HNS Newsletter
Issue 229 - 05.09.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.


----------------------------------------------------------------
FREE GUIDE: "THE STARTER PKI PROGRAM"
----------------------------------------------------------------
The Starter PKI program from thawte has been developed for
companies with a need to secure multiple domains or host names.
This guide will introduce you to the Program by explaining how
it works and its benefits. We will also point you to a dummy
company on our web site where you can "test drive" the Program.
Finally, you’ll find out how to enroll and the costs involved.
----------------------------------------------------------------
Download this free guide now:
http://www.net-security.org/v/thawte/index7.html
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Software
7) Webcasts
8) Conferences
9) Security World
10) Virus News


[ Security news ]


----------------------------------------------------------------

MICROSOFT PLAYS DOWN SP2 SECURITY GLITCHES
Glitches between Windows XP Service Pack 2 (SP2) and critical
applications continue to emerge, with McAfee admitting its flagship
VirusScan product prior to version 7.1 requires a customised patch to
be operational with Windows Security Center, part of SP2.
http://www.net-security.org/news.php?id=5936


DEPLOYING NETWORK ACCESS QUARANTINE CONTROL, PART 2
This article discusses Network Access Quarantine Control in Windows
Server 2003, which allows administrators to quarantine mobile users
and verify their security posture before giving them full access to
the network.
http://www.net-security.org/news.php?id=5937


CLOSING WIRELESS BACKDOORS
Wireless LAN analyzers detect rogue users and devices.
http://www.net-security.org/news.php?id=5938


HACKERS CONTINUE TO EXPERIMENT WITH 64-BIT VIRUSES
Shruggle virus could be 'a taste of things to come', warn experts.
http://www.net-security.org/news.php?id=5941


SPAM BLOCKERS TACKLE BROADER CONTENT-SECURITY ISSUES
FrontBridge Technologies Inc., Proofpoint Inc. and MailFrontier Inc.
are augmenting their respective spam-filtering offerings to address
enterprises' broader e-mail content security needs.
http://www.net-security.org/news.php?id=5942


ATTACKERS TARGET FRENCH ISP WANADOO
A hacker compromised the corporate website of France Télécom's
internet service provider (ISP) subsidiary Wanadoo, causing the site
to try to install a malicious software program on computers of
visitors.
http://www.net-security.org/news.php?id=5943


COLLEGES FEAR XP UPDATE WILL JAM NETWORKS
Microsoft Corp.'s decision to release a major upgrade for its
flagship operating system in the same month that hundreds of
thousands of students are reporting to college campuses across the
nation is causing a major headache for some universities.
http://www.net-security.org/news.php?id=5944


SPIES LIKE US
There’s no doubt online security — including ID theft — is still
perhaps the biggest issue facing PC World readers.
http://www.net-security.org/news.php?id=5945


A QUANTUM LEAP IN COMPUTING
One of the fundamental problems with computers as they exist today is
the two-pronged problem of security.
http://www.net-security.org/news.php?id=5946


CYBERCRIME CRACKDOWN
Two U.S. Justice Department operations have resulted in more than 150
arrests involving computer crimes that bilked an estimated 150,000
victims out of more than $215 million.
http://www.net-security.org/news.php?id=5947


US WEBSITE OFFERS CALLER ID FALSIFICATION SERVICE
Overdue debtors beware: You may not be able to rely on Caller ID to
screen out those annoying bill collectors much longer.
http://www.net-security.org/news.php?id=5948


SIMPLIFY SECURITY UPDATE PROCESS
The havoc caused in businesses over the past few years by a series of
increasingly devious computer viruses has highlighted the importance
of having a policy on patching vulnerable software.
http://www.net-security.org/news.php?id=5949


ATTACKERS HIJACK FEDERAL COMPUTERS
Hundreds of powerful computers at the Defense Department and U.S.
Senate were hijacked by hackers who used them to send spam e-mail,
federal authorities say.
http://www.net-security.org/news.php?id=5950


4 STEPS TO PROTECT WI-FI NETWORKS
Here are four steps that can help you keep your home network and
personal information secure.
http://www.net-security.org/news.php?id=5951


JUNIPER ADDS SECURITY SOFTWARE SUPPORT
JEDI group takes saber to security issues.
http://www.net-security.org/news.php?id=5952


SECRET SERVICE AND CERT ANALYZE INSIDER THREATS
It doesn’t take a techie to abuse an IT system from the inside, and
inside attackers do not fit any common profile. Those are among the
findings of the Secret Service and the CERT Coordination Center in a
study of insider attacks against financial organizations.
http://www.net-security.org/news.php?id=5953


MICROSOFT'S WAR ON BUGS
Stephen Toulouse, Microsoft's security program manager, talks to
Wired.
http://www.net-security.org/news.php?id=5954


FINE-TUNING SPAMASSASSIN
SpamAssassin is a popular spam classifier on Linux.
http://www.net-security.org/news.php?id=5955


NEW VIRUS MAKES SPYWARE SLEAZIER
A new worm, the W32/Rhot-GR, invades users' privacy in their home or
workplace by taking control of their webcams and microphones to spy
on them. Like earlier worms, it also steals personal data.
http://www.net-security.org/news.php?id=5956


IBM, RED HAT GET HIGH SECURITY CERTIFICATION
IBM and Red Hat say that they have achieved the CAPP/EAL3+ evaluation
level on the Common Criteria tests with Red Hat's Enterprise Linux 3
WS on xSeries servers as well as Enterprise Linux 3 AS on IBM's full
line of servers.
http://www.net-security.org/news.php?id=5957


SYSTEM ADMINISTRATION WITH PHP
Wouldn't it be great if you could extend your use of the language to
carry out general system administration tasks?
http://www.net-security.org/news.php?id=5958


INSIDE CRIMES REAP MILLIONS
Unsophisticated criminals on the inside pose a greater threat than
expert external hackers, according to a US study.
http://www.net-security.org/news.php?id=5959


SIMULATED HACKER ATTACKS
WesCorp uses Skybox View software to look at its systems through
hackers' eyes and identify the key vulnerabilities that need to be
fixed quickly.
http://www.net-security.org/news.php?id=5960


EMBEDDED NETWORK SECURITY
i3 micro's IP set-top box integrates AMD Alchemy Au1550 processor for
embedded network security.
http://www.net-security.org/news.php?id=5961


SSH BOUNCING - HOW TO GET THROUGH FIREWALLS EASILY
Often you'll have firewalls or other network equipment that doesn't
allow direct SSH access to machines behind it. Using a bit of
trickery, you can get through without seemingly jumping through any
hoops.
http://www.net-security.org/news.php?id=5962


TESTS REVEAL E-PASSPORT SECURITY FLAW
The Department of Homeland Security's first tests of
electronic-passport interoperability exposed technology flaws,
including myopic and dyslexic smart-card readers.
http://www.net-security.org/news.php?id=5963


REPORT CASTS DOUBT ON IRS HACKING-DETECTION SYSTEM
The problems found raise questions about the agency's modernization
plans.
http://www.net-security.org/news.php?id=5964


ARMY CIO ASKS FOR BETTER SECURITY
The Army's chief information officer wants service and industry
information technology officials to do a better job of protecting
networks and building more secure products.
http://www.net-security.org/news.php?id=5965


HARDWARE TODAY - NEXT-GEN FIREWALLS REACH HIGH
Firewalls have come a long way since 1985, when U.S. Department of
Defense experiments spawned basic packet filtering technologies.
http://www.net-security.org/news.php?id=5966


SENDMAIL SEARCHES FOR ANTISPAM TESTERS
Sendmail has taken a first stab at software to authenticate the
source of e-mail messages, a technology that will be key to
preventing the proliferation of spam.
http://www.net-security.org/news.php?id=5967


DOD REVEALS VIRAL INFECTION
The breach of security, Dodgen said, illustrated the need for
"diligence, diligence, diligence" when it comes to information
security and assurance — although he described his initial reaction
to the incident as, "Who are we going to shoot?"
http://www.net-security.org/news.php?id=5968


IS ENCRYPTION DOOMED?
Our entire information society rests on a fragile foundation that
mathematicians are racing to dismantle.
http://www.net-security.org/news.php?id=5969


PASSING THE WLAN SECURITY BUCK
Company offers outsourced wireless LAN to overcome security
vulnerabilities.
http://www.net-security.org/news.php?id=5970


PDA SECURITY STILL DISMAL
Worker apathy about PDA security is putting corporate data in
jeopardy.
http://www.net-security.org/news.php?id=5971


CIRCUMVENTING WEB SERVICES SECURITY PROBLEMS
When Aeroplan, an airline affinity program owned by Air Canada with
over six million members worldwide, decided to rapidly expand its
partnership program, it needed a secure way to bridge its XML
infrastructure with partners’ systems.
http://www.net-security.org/news.php?id=5972


BREAKING INTO VOICEMAIL SYSTEMS IS A EASY
Businesses are placing themselves at risk because they are failing to
secure their internal voicemail systems from hackers.
http://www.net-security.org/news.php?id=5974


XEROX MULTIFUNCTION SYSTEMS EARN HIGH STANDARD FOR SECURITY
Xerox Corporation has earned the coveted international standard in
security assessments for six of its office multifunction systems.
http://www.net-security.org/news.php?id=5975


MESSAGELABS, SYMANTEC TEAM ON ANTISPAM SERVICE
MessageLabs, a provider of e-mail security services, will use
Symantec's Brightmail filtering technology as part of its own
antispam service, the company said Wednesday.
http://www.net-security.org/news.php?id=5976


BALLMER BEATS SECURITY DRUM
Microsoft CEO Steve Ballmer believes the software industry will
create more positive change in the next 10 years than it did in the
previous 10 -- provided that security threats are effectively
handled.
http://www.net-security.org/news.php?id=5977


IT USERS SEEK TO CERTIFY SECURITY
Industry-wide standards sought by IT experts at major companies.
http://www.net-security.org/news.php?id=5978


SECURE MOBILE PHONES WILL USE FINGERPRINT ID
The fingerprint locking system is already in use in Japan.
http://www.net-security.org/news.php?id=5979


AFFORDABLE IT: DESKTOP SECURITY
Protecting your organization means guarding against attackers as well
as internal problems. Tools are essential, but so is user education.
http://www.net-security.org/news.php?id=5980


WPA2-CERTIFIED WI-FI TOUGHENS SECURITY
Wi-Fi Protected Access 2 is meant to significantly strengthen
wireless security, and certified products are now available.
http://www.net-security.org/news.php?id=5981


HACK TO SCHOOL
School wasn't even in session, and Dartmouth College chief
information officer Lawrence Levine was penning the kind of letter
technology executives dread.
http://www.net-security.org/news.php?id=5983


AIDE AND CHKROOTKIT
Network security is continuing to be a big problem for companies and
home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide
and chkrootkit.
http://www.net-security.org/news.php?id=5984


BIG BROTHER WATCHES BRITAIN
The teenagers who stabbed wealthy Joao Da Costa Mitendele to death
before burgling his home were careful to conceal the crime. They used
a pretty girl to gain access to his apartment, where they wore rubber
gloves while committing their crimes.
http://www.net-security.org/news.php?id=5985


SPAM AVALANCHE KEEPS GROWING
The spam flood is rising, contributing to a reduction in the
usefulness of e-mail, a market research firm said Wednesday.
http://www.net-security.org/news.php?id=5986


ARMY HONORS SECURITY WORK
The Army this week issued its first awards to service personnel and
contractors for excellence in information assurance.
http://www.net-security.org/news.php?id=5987


FALLOUT FROM VIRUS WAR PERSISTS
Netsky, Bagle and Mydoom variants still topping the virus charts.
http://www.net-security.org/news.php?id=5988


SECURITY FLAWS IN WINZIP COULD ALLOW ATTACKS
WinZip Computing Inc. recently revealed that Version 9.0 of its
popular WinZip file compression program is vulnerable to a variety of
security attacks.
http://www.net-security.org/news.php?id=5989


SIMPLE AND SECURE ISN'T SO SIMPLE
Simple to code does not always mean simple for the user. And simple
for the user is often not easy to code.
http://www.net-security.org/news.php?id=5990


APACHE SAYS IT WON'T SUPPORT SENDER ID
The foundation is balking at Microsoft's strict licensing terms for
the proposed anti-spam standard.
http://www.net-security.org/news.php?id=5991


SLACK SECURITY FOR OLD COMPUTERS
Less than 25% of old computers sold or given away by companies have
had data removed from them, raising concerns about personal
information security.
http://www.net-security.org/news.php?id=5992


WINXP SP2 = SECURITY PLACEBO?
We evaluated the security features of Windows XP SP2 on a test
machine, following a clean install of XP Pro with no configuration
changes and no third-party software or drivers installed.
http://www.net-security.org/news.php?id=5993


BLUETOOTH CAN BITE
With an estimated 250 million Bluetooth-enabled devices currently in
use, the fact that Bluetooth is about as secure as the proverbial
wide-open barn door should be of concern to everyone responsible for
the safekeeping of corporate data.
http://www.net-security.org/news.php?id=5994


600,000 STUDENTS WARNED OF IDENTITY THEFT
California university officials have warned nearly 600,000 students
and faculty that they might be exposed to identity theft following
incidents where computer hard drives loaded with their private
information were lost or hacked into.
http://www.net-security.org/news.php?id=5995


MIDRANGE FIREWALLS FACE OFF
ServGate, SonicWall, and StoneGate boxes prove their mettle.
http://www.net-security.org/news.php?id=5996

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

MailWorks Professional Authentication Bypass Vulnerability
http://www.net-security.org/vuln.php?id=3685


Oracle Database Server  Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3684


Oracle Database Server ctxsys.driload Access Validation Vulnerability
http://www.net-security.org/vuln.php?id=3683


Oracle Database Server dbms_system.ksdwrt Buffer Overflow
Vulnerability
http://www.net-security.org/vuln.php?id=3682


phpWebSite 0.9.3-4 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3681


Newtelligence DasBlog Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3680


phpScheduleIt Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3679


TYPSoft FTP Server Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3678


Comersus Shopping Cart http Response Splitting Vulnerability
http://www.net-security.org/vuln.php?id=3677


WFTPD Pro Server 3.21 MLST Command Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3676


Titan FTP Server Long Command Heap Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3675


WS_FTP Server Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3674


Xedus Webserver Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3673


Chat Anywhere 2.72a Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3672


Samba FindNextPrintChangeNotify() Request Denial of Service
Vulnerability
http://www.net-security.org/vuln.php?id=3671


Diebold Global Election Management System Backdoor Account
Vulnerability
http://www.net-security.org/vuln.php?id=3670


Keene Digital Media Server Directory Traversal Vulnerability
http://www.net-security.org/vuln.php?id=3669


RealVNC 4.0 Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3668


Gaucho v1.4 Build 145 Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3667

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Slackware Security Advisory - kde (SSA:2004-247-01)
http://www.net-security.org/advisory.php?id=3703


US-CERT Technical Cyber Security Alert - Vulnerabilities in MIT
Kerberos 5 (TA04-247A)
http://www.net-security.org/advisory.php?id=3702


Gentoo Linux Security Advisory - Ruby: CGI::Session creates files
insecurely (GLSA 200409-08)
http://www.net-security.org/advisory.php?id=3701


Gentoo Linux Security Advisory - xv: Buffer overflows in image
handling (GLSA 200409-07)
http://www.net-security.org/advisory.php?id=3700


Gentoo Linux Security Advisory - Mozilla, Firefox, Thunderbird,
Galeon, Epiphany: New releases fix vulnerabilities (GLSA 200408-22)
http://www.net-security.org/advisory.php?id=3699


Gentoo Linux Security Advisory - eGroupWare: Multiple XSS
vulnerabilities (GLSA 200409-06)
http://www.net-security.org/advisory.php?id=3698


Gentoo Linux Security Advisory - Gallery: Arbitrary command execution
(GLSA 200409-05)
http://www.net-security.org/advisory.php?id=3697


GnuTLS Security Advisory - Squid: Denial of service when using NTLM
authentication (GLSA 200409-04)
http://www.net-security.org/advisory.php?id=3696


Gentoo Linux Security Advisory - Python 2.2: Buffer overflow in
getaddrinfo() (GLSA 200409-03)
http://www.net-security.org/advisory.php?id=3695


SUSE Security Announcement - zlib (SUSE-SA:2004:029)
http://www.net-security.org/advisory.php?id=3694


Trustix Secure Linux Security Advisory - kerberos5 (#2004-0045)
http://www.net-security.org/advisory.php?id=3693


US-CERT Technical Cyber Security Alert - Multiple Vulnerabilities in
Oracle Products (TA04-245A)
http://www.net-security.org/advisory.php?id=3692


Gentoo Linux Security Advisory - MySQL: Insecure temporary file
creation in mysqlhotcopy (GLSA 200409-02)
http://www.net-security.org/advisory.php?id=3691


Gentoo Linux Security Advisory - vpopmail: Multiple vulnerabilities
(GLSA 200409-01)
http://www.net-security.org/advisory.php?id=3690


SUSE Security Announcement - kernel (SUSE-SA:2004:028)
http://www.net-security.org/advisory.php?id=3689


Fedora Update Notification - Fedora Core 2 Update: krb5-1.3.4-6
(FEDORA-2004-277)
http://www.net-security.org/advisory.php?id=3688


Fedora Update Notification - Fedora Core 1 Update: krb5-1.3.4-5
(FEDORA-2004-276)
http://www.net-security.org/advisory.php?id=3687


Red Hat Security Advisory - Updated krb5 packages fix security issues
(RHSA-2004:350-01)
http://www.net-security.org/advisory.php?id=3686


Red Hat Security Advisory - Updated krb5 packages fix security
vulnerabilities (RHSA-2004:448-01)
http://www.net-security.org/advisory.php?id=3685


Mandrakelinux Security Update Advisory - krb5 (MDKSA-2004:088)
http://www.net-security.org/advisory.php?id=3684


SCO Security Advisory - UPDATED OpenServer 5.0.6 OpenServer 5.0.7 :
OpenSSL Multiple Vulnerabilities (SCOSA-2004.10.1)
http://www.net-security.org/advisory.php?id=3683


SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : apache
mod_digest Incorrect Client Response Verification Vulnerability
(SCOSA-2004.14)
http://www.net-security.org/advisory.php?id=3682


SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : squid
%-encoded characters in a URL (SCOSA-2004.13)
http://www.net-security.org/advisory.php?id=3681


Cisco Security Advisory - Vulnerabilities in Kerberos 5
Implementation (Revision 1.0)
http://www.net-security.org/advisory.php?id=3680


MIT krb5 Security Advisory - ASN.1 decoder denial of service
(2004-003)
http://www.net-security.org/advisory.php?id=3679


MIT krb5 Security Advisory - double-free vulnerabilities in KDC and
libraries (2004-002)
http://www.net-security.org/advisory.php?id=3678


Debian Security Advisory - krb5 (DSA 543-1)
http://www.net-security.org/advisory.php?id=3677


Debian Security Advisory - python2.2 (DSA 458-2)
http://www.net-security.org/advisory.php?id=3676


Debian Security Advisory - qt-copy (DSA 542-1)
http://www.net-security.org/advisory.php?id=3675


Turbolinux Security Announcement - rsync and qt (31/Aug/2004)
http://www.net-security.org/advisory.php?id=3674

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

TO CATCH A VIRUS
Is there another attack in the pipeline? Will the Internet totally
collapse? Graphs showing Internet activity have nothing significant
to report. The Panda Technical Support network has not reported any
increase in calls. All seems to be calm and peaceful.
http://www.net-security.org/article.php?id=727


VIDEO INTERVIEW WITH GERHARD ESCHELBECK, CTO OF QUALYS
In this video Mr. Eschelbeck discusses computer security at the
enterprise level, inside and outside threats, computer security
trends in the USA and Europe, and more.

The video interview is 5:28 minutes in length, available for download
in Windows Media 9 256K (10.1 MB) and 64K (2.48 MB).
http://www.net-security.org/article.php?id=726

----------------------------------------------------------------


----------------------------------------------------------------
Do you have an effective security strategy? You do now! Read
Addison-Wesley books to craft your strategy.
http://www.awprofessional.com/security
----------------------------------------------------------------


[ Reviews ]


All reviews are located at:
http://www.net-security.org/reviews.php


----------------------------------------------------------------

802.11 WIRELESS NETWORKS: THE DEFINITIVE GUIDE
Despite providing a wealth of extensive in-depth technical pieces 
of information, which vary from cryptic shorts to descriptions of 
specific frame parts, the book is very easy to read.
http://www.net-security.org/review.php?id=137

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3


----------------------------------------------------------------

AIRSCANNER MOBILE FIREWALL 1.0 Beta (Pocket PC)
Airscanner Mobile Firewall is a full-strength, fully configurable,
NDIS packet-filtering TCP/IP firewall.
http://www.net-security.org/software.php?id=573


BASTILLE LINUX 2.1.3-0.1 (Linux)
The Bastille Hardening System attempts to "harden" or "tighten" the
Linux operating system.
http://www.net-security.org/software.php?id=217


FIREWALL BUILDER 2.0.2 (Linux)
Firewall Builder consists of an object-oriented GUI and a set of
policy compilers for various firewall platforms.
http://www.net-security.org/software.php?id=230


FLOPPYFW 2.0.10 (Linux)
floppyfw is a router with the advanced firewall-capabilities in Linux
that fits on one single floppy disc.
http://www.net-security.org/software.php?id=211


FREERADIUS 1.0.0 (Linux)
The FreeRADIUS Server Project is a high-performance and highly
configurable RADIUS server.
http://www.net-security.org/software.php?id=193


LINUX-VSERVER 1.28 (Linux)
A system for running general purpose virtual servers on one box at
full speed.
http://www.net-security.org/software.php?id=527


MAILSCANNER 4.33.3 (Linux)
MailScanner is a virus scanner for e-mail designed for use on e-mail
gateways.
http://www.net-security.org/software.php?id=144


NMAP 3.70 (Linux)
Nmap ("Network Mapper") is an open source utility for network
exploration or security auditing.
http://www.net-security.org/software.php?id=1


NMAP PARSER XML 0.78 (Linux)
An nmap parser for xml scan data using PERL.
http://www.net-security.org/software.php?id=532


NUFW 0.9.1 (Linux)
NuFW is an "authenticating gateway". This means it requires
authentication for any connections to be forwarded through the
gateway.
http://www.net-security.org/software.php?id=526


PADS 1.1.2 (Linux)
Pads (Passive Asset Detection System) is a signature-based detection
engine used to passively detect network assets.
http://www.net-security.org/software.php?id=60


REVELATION 0.3.3 (Linux)
Revelation is a password manager for the GNOME 2 desktop.
http://www.net-security.org/software.php?id=293


ROOTKIT HUNTER 1.1.7 (Linux)
This scanning tool ensures you're clean of nasty tools.
http://www.net-security.org/software.php?id=531


RUBY/PASSWORD 0.5.2 (Linux)
Ruby/Password is a set of useful methods for creating, verifying, and
manipulating passwords.
http://www.net-security.org/software.php?id=162


SAMHAIN 1.8.11 (Linux)
Samhain is an open source file integrity and host-based intrusion
detection system.
http://www.net-security.org/software.php?id=125


SERVER INSPECTOR 2.1 (Windows)
Server Inspector is a professional monitoring tool.
http://www.net-security.org/software.php?id=574


TCPICK 0.1.24 (Linux)
Tcpick is a textmode sniffer that can track TCP streams and saves the
data captured in files or displays them in the terminal.
http://www.net-security.org/software.php?id=288


WEPLAB 0.1.0 (Linux)
Weplab is a tool to review the security of WEP encryption in wireless
networks from an educational point of view.
http://www.net-security.org/software.php?id=539


WINSCP 3.6.8 (Windows)
WinSCP is an open source SSH file transfer protocol and secure copy
client for Windows using SSH.
http://www.net-security.org/software.php?id=6

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at:
http://net-security.org/webcasts.php


----------------------------------------------------------------

The Basics of WLAN Security
Organized by Funk Software on 7 September 2004, 1:00 PM
http://www.net-security.org/webcast.php?id=275


Penetration Testing with CORE IMPACT
Organized by Core Security Technologies on 8 September 2004, 1:00 PM
http://www.net-security.org/webcast.php?id=304


Preparing for Windows XP Service Pack 2
Organized by Qualys on 9 September 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=332


Building Effective & Auditable ITIL Change Management Processes in 4
Steps: Phase 2 of The Visible Ops Methodology
Organized by Tripwire on 14 September 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=327


Consolidated email protection: An introduction to PureMessage
Organized by Sophos on 15 September 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=303


Learn the Newest Way to Secure Your Windows Environment
Organized by RSA Security on 15 September 2004, 3:00 PM
http://www.net-security.org/webcast.php?id=331


What's New in Tripwire for Servers and Tripwire Manager 4.5?
Organized by Tripwire on 16 September 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=325


All anti-virus software is not created equal
Organized by Sophos on 21 September 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=286


Combating SPAM: An Overview of Leading Anti-SPAM Solutions
Organized by KnowledgeStorm on 21 September 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=330


Running Effective and Auditable Change and Configuration Management
Processes
Organized by Tripwire on 28 September 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=326


Building Effective & Auditable ITIL Change Management Processes in 4
Steps: Phase 3 and 4 of The Visible Ops Methodology
Organized by Tripwire on 5 October 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=328

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

4th Annual International East-West Security Conference
Organized by Overseas Exhibitions & Conferences - 6 September-11
September 2004
http://www.net-security.org/conference.php?id=96


HealthSec Conference & Expo / Mobile & Wireless Information Security
Expo 2004
Organized by MIS Training Institute - 27 September-28 September 2004
http://www.net-security.org/conference.php?id=93


The 14th Virus Bulletin International Conference (VB2004)
Organized by Virus Bulletin - 29 September-1 October 2004
http://www.net-security.org/conference.php?id=83


HITBSecConf2004
Organized by Hack In The Box - 4 October-7 October 2004
http://www.net-security.org/conference.php?id=95


SecurIT Summit
Organized by Marcus Evans - 18 October-20 October 2004
http://www.net-security.org/conference.php?id=98


RSA Conference Europe 2004
Organized by RSA Security - 3 November-5 November 2004
http://www.net-security.org/conference.php?id=90


e-Nordic: Business & Technology Integration Summit
Organized by Marcus Evans - 8 November-10 November 2004
http://www.net-security.org/conference.php?id=99


IBM SecureWorld Conference EMEA 2004
Organized by IBM - 23 November-26 November 2004
http://www.net-security.org/conference.php?id=91


Middle East IT Security Conference 2004
Organized by MEITSEC - 12 December-14 December 2004
http://www.net-security.org/conference.php?id=97


ECCE E-crime and Computer Evidence 2005
Organized by n-gate ltd. - 29 March-30 March 2005
http://www.net-security.org/conference.php?id=94

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Marcus Evans is Hosting e-Nordic: Business & Technology Integration
Summit in Stockholm Again
http://www.net-security.org/press.php?id=2406


Marcus Evans is Once Again Hosting The SecurIT Summit in Montreux
http://www.net-security.org/press.php?id=2405


Protego Ships First Threat Mitigation Appliance For Small-To-Medium
Sized Businesses and Distributed Enterprises
http://www.net-security.org/press.php?id=2404


(ISC)2 Seeks Candidates For Annual $50,000 Information Security
Scholarship Program
http://www.net-security.org/press.php?id=2403


Spam Comprises More Than 85% of Email In August Says Email Systems
http://www.net-security.org/press.php?id=2402


Agnitum and Canon System Solutions: More protection For Japanese
Users
http://www.net-security.org/press.php?id=2401


Symantec Joins The Anti-Phishing Working Group
http://www.net-security.org/press.php?id=2400


ServGate Broadens Worldwide Support Services
http://www.net-security.org/press.php?id=2399


MessageLabs And Symantec Collaborate To Deliver Enhanced Anti-Spam
Technology To Managed Email Security Customers
http://www.net-security.org/press.php?id=2398


SafeNet Awarded Key Role in Government Backed Scheme to Help People
Start Businesses from Home
http://www.net-security.org/press.php?id=2397


Endforce Broadens Endpoint Compliance Enforcement To Include 802.1X
Interoperability With Leading Lan Switch Vendors, Adds Support For
Customer-Defined Application Assessments
http://www.net-security.org/press.php?id=2396


BitDefender: mi2g Report Flawed
http://www.net-security.org/press.php?id=2395


2005 O'Reilly ETech Call for Participation
http://www.net-security.org/press.php?id=2394


port80 Launches Version 2 of serverM Host-Based Intrusion Detection
System
http://www.net-security.org/press.php?id=2393


Thawte Launches New, Enhanced Reseller Channel Including Thawte's
Latest, Low Priced SSL123 Certificate Which Can Be Issued Within
Minutes
http://www.net-security.org/press.php?id=2392


CipherTrust Announces Product Support for Microsoft Sender ID
Framework
http://www.net-security.org/press.php?id=2391


Central Command Helps Schools Solve The Computer Virus Plague
http://www.net-security.org/press.php?id=2390


Leading Mortgage Services Provider Secures Non-Public Personal
Information with Vormetric's CoreGuard System
http://www.net-security.org/press.php?id=2389


Open Source Vulnerability Database Opens Vendor Dictionary
http://www.net-security.org/press.php?id=2388


Forum Systems Announces Multi-Gigabyte Secure File Transfer With
Version  3.0 Of Presidio Openpgp Security Gateway Appliance
http://www.net-security.org/press.php?id=2387


Juniper Networks Delivers Endpoint Defense Initiative To Enhance
Trust and Compliance On Leading SSL VPN Solution
http://www.net-security.org/press.php?id=2386


Employee Apathy Puts Corporate Data in Jeopardy
http://www.net-security.org/press.php?id=2385


F-Secure Opens Anti-Virus Research Lab in San Jose
http://www.net-security.org/press.php?id=2384


Trapeze Networks Expands European Presence To Keep Up With Growing
Demand For Enterprise Wireless LAN Deployments
http://www.net-security.org/press.php?id=2383


Eracom HSM ProtectServer Orange Integrated with CSF International
u/SWITCHWARE
http://www.net-security.org/press.php?id=2382


GFI Releases New Product To Enable Network-Wide Control Of Portable
Storage Devices
http://www.net-security.org/press.php?id=2381


Airscanner Releases Personal Firewall Beta for PocketPC
http://www.net-security.org/press.php?id=2380


Vexira Antivirus For Linux Defends Acens Technologies SA, The Leading
Managed Web And Application Hosting Service Provider In Spain, From
Viruses
http://www.net-security.org/press.php?id=2379


Bahnhof Internet Selects F-Secure for Hosted Security Services
http://www.net-security.org/press.php?id=2378

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly report on Viruses and Intruders - Bagle.AY, Bagle.AW, Bagle.AV
and CodeBase.gen
http://www.net-security.org/virus_news.php?id=458


Kaspersky Labs Top 20 August
http://www.net-security.org/virus_news.php?id=457


Top Ten Viruses Most Frequently Detected by Panda ActiveScan in
August
http://www.net-security.org/virus_news.php?id=456


Top Ten Viruses And Hoaxes Reported To Sophos In August 2004
http://www.net-security.org/virus_news.php?id=455


Central Command Dirty Dozen - Top 12 Computer Viruses For August 2004
http://www.net-security.org/virus_news.php?id=454


Trojan Horse Mass-Mailed To Many Internet Users, Sophos Warns Of
Malware
http://www.net-security.org/virus_news.php?id=453


Weekly Report on Viruses and Intruders - Sasser.G and Gaobot.AIR
Worms, MhtRedir.S and StartPage.JL Trojans
http://www.net-security.org/virus_news.php?id=452

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
FREE GUIDE: "THE STARTER PKI PROGRAM"
----------------------------------------------------------------
The Starter PKI program from thawte has been developed for
companies with a need to secure multiple domains or host names.
This guide will introduce you to the Program by explaining how
it works and its benefits. We will also point you to a dummy
company on our web site where you can "test drive" the Program.
Finally, you’ll find out how to enroll and the costs involved.
----------------------------------------------------------------
Download this free guide now:
http://www.net-security.org/v/thawte/index7.html
----------------------------------------------------------------