HNS Newsletter
Issue 208 - 12.04.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


----------------------------------------------------------------
ETHICAL HACKING: SECURITY TESTING FOR PROFESSIONALS
----------------------------------------------------------------
This course teaches you a repeatable, documentable methodology 
that can be used in a professional security testing or penetration 
testing situation.

Get 400$ OFF when you mention Help Net Security!
http://www.net-security.org/v/infosec/
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Webcasts
7) Conferences
8) Security world
9) Virus news


[ Security news ]

 
----------------------------------------------------------------

THE ECONOMICS OF INFORMATION SECURITY
Security measures are costly -- so is picking up the pieces after 
a security breach. Consequently, more economists are turning 
their attentions to the study of cybercrime. If you're an InfoSec 
manager, you can benefit from their research.
http://www.net-security.org/news.php?id=4963


WHY I'M NOT SENDING YOU VIRUSES
E-mail spoofing is common these days--so much so that innocent 
people are getting blamed for spreading the latest wave of viruses. 
Here's what you need to know about spoofing.
http://www.net-security.org/news.php?id=4964


9-11 COMMISSION KEEPS NETWORK SECURE
Tech managers with the commission have set up a VPN.
http://www.net-security.org/news.php?id=4965


US EXPERTS OUTLINE SECURITY INITIATIVE
National Cyber Security Partnership advocates putting security at 
the heart of software development.
http://www.net-security.org/news.php?id=4966


WATCHDOGS PUSH FOR RFID LAWS
Companies push to keep RFID tags active once they are out of the 
store, but critics say that won't play well with privacy advocates 
and foreign markets.
http://www.net-security.org/news.php?id=4967


CHROOTING DAEMONS AND SYSTEM PROCESSES
You've probably encounted a chroot jail before, if you've ever ftped 
into a public system.
http://www.net-security.org/news.php?id=4968


BOOKIES RACE TO BEAT NET ATTACKS
The Grand National may be popular with the British public but, so 
far, it is not a favourite with online criminals.
http://www.net-security.org/news.php?id=4969


FORRESTER QUESTIONS LINUX SECURITY
A new study from Forrester Research has concluded that the Linux 
operating system is not necessarily more secure than Windows.
http://www.net-security.org/news.php?id=4970


WINDOWS SERVER 2003 SECURITY QUESTIONED
A technology analyst is disputing Microsoft's claims that Windows 
Server 2003 is more secure than its predecessors.
http://www.net-security.org/news.php?id=4973


MALICIOUS HACKERS - THE SOPHISTICATED ADVERSARY
Malicious hackers are known for staying one step ahead of the 
good guys; lately, it's more like a half-a-mile.
http://www.net-security.org/news.php?id=4974


MSBLAST NOT TO BLAME FOR BLACKOUT, REPORT SAYS
A U.S. and Canadian task force investigating the August 2003 
blackout that cut power to an estimated 50 million North Americans 
published its final report Monday, finding that institutional, human 
and computer failures--not the MSBlast worm--led to the outage.
http://www.net-security.org/news.php?id=4976


REVENUES MATCH RISE IN SECURITY THREATS
Vendors profit from growth in antivirus and network security 
spending.
http://www.net-security.org/news.php?id=4977


STUDENTS COMPROMISED BY INTERNET INTRUSIONS
Colleges across the country, through computer security failure and 
human error, have exposed confidential information about hundreds 
of thousands of students and employees over the Internet.
http://www.net-security.org/news.php?id=4978


POSSIO'S PX30 HACKABLE WIRELESS ROUTER
The Possio PX30 is a hackable Linux-based wireless router featuring 
WLAN, Bluetooth, OSGi (Open Services Gateway Initiative), and 
Java support.
http://www.net-security.org/news.php?id=4979


THE INTERNET SURVEILLANCE CASH COW
A few large companies and entrepreneurs stand to profit from the 
FBI's bid for a wiretap-friendly Internet.
http://www.net-security.org/news.php?id=4980


RUNNING BIND9 IN A CHROOT CAGE USING NETBSD 1.6.2
This document does not explain anything more than successfully 
running BIND9 in a chroot cage under NetBSD.
http://www.net-security.org/news.php?id=4981


CANNING SPAM
Unfortunately most of us are seeing more and more of it each day, 
despite the growing use of anti-spam measures at the desktop, 
server and ISP levels.
http://www.net-security.org/news.php?id=4982


INTRODUCTION TO ENTERPRISE LINUX
What is Enterprise Linux? Who has it? What does it cost? Are there 
any viable free alternatives? These are all questions that this 
article will address and try to answer.
http://www.net-security.org/news.php?id=4983


TOP TEN TIPS TO MAKE ATTACKERS’ LIVES HELL
This article is a breakdown of top ten tips for all network 
administrators, to protect your networks from opportunistic 
threats and make it hard for the more determined attackers 
to get anywhere fast.
http://www.net-security.org/news.php?id=4984


ARRESTS KEY WIN FOR NSA HACKERS
A computer hacker who allowed himself to be publicly identified only 
as ''Mudhen'' once boasted at a Las Vegas conference that he could 
disable a Chinese satellite with nothing but his laptop computer 
and a cellphone.
http://www.net-security.org/news.php?id=4985


START-UP TAKES A CRACK AT BLOCKING HACKERS
A Silicon Valley start-up launched on Tuesday with the goal of helping 
software companies shut out hackers.
http://www.net-security.org/news.php?id=4986


FIRM INVITES EXPERTS TO PUNCH HOLES IN BALLOT SOFTWARE
VoteHere, a maker of security software for voting machines, published 
the source code for its product online in hopes of garnering additional 
analysis of its method for verifying the integrity of electronic votes.
http://www.net-security.org/news.php?id=4987


OUTLAWING SPYWARE?
Utah regulates surveillance software while several states and Congress 
also consider restrictions.
http://www.net-security.org/news.php?id=4988


DISASTER AND DISASTER RECOVERY
As a veteran of Operating System experimentation, I can personally 
vouch that I have flubbed things up more often than I have gotten 
it right on the first time.
http://www.net-security.org/news.php?id=4989


I FOUGHT THE SCAMMER... AND I WON
the following is a report on a successful attempt to stop and catch 
a 419 scammer.
http://www.net-security.org/news.php?id=4990


THE JOE JOB DOS ATTACK
A problem with the way that non-delivery notifications are sent by 
many mail servers could be exploited to launch "mail bomb" denial 
of service attacks.
http://www.net-security.org/news.php?id=4991


JOINT STATEMENT ABOUT GNU/LINUX SECURITY
GNU/Linux vendors Debian, Mandrake, Red Hat, and SUSE have joined 
together to give a common statement about the Forrester report 
entitled "Is Linux more Secure than Windows?".
http://www.net-security.org/news.php?id=4992


SECURITY SCARE FOR BUSINESS LAPTOPS
Business travellers are unwittingly making company secrets available 
to rivals by ignoring the risks of local wireless networks, known as 
wi-fi hotspots, security experts warn.
http://www.net-security.org/news.php?id=4993


A MYSTERIOUS SOLUTION TO YOUR SECURITY?
When is a new computer technology like a riddle wrapped in a 
mystery inside an enigma?
http://www.net-security.org/news.php?id=4994


BETTER LIVING THROUGH MOD SECURITY
ModSecurity is an open source intrusion detection and prevention 
engine for web applications.
http://www.net-security.org/news.php?id=4995


EXPERTS OFFER UNIX VIRUS WARNINGS
Killer worms continue to steal Internet bandwidth and clog Mac 
user's email boxes, and the problem seems set to intensify. 
Meanwhile, virus writers are "showing increased interest in 
Unix," experts told Macworld.
http://www.net-security.org/news.php?id=4996


MICROSOFT TAKES SECURITY CLASS ON THE ROAD
Microsoft's on a mission to get technology pros to think harder 
about security.
http://www.net-security.org/news.php?id=4997


GMAIL TAKES HEAT FOR PRIVACY FEARS
"What we are getting from Google is that they are just not listening.
They are just defending. We were really surprised that Google did 
not appear to be receptive whatsoever to the privacy community 
concerns. What they've been saying is, 'Just get used to it -- it 
won't hurt long.'
http://www.net-security.org/news.php?id=4998


MICROSOFT ON ITS SECURITY RESPONSE
MCP Magazine asked Stephen Toulouse, security program manager, 
Microsoft Security Response Center, about the flaw and resulting 
controversy about the time delay.
http://www.net-security.org/news.php?id=4999


WITTY EXTINCTION
The Witty worm set a dangerous precedent on the Internet because 
it introduced a number of evil new "firsts" in the ever-changing world 
of modern worms and viruses.
http://www.net-security.org/news.php?id=5000


HACKING WINDOWS SERVER
Here are three hacks from the Windows Server Hacks book by 
Mitch Tulloch.
http://www.net-security.org/news.php?id=5001


OASIS ADVANCES WEB SERVICES SECURITY
Big step forward for connected apps.
http://www.net-security.org/news.php?id=5002


KAZAA AND EDONKEY BRACE FOR NETSKY-Q ONSLAUGHT
Zombie PCs infected with the NetSky-Q worm are set to launch 
distributed denial of service attacks against P2P and warez sites 
tonight.
http://www.net-security.org/news.php?id=5003


IS THERE A ROOTKIT HUNTER IN YOUR ARSENAL?
Michael Boelen was motivated to create the rootkit hunter one day 
after he and a friend accidentally scanned a machine with a brand 
new installation of FreeBSD 5.0. The machine had no Internet 
connection, and yet the tool they used, chkrootkit, reported 
"backdoored" binaries.
http://www.net-security.org/news.php?id=5005


HUNTING DOWN VIRUS WRITERS
"The biggest sin Microsoft has ever done is simply that they've 
become too popular, making them target number one," F-Secure 
director of antivirus research Mikko Hypponen told the E-Commerce 
Times.
http://www.net-security.org/news.php?id=5006


EXPERTS TALK UP TEXT SECURITY
Mobile phone users concerned that David Beckham's much publicised 
troubles mean their text messages are not safe from prying eyes can 
stop worrying, say experts.
http://www.net-security.org/news.php?id=5007


HUMANS TO BLAME FOR SECURITY BREACHES
84 per cent of breaches caused by human error, survey finds.
http://www.net-security.org/news.php?id=5008


SECURITY ISSUES MOVE LINKSYS ROUTERS OFF THE SHORT LIST
Linksys is apparently having some engineering difficulties that are 
leaving its customers exposed to potential security problems.
http://www.net-security.org/news.php?id=5009


SECURITY TOOL MORE HARMFUL THAN HELPFUL?
The common wisdom in the security world is that easy-to-use scripts 
to circumvent security--called "exploits"--are a threat to the Internet.
http://www.net-security.org/news.php?id=5010


PLUG-IN FLAW LEAVES REALPLAYER USERS OPEN TO ATTACK
RealNetworks has issued a patch for a security flaw in one of its 
plug-ins that could let an attacker gain control of computers 
running any of several versions of the company's popular media 
player software.
http://www.net-security.org/news.php?id=5011


EXPERT RELEASES CISCO WIRELESS HACKING TOOL
Tool compromises Cisco's authentication protocol.
http://www.net-security.org/news.php?id=5012


DB2 WEB SERVICE PROVIDER SECURITY
This article explains how to enable security for a DB2 Web Service 
Provider application, which includes enabling authentication, setting 
authorization and making sure that messages are encrypted.
http://www.net-security.org/news.php?id=5015


IMPROVING WEB APPLICATION SECURITY
This guide gives you a solid foundation for designing, building, and 
configuring secure ASP.NET Web applications.
http://www.net-security.org/news.php?id=5016

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Oracle 9iAS and 10g Application Server Web Cache Heap 
Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3383


Kerio Personal Firewall 4.0.13 Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3382


REAL One Player R3T File Format Stack Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3381


Mcafee FreeScan Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3380


Panda ActiveScan 5.0 Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3379


Citrix MetaFrame Password Manager 2.0 Unencrypted 
Credentials Vulnerability
http://www.net-security.org/vuln.php?id=3378


Nullsoft Winamp in_mod.dll Heap Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3377


Macromedia Dreamweaver Remote Database Scripts Database 
Access Vulnerability
http://www.net-security.org/vuln.php?id=3376


Microsoft SharePoint Portal Server Multiple Cross Site 
Scripting Vulnerabilities
http://www.net-security.org/vuln.php?id=3375


IBM Director 3.1 Windows Agent Remote Denial of Service 
Vulnerability
http://www.net-security.org/vuln.php?id=3374


Monit Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3373


Texutil Symlink Vulnerability
http://www.net-security.org/vuln.php?id=3372


Perl win32_stat Function Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3371


Aborior Encore Web Forum Display.cgi Remote Command 
Execution Vulnerability
http://www.net-security.org/vuln.php?id=3370


eMule v0.42d Buffer Overflow Vulnerability 
http://www.net-security.org/vuln.php?id=3369

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

US-CERT Technical Cyber Security Alert TA04-099A - Vulnerability 
in Internet Explorer ITS Protocol Handler
http://www.net-security.org/advisory.php?id=3184


SOT Linux Security Advisory - Updated tcpdump package for 
SOT Linux 2003 (SLSA-2004:15)
http://www.net-security.org/advisory.php?id=3183


SOT Linux Security Advisory - Updated sharutils package for 
SOT Linux 2003 (SLSA-2004:14)
http://www.net-security.org/advisory.php?id=3182


Cisco Security Advisory - Cisco IPSec VPN Services Module 
Malformed IKE Packet Vulnerability
http://www.net-security.org/advisory.php?id=3181


OpenPKG Security Advisory - fetchmail (OpenPKG-SA-2004.012)
http://www.net-security.org/advisory.php?id=3180


Netwosix Linux Security Advisory - leak problem in util-linux 
(2004-0010)
http://www.net-security.org/advisory.php?id=3179


Netwosix Linux Security Advisory - Automake symbolic link 
vulnerability (2004-0009)
http://www.net-security.org/advisory.php?id=3178


Gentoo Linux Security Advisory - GNU Automake symbolic link 
vulnerability (GLSA 200404-08)
http://www.net-security.org/advisory.php?id=3177


Gentoo Linux Security Advisory - ClamAV RAR Archive Remote Denial 
Of Service Vulnerability (GLSA 200404-07)
http://www.net-security.org/advisory.php?id=3176


Gentoo Linux Security Advisory - Util-linux login may leak 
sensitive data (GLSA 200404-06)
http://www.net-security.org/advisory.php?id=3175


Gentoo Linux Security Advisory - Multiple vulnerabilities in 
sysstat (GLSA 200404-04)
http://www.net-security.org/advisory.php?id=3174


SOT Linux Security Advisory - Updated squid package for 
SOT Linux 2003 (SLSA-2004:13)
http://www.net-security.org/advisory.php?id=3173


SOT Linux Security Advisory - Updated grep package for 
SOT Linux 2003 (SLSA-2004:12)
http://www.net-security.org/advisory.php?id=3172


SGI Security Advisory - SGI Advanced Linux Environment 
security update #17 (20040402-01-U)
http://www.net-security.org/advisory.php?id=3171


Turbolinux Security Announcement - apache, httpd, libxml2, 
mod_python (07/Apr/2004)
http://www.net-security.org/advisory.php?id=3170


OpenPKG Security Advisory - sharutils (OpenPKG-SA-2004.011)
http://www.net-security.org/advisory.php?id=3169


OpenPKG Security Advisory - tcpdump (OpenPKG-SA-2004.010)
http://www.net-security.org/advisory.php?id=3168


Cisco Security Advisory - A Default Username and Password 
in WLSE and HSE
http://www.net-security.org/advisory.php?id=3167


Debian Security Advisory - New tcpdump packages fix denial 
of service (DSA 478-1)
http://www.net-security.org/advisory.php?id=3166


Gentoo Linux Security Advisory - Tcpdump Vulnerabilities in 
ISAKMP Parsing (GLSA 200404-03)
http://www.net-security.org/advisory.php?id=3165


Netwosix Linux Security Advisory - monit (#2004-0008)
http://www.net-security.org/advisory.php?id=3164


Debian Security Advisory - New xine-ui packages fix insecure 
temporary file creation (DSA 477-1)
http://www.net-security.org/advisory.php?id=3163


SOT Linux Security Advisory - Updated ethereal package for 
SOT Linux 2003 (SLSA-2004:11)
http://www.net-security.org/advisory.php?id=3162


Apple Security Update - APPLE-SA-2004-04-05 (2004-04-05)
http://www.net-security.org/advisory.php?id=3161


Gentoo Linux Security Advisory - KDE Personal Information Management 
Suite Remote Buffer Overflow Vulnerability (GLSA 200404-02)
http://www.net-security.org/advisory.php?id=3160


Gentoo Linux Security Advisory - Insecure sandbox temporary 
lockfile vulnerabilities in Portage (GLSA 200404-01)
http://www.net-security.org/advisory.php?id=3159


Debian Security Advisory - New heimdal packages fix cross-realm 
vulnerability (DSA 476-1)
http://www.net-security.org/advisory.php?id=3158


Mandrakelinux Security Update Advisory - mplayer (MDKSA-2004:026)
http://www.net-security.org/advisory.php?id=3157


OpenPKG Security Advisory - mc (OpenPKG-SA-2004.009)
http://www.net-security.org/advisory.php?id=3156


Macromedia Security Bulletin - Potential Risk in Dreamweaver 
Remote Database Connectivity (MPSB 04-05)
http://www.net-security.org/advisory.php?id=3155


Debian Security Advisory - New Linux 2.4.18 packages fix several 
local root exploits (hppa) (DSA 475-1)
http://www.net-security.org/advisory.php?id=3154


Debian Security Advisory - New squid packages fix ACL 
bypass (DSA 474-1)
http://www.net-security.org/advisory.php?id=3153


Debian Security Advisory - New oftpd packages fix denial 
of service (DSA 473-1)
http://www.net-security.org/advisory.php?id=3152


Debian Security Advisory - New sysstat packages fix insecure 
temporary file creation (DSA 460-2)
http://www.net-security.org/advisory.php?id=3151


Debian Security Advisory - New fte packages fix buffer overflows 
(DSA 472-1)
http://www.net-security.org/advisory.php?id=3150


Debian Security Advisory - New interchange packages fix 
information leak (DSA 471-1)
http://www.net-security.org/advisory.php?id=3149


SGI Security Advisory - Some Network Drivers May Leak Data 
(20030601-01-I)
http://www.net-security.org/advisory.php?id=3148


SGI Security Advisory - IRIX ftpd ftp_syslog issue with anonymous 
FTP (20040401-01-P) 
http://www.net-security.org/advisory.php?id=3147

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------


THE ISSUE OF COMPLIANCE - IT’S HERE AND IT’S EXPANDING!
By now, most high-tech conferences have devoted at least one 
30-minute session to the topic of Sarbanes-Oxley (aka "Sarbox").
Complexity of language aside, Sarbox has wide-ranging implications 
that span the breadth of the high-tech industry. It has become 
increasingly important to know which portions of the law apply to 
your organization, and to the organizations that you do business with.
http://www.net-security.org/article.php?id=674


LARGE ENTERPRISE APPLICATION SECURITY
Large enterprises use a different class of software than small 
companies. This software and the environment it is purchased in is 
subject to particular constraints that often require a different 
strategy. This paper presents the problems with concrete and 
current examples and suggests some solutions.
http://www.net-security.org/article.php?id=673


THE FUTURE OF PHISHING
This article examines how attackers are likely to respond to the 
current move towards 2-factor authentication as a defence against 
phishing scams, and describes an alternative approach, available 
today, that provides a longer-term solution. 
http://www.net-security.org/article.php?id=672

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

----------------------------------------------------------------

GFI NETWORK SERVER MONITOR 5
This tool automatically monitors the network and servers for 
failures. It allows you to identify issues and fix unexpected 
conditions before your users (or managers) report them to you.
http://www.net-security.org/software.php?id=555

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at: 
http://www.net-security.org/webcasts.php


----------------------------------------------------------------

Penetration Testing with CORE IMPACT
Organized by Core Security Technologies on 13 April 2004, 1:00 PM ET
http://www.net-security.org/webcast.php?id=263


Vulnerability Expert Forum
Organized by eEye on 14 April 2004, 1:00 PM PST
http://www.net-security.org/webcast.php?id=258


Reduce Network Downtime with Effective Patch Management
Organized by ISS on 14 April 2004, 2:00 PM EST
http://www.net-security.org/webcast.php?id=256


Closing the Loop in Change Management
Organized by Tripwire on 16 April 2004, 11:00 AM PDT
http://www.net-security.org/webcast.php?id=266


Stopping Spam in the Educational Environment: Stanford and 
University of Washington Case Studies
Organized by Sophos on 20 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=260


ActivCard Single Sign-On
Organized by Activcard on 20 April 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=253


Automate Remediation Activities for Efficient Vulnerability 
Management
Organized by eEye on 20 April 2004, 11:00 AM PST
http://www.net-security.org/webcast.php?id=259


Enterprise Access Card
Organized by Activcard on 22 April 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=254


The Many Uses of Tripwire
Organized by Tripwire on 27 April 2004, 9:00 AM PDT
http://www.net-security.org/webcast.php?id=267


Consolidated email protection: An introduction to PureMessage
Organized by Sophos on 27 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=261


Sophos Anti-Virus: Stopping viruses in the educational environment
Organized by Sophos on 28 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=262


Security with the Visual Studio Tools for the Microsoft Office System
Organized by Microsoft on 5 May 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=212


The Symantec End-to-End Security Solution for the 
Microsoft-Driven Enterprise
Organized by Symantec on 5 May 2004, 11:00 AM PST
http://www.net-security.org/webcast.php?id=264


Secure Remote Access – WLAN, VPN, Web, Terminal Services, Dial-up
Organized by Activcard on 6 May 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=255

----------------------------------------------------------------




[ Conferences ]


All conferences are located at: 
http://www.net-security.org/conferences.php


----------------------------------------------------------------

cansecwest/core04 Conference
Organized by Dursec Ltd. - 21 April-23 April 2004
http://www.net-security.org/conference.php?id=85


Infosecurity Europe 2004
Organized by Reed Exhibitions - 27 April-29 April 2004
http://www.net-security.org/conference.php?id=27


Dallascon Security Conference 2004
Organized by DallasCon - 1 May-2 May 2004
http://www.net-security.org/conference.php?id=73


Computer Security Mexico 2004
Organized by Computer Security Department and UNAM-CERT 
- 27 May-28 May 2004
http://www.net-security.org/conference.php?id=87


RSA Conference 2004 Japan
Organized by RSA Conference 2004 Japan Executive Comittee 
- 31 May-1 June 2004
http://www.net-security.org/conference.php?id=82


Infosecurity Canada Conference & Exhibition 2004
Organized by Reed Exhibitions - 1 June-3 June 2004
http://www.net-security.org/conference.php?id=86


BCS Birmingham IT Security Conference 2004
Organized by British Computer Society - 8 June-8 June 2004
http://www.net-security.org/conference.php?id=81


16th Annual FIRST Conference
Organized by FIRST - 13 June-18 June 2004
http://www.net-security.org/conference.php?id=22


NetSec 2004
Organized by Computer Security Institute - 14 June-16 June 2004
http://www.net-security.org/conference.php?id=20


2004 USENIX Annual Technical Conference
Organized by USENIX Association - 27 June-2 July 2004
http://www.net-security.org/conference.php?id=66


DIMVA 2004
Organized by German Informatics Society - 6 July-7 July 2004
http://www.net-security.org/conference.php?id=47


RUXCON 2004
Organized by Australian computer security community 
- 10 July-11 July 2004
http://www.net-security.org/conference.php?id=88


13th USENIX Security Symposium
Organized by USENIX Association - 9 August-13 August 2004
http://www.net-security.org/conference.php?id=67


The 14th Virus Bulletin International Conference (VB2004)
Organized by Virus Bulletin - 29 September-1 October 2004 
http://www.net-security.org/conference.php?id=83

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

O'Reilly Releases "Network Security Assessment"
http://www.net-security.org/press.php?id=2057


SecureInfo's RMS Security Compliance Solution First-to-Market 
with Final Draft of NIST Special Publication 800-37 for Federal 
Civilian Agencies
http://www.net-security.org/press.php?id=2056


Trapeze Networks Partners With Nomadix And Picopoint To Launch 
Wireless Workzone Alliance
http://www.net-security.org/press.php?id=2055


Skybox Security Expands Management Team with Three New VPs to 
Support Demand for First Exposure Risk Management (ERM) Solution
http://www.net-security.org/press.php?id=2054


Ubizen Completes Ecommerce Security Assessments, Certifying 3Delta 
Systems For Visa and Mastercard Security Compliance Programs
http://www.net-security.org/press.php?id=2053


Analyst Identifies New Ways To Reduce Risk of ID Theft
http://www.net-security.org/press.php?id=2052


NetScreen Delivers Industry's First Dedicated SSL-Based Appliances 
for Secure, Cost-Effective Online Meetings and Peer-to-Peer 
Collaboration
http://www.net-security.org/press.php?id=2051


New Service Steers Legitimate Email Away From Spam Blockers
http://www.net-security.org/press.php?id=2050


SecureInfo's Market Leading Security Compliance Product Approved 
for Enterprise Purchases Across all DoD Agencies 
http://www.net-security.org/press.php?id=2049

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Weekly Report on Viruses and Intrusions - Bugbear.C, Variants S 
and T of Netsky and Sober.F
http://www.net-security.org/virus_news.php?id=387


Netsky-Q Worm Preparing To Blast Websites Off The Net
http://www.net-security.org/virus_news.php?id=386


Viruses and Graphics: A Dynamic Strategy for Creators of Malware
http://www.net-security.org/virus_news.php?id=385


Sober-F Worm Spreading Via Email, Sophos Warns Users 
To be on Their Guard
http://www.net-security.org/virus_news.php?id=384

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
ETHICAL HACKING: SECURITY TESTING FOR PROFESSIONALS
----------------------------------------------------------------
This course teaches you a repeatable, documentable methodology 
that can be used in a professional security testing or penetration 
testing situation.

Get 400$ OFF when you mention Help Net Security!
http://www.net-security.org/v/infosec/
----------------------------------------------------------------