HNS Newsletter Issue 211 - 03.05.2004. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. ---------------------------------------------------------------- Windows Server System is integrated server infrastructure software from Microsoft that is designed to work together and interact seamlessly with other data and applications across your IT environment so you can reduce the costs of ongoing operations, deliver highly reliable and secure IT infrastructure, and drive valuable new capabilities for the future growth of your business. For more information visit http://ad.sk.doubleclick.net/clk;8019767;9084238;x ---------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Reviews 6) Software 7) Webcasts 8) Conferences 9) Security world 10) Virus news [ Security news ] ---------------------------------------------------------------- MICROSOFT WARNS OF SSL ATTACKS Hackers preparing to exploit Secure Socket Layer vulnerabilities in Windows. http://www.net-security.org/news.php?id=5104 CYBER-COPS RREST TRIO IN PIRACY XRACKDOWN Nearly 100 individuals worldwide, many of whom are alleged to be leaders or high-level members of various international piracy organizations, have been identified by Operation Fastlink to date. http://www.net-security.org/news.php?id=5105 COMMON SECURITY VULNERABILITIES IN E-COMMERCE SYSTEMS This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments. http://www.net-security.org/news.php?id=5106 'BURNT OUT' IT STAFF LOSING VIRUS BATTLE Failure to centralise antivirus software management exhausts IT workers. http://www.net-security.org/news.php?id=5107 VIRUS WARNING: BAGLE.Z GETS POETIC The author of the latest variant of the Bagle worm has gone beyond penning just a piece of code - the writer has also included a poem in the document attachment on which the worm piggybacks. http://www.net-security.org/news.php?id=5108 DOCUMENT SECURITY FEARS GROW Problems with maintaining the confidentiality of electronic documents and preventing document tampering are on the rise, according to a security manager at Adobe Systems Inc. http://www.net-security.org/news.php?id=5109 EUROPE DRAGS HEELS IN WAR ON SPAM The shortcomings of Europe's war against spam are highlighted in a study of anti-spam legislation published today. http://www.net-security.org/news.php?id=5110 COMPUTER ATTACKS ON UK BUSINESSES DOUBLE DTI security breaches survey finds firms more vulnerable now than in 2002. http://www.net-security.org/news.php?id=5111 BAGLE TURNS TO VERSE The latest variant of the worm includes a poem in the attachment that hides the worm. http://www.net-security.org/news.php?id=5112 COMPANIES TEAM ON UBIQUITOUS, SECURE MOBILE/WIRELESS SYSTEM Users of notebooks and other mobile data devices could benefit from a new chip-card-based system offering ubiquitous, secure connectivity between mobile and wireless LAN networks. http://www.net-security.org/news.php?id=5113 WORM WITH EMBEDDED POETRY The author of the Bagle worm apparently has a softer side, security experts said Tuesday as their analysis uncovered -- believe it or not -- a poem embedded in most recent variant, which went wild on Monday. http://www.net-security.org/news.php?id=5114 AGENCIES SLOW TO MEET ONLINE PRIVACY CRITERIA A few more agency Web sites now have machine-readable privacy policies, but the adoption rate should be faster, according to a new report from Ernst and Young LLP. http://www.net-security.org/news.php?id=5115 SIGNS POINT TO WORM ATTACK ON SSL VULNERABILITY Security experts on Tuesday said they are seeing evidence of what appears to be a worm exploiting the recently announced vulnerability in the Windows implementation of the Secure Sockets Layer (SSL) protocol. http://www.net-security.org/news.php?id=5116 FIGHTING BACK AGAINST SPYWARE Microsoft estimates spyware is responsible for half of all PC crashes. http://www.net-security.org/news.php?id=5117 AUSTRALIAN BANKS TARGETED IN WINDOWS ATTACK Internet hackers based in Brazil, Germany and the Netherlands have launched attacks against some of Australia’s largest financial institutions over the Anzac Day long weekend. http://www.net-security.org/news.php?id=5118 TIME TO MARRY NETWORK AND PHYSICAL SECURITY They are one and the same - security is security is security... http://www.net-security.org/news.php?id=5120 SKILLS SHORTAGE THREATENS SECURITY A recent survey shows that security breaches are on the increase. Could a skills shortage be to blame? http://www.net-security.org/news.php?id=5121 POLL: MOST 'SECURITY CONSCIOUS' Macworld Online readers are far more security conscious than the rest of the UK population – 70 per cent of whom would reveal their computer password "for a bar of chocolate", a new survey concludes. http://www.net-security.org/news.php?id=5123 HACKERS? WHAT ABOUT RISING DAMP? A water leak or a failure in temperature control are just as likely to cause computer downtime as malicious attackers. But such so-called environmental issues are neglected until disaster strikes. http://www.net-security.org/news.php?id=5124 SPYING SOFTWARE WATCHES YOU WORK Spyware is rampant on computers in US businesses, a survey has found. http://www.net-security.org/news.php?id=5125 COMPUTER HACKING 'COSTS BILLIONS' Three-quarters of UK companies have been hit by security breaches in their computer systems over the past year, costing billions to industry. http://www.net-security.org/news.php?id=5126 MULTINATIONAL TEAM CRACKS CRYPTO PUZZLE RSA Security on Tuesday said that over three months of consistent effort helped a team of mathematicians from Europe and North America solve the company's latest encryption puzzle. http://www.net-security.org/news.php?id=5127 HACK YOUR WAY TO HOLLYWOOD Heather Robinson, 25, sure has moxie. She turned her youthful indiscretions with a stolen credit card into a movie deal. Now she's trying to land another, this one based on her electronic snooping through AOL's customer database. http://www.net-security.org/news.php?id=5128 LINUX VULNERABLE TO INFILTRATION Linux source code could be infiltrated by dubious elements, including spies, according to a white paper released by Dan O'Dowd, chief executive officer of Green Hills Software Inc. http://www.net-security.org/news.php?id=5129 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Citrix MetaFrame Administrator Excessive Privilege Vulnerability http://www.net-security.org/vuln.php?id=3422 Microsoft Internet Explorer Certificate Stealing Vulnerability http://www.net-security.org/vuln.php?id=3421 3com NBX VOIP NetSet Denial of Service Vulnerability http://www.net-security.org/vuln.php?id=3420 Props 0.6.1 Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3419 SquirrelMail Multiple Cross Scripting Vulnerabilities http://www.net-security.org/vuln.php?id=3418 Moodle Cross Site Scripting Vulnerability http://www.net-security.org/vuln.php?id=3417 Network Query Tool 1.6 Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3416 Open Bulletin Board 1.0.6 Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3415 eXtremail 1.5.9 Multiple Format String Vulnerabilities http://www.net-security.org/vuln.php?id=3414 paFileDB Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3413 Samsung SmartEther SS6215S Switch Authentication Bypass Vulnerability http://www.net-security.org/vuln.php?id=3412 Netegrity SiteMinder Affiliate Agent Cookie Overflow Vulnerability http://www.net-security.org/vuln.php?id=3411 Symantec Multiple Firewall TCP Options Denial of Service http://www.net-security.org/vuln.php?id=3410 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Microsoft Security Update Alert - Sasser Worm http://www.net-security.org/advisory.php?id=3294 Debian Security Advisory - New flim packages fix insecure temporary file creation (DSA 500-1) http://www.net-security.org/advisory.php?id=3293 Debian Security Advisory - New rsync packages fix directory traversal bug (DSA 499-1) http://www.net-security.org/advisory.php?id=3292 Netwosix Linux Security Advisory - xchat (2004-0014) http://www.net-security.org/advisory.php?id=3291 Netwosix Linux Security Advisory - samba (2004-0013) http://www.net-security.org/advisory.php?id=3290 Apple Security Update - QuickTime 6.5.1 (APPLE-SA-2004-04-30) http://www.net-security.org/advisory.php?id=3289 Red Hat Security Advisory - Updated mc packages resolve several vulnerabilities (RHSA-2004:173-01) http://www.net-security.org/advisory.php?id=3288 Mandrakelinux Security Update Advisory - proftpd (MDKSA-2004:041) http://www.net-security.org/advisory.php?id=3287 Red Hat Security Advisory - Updated OpenOffice packages fix security vulnerability in neon (RHSA-2004:163-01) http://www.net-security.org/advisory.php?id=3286 Red Hat Security Advisory - Updated libpng packages fix crash (RHSA-2004:181-01) http://www.net-security.org/advisory.php?id=3285 Trustix Secure Linux Security Advisory - libpng proftpd (2004-0025) http://www.net-security.org/advisory.php?id=3284 Red Hat Security Advisory - Updated utempter package fixes vulnerability (RHSA-2004:175-01) http://www.net-security.org/advisory.php?id=3283 OpenPKG Security Advisory - proftpd (OpenPKG-SA-2004.018) http://www.net-security.org/advisory.php?id=3282 Debian Security Advisory - libpng, libpng3 (DSA 498-1) http://www.net-security.org/advisory.php?id=3281 Trustix Secure Linux Security Advisory - rsync (2004-0024) http://www.net-security.org/advisory.php?id=3280 Red Hat Security Advisory - Updated httpd packages fix mod_ssl security issue (RHSA-2004:182-01) http://www.net-security.org/advisory.php?id=3279 Red Hat Security Advisory - An updated LHA package fixes security vulnerabilities (RHSA-2004:179-01) http://www.net-security.org/advisory.php?id=3278 Red Hat Security Advisory - An updated X-Chat package fixes vulnerability in Socks-5 (RHSA-2004:177-01) http://www.net-security.org/advisory.php?id=3277 Mandrakelinux Security Update Advisory - libpng (MDKSA-2004:040) http://www.net-security.org/advisory.php?id=3276 Mandrakelinux Security Update Advisory - mc (MDKSA-2004:039) http://www.net-security.org/advisory.php?id=3275 OpenPKG Security Advisory - png (OpenPKG-SA-2004.017) http://www.net-security.org/advisory.php?id=3274 Gentoo Linux Security Advisory - Multiple Vulnerabilities in Samba (GLSA 200404-21) http://www.net-security.org/advisory.php?id=3273 Debian Security Advisory - New mc packages fix several vulnerabilities (DSA 497-1) http://www.net-security.org/advisory.php?id=3272 Debian Security Advisory - New eterm packages fix indirect arbitrary command execution (DSA 496-1) http://www.net-security.org/advisory.php?id=3271 Guardian Digital Security Advisory - kernel (ESA-20040428-004) http://www.net-security.org/advisory.php?id=3270 Mandrakelinux Security Update Advisory - sysklogd (MDKSA-2004:038) http://www.net-security.org/advisory.php?id=3269 Slackware Security Advisory - kernel security updates (SSA:2004-119-01) http://www.net-security.org/advisory.php?id=3268 SGI Security Advisory - SGI Advanced Linux Environment security update #19 (20040406-01-U) http://www.net-security.org/advisory.php?id=3267 Mandrakelinux Security Update Advisory - kernel (kernel) http://www.net-security.org/advisory.php?id=3266 SGI Security Advisory - SGI ProPack v2.4: Kernel update #3 (40405-01-U) http://www.net-security.org/advisory.php?id=3265 Gentoo Linux Security Advisory - Multiple Vulnerabilities in ssmtp (GLSA 200404-18) http://www.net-security.org/advisory.php?id=3264 Gentoo Linux Security Advisory - Buffer overflows and format string vulnerabilities in LCDproc (GLSA 200404-19) http://www.net-security.org/advisory.php?id=3263 Gentoo Linux Security Advisory - Multiple vulnerabilities in xine (GLSA 200404-20) http://www.net-security.org/advisory.php?id=3262 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- INFOSECURITY EUROPE 2004 SHOWCASE VIDEO The video is 4:53 minutes in length, available for download in Windows Media 9 256K (9.08 MB) and 64K (2.27 MB). Check out the great atmosphere in London. http://www.net-security.org/article.php?id=682 THE TRENDS IN INFORMATION SECURITY SPENDING According to the latest industry research comissioned by Cisco Systems, businesses still don't spend enough money on information security. http://www.net-security.org/article.php?id=681 ---------------------------------------------------------------- [ Webcasts ] All webcasts are located at: http://www.net-security.org/webcasts.php ---------------------------------------------------------------- Security with the Visual Studio Tools for the Microsoft Office System Organized by Microsoft on 5 May 2004, 11:00 AM PT http://www.net-security.org/webcast.php?id=212 The Symantec End-to-End Security Solution for the Microsoft-Driven Enterprise Organized by Symantec on 5 May 2004, 11:00 AM PST http://www.net-security.org/webcast.php?id=264 Secure Remote Access – WLAN, VPN, Web, Terminal Services, Dial-up Organized by Activcard on 6 May 2004, 11:00 AM PT http://www.net-security.org/webcast.php?id=255 Managing Enterprise Risk in a Wireless World Organized by META Group on 6 May 2004, 2:00 PM ET http://www.net-security.org/webcast.php?id=270 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://www.net-security.org/conferences.php ---------------------------------------------------------------- Computer Security Mexico 2004 Organized by Computer Security Department and UNAM-CERT - 27 May-28 May 2004 http://www.net-security.org/conference.php?id=87 RSA Conference 2004 Japan Organized by RSA Conference 2004 Japan Executive Comittee - 31 May-1 June 2004 http://www.net-security.org/conference.php?id=82 Infosecurity Canada Conference & Exhibition 2004 Organized by Reed Exhibitions - 1 June-3 June 2004 http://www.net-security.org/conference.php?id=86 BCS Birmingham IT Security Conference 2004 Organized by British Computer Society - 8 June-8 June 2004 http://www.net-security.org/conference.php?id=81 16th Annual FIRST Conference Organized by FIRST - 13 June-18 June 2004 http://www.net-security.org/conference.php?id=22 NetSec 2004 Organized by Computer Security Institute - 14 June-16 June 2004 http://www.net-security.org/conference.php?id=20 2004 USENIX Annual Technical Conference Organized by USENIX Association - 27 June-2 July 2004 http://www.net-security.org/conference.php?id=66 DIMVA 2004 Organized by German Informatics Society - 6 July-7 July 2004 http://www.net-security.org/conference.php?id=47 RUXCON 2004 Organized by Australian computer security community - 10 July-11 July 2004 http://www.net-security.org/conference.php?id=88 Open Source Convention 2004 Organized by O'Reilly - 26 July-30 July 2004 http://www.net-security.org/conference.php?id=89 13th USENIX Security Symposium Organized by USENIX Association - 9 August-13 August 2004 http://www.net-security.org/conference.php?id=67 The 14th Virus Bulletin International Conference (VB2004) Organized by Virus Bulletin - 29 September-1 October 2004 http://www.net-security.org/conference.php?id=83 RSA Conference Europe 2004 Organized by RSA Security - 3 November-5 November 2004 http://www.net-security.org/conference.php?id=90 ---------------------------------------------------------------- [ Security world ] All press releases are located at: http://www.net-security.org/press_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- ServGate Enhances McAfee-based Email Filtering Engine with Intelligent Spam Prevention and Heuristics Capabilities http://www.net-security.org/press.php?id=2101 AEP Systems Hires New Positions, Strengthens AEP Sureware Net Team http://www.net-security.org/press.php?id=2100 Aladdin and Crossbeam Systems Partner to Offer Powerful Content Security for High Capacity and High Availability Customers http://www.net-security.org/press.php?id=2099 Sygate Technologies Named Finalist For Red Herring Top 100 http://www.net-security.org/press.php?id=2098 Lurhq Reports Sasser Worm Rapidly Spreading Across Internet http://www.net-security.org/press.php?id=2097 Proofpoint and F-Secure Announce Technology Partnership http://www.net-security.org/press.php?id=2096 ContentKeeper Technologies Incorporates F-Secure Anti-Virus for Linux File Servers into their ContentKeeper Internet Filtering Appliance Product Family http://www.net-security.org/press.php?id=2095 Certicom Announces Elliptic Curve Cryptography Challenge Winner http://www.net-security.org/press.php?id=2094 Imperva Unveils SecureSphere Web Application Security Appliances http://www.net-security.org/press.php?id=2093 GlobalSign Launches New SSL Server Certificate Model For Large Organisations http://www.net-security.org/press.php?id=2092 (ISC)2 Offers Grandfathering Process For Advanced Architecture And Management Certifications http://www.net-security.org/press.php?id=2091 Utimaco Increases Revenue And Result In The First Nine Months Of The Business Year 2003/2004 http://www.net-security.org/press.php?id=2090 TippingPoint’s UnityOne Intrusion Prevention System Deployed at the University of Texas McCombs School of Business http://www.net-security.org/press.php?id=2089 Syngress Publishing Announces the Release of "WarDriving: Drive, Detect, Defend" http://www.net-security.org/press.php?id=2088 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- New Automatic Internet Worm Spreading at Increasing Pace (03 May 2004) http://www.net-security.org/virus_news.php?id=397 Top Ten Viruses And Hoaxes Reported To Sophos in April 2004 (03 May 2004) http://www.net-security.org/virus_news.php?id=396 Panda Software Offers to Every User the Free Tool to Disinfect and Remove Sasser.A (03 May 2004) http://www.net-security.org/virus_news.php?id=395 Panda ActiveScan Top 10 Viruses in April 2004 (03 May 2004) http://www.net-security.org/virus_news.php?id=394 Weekly Report on Viruses and Intrusions - Bagle and NetSky Variants, Gimered and Gaobot Worms (03 May 2004) http://www.net-security.org/virus_news.php?id=393 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ---------------------------------------------------------------- Windows Server System is integrated server infrastructure software from Microsoft that is designed to work together and interact seamlessly with other data and applications across your IT environment so you can reduce the costs of ongoing operations, deliver highly reliable and secure IT infrastructure, and drive valuable new capabilities for the future growth of your business. For more information visit http://ad.sk.doubleclick.net/clk;8019767;9084238;x ----------------------------------------------------------------