thawte Announces New Website With Improved Purchase 
Functionality
http://www.net-security.org/press.php?id=2033


GFI Announces its Linux Development Plans
http://www.net-security.org/press.php?id=2032


F-Secure Protects the Growing Number of Linux Users 
With New Advanced Antivirus Solutions
http://www.net-security.org/press.php?id=2031


F-Secure Extends the Security as a Service Concept 
With New Applications
http://www.net-security.org/press.php?id=2030


New Security Solution by F-Secure and T-Com
http://www.net-security.org/press.php?id=2029


F-Secure Conquers Another New Country with an Internet 
Service Provider Agreement
http://www.net-security.org/press.php?id=2028


Astaro Rolls out Version 5 of Astaro Security Linux
http://www.net-security.org/press.php?id=2027


(ISC)2 Press Announces Inaugural Issue of Information 
Systems Security, The (ISC)2 Journal
http://www.net-security.org/press.php?id=2026


Wanadoo Forges Alliance With Panda Software to Offer Clients 
Antivirus Protection and Advanced Security Options
http://www.net-security.org/press.php?id=2025


Cherry Corporation Increases Security in SAP With Biometric 
Fingerprint Access
http://www.net-security.org/press.php?id=2024


Advanced Heuristics Technology Discovered and Stopped 
Latest Computer Worm
http://www.net-security.org/press.php?id=2023


Diversinet and Guangdong CA Team to Accelerate China's 
Secure Mobile Application Market
http://www.net-security.org/press.php?id=2022


Encryption Framework for Enterprises v 3.3 Red Hat Ready
http://www.net-security.org/press.php?id=2021


Vontu To Host Webcast To Help Executives Understand The 
Implications of California's SB-1 Legislation
http://www.net-security.org/press.php?id=2020

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Weekly Report on Viruses and Intrusions - Five Bagle and Two of 
Netsky Worm Variants
http://www.net-security.org/virus_news.php?id=379


New Bagle Worms Hitting Hard
http://www.net-security.org/virus_news.php?id=378


Weekly Report on Viruses and Intrusions - Six Netsky Variants, 
Nachi, Baglem Sober and StarKeylog
http://www.net-security.org/virus_news.php?id=377

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
ALERT: Hackers New Trick- LDAP Injection Attacks- FREE White Paper
----------------------------------------------------------------
It's as simple as placing additional LDAP query commands into a Web
form input box giving hackers complete access to all your backend
systems! Firewalls and IDS will not stop such attacks because LDAP
Injections are seen as valid data.

Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection!
http://download.spidynamics.com/1/ad/ld.asp?cs1_ContSupRef=I-N-hlpnt3.8.04ld
----------------------------------------------------------------