HNS Newsletter
Issue 207 - 05.04.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


----------------------------------------------------------------
ALERT: Hackers New Trick- LDAP Injection Attacks- FREE White Paper
----------------------------------------------------------------
It's as simple as placing additional LDAP query commands into a Web
form input box giving hackers complete access to all your backend
systems! Firewalls and IDS will not stop such attacks because LDAP
Injections are seen as valid data.

Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection!
http://download.spidynamics.com/1/ad/ld.asp?cs1_ContSupRef=I-N-hlpnt3.8.04ld
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Software
7) Webcasts
8) Conferences
9) Security world
10) Virus news


[ Security news ]

 
----------------------------------------------------------------

SMALL FIRMS FAIL TO TAKE BASIC ANTI-VIRUS MEASURES
Small businesses in the UK are losing Ł9.5m a year because they 
do not take basic steps to protect themselves against computer 
viruses, a pan-European survey has claimed.
http://www.net-security.org/news.php?id=4912


NATIONAL SECURITY SPEC ADVANCES
A group of technology companies and government agencies this 
week will unveil an open specification for securely sharing sensitive 
information across heterogeneous networks in times of crisis.
http://www.net-security.org/news.php?id=4913


SECURITY NEEDS BETTER EDUCATION FOR PROGRAMMERS
Dealing with Internet computer worms and viruses requires a 
long-term education effort aimed at programmers while they 
are still in college, a Homeland Security Department executive 
said today.
http://www.net-security.org/news.php?id=4914


AUDITING THE MIND OF A HACKER
Security consultants are teaming up with clinical psychologists - 
including behavioural scientists from the FBI - to gain a better 
understanding of what drives and motivates hackers.
http://www.net-security.org/news.php?id=4915


MICROSOFT PAYS FOR CUSTOMER SECURITY
Microsoft Australia has begun a project to help customers improve 
security - with one difference: this time the software giant is 
picking up the tab.
http://www.net-security.org/news.php?id=4916


CYBERSECURITY LIABILITY SEEN INCREASING
Hackers, viruses and other online threats don't just create 
headaches for Internet users--they could also create prison 
sentences for corporate executives, experts say.
http://www.net-security.org/news.php?id=4917


ONLINE SECURITY: WHO'S LIABLE?
Hackers, viruses, and other online threats don't just create 
headaches for Internet users -- they could also create prison 
sentences for corporate executives, experts say.
http://www.net-security.org/news.php?id=4918


WITTY SETS A NEW WORM RECORD
The Witty worm first hit computers known to be vulnerable and 
emerged so quickly that most companies had no time to apply a 
patch, according to an analysis of the program.
http://www.net-security.org/news.php?id=4919


FACIAL ID AS PLAIN AS THE SMILE ON YOUR FACE
The way you smile could uniquely identify you, and provide a 
basis for new facial recognition technology.
http://www.net-security.org/news.php?id=4920


ISS PAM/ICQ 'WITTY' WORM ANALYSIS
This analysis seeks to provide technical details about the worm, 
and the lessons it has taught security experts.
http://www.net-security.org/news.php?id=4921


VIRUSES ROCK EUROPEAN BUSINESSES
Internet viruses are overwhelming Europe's small business sector 
with 22 percent of these companies closing down operations to 
recover from recent attacks, according to research revealed Monday.
http://www.net-security.org/news.php?id=4925


CISCO WARNS OF NEW HACKING TOOLKIT
Cisco Systems Inc. during the weekend warned customers about 
the public release of computer code that exploits multiple security 
vulnerabilities in Cisco products.
http://www.net-security.org/news.php?id=4926


KEEPING DEVELOPERS OUT OF SECURITY
A recent example of application security misinformation comes 
from XML security gateway vendors that say companies must 
have a separate XML security layer to keep application developers 
out of security.
http://www.net-security.org/news.php?id=4927


CODE ATTACKS CISCO VULNERABILITIES
Cisco Systems issued a security warning this weekend to customers 
after new software code was published on the Internet that targeted 
certain vulnerabilities on several of its networking products.
http://www.net-security.org/news.php?id=4928


PORTABLE DEVICES GET IMPROVED SECURITY
With the increase in valuable enterprise data being carried by 
mobile workers, companies may be nervous about business plans 
falling into the wrong hands. To address this concern, Memory 
Experts International has launched a product to protect data 
even when a laptop or personal digital assistant is stolen.
http://www.net-security.org/news.php?id=4929


ISS SLAMMED FOR 'SELLING' SECURITY PATCHES
ISS's security products were last week attacked by the Witty worm 
but the company is refusing to provide patches to customers who 
do not have a valid maintenance contract.
http://www.net-security.org/news.php?id=4930


HUMAN NATURE VS. SECURITY
Social engineering in the latest crop of viruses has people jumping 
through hoops to open malicious attachments. How do we change 
the pattern?
http://www.net-security.org/news.php?id=4931


VIRUSES TAG ALONG
If there's one thing that anti-virus software makers fear—aside from 
a mass change of heart by the virus writers—it's the creation of a 
virus-delivery mechanism that evades detection by their signature
based products.
http://www.net-security.org/news.php?id=4932


HONEYPOTS FOR WINDOWS
Distract intruders away from your legitimate resources.
http://www.net-security.org/news.php?id=4933


PROTECTING YOURSELF AGAINST MINI-DDOS ATTACKS
These are distributed denial of service attacks small enough to fly 
below the security radars of ISPs and law enforcement agencies, 
but potent enough to shut down cable or DSL modems connections.
http://www.net-security.org/news.php?id=4934


LINUX VS. WINDOWS: WHICH IS MORE SECURE?
In a new report, Is Linux More Secure Than Windows? from Forrester 
Research Inc., Computing Infrastructures Senior Analyst Laura Koetzle 
finds that both Windows and Linux can be deployed securely.
http://www.net-security.org/news.php?id=4935


$PAM, $PAM, LOVELY $PAM
Wall Street can't seem to get enough of the taste of spam...
the e-mail kind.
http://www.net-security.org/news.php?id=4936


HACKERS IN DEMAND!
It is no crime to think like a hacker. In fact, the only way to stop a 
hacker is to think like one and then put preventive measures in place.
http://www.net-security.org/news.php?id=4937


EMAIL FILTER PATENT PUTS INDUSTRY ON EDGE
US patent granted to Postini, the email security company, could 
grant it legal ownership of a large chunk of the methodology 
underlying anti-spam and message filtering technology on the market.
http://www.net-security.org/news.php?id=4939


SECURITY MANAGERS REPORT VIRUS PROBLEM WORSE
New report charts security manager dissatisfaction.
http://www.net-security.org/news.php?id=4940


DHS SAYS IT CAN HANDLE CYBERATTACKS
In the event of a cyberattack on the nation's infrastructure, the 
Homeland Security Department would have the authority and the 
wherewithal to coordinate an appropriate response, department 
officials told lawmakers today.
http://www.net-security.org/news.php?id=4941


SECURITY: THE THREATS THAT LIE WITHIN ORGANISATIONS
When people talk about security, they more often than not consider 
the greatest threats to be those coming from the outside.
http://www.net-security.org/news.php?id=4942


SO MUCH FOR SECURE STORAGE
With information security figuring so prominently in the headlines, 
you might assume that people in their right mind wouldn't still 
ignore security. But examine the latest goings-on in the storage 
industry and you'll trip across a very different reality.
http://www.net-security.org/news.php?id=4943


BASIC SLACKWARE SECURITY
This article is meant to be a crash course in Slackware security. It 
will detail some basic steps that should be taken before you consider 
Slackware to be fully installed.
http://www.net-security.org/news.php?id=4944


FIREWALL FAILOVER WITH PFSYNC AND CARP
Once again, Microsoft's chief software architect is beating the 
drum on security.
http://www.net-security.org/news.php?id=4945


GATES UPDATES CUSTOMERS ON MICROSOFT SECURITY PUSH
Once again, Microsoft's chief software architect is beating the 
drum on security.
http://www.net-security.org/news.php?id=4946


GOVT INTERVENTION NEEDED FOR SOFTWARE SECURITY
In a surprise shift, leading software companies acknowledged in a 
report to the Bush administration that the government might need 
to force the US technology industry to improve the security of US 
computer networks.
http://www.net-security.org/news.php?id=4947


RED HAT BRINGS SE LINUX TO FEDORA
Red Hat Inc. took the first step this week toward the inclusion of 
Security Enhanced Linux in its enterprise offerings when it released 
Fedora Core 2, test2.
http://www.net-security.org/news.php?id=4948


PASSPORT SAFETY, PRIVACY FACE OFF
An international aviation group is completing new passport 
standards this week, setting the groundwork for all passports 
issued worldwide to include digitized photographs that a computer 
can read remotely and compare to the face of the traveler or to 
a database of mug shots.
http://www.net-security.org/news.php?id=4949


COOL TOOLS FOR REMOTE ADMINISTRATION
Let's have a look at a couple of cool remote administration tools 
that are both useful and easy to use.
http://www.net-security.org/news.php?id=4950


COMPETING AUTHORS PUMP UP VIRUS STATISTICS
Although NetSky was the more prolific worm last month, Bagle 
variants were not far behind, according to Sophos.
http://www.net-security.org/news.php?id=4951


STUDY: VIRUS ATTACKS UP BUT INFECTIONS HOLD STEADY
Last year more - and more dangerous - viruses raced across 
the Internet than ever, according to a new study.
http://www.net-security.org/news.php?id=4954


WHO'S MORE SECURE THAN WHOM?
Many thanks to my colleague Steven J. Vaughan-Nichols, editor 
of our Linux & Open Source Center, for referring a recent Forrester 
Research report to my attention.
http://www.net-security.org/news.php?id=4955


MORE POLICE NEEDED TO TACKLE E-CRIME
Improved enforcement of existing laws – rather than more 
regulations – should be a government priority in the fight 
against crime on the Net.
http://www.net-security.org/news.php?id=4956


HOST INTEGRITY MONITORING: BEST PRACTICES FOR DEPLOYMENT
The purpose of this article is to highlight the important steps and 
concepts involved in deploying a host integrity monitoring system. 
These applications can be very helpful with detecting unauthorized 
change, conducting damage assessment, and preventing future attacks.
http://www.net-security.org/news.php?id=4957


BUG HUNTERS GO OPEN SOURCE
A project to catalogue and describe security vulnerabilities, derived 
from the ideals of the open source movement, opened to the public 
on March 31st.
http://www.net-security.org/news.php?id=4958


WIPING OLD HARD DISKS CLEAN
Swapping out disks or complete systems is common, but I wonder 
whether you wipe clean your old disks before sending them off for 
recycling or resale. If you do wipe the disks, are you sure that 
data can't be recovered from them?
http://www.net-security.org/news.php?id=4959


HOWTO SETUP SSH KEYS BETWEEN MACHINES
SSH keys can provide a relief to system administrators. Are you 
tired of typing in strong passwords over and over again to connect 
machines you admin?
http://www.net-security.org/news.php?id=4960


PROGRAMMERS TOLD TO PUT SECURITY OVER CREATIVITY
Certification for programmers, better education and even new laws 
are needed to improve software security, stated a report published 
Thursday by a coalition of corporate security experts, academic 
researchers and government agencies.
http://www.net-security.org/news.php?id=4961


IP SPOOFING - UNDERSTANDING THE BASICS
Get a grip on the basics of IP spoofing with this comprehensive article.
http://www.net-security.org/news.php?id=4962

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

CactuSoft CactuShop v5.x Shopping Cart Software Multiple 
Vulnerabilities
http://www.net-security.org/vuln.php?id=3368


imgSvr 0.4 Index Viewing Vulnerability
http://www.net-security.org/vuln.php?id=3367


Phpkit Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3366


TCPDUMP ISAKMP Payload Handling Denial Of Service Vulnerabilities
http://www.net-security.org/vuln.php?id=3365


Linbit Linbox Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3364


MPlayer Heap Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3363


cPanel Multiple Cross Site Scripting Vulnerabilities
http://www.net-security.org/vuln.php?id=3362


WebCT Campus Edition 4.1 Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3361


Oracle SSO Authentication Credentials Stealing Vulnerability
http://www.net-security.org/vuln.php?id=3360


A-CART Pro & A-CART 2.0 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3359


PhotoPost PHP Pro Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3358


Cloisterblog Web Blog Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3357


Bblog Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3356


Invision NetSupport School Pro Password Protection Vulnerability
http://www.net-security.org/vuln.php?id=3355

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Netwosix Linux Security Advisory - ethereal (2004-0007)
http://www.net-security.org/advisory.php?id=3146


Netwosix Linux Security Advisory - apache (2004-0006)
http://www.net-security.org/advisory.php?id=3145


Netwosix Linux Security Advisory - openssl (2004-0005)
http://www.net-security.org/advisory.php?id=3144


OpenPKG Security Advisory - squid (OpenPKG-SA-2004.008)
http://www.net-security.org/advisory.php?id=3143


Debian Security Advisory - New Linux 2.4.17 packages fix 
several local root exploits (hppa) (DSA 470-1)
http://www.net-security.org/advisory.php?id=3142


Red Hat Security Advisory - Updated Ethereal packages fix 
security issues (RHSA-2004:137-01)
http://www.net-security.org/advisory.php?id=3141


Conectiva Linux Security Announcement - libxml2 (CLA-2004:836)
http://www.net-security.org/advisory.php?id=3140


Conectiva Linux Security Announcement - ethereal (CLA-2004:835)
http://www.net-security.org/advisory.php?id=3139


Conectiva Linux Security Announcement - openssl (CLA-2004:834)
http://www.net-security.org/advisory.php?id=3138


Conectiva Linux Security Announcement - mc (CLA-2004:833)
http://www.net-security.org/advisory.php?id=3137


Gentoo Linux Security Advisory - Multiple Security Vulnerabilities 
in Monit (GLSA 200403-14)
http://www.net-security.org/advisory.php?id=3136


MPlayer Security Advisory #002 - Remotely exploitable 
vulnerability in HTTP parser
http://www.net-security.org/advisory.php?id=3135


Gentoo Linux Security Advisory - Remote buffer overflow 
in MPlayer (GLSA 200403-13)
http://www.net-security.org/advisory.php?id=3134


Gentoo Linux Security Advisory - OpenLDAP DoS Vulnerability 
(GLSA 200403-12)
http://www.net-security.org/advisory.php?id=3133


Gentoo Linux Security Advisory - Buffer overflow in Midnight 
Commander (GLSA 200403-09)
http://www.net-security.org/advisory.php?id=3132


Gentoo Linux Security Advisory - Squid ACL [url_regex] 
bypass vulnerability (GLSA 200403-11)
http://www.net-security.org/advisory.php?id=3131


Gentoo Linux Security Advisory - Fetchmail 6.2.5 fixes a 
remote DoS (GLSA 200403-10)
http://www.net-security.org/advisory.php?id=3130


Mandrakelinux Security Update Advisory - squid (MDKSA-2004:025)
http://www.net-security.org/advisory.php?id=3129


Mandrakelinux Security Update Advisory - ethereal (MDKSA-2004:024)
http://www.net-security.org/advisory.php?id=3128


Netwosix Linux Security Advisory - ethereal (#2004-0007)
http://www.net-security.org/advisory.php?id=3127


Trustix Secure Linux Security Advisory - apache (2004-0017)
http://www.net-security.org/advisory.php?id=3126


Turbolinux Security Announcement - wu-ftpd, openssl (30/Mar/2004)
http://www.net-security.org/advisory.php?id=3125


Trustix Secure Linux Security Advisory - tcpdump, libpcap 
(2004-0015)
http://www.net-security.org/advisory.php?id=3124


Gentoo Linux Security Advisory - oftpd DoS vulnerability 
(GLSA 200403-08)
http://www.net-security.org/advisory.php?id=3123


SGI Security Advisory - SGI Advanced Linux Environment 
security update #15 (20040303-01-U)
http://www.net-security.org/advisory.php?id=3122


SCO Security Advisory - OpenLinux: mc Updated packages 
resolve local buffer overflow vulnerability (CSSA-2004-014.0)
http://www.net-security.org/advisory.php?id=3121


SCO Security Advisory - OpenLinux: mutt remote buffer overflow 
(CSSA-2004-013.0)
http://www.net-security.org/advisory.php?id=3120


FreeBSD Security Advisory - setsockopt(2) IPv6 sockets input 
validation error (FreeBSD-SA-04:06.ipv6)
http://www.net-security.org/advisory.php?id=3119


Debian Security Advisory - pam-pgsql (DSA 469-1)
http://www.net-security.org/advisory.php?id=3118


Cisco Security Advisory - Exploit for Multiple Cisco Vulnerabilities 
Released
http://www.net-security.org/advisory.php?id=3117


Gentoo Linux Security Advisory - Multiple remote overflows and 
vulnerabilities in Ethereal (GLSA 200403-07)
http://www.net-security.org/advisory.php?id=3116


Gentoo Linux Security Advisory - Multiple remote buffer overflow 
vulnerabilities in Courier (GLSA 200403-06)
http://www.net-security.org/advisory.php?id=3115


Gentoo Linux Security Advisory - UUDeview MIME Buffer Overflow 
(200403-05)
http://www.net-security.org/advisory.php?id=3114


Gentoo Linux Security Advisory - Apache 2 (GLSA 200403-04) 
http://www.net-security.org/advisory.php?id=3113

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------

USING THE PUTTY SSH CLIENT ON NOKIA SERIES 60 PHONES
Here's a demonstration on how the new version of PuTTY 
works on a Nokia 6600, complete with photos.
http://www.net-security.org/article.php?id=671


WHOSE SITE IS IT ANYWAY?
Richard Moulds from nCipher takes a look at the increasing problem 
of Website spoofing and explains how ecommerce providers can 
deliver a higher level of trust.
http://www.net-security.org/article.php?id=669


THE LAYERED APPROACH TO SECURITY IS DEAD
Building a trust based collaborative system is the new challenge 
to the layered model of securing your enterprise. Because of 
the very nature of the way that documents flow through an 
organisation (and outside of it too) we are left with dynamic 
content that can be extracted, changed, leaked: the integrity 
lost forever and the information open to a competitor or worse 
- the press.
http://www.net-security.org/article.php?id=668

----------------------------------------------------------------




[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

SECURING SYSTEMS WITH THE SOLARIS SECURITY TOOLKIT
This book is part of an on-going series of books known as the 
Sun Blueprints Program. What this publication wants to provide 
are best practices for securing the Solaris Operating Environment 
by using the Solaris Security Toolking software.
http://www.net-security.org/review.php?id=129

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

----------------------------------------------------------------

NMAPW 1.0.3B
NmapW is a free Win32 GUI application for Nmap 3.50.
http://www.net-security.org/software.php?id=554

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at: 
http://www.net-security.org/webcasts.php


----------------------------------------------------------------

Securing Every Client: A Proactive Approach for Protecting 
Your Mobile, Remote, and Networked Users
Organized by Symantec on 8 April 2004, 8:00 AM PST
http://www.net-security.org/webcast.php?id=265


Reducing Risk with Ongoing Vulnerability Assessment
Organized by eEye on 8 April 2004, 2:00 PM EST
http://www.net-security.org/webcast.php?id=257


Penetration Testing with CORE IMPACT
Organized by Core Security Technologies on 13 April 2004, 1:00 PM ET
http://www.net-security.org/webcast.php?id=263


Vulnerability Expert Forum
Organized by eEye on 14 April 2004, 1:00 PM PST
http://www.net-security.org/webcast.php?id=258


Reduce Network Downtime with Effective Patch Management
Organized by ISS on 14 April 2004, 2:00 PM EST
http://www.net-security.org/webcast.php?id=256


Closing the Loop in Change Management
Organized by Tripwire on 16 April 2004, 11:00 AM PDT
http://www.net-security.org/webcast.php?id=266


Stopping Spam in the Educational Environment: Stanford and 
University of Washington Case Studies
Organized by Sophos on 20 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=260


ActivCard Single Sign-On
Organized by Activcard on 20 April 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=253


Automate Remediation Activities for Efficient Vulnerability 
Management
Organized by eEye on 20 April 2004, 11:00 AM PST
http://www.net-security.org/webcast.php?id=259


Enterprise Access Card
Organized by Activcard on 22 April 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=254


The Many Uses of Tripwire
Organized by Tripwire on 27 April 2004, 9:00 AM PDT
http://www.net-security.org/webcast.php?id=267


Consolidated email protection: An introduction to PureMessage
Organized by Sophos on 27 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=261


Sophos Anti-Virus: Stopping viruses in the educational environment
Organized by Sophos on 28 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=262


Security with the Visual Studio Tools for the Microsoft 
Office System
Organized by Microsoft on 5 May 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=212


The Symantec End-to-End Security Solution for the 
Microsoft-Driven Enterprise
Organized by Symantec on 5 May 2004, 11:00 AM PST 
http://www.net-security.org/webcast.php?id=264

----------------------------------------------------------------




[ Conferences ]


All conferences are located at: 
http://www.net-security.org/conferences.php


----------------------------------------------------------------

cansecwest/core04 Conference
Organized by Dursec Ltd. - 21 April-23 April 2004
http://www.net-security.org/conference.php?id=85


Infosecurity Europe 2004
Organized by Reed Exhibitions - 27 April-29 April 2004
http://www.net-security.org/conference.php?id=27


Dallascon Security Conference 2004
Organized by DallasCon - 1 May-2 May 2004
http://www.net-security.org/conference.php?id=73


Computer Security Mexico 2004
Organized by Computer Security Department and UNAM-CERT 
- 27 May-28 May 2004
http://www.net-security.org/conference.php?id=87


RSA Conference 2004 Japan
Organized by RSA Conference 2004 Japan Executive Comittee 
- 31 May-1 June 2004
http://www.net-security.org/conference.php?id=82


Infosecurity Canada Conference & Exhibition 2004
Organized by Reed Exhibitions - 1 June-3 June 2004
http://www.net-security.org/conference.php?id=86


BCS Birmingham IT Security Conference 2004
Organized by British Computer Society - 8 June-8 June 2004
http://www.net-security.org/conference.php?id=81


16th Annual FIRST Conference
Organized by FIRST - 13 June-18 June 2004
http://www.net-security.org/conference.php?id=22


NetSec 2004
Organized by Computer Security Institute - 14 June-16 June 2004
http://www.net-security.org/conference.php?id=20


2004 USENIX Annual Technical Conference
Organized by USENIX Association - 27 June-2 July 2004
http://www.net-security.org/conference.php?id=66


DIMVA 2004
Organized by German Informatics Society - 6 July-7 July 2004
http://www.net-security.org/conference.php?id=47


RUXCON 2004
Organized by Australian computer security community - 
10 July-11 July 2004
http://www.net-security.org/conference.php?id=88


13th USENIX Security Symposium
Organized by USENIX Association - 9 August-13 August 2004
http://www.net-security.org/conference.php?id=67


The 14th Virus Bulletin International Conference (VB2004)
Organized by Virus Bulletin - 29 September-1 October 2004 
http://www.net-security.org/conference.php?id=83

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

Open Source Vulnerability Database Releases Free Security 
Data to the Public
http://www.net-security.org/press.php?id=2048


Flarepath Go Gold with Flarepath Windows Update Analyser
http://www.net-security.org/press.php?id=2047


SecureInfo and SANS Institute Join Forces to Develop Security 
Compliance Course for Department of Defense
http://www.net-security.org/press.php?id=2046


Trusted Computing Group Adds Members Representing Systems, 
Mobile Phones, Components and Security Applications
http://www.net-security.org/press.php?id=2045


Excedent Reports that Spam Traffic has Grown to 80% of Email
http://www.net-security.org/press.php?id=2044


(ISC)2 and University of Dallas Expand Academic Partnership 
To Include On-Campus Training and Examinations
http://www.net-security.org/press.php?id=2043


Aventail Unveils the SSL VPN Industry’s Most Advanced Endpoint 
Control Solution for Securing Remote Access from Non-Corporate
Owned Devices
http://www.net-security.org/press.php?id=2042


NetScreen Named SSL VPN Market Leader by Independent 
Research Firm
http://www.net-security.org/press.php?id=2041


Excedent Launches Webmail.us Affiliate Program 
http://www.net-security.org/press.php?id=2040

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Panda ActiveScan Top 10 Viruses in March 2004
http://www.net-security.org/virus_news.php?id=383


Central Command: Top 12 Viruses For March 2004
http://www.net-security.org/virus_news.php?id=382


Top Ten Viruses And Hoaxes Reported To Sophos in March 2004
http://www.net-security.org/virus_news.php?id=381


Netsky-R Latest in Barrage Of Warring Worms
http://www.net-security.org/virus_news.php?id=380

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
ALERT: Hackers New Trick- LDAP Injection Attacks- FREE White Paper
----------------------------------------------------------------
It's as simple as placing additional LDAP query commands into a Web
form input box giving hackers complete access to all your backend
systems! Firewalls and IDS will not stop such attacks because LDAP
Injections are seen as valid data.

Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection!
http://download.spidynamics.com/1/ad/ld.asp?cs1_ContSupRef=I-N-hlpnt3.8.04ld
----------------------------------------------------------------