HNS Newsletter
Issue 216 - 07.06.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week.


----------------------------------------------------------------
ADVERTISEMENT
----------------------------------------------------------------
Windows Server System is integrated server infrastructure 
software from Microsoft that is designed to work together and 
interact seamlessly with other data and applications across your 
IT environment so you can reduce the costs of ongoing operations, 
deliver highly reliable and secure IT infrastructure, and drive 
valuable new capabilities for the future growth of your business.

For more information visit 
http://ad.sk.doubleclick.net/clk;8032536;9084238;m
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Webcasts
7) Conferences
8) Security World
9) Virus News


[ Security news ]


----------------------------------------------------------------

REPORT: FDIC DATA VULNERABLE
Lax security in the Depression-era agency that protects American's
bank deposits is the focus of a report by the General Accounting
Office. The study says major losses of money, information and other
data are possible.
http://www.net-security.org/news.php?id=5313


WI-FI IS HOT, SECURITY IS NOT
Mike Outmesguine ventured off to sniff out wireless networks between
Los Angeles and San Francisco. He got a big whiff of insecurity.
http://www.net-security.org/news.php?id=5314


HNS NEWSLETTER ISSUE 215 HAS BEEN RELEASED
You can read the Newsletter in TXT or PDF format. If you haven't done
it yet, consider subscribing. This issue is sponsored by Microsoft.
http://www.net-security.org/news.php?id=5315


MICROSOFT, SUN SECURITY PATHS DIVERGE
Identity management is rapidly becoming a new battleground for rivals
Microsoft Corp. and Sun Microsystems Inc., each of which is
committing support for different standards.
http://www.net-security.org/news.php?id=5316


THE GRSECURITY PROJECT IS ABOUT TO DISAPPEAR
Beginning May 31, 2004, development of grsecurity will cease.
http://www.net-security.org/news.php?id=5317


CVS EXPLOIT LEADS TO PROJECT SERVER COMPROMISE
Users of Concurrent Versions System (CVS) software are being urged to
patch their systems against an exploit used to hack the project's web
site.
http://www.net-security.org/news.php?id=5318


COMPLEX PASSWORDS FOIL HACKS
As more websites demand passwords, scammers are getting cleverer
about stealing them -- hence, the need for such "passwords-plus"
systems.
http://www.net-security.org/news.php?id=5319


PUTTING SECURITY WHERE IT BELONGS
In recent years, business information systems have expanded into
networks, encompassing partners, suppliers and customers. And this
brings greater security challenges.
http://www.net-security.org/news.php?id=5320


HOW TO SELL - A PRETTY KETTLE OF PHISH
New technologies have brought with them a new wave of security
challenges. Resellers stand to benefit if they help end-users to
create and manage the systems and policies required.
http://www.net-security.org/news.php?id=5321


HACKERS 'RECYCLING CODE' TO SPREAD WORMS
Although less new malicious code appears to be being written, viruses
and worms are continuing to cause problems around the world, says
Trend Micro.
http://www.net-security.org/news.php?id=5322


WHEN ENCRYPTION CAN BE MISLEADING
The trust that encryption generates can be deceptive, one researcher,
a regular poster to the full-disclosure vulnerability mailing list,
has discovered.
http://www.net-security.org/news.php?id=5323


EARLY ALERTING - THE KEY TO PROACTIVE SECURITY
In an environment where attacks are becoming more frequent and more
sophisticated, what steps can enterprises take to ensure business
continuity? Increasingly, these organizations are considering
implementing an early warning system.
http://www.net-security.org/news.php?id=5324


BIG BUCKS FOR BIOMETRIC SCREENING
The Department of Homeland Security awards a $10 billion contract to
a group of companies, led by Accenture, to build a system to screen
and track foreign visitors to the United States.
http://www.net-security.org/news.php?id=5325


CHROOTING APACHE
The chroot daemon allows you to run a program and have it see a given
directory as the root (/) directory.
http://www.net-security.org/news.php?id=5326


MISSING: A LAPTOP OF DEA INFORMANTS
Federal investigators are frantically trying to determine what
happened to a missing laptop computer that contains sensitive data.
http://www.net-security.org/news.php?id=5327


SECURE INFORMATION SHARING AND THE DATA RESIDENCY DILEMMA
One of the top priorities for companies today is information sharing
with a vast ecosystem of external entities, ranging from business
partners and suppliers to customers.
http://www.net-security.org/news.php?id=5328


SIMPLE PASSWORDS NO LONGER SUFFICE
To access her bank account online, Marie Jubran opens a Web browser
and types in her Swedish national ID number along with a four-digit
password. She then pulls out a card of scratch-off codes and uses one
to log on.
http://www.net-security.org/news.php?id=5329


HOW MUCH SHOULD YOU INVEST IN IT SECURITY?
One of the main concerns of the organizers of the Olympic Games to be
held in Athens this summer is security, but not only physical
security, computer security as well.
http://www.net-security.org/news.php?id=5330


FROM EXPOSITION TO EXPLOIT: ONE SECURITY BOOK'S STORY
Even prior to its release in May, The Shellcoder's Handbook:
Discovering and Exploiting Security Holes drew attention to the
exploitive nature of the narrative.
http://www.net-security.org/news.php?id=5331


H.323 MEDIATED VOICE OVER IP: VULNERABILITIES AND MORE
This paper provides an overview of the H.323 (VoIP) protocol suite,
its known vulnerabilities, and then suggests twenty rules for
securing an H.323-based network.
http://www.net-security.org/news.php?id=5332


SECURITY ESCAPES FROM THE LAB
As security threats increase, HP's researchers concentrate on
management and active countermeasures.
http://www.net-security.org/news.php?id=5333


WHEN PGP SIGNATURES CAN BE MISLEADING
The trust that PGP signatures generates can be deceptive, one
researcher, a regular poster to the full-disclosure vulnerability
mailing list, has discovered.
http://www.net-security.org/news.php?id=5334


MICROSOFT NOT A THREAT TO US NATIONAL SECURITY
Microsoft's dominance of the desktop operating system market isn't a
threat to U.S. national security, according to a new study by a team
of researchers at the George Mason University, who said a worm or
other malicious attack on Windows is unlikely to produce a
catastrophic failure of the Internet.
http://www.net-security.org/news.php?id=5335


RFID'S SECRET PATH TO ROI
"If manufacturers and retailers can get accurate, real-time demand
data rather than estimates ... that would represent a sea change in
demand forecasting," AMR's Kara Romanov says. "The holy grail for CPG
manufacturers is real-time, clean and accurate demand data."
http://www.net-security.org/news.php?id=5336


PHISHERS PUT SURFERS ON THE HOOK
Trolling for credit card numbers with phony websites and e-mails is
becoming more and more popular, but enforcement is still playing
catch-up.
http://www.net-security.org/news.php?id=5337


MULTIPLE SECURITY ROLES WITH UNIX/LINUX
There are some areas of security where Linux and Unix have some
strong wins, and simply fit in better than anything else.
http://www.net-security.org/news.php?id=5338


DOUBLE SNORTING
This article discusses running two instances of Snort — one
configured for the attacks on the services he runs, and one with
almost all attack rules enabled to keep him informed about the
variety of attacks floating around the Internet.
http://www.net-security.org/news.php?id=5339


APPLE AND OS SECURITY - COMMUNICATION IS KEY
When it comes to security, Apple Computer's report card reads like
that of a gifted child: high marks for achievement, but needs to
communicate better with others.
http://www.net-security.org/news.php?id=5340


WINDOWS GETS 'STRONG' PASSWORDS AS SECURID TRIALS KICK OFF
RSA Security and Microsoft have started beta testing a product
designed to kill off the traditional password.
http://www.net-security.org/news.php?id=5341


SECURITY VENDOR SAYS OFFSHORE DEVELOPMENT NEEDS CHECKS
An executive from Citadel Security Software Inc. pointed to offshore
software development as one reason for security vulnerabilities in a
hearing before a U.S. House Subcommittee Wednesday.
http://www.net-security.org/news.php?id=5342


HARRY POTTER VIRUS TARGETS CHILDREN
Virus authors have tapped into excitement over the latest Harry
Potter film to spread an old worm.
http://www.net-security.org/news.php?id=5343


GAO: FEDS CAN IMPROVE CRITICAL CYBERSECURITY
Although the private sector owns most of the nation's critical
infrastructures, the federal government has several options to
improve cybersecurity of such assets.
http://www.net-security.org/news.php?id=5344


WORM STEALS CREDIT CARD DETAILS
Windows users are being warned about a virus that is "aggressively
stealing" credit card numbers and passwords.
http://www.net-security.org/news.php?id=5345


SENDMAIL'S SECURITY
Some might say that security starts at the server. Some of these
servers process millions of messages during a week’s time. How do you
know if the server is secure?
http://www.net-security.org/news.php?id=5346


NEW WORM TARGETS TWO MS VULNERABILITIES
Antivirus software companies are warning customers about a new e-mail
worm that targets unpatched Microsoft Corp. Windows machines with
either of two recently disclosed software vulnerabilities.
http://www.net-security.org/news.php?id=5347


SECURITY TIME BOMB IS TRIGGERED BY 'ROGUE LAPTOPS'
Notebook PCs that have missed the regular patching cycle are
vulnerable to security threats such as the recent Korgo worm, warn
security experts.
http://www.net-security.org/news.php?id=5348

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Mollensoft Lightweight FTP Server CWD Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3488


Firebird Database Remote Database Name Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3487


PHPNuke Inadequate Security Checking Vulnerability
http://www.net-security.org/vuln.php?id=3486


Nuke Cops betaNC PHP-Nuke Inadequate Security Checking Vulnerability
http://www.net-security.org/vuln.php?id=3485


OSC2Nuke Inadequate Security Checking Vulnerability
http://www.net-security.org/vuln.php?id=3484


LinkSys WRT54G Administration Page WAN Availability Vulnerability
http://www.net-security.org/vuln.php?id=3482


JPortal SQL Injection Vulnerability
http://www.net-security.org/vuln.php?id=3481


Mollensoft FTP Server v.3.6 Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3480


e107 v.0.615 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3479


LDU Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3478

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Mandrakelinux Security Update Advisory - krb5 (MDKSA-2004:056)
http://www.net-security.org/advisory.php?id=3419


NetBSD Security Advisory - CVS server vulnerability (2004-008)
http://www.net-security.org/advisory.php?id=3418


Debian Security Advisory - New log2mail packages fix format string
vulnerabilities  (DSA 513-1)
http://www.net-security.org/advisory.php?id=3417


MIT krb5 Security Advisory - buffer overflows in
krb5_aname_to_localname (2004-001)
http://www.net-security.org/advisory.php?id=3416


Gentoo Linux Security Advisory - tla: Multiple vulnerabilities in
included libneon (Errata Update GLSA 200405-25:02)
http://www.net-security.org/advisory.php?id=3415


Debian Security Advisory - New rsync packages fix directory traversal
bug (DSA 499-2)
http://www.net-security.org/advisory.php?id=3414


Debian Security Advisory - New gallery packages fix unauthenticated
access  (DSA 512-1)
http://www.net-security.org/advisory.php?id=3413


Slackware Security Advisory - PHP local security issue
(SSA:2004-154-02)
http://www.net-security.org/advisory.php?id=3412


Slackware Security Advisory - mod_ssl (SSA:2004-154-01)
http://www.net-security.org/advisory.php?id=3411


SOT Linux Security Advisory - Updated apache package for SOT Linux
2003 (SLSA-2004:20)
http://www.net-security.org/advisory.php?id=3410


Trustix Secure Linux Security Advisory - kerberos5 (#2004-0032)
http://www.net-security.org/advisory.php?id=3409


Trustix Secure Linux Security Advisory - apache (#2004-0031)
http://www.net-security.org/advisory.php?id=3408


Mandrakelinux Security Update Advisory - mod_ssl (MDKSA-2004:054)
http://www.net-security.org/advisory.php?id=3407


Mandrakelinux Security Update Advisory - apache2 (MDKSA-2004:055)
http://www.net-security.org/advisory.php?id=3406


Mandrakelinux Security Update Advisory - xpcd (MDKSA-2004:053)
http://www.net-security.org/advisory.php?id=3405


Gentoo Linux Security Advisory  - tla: Heap-based buffer overflow in
included libneon (GLSA 200405-25)
http://www.net-security.org/advisory.php?id=3404


Debian Security Advisory -  New ethereal packages fix buffer
overflows (DSA 511-1)
http://www.net-security.org/advisory.php?id=3403


Debian Security Advisory -  New jftpgw packages fix format string
vulnerability  (DSA 510-1)
http://www.net-security.org/advisory.php?id=3402


Debian Security Advisory -  New gatos packages fix privilege
escalation  (DSA 509-1)
http://www.net-security.org/advisory.php?id=3401


Apple Security Advisory - APPLE-SA-2004-05-28 Mac OS X Update 10.3.4
http://www.net-security.org/advisory.php?id=3400


SGI Security Advisory - SGI Advanced Linux Environment security
update #20 (20040508-01-U)
http://www.net-security.org/advisory.php?id=3399


SGI Security Advisory - SGI Advanced Linux Environment 3 Security
Update #2 (20040509-01-U)
http://www.net-security.org/advisory.php?id=3398


Gentoo Linux Security Advisory - MPlayer, xine-lib: vulnerabilities
in RTSP stream handling  (GLSA 200405-24)
http://www.net-security.org/advisory.php?id=3397

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

HOW MUCH SHOULD YOU INVEST IN IT SECURITY?
One of the main concerns of the organizers of the Olympic Games 
to be held in Athens this summer is security, but not only physical 
security, computer security as well.
http://www.net-security.org/article.php?id=695


EARLY ALERTING - THE KEY TO PROACTIVE SECURITY
In an environment where attacks are becoming more frequent and more
sophisticated, what steps can enterprises take to ensure business
continuity? Increasingly, these organizations are considering
implementing an early warning system.
http://www.net-security.org/article.php?id=694

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3


----------------------------------------------------------------

AUTOPSY FORENSIC BROWSER 2.01
The Autopsy Forensic Browser is a graphical interface to the command
line digital forensic analysis tools in The Sleuth Kit.
http://www.net-security.org/software.php?id=216


CYCLONE 0.8
Cyclone is a programming language based on C that is safe, meaning
that it rules out programs that have buffer overflows, dangling
pointers, format string attacks, etc.
http://www.net-security.org/software.php?id=128


FLAWFINDER 1.25
Flawfinder searches through source code looking for potential
security flaws.
http://www.net-security.org/software.php?id=183


GRSECURITY 2.0
grsecurity is a complete security system for Linux 2.4 that
implements a detection/prevention/containment strategy.
http://www.net-security.org/software.php?id=208


HIJACKTHIS 1.97.7
A general homepage hijackers detector and remover.
http://www.net-security.org/software.php?id=565


MARADNS 1.1.20
MaraDNS is a DNS server that strives to be secure and fully
open-sourced.
http://www.net-security.org/software.php?id=84


PWGEN 1.40
PWGen is a password generator capable of creating *cryptographically
strong* passwords or passphrases with lengths up to 2048 bits.
http://www.net-security.org/software.php?id=435


SHELL INTRUSION DETECTION 0.3.5
SID is a Shell Intrusion Detection system. The kernel part plugs into
a terminal-processing subsystem and logs hashed terminal lines.
http://www.net-security.org/software.php?id=473


SHOREWALL 2.0.2f
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


SNORT 2.1.3
Snort is a lightweight network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP
networks.
http://www.net-security.org/software.php?id=112


TCPICK 0.1.23
Tcpick is a textmode sniffer that can track TCP streams and saves the
data captured in files or displays them in the terminal.
http://www.net-security.org/software.php?id=288


THE SLEUTH KIT 1.70
The Sleuth Kit is a collection of UNIX-based command line file system
forensic tools.
http://www.net-security.org/software.php?id=215


TRILLIAN RECOVERY PRO 
This program decrypts and display passwords stored by the Trillian
Instant Messaging client.
http://www.net-security.org/software.php?id=564


VTHROTTLE 0.54
Allows the administrator to control how much email users and hosts
may send, hindering the rapid spread of viruses, worms, and spam.
http://www.net-security.org/software.php?id=533


WMPASMAN 0.8.4.1
wmpasman stores passwords and makes them available for pasting (both
via the middle-click primary selection and the clipboard selection)
at the click of a button.
http://www.net-security.org/software.php?id=383

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at:
http://net-security.org/webcasts.php


----------------------------------------------------------------

Virtual Patch - The Next Generation of Managed Protection Services
Organized by ISS on 8 June 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=274


All anti-virus software is not created equal
Organized by Sophos on 16 June 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=285


Building Security into Your Software Development Lifecycle
Organized by Foundstone on 16 June 2004, 4:00 PM
http://www.net-security.org/webcast.php?id=292


Tips & Tricks for Secure Access to Cisco Routers
Organized by Global Knowledge on 25 June 2004, 4:00 PM
http://www.net-security.org/webcast.php?id=293


All anti-virus software is not created equal
Organized by Sophos on 30 June 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=286


Developing a Software Security Metrics Program
Organized by Foundstone on 14 July 2004, 4:00 PM
http://www.net-security.org/webcast.php?id=294

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

BCS Birmingham IT Security Conference 2004
Organized by British Computer Society - 8 June-8 June 2004
http://www.net-security.org/conference.php?id=81


16th Annual FIRST Conference
Organized by FIRST - 13 June-18 June 2004
http://www.net-security.org/conference.php?id=22


NetSec 2004
Organized by Computer Security Institute - 14 June-16 June 2004
http://www.net-security.org/conference.php?id=20


2004 USENIX Annual Technical Conference
Organized by USENIX Association - 27 June-2 July 2004
http://www.net-security.org/conference.php?id=66


Security Leadership Council 2004
Organized by IP Events, Inc. - 29 June-30 June 2004
http://www.net-security.org/conference.php?id=92


DIMVA 2004
Organized by German Informatics Society - 6 July-7 July 2004
http://www.net-security.org/conference.php?id=47


RUXCON 2004
Organized by Australian computer security community - 10 July-11 July
2004
http://www.net-security.org/conference.php?id=88


Open Source Convention 2004
Organized by O'Reilly - 26 July-30 July 2004
http://www.net-security.org/conference.php?id=89


13th USENIX Security Symposium
Organized by USENIX Association - 9 August-13 August 2004
http://www.net-security.org/conference.php?id=67


The 14th Virus Bulletin International Conference (VB2004)
Organized by Virus Bulletin - 29 September-1 October 2004
http://www.net-security.org/conference.php?id=83


RSA Conference Europe 2004
Organized by RSA Security - 3 November-5 November 2004
http://www.net-security.org/conference.php?id=90


IBM SecureWorld Conference EMEA 2004
Organized by IBM - 23 November-26 November 2004
http://www.net-security.org/conference.php?id=91

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Failure To Protect Networks Costs Business Dear As Security Threats
Rocket
http://www.net-security.org/press.php?id=2192


WEB.DE Enters Growth Market for PC Security
http://www.net-security.org/press.php?id=2191


Charter Communications Selects F-Secure For Hosted Antivirus and Data
 Security Service
http://www.net-security.org/press.php?id=2190


Bavarian State Revenues Office Implements Utimaco's SafeGuard
http://www.net-security.org/press.php?id=2189


GlobalSign Extends Webtrust Accreditation After Successful Audit By 
Deloitte
http://www.net-security.org/press.php?id=2188


PivX Acquires Threat Focus To Expand Proactive Enterprise Security
Solutions
http://www.net-security.org/press.php?id=2187


Stuart Taylor Joins I-S-Cubed as Worldwide Vice President of
Marketing
http://www.net-security.org/press.php?id=2186


TippingPoint Reports Results for First Quarter 2004
http://www.net-security.org/press.php?id=2185


Korea University Deploys TippingPoint’s UnityOne Intrusion Prevention
System
http://www.net-security.org/press.php?id=2184


IntelliReach Appoints Security Industry Pioneer Shaun Mcconnon To Its
 Board Of Directors
http://www.net-security.org/press.php?id=2183


netConsult Selects SteelEye LifeKeeper for Disaster Recovery
Clustering of Exchange, Oracle 9i and SQL Server Trading Systems
http://www.net-security.org/press.php?id=2182


The City of Overland Park Secures Interior with Mirage Networks
http://www.net-security.org/press.php?id=2181

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Kaspersky Labs Users Directly Threatened By New Worm
http://www.net-security.org/virus_news.php?id=417


Thousands of new reports of Netsky-P: 'Potter-mania' Tempting Users
Into Infection
http://www.net-security.org/virus_news.php?id=416


Top Ten Viruses And Hoaxes Reported To Sophos In May 2004
http://www.net-security.org/virus_news.php?id=415


Top Ten Viruses Most Frequently Detected by Panda ActiveScan in May
http://www.net-security.org/virus_news.php?id=414

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
ADVERTISEMENT
----------------------------------------------------------------
Windows Server System is integrated server infrastructure 
software from Microsoft that is designed to work together and 
interact seamlessly with other data and applications across your 
IT environment so you can reduce the costs of ongoing operations, 
deliver highly reliable and secure IT infrastructure, and drive 
valuable new capabilities for the future growth of your business.

For more information visit 
http://ad.sk.doubleclick.net/clk;8032536;9084238;m
----------------------------------------------------------------