HNS Newsletter
Issue 209 - 19.04.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


----------------------------------------------------------------
ALERT: Hackers New Trick- LDAP Injection Attacks- FREE White Paper
----------------------------------------------------------------
It's as simple as placing additional LDAP query commands into a Web
form input box giving hackers complete access to all your backend
systems! Firewalls and IDS will not stop such attacks because LDAP
Injections are seen as valid data.

Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection!
http://download.spidynamics.com/1/ad/ld.asp?cs1_ContSupRef=I-N-hlpnt3.8.04ld
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Webcasts
7) Conferences
8) Security world
9) Virus news


[ Security news ]

 
----------------------------------------------------------------

AN ANTITRUST ANTIDOTE FOR SOFTWARE SECURITY
Lawmakers have focused much attention on information security 
issues during the past year amid a spike in identity theft, viruses 
and other online criminal activity. The White House approved a 
national cybersecurity plan more than a year ago but it contains 
no requirements for businesses to improve their electronic
security practices.
http://www.net-security.org/news.php?id=5017


SECURITY FOCUS OR NOT, CAN AN UNREPENTANT MICROSOFT 
BE TRUSTED?
Microsoft is working hard to make good on the promises making 
security job #1, and with Windows XP Service Pack 2 just a few 
months away we're all looking forward to this very important 
first step. 
http://www.net-security.org/news.php?id=5018


OS X TROJAN HORSE IS A NAG
The first Trojan for Mac OS X is anything but, experts say, and 
Thursday's warning from antivirus company Intego was unnecessarily 
alarmist.
http://www.net-security.org/news.php?id=5019


CYBERSECURITY TASK FORCE SPARKS DEBATE
Rift develops over who decides standards.
http://www.net-security.org/news.php?id=5020


NEW INTEL CHIPS ENSURE BETTER SECURITY
The next generation of Intel Corp. microprocessors for cell phones 
and handheld computers will, for the first time, include hard-wired 
security features that can enforce copy protection and help 
prevent hackers from wreaking havoc on wireless networks.
http://www.net-security.org/news.php?id=5021


CONCERN GROWS OVER BROWSER SECURITY
Browser-based security threats are on the rise and may pose the
next significant risk to information technology operations, according 
to a technology trade association.
http://www.net-security.org/news.php?id=5022


SECURITY TASK FORCE TO CEOS: MAKE IMPROVEMENT, OR ELSE
A computer industry task force working on cybersecurity with the 
Homeland Security Department urged top corporate management to 
initiate robust security measures now or face possible regulation 
on the issue later.
http://www.net-security.org/news.php?id=5023


SECURING WIRELESS LANS WITH PEAP AND PASSWORDS
This is the second security solution guide for WLANs from Microsoft.
http://www.net-security.org/news.php?id=5024


THREATS GIVE SECURITY BOOST
Widespread fear of hacking, viruses and worms loosens company 
purse strings.
http://www.net-security.org/news.php?id=5027


CHAT, COPY, PASTE, PRISON
When a New Hampshire judge threw out chat-log evidence against 
an accused pedophile, he illustrated just how jumbled and confused 
Internet privacy law can be.
http://www.net-security.org/news.php?id=5028


PHOTO RECOGNITION SOFTWARE GIVES LOCATION
For a small fee, photo recognition software on a remote server 
works out precisely where you are, and sends back directions 
that will get you to your destination.
http://www.net-security.org/news.php?id=5029


SOFTWARE WARFARE
The debate over security is an interesting one, as both the Linux 
community and Microsoft claim to have the more secure technology.
http://www.net-security.org/news.php?id=5030


USER ACCESS SYSTEM TO IMPROVE IT SECURITY
Northumbrian Water is responding to demands from industry regulators 
to demonstrate best practice in IT security by rolling out software 
to control the access rights of 2,000 staff to the firm's Windows 
and Unix systems.
http://www.net-security.org/news.php?id=5031


ATTACKERS INFILTRATING SUPERCOMPUTER NETWORKS
Unknown attackers have compromised a large number of Linux and 
Solaris machines in high-speed computing networks at Stanford 
University and other academic research facilities, according to 
a university advisory.
http://www.net-security.org/news.php?id=5032


MICROSOFT WARNS OF A SCORE OF SECURITY HOLES
Microsoft released on Tuesday fixes that cover at least 20 Windows 
flaws, several of which could make versions of the operating system 
vulnerable to new worms or viruses.
http://www.net-security.org/news.php?id=5033


USDA TO CERTIFY SECURITY
Officials at the Agriculture Department, with 29 agencies and more 
than 500 computer information systems, expects to spend as much 
as $60 million to certify and accredit those systems during the next 
five years.
http://www.net-security.org/news.php?id=5034


WI-FI SECURITY STILL POOR
Wireless network protection neglected by more than half of UK 
businesses.
http://www.net-security.org/news.php?id=5035


UK FIRMS FAILING SECURITY CHALLENGE
Despite repeated warnings, many British businesses haven't come 
to grips with the security needed for wireless networks or remote 
access.
http://www.net-security.org/news.php?id=5036


LINUX 2.6: COMPILING AND INSTALLING
This article looks at the process of compiling and installing a new 
kernel safely, without overwriting the existing kernel.
http://www.net-security.org/news.php?id=5037


MORE TO BLAME FOR VIRUS EPIDEMIC
There is an interesting new dynamic to the recent malicious code 
outbreaks that have plagued corporations.
http://www.net-security.org/news.php?id=5038


SECURITY BODY SUPPORTS BIOMETRICS
SIA uses fingerprint authentication to boost security.
http://www.net-security.org/news.php?id=5039


STIFF SPAM PENALTIES URGED
Spammers convicted under a recently enacted national antispam 
law could face stiff sentences under newly finalized government 
recommendations.
http://www.net-security.org/news.php?id=5040


BASIC WEB SESSION IMPERSONATION
This article gives a basic introduction to common flaws in web 
applications that allow a malicious user to hijack a legitimate 
user's web session. Some practical countermeasures that 
reduce this threat are also discussed.
http://www.net-security.org/news.php?id=5041


AUDITORS WORKING ON CYBER-RISK STANDARD
Plans by an industry consortium to develop a checklist to assess 
cyber-threats could help IT directors justify security spending and 
help protect companies against hackers, according to IT directors 
and industry experts.
http://www.net-security.org/news.php?id=5042


9/11 'ENTREPRENEUR' ON FRAUD RAP
A Californian man who claimed to be developing post-9/11 face 
recognition system has been arrested by Feds probing allegations 
of fraud.
http://www.net-security.org/news.php?id=5043


FEDS TO USE 'FEDERATED' ID CHECKS
Federal government officials will rely on other organizations to 
verify users' identities when they apply online for government 
loans or jobs.
http://www.net-security.org/news.php?id=5044


THE FRONT ON INTERNET TERRORISM
With attacks from spam, worms, malware, adware, and hackers, 
Internet security will become so tight that nothing will get 
through, not even the good data.
http://www.net-security.org/news.php?id=5045


HIPAA SECURITY: YOU CAN RUN, BUT YOU CAN'T HIDE
This short course targets physicians who need to handle the 
looming HIPAA security deadlines.
http://www.net-security.org/news.php?id=5046


IT SECURITY HAS NEVER BEEN SO NECESSARY
IT security is very much in the spotlight at the moment. And, 
unlike some IT trends, there is no danger that it is merely 
enjoying its 15 minutes of fame.
http://www.net-security.org/news.php?id=5047


NETWORK VULNERABILITIES
Basic network security issues have changed very little over 
the past decade.
http://www.net-security.org/news.php?id=5048


NO SILVER BULLET FOR SECURITY
Phil Cracknell, chief technology officer at NetSurity, considers 
the need for continued corporate management investment in 
security.
http://www.net-security.org/news.php?id=5049


WATCH OUT - THERE'S AN ID THIEF ABOUT
When someone says 'get a life', they don't generally mean 'take 
mine'. But that's exactly what happened to more than 100,000 
people in the UK last year.
http://www.net-security.org/news.php?id=5051


PUSHING TO WIRETAP 'PUSH TO TALK'
U.S. cell phone service providers are willing to wiretap "push to 
talk" phone calls, but only one has the technological capability 
to do so, according to sources familiar with the situation.
http://www.net-security.org/news.php?id=5052


U.K. SPAMMERS ELUDE SHUTDOWN
Legislation passed last year to clamp down on U.K. companies that 
send unsolicited e-mail over the Internet is unlikely to result in 
any prosecutions until 2005.
http://www.net-security.org/news.php?id=5053


HOW COOPERATION CAN BEAT VIRUSES
Prevention truly is better than cure - and there are steps that 
can be taken to teach a new computing generation to protect 
themselves.
http://www.net-security.org/news.php?id=5054

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

RealNetworks Helix Universal Server Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3393


Linux Kernel ISO9660 File System Component Buffer Overflow 
Vulnerability
http://www.net-security.org/vuln.php?id=3392


Microsoft Internet Explorer BMP File Memory Denial of Service 
Vulnerability
http://www.net-security.org/vuln.php?id=3391


Adobe Acrobat Reader PDF File Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3390


Tiki CMS/Groupware Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3389


Microsoft Help and Support Center Argument Injection Vulnerability
http://www.net-security.org/vuln.php?id=3388


X-Micro WLAN 11b Broadband Router Backdoor Vulnerability
http://www.net-security.org/vuln.php?id=3387


Crackalaka 1.0.8 Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3386


NukeCalendar Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3385


AzDGDatingLite Cross Site Scripting Vulnerability 
http://www.net-security.org/vuln.php?id=3384

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

OpenPKG Security Advisory - neon (OpenPKG-SA-2004.016)
http://www.net-security.org/advisory.php?id=3221


OpenPKG Security Advisory - ethereal (OpenPKG-SA-2004.015)
http://www.net-security.org/advisory.php?id=3220


Trustix Secure Linux Security Advisory - kernel (2004-0020)
http://www.net-security.org/advisory.php?id=3219


Cisco Security Notice - Cisco IPsec VPN Implementation Group 
Password Usage Vulnerability
http://www.net-security.org/advisory.php?id=3218


FreeBSD Security Advisory - CVS path validation errors 
(FreeBSD-SA-04:07.cvs)
http://www.net-security.org/advisory.php?id=3217


Gentoo Linux Security Advisory - CVS Server and Client 
Vulnerabilities (GLSA 200404-13)
http://www.net-security.org/advisory.php?id=3216


OpenPKG Security Advisory - mysql (OpenPKG-SA-2004.014)
http://www.net-security.org/advisory.php?id=3215


Red Hat Security Advisory - Updated Subversion packages fix security 
vulnerability in neon (RHSA-2004:159-01)
http://www.net-security.org/advisory.php?id=3214


Red Hat Security Advisory - Updated CVS packages fix security 
issue (RHSA-2004:154-01)
http://www.net-security.org/advisory.php?id=3213


Mandrakelinux Security Update Advisory - tcpdump (MDKSA-2004:030)
http://www.net-security.org/advisory.php?id=3212


Mandrakelinux Security Update Advisory - kernel (MDKSA-2004:029)
http://www.net-security.org/advisory.php?id=3211


Debian Security Advisory - New ssmtp packages fix format string 
vulnerabilities (DSA 485-1)
http://www.net-security.org/advisory.php?id=3210


Debian Security Advisory - New xonix packages fix failure to drop 
privileges (DSA 484-1)
http://www.net-security.org/advisory.php?id=3209


Debian Security Advisory - New Linux 2.4.18 packages fix local 
root exploit (i386) (DSA 479-2)
http://www.net-security.org/advisory.php?id=3208


OpenPKG Security Advisory - cvs (OpenPKG-SA-2004.013)
http://www.net-security.org/advisory.php?id=3207


Mandrakelinux Security Update Advisory - kernel (MDKSA-2004:029)
http://www.net-security.org/advisory.php?id=3206


Mandrakelinux Security Update Advisory - cvs (MDKSA-2004:028)
http://www.net-security.org/advisory.php?id=3205


Debian Security Advisory - New mysql packages fix insecure 
temporary file creation (DSA 483-1)
http://www.net-security.org/advisory.php?id=3204


SUSE Security Announcement - cvs (SuSE-SA:2004:008)
http://www.net-security.org/advisory.php?id=3203


Debian Security Advisory - New Linux 2.4.17 packages fix local root 
exploit (source+powerpc/apus+s390) (DSA 482-1)
http://www.net-security.org/advisory.php?id=3202


Debian Security Advisory - New Linux 2.4.17 packages fix local root 
exploit (ia64) (DSA 481-1)
http://www.net-security.org/advisory.php?id=3201


Debian Security Advisory - New Linux 2.4.17 and 2.4.18 packages fix 
local root exploit (hppa) (DSA 480-1)
http://www.net-security.org/advisory.php?id=3200


SUSE Security Announcement - Linux Kernel (SuSE-SA:2004:009)
http://www.net-security.org/advisory.php?id=3199


Debian Security Advisory - New Linux 2.4.18 packages fix local root 
exploit (source+alpha+i386+powerpc) (DSA 479-1)
http://www.net-security.org/advisory.php?id=3198


Red Hat Security Advisory - Updated cadaver package fixes security 
vulnerability in neon (RHSA-2004:158-01)
http://www.net-security.org/advisory.php?id=3197


Red Hat Security Advisory - Updated CVS packages fix security 
issue (RHSA-2004:154-01)
http://www.net-security.org/advisory.php?id=3196


US-CERT Technical Cyber Security Alert TA04-104A - Multiple 
Vulnerabilities in Microsoft Products
http://www.net-security.org/advisory.php?id=3195


Microsoft Windows Security Bulletin Summary for April 2004
http://www.net-security.org/advisory.php?id=3194


Conectiva Linux Security Announcement - apache (CLA-2004:839)
http://www.net-security.org/advisory.php?id=3193


Microsoft Security Bulletin Re-releases (April 2004)
http://www.net-security.org/advisory.php?id=3192


Cisco Security Notice - Dictionary Attack on Cisco LEAP 
Vulnerability (Revision 2.0)
http://www.net-security.org/advisory.php?id=3191


Conectiva Linux Security Announcement - squid (Conectiva 
Linux Security Announcement)
http://www.net-security.org/advisory.php?id=3190


Conectiva Linux Security Announcement - mod_python (CLA-2004:837)
http://www.net-security.org/advisory.php?id=3189


SOT Linux Security Advisory - Updated mc package for SOT Linux 
2003 (SLSA-2004:16)
http://www.net-security.org/advisory.php?id=3188


Gentoo Linux Security Advisory - Scorched 3D server chat box 
format string vulnerability (GLSA 200404-12)
http://www.net-security.org/advisory.php?id=3187


Gentoo Linux Security Advisory - iproute local Denial of Service 
vulnerability (GLSA 200404-10)
http://www.net-security.org/advisory.php?id=3186


Gentoo Linux Security Advisory - Cross-realm trust vulnerability 
in Heimdal (GLSA 200404-09) 
http://www.net-security.org/advisory.php?id=3185

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------

AUDIO INTERVIEW WITH GREG HOGLUND AND GARY MCGRAW, 
AUTHORS OF "EXPLOITING SOFTWARE: HOW TO BREAK CODE"
The authors voice their opinion on close source vs. open source 
security, the most ridiculous mistakes they've seen while analyzing 
code, provide some insight into their book and more.
http://www.net-security.org/article.php?id=677


MAIL SCANNING WITH EXIM AND THE EXISCAN ACL
With all the spam and viruses circulating the Internet these days, 
any network admin worth his or her salt will have appropriate filters 
in place to prevent these irritants from getting to users and 
customers.
http://www.net-security.org/article.php?id=676


INTERVIEW WITH PAUL ZIMSKI, HARRIS CORPORATION'S STAT 
COMPUTER SECURITY UNIT
Paul Zimski, CISSP, discusses government security, security 
scanning as well as online security problems.
http://www.net-security.org/article.php?id=675

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

----------------------------------------------------------------

SPYBOT - SEARCH & DESTROY 1.2
Detect and remove spyware of different kinds from your computer.
http://www.net-security.org/software.php?id=556

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at: 
http://www.net-security.org/webcasts.php


----------------------------------------------------------------

Stopping Spam in the Educational Environment: Stanford and 
University of Washington Case Studies
Organized by Sophos on 20 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=260


ActivCard Single Sign-On
Organized by Activcard on 20 April 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=253


Automate Remediation Activities for Efficient Vulnerability 
Management
Organized by eEye on 20 April 2004, 11:00 AM PST
http://www.net-security.org/webcast.php?id=259


Enterprise Access Card
Organized by Activcard on 22 April 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=254


The Many Uses of Tripwire
Organized by Tripwire on 27 April 2004, 9:00 AM PDT
http://www.net-security.org/webcast.php?id=267


Consolidated email protection: An introduction to PureMessage
Organized by Sophos on 27 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=261


Sophos Anti-Virus: Stopping viruses in the educational environment
Organized by Sophos on 28 April 2004, 10:00 AM PST
http://www.net-security.org/webcast.php?id=262


Security with the Visual Studio Tools for the Microsoft Office 
System
Organized by Microsoft on 5 May 2004, 11:00 AM PT
http://www.net-security.org/webcast.php?id=212


The Symantec End-to-End Security Solution for the 
Microsoft-Driven Enterprise
Organized by Symantec on 5 May 2004, 11:00 AM PST
http://www.net-security.org/webcast.php?id=264


Secure Remote Access � WLAN, VPN, Web, Terminal Services, Dial-up
Organized by Activcard on 6 May 2004, 11:00 AM PT 
http://www.net-security.org/webcast.php?id=255

----------------------------------------------------------------




[ Conferences ]


All conferences are located at: 
http://www.net-security.org/conferences.php


----------------------------------------------------------------

cansecwest/core04 Conference
Organized by Dursec Ltd. - 21 April-23 April 2004
http://www.net-security.org/conference.php?id=85


Infosecurity Europe 2004
Organized by Reed Exhibitions - 27 April-29 April 2004
http://www.net-security.org/conference.php?id=27


Dallascon Security Conference 2004
Organized by DallasCon - 1 May-2 May 2004
http://www.net-security.org/conference.php?id=73


Computer Security Mexico 2004
Organized by Computer Security Department and UNAM-CERT 
- 27 May-28 May 2004
http://www.net-security.org/conference.php?id=87


RSA Conference 2004 Japan
Organized by RSA Conference 2004 Japan Executive Comittee 
- 31 May-1 June 2004
http://www.net-security.org/conference.php?id=82


Infosecurity Canada Conference & Exhibition 2004
Organized by Reed Exhibitions - 1 June-3 June 2004
http://www.net-security.org/conference.php?id=86


BCS Birmingham IT Security Conference 2004
Organized by British Computer Society - 8 June-8 June 2004
http://www.net-security.org/conference.php?id=81


16th Annual FIRST Conference
Organized by FIRST - 13 June-18 June 2004
http://www.net-security.org/conference.php?id=22


NetSec 2004
Organized by Computer Security Institute - 14 June-16 June 2004
http://www.net-security.org/conference.php?id=20


2004 USENIX Annual Technical Conference
Organized by USENIX Association - 27 June-2 July 2004
http://www.net-security.org/conference.php?id=66


DIMVA 2004
Organized by German Informatics Society - 6 July-7 July 2004
http://www.net-security.org/conference.php?id=47


RUXCON 2004
Organized by Australian computer security community 
- 10 July-11 July 2004
http://www.net-security.org/conference.php?id=88


Open Source Convention 2004
Organized by O'Reilly - 26 July-30 July 2004
http://www.net-security.org/conference.php?id=89


13th USENIX Security Symposium
Organized by USENIX Association - 9 August-13 August 2004
http://www.net-security.org/conference.php?id=67


The 14th Virus Bulletin International Conference (VB2004)
Organized by Virus Bulletin - 29 September-1 October 2004 
http://www.net-security.org/conference.php?id=83

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

Kavado Adds Seasoned Leadership to Executive Team
http://www.net-security.org/press.php?id=2070


Astaro Selected Finalist for Well-Connected Award
http://www.net-security.org/press.php?id=2069


Hitachi Consulting Implements TippingPoint's UnityOne Intrusion 
Prevention System
http://www.net-security.org/press.php?id=2068


The Training Camp Accelerates Learning For Aetna Insurance 
Staff On Latest Microsoft Security Skills
http://www.net-security.org/press.php?id=2067


Forum Systems Teams With Oracle To Provide Additional 
Security For Production Web Services
http://www.net-security.org/press.php?id=2066


Forum Systems Offers Free Web Services Firewall
http://www.net-security.org/press.php?id=2065


ISL Biometrics signs deal with The Home Office Security 
Industry Authority
http://www.net-security.org/press.php?id=2064


NetScreen Positioned in the Leader Quadrant in SSL VPN 
Magic Quadrant
http://www.net-security.org/press.php?id=2063


Sanctum Hits Record Numbers in Q1 2004, Extending Lead in 
Application Security Market with 95 Percent Revenue Growth
http://www.net-security.org/press.php?id=2062


Registration Opens for the 2004 O'Reilly Open Source Convention
http://www.net-security.org/press.php?id=2061


Spectorsoft Corporation Has Announced That it Has Begun 
Shipment of Spector Corporate Network Edition
http://www.net-security.org/press.php?id=2060


GFI Releases a Major Upgrade Of Its Acclaimed Network 
Security Scanner
http://www.net-security.org/press.php?id=2059


O'Reilly Releases "Windows Server Hacks" 
http://www.net-security.org/press.php?id=2058

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Weekly Report on Viruses and Intrusions - Netsky Variants 
(V, U) and Hideout.A Hacking Tool
http://www.net-security.org/virus_news.php?id=389


Netsky-V Worm Slithers Without Email Attachment
http://www.net-security.org/virus_news.php?id=388

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
ALERT: Hackers New Trick- LDAP Injection Attacks- FREE White Paper
----------------------------------------------------------------
It's as simple as placing additional LDAP query commands into a Web
form input box giving hackers complete access to all your backend
systems! Firewalls and IDS will not stop such attacks because LDAP
Injections are seen as valid data.

Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection!
http://download.spidynamics.com/1/ad/ld.asp?cs1_ContSupRef=I-N-hlpnt3.8.04ld
----------------------------------------------------------------