HNS Newsletter
Issue 231 - 20.09.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.


----------------------------------------------------------------
Multi-Save Offer! Register three colleagues at this year’s RSA
Conference, Europe 3rd-5th November 2004, Barcelona and receive
a saving of €100 per registration.

If you haven’t already registered your place at the RSA
Conference, Europe – the most important information
security event of 2004 – time is running out.
----------------------------------------------------------------
Visit www.2004.rsaconference.com/europe to register on-line
today – you’ll find all the latest information and critical
highlights on the Conference.
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Software
7) Webcasts
8) Conferences
9) Security World
10) Virus News


[ Security news ]


----------------------------------------------------------------

MYDOOM SPAWNS FOUR SMALL OFFSHOOTS
Four minor copies of the program surface, which some security experts
believe indicates that a more lethal MyDoom may be on the way.
http://www.net-security.org/news.php?id=6037


CISCO TO ACQUIRE NETWORK-MONITORING FIRM NETSOLVE
The acquisition of NetSolve will enable Cisco and its channel
partners to offer customers real-time monitoring of Cisco products
and to help ensure continuous, secure operation of such services as
IP telephony and network security, Cisco says.
http://www.net-security.org/news.php?id=6038


MICROSOFT: SASSER BOUNTY HINGES ON CONVICTION
Sven Jaschan, the alleged author of the Sasser worm and several
variants of the Netsky virus, was charged this week by German police,
but the informant who led authorities to the suspect will have to wait
for a promised $250,000 reward, Microsoft officials said Friday.
http://www.net-security.org/news.php?id=6039


RUNING LINUX ON AN IPAQ
Installing Linux on your iPAQ can be a great way to breathe new life
into aging hardware or make an existing tool even better,
particularly if you are a fan of Linux on the desktop.
http://www.net-security.org/news.php?id=6040


SMART CARD USE GROWS
Federal agencies are moving toward large-scale adoption of smart
cards for identification, according to the latest survey from the
Government Accountability Office.
http://www.net-security.org/news.php?id=6041


MANAGING BACKGROUND COMMANDS IN SHELL SCRIPTS
Rainer Raab discusses how to manage multiple background jobs in Korn
shell scripts. After a short job control tutorial, he presents his
job_monitor_status shell function that alerts the calling script when
all background jobs have completed successfully or failed.
http://www.net-security.org/news.php?id=6042


SPAMMERS TWIST MICROSOFT'S GOOD INTO EVIL
According to a recent study, spammers have now begun to use
Microsoft’s latest arsenal against spam, the Sender Policy Framework
(SPF), to give their mail a garb of legitimacy.
http://www.net-security.org/news.php?id=6043


U.S.ROBOTICS SECURE STORAGE ROUTER PRO
This device is a multifunctional router with the VPN server and
client support as well as with integrated functions of a network
database.
http://www.net-security.org/news.php?id=6044


OPENBSD’S THEO DE RAADT TALKS SOFTWARE SECURITY
In an exclusive interview with Computerworld's Rodney Gedda, the man
behind an operating system that lays claim to only one remote exploit
in the default install in seven years, reveals where we are headed –
and how far we have to go – in the search for more secure software.
http://www.net-security.org/news.php?id=6045


AKCP CAMERAPROBE8 DATA CENTER SECURITY MONITOR
AKCP has used embedded Linux to build a data center security monitor
that can track both physical and network-related events. The
CameraProbe8 has an integral low-light pan-and-tilt camera, and
supports up to eight environmental sensors. It also runs network
service monitoring software. It is manageable via secure SNMP or
HTTP.
http://www.net-security.org/news.php?id=6046


MS PREMIUM CUSTOMERS GET EARLY SECURITY WARNINGS
Microsoft is giving premium customers advance notice of security
bulletins, internetnews.com has learned.
http://www.net-security.org/news.php?id=6047


ENHANCING APACHE WITH MOD_SECURITY
ModSecurity is an open source intrusion detection and prevention
engine for web applications.
http://www.net-security.org/news.php?id=6048


NEW WINDOWS OS BOOSTS SECURITY
With its next version of Windows, dubbed Longhorn and due out in
2006, Microsoft is working on technology that will give companies
more control over whether to prohibit devices that can easily be used
to transfer data to and from personal computers.
http://www.net-security.org/news.php?id=6049


IDENTITY FRAUD CRISIS SPIRALS OUT OF CONTROL
APACS calls on UK channel players to support anti-CNP schemes.
http://www.net-security.org/news.php?id=6050


WANT MORE SECURE SOFTWARE? THEN GIVE YOUR VENDOR HELL
Software holes will mean security-related downtime will triple by
2008, unless IT managers take matters into their hands.
http://www.net-security.org/news.php?id=6053


CERTICOM ANNOUNCES HARDWARE SECURITY
Digital rights have become a bigger issue for the wireless industry
in the last few years as music and other protected content is offered
by carriers.
http://www.net-security.org/news.php?id=6054


BEWARE OF MALFORMED MIME ARTISTS
The UK's top UK security co-ordination agency today warned of a
series of vulnerabilities involving implementations of the
Multipurpose Internet Mail Extensions (MIME) protocol within email
and web security products.
http://www.net-security.org/news.php?id=6055


HERCULES, STAT SCANNER, BULK UP SECURITY
Financial-services firms get help fixing vulnerabilities with
automated scanning and management applications.
http://www.net-security.org/news.php?id=6056


SP2 FIGHTS WORMS, HAS BUGS
Software conflicts are not the only issue causing some users
heartburn. Many people have downloaded or installed the update
without a hitch, but others have not been so lucky.
http://www.net-security.org/news.php?id=6057


MULTICORE NETWORK SECURITY PROCESSOR
Cavium will sample a line of single-chip, multi-core "network
services processors" (NSPs) in Q1, 2005.
http://www.net-security.org/news.php?id=6058


SAFE DATABASES ARE KEY TO SECURITY
Your database and network design may help prevent critical
vulnerabilities from being exploited.
http://www.net-security.org/news.php?id=6059


EXTREME WI-FI
Take that wireless hot spot in the local java joint, jack it up on
steroids and use it to connect an entire city full of computers.
http://www.net-security.org/news.php?id=6060


I SPY WITH MY LITTLE EYE
Forget Congress' myopic efforts to outlaw spyware. What we really
need is better enforcement of existing computer crime laws.
http://www.net-security.org/news.php?id=6061


SPYCAM MAY BE WATCHING YOU WORK
If you have a webcam and a microphone on your computer and a
broadband connection to the internet, as many now do to chat with
their friends around the world, a hacker could be watching you -
maybe, if your PC is in your bedroom, just when you really needed
privacy.
http://www.net-security.org/news.php?id=6062


SYMANTEC LAUNCHES ANTIPHISHING SERVICE
Symantec is fishing for dollars with a new service designed to help
companies combat the ongoing epidemic of online identity theft, or
"phishing," scams.
http://www.net-security.org/news.php?id=6063


GRAPHS FOR SECURITY
Most programmers are familiar with the access-control list (ACL) as a
datastructure used for authorization. This article describes using a
more robust structure called an access-control graph (ACG). The ACG
has several advantages over traditional ACL designs and has special
relevance in Web-based applications.
http://www.net-security.org/news.php?id=6064


WIRED FOR SECURITY
McAfee has always been synonymous with PC security, but CEO George
Samenuk intends to make a priority of protecting wireless networks
and voice communications over the Internet.
http://www.net-security.org/news.php?id=6066


ANALYSTS HERALD ARRIVAL OF SMART SECURITY PATCHING TOOLS
IT security managers can look forward to the arrival of enhanced
patching technology which will automate and reduce the cost of
installing software security and maintenance updates, industry
experts have predicted.
http://www.net-security.org/news.php?id=6067


SQL SERVER 2000 SECURITY  - DTS SECURITY
In this article of our series presenting SQL Server 2000 Security, we
are turning our attention towards Data Transformation Services.
http://www.net-security.org/news.php?id=6068


INTERNET STANDARDS BODY REJECTS SENDER ID PROPOSAL
The Internet Engineering Task Force has rejected Microsoft's Sender
ID proposal due to the company's refusal to reveal details of a
possible patent application on its proposed technology.
http://www.net-security.org/news.php?id=6069


IBM EXPANDS RFID SERVICES FOR MANUFACTURERS
IBM will offer a range of new services to help industrial firms
respond to retail and government pressure to implement
radio-frequency identification. RFID services will include
consulting, developing the business case, technological proof of
concept, and full rollout of the systems.
http://www.net-security.org/news.php?id=6070


BORDERWARE FIREWALL FIGHTS VOIP THREATS
BorderWare Technologies Inc. has joined Ingate Systems AB and others
in providing an edge solution to the external threat problem in
voice-over-IP PBXes.
http://www.net-security.org/news.php?id=6071


NOKIA JOINS SECURE DIGITAL INDUSTRY GROUP
Nokia said it has joined an industry group working on technical and
specification standards for Secure Digital memory card applications.
http://www.net-security.org/news.php?id=6072


SUN TOUTS TOUGHER SECURITY IN SOLARIS 10
Sun Microsystems said its Solaris 10 operating system will be ready
for general release by year's end, complete with a sharper set of
security teeth.
http://www.net-security.org/news.php?id=6073


BRAZIL IS WORLD 'HACKING CAPITAL'
Brazil has become the global capital for computer hacking and
internet fraud, according to experts meeting in the country's
capital, Brasilia.
http://www.net-security.org/news.php?id=6074


WARDRIVING: YOU CAN LOOK, BUT DON'T TOUCH
Is wardriving legal? Until a court rules otherwise, it is. But should
you access an open wireless network you stumble upon? The answer is
no.
http://www.net-security.org/news.php?id=6075


MAJOR GRAPHICS FLAW THREATENS WINDOWS PCS
Microsoft published on Tuesday a patch for a major security flaw in
its software's handling of the JPEG graphics format and urged
customers to use a new tool to locate the many applications that are
vulnerable.
http://www.net-security.org/news.php?id=6076


SAMBA SERVERS VULNERABLE TO DENIAL-OF-SERVICE ATTACKS
The Samba Team released on Tuesday a patch to fix two flaws that
could result in disruptions for networks using the widely installed
Unix and Linux software.
http://www.net-security.org/news.php?id=6077


SUPER-SECURE NETWORK COULD FLAG DATA DANGER
It's a hacker's nightmare but a dream for bankers and spies: A
computer network so secure that even the simplest attempts to
eavesdrop will interrupt the flow of data and alert administrators to
the snooping.
http://www.net-security.org/news.php?id=6078


INTRUSION DETECTION WITH TRIPWIRE
Tripwire is a file integrity checker for UNIX/Linux based operating
systems and works as an excellent intrusion detection system.
http://www.net-security.org/news.php?id=6079


SERVICE MONITORING WITH NAGIOS
Nagios calls itself an "open source host, service and network
monitoring program".
http://www.net-security.org/news.php?id=6080


FIVE FIRED AT LOS ALAMOS LAB
As part of the fallout from an incident at Los Alamos National Lab in
July, five workers have been fired. They are among 23 suspended when
computer disks containing classified information went missing.
http://www.net-security.org/news.php?id=6081


MICROSOFT NOT TRYING TO HIJACK ANTI-SPAM SPEC
Though it has raised concerns about Microsoft's Sender ID anti-spam
technology, the Internet Engineering Task Force, an organization
devoted to establishing standards for Internet architecture, has not
banned the software giant's participation in the development of an
e-mail specification.
http://www.net-security.org/news.php?id=6082


GIVE US A JOB, PLEAD VIRUS WRITERS
Antivirus developers have to ensure that their software works
reliably, detecting over 90,000 viruses on a wide variety of
operating systems and network configurations without causing
problems, explained consultant Graham Cluley. "Virus writers don't
care if their code crashes or causes incompatibilities. You don't
have to be a genius to write a virus," he said.
http://www.net-security.org/news.php?id=6083


FEDS SAY LAMO INSPIRED OTHER HACKERS
Prosecutors blame the New York Times hacker for inspiring others of
his generation to become cyber outlaws.
http://www.net-security.org/news.php?id=6084


ACADEMIA BATTLES FORCES OF IT ANARCHY
Academic institutions who have to add, manage, and secure thousands
of new users within a period of just a few days face political and
social issues on top of the immense technical ones, suggests Scott
Granneman.
http://www.net-security.org/news.php?id=6085


BUG DETECTED IN UNIX AND LINUX ADMIN CONSOLE
A bug in Usermin, a widely used administration console for Unix and
Linux, could allow a hacker to run malicious code through a specially
crafted email, reported security researchers.
http://www.net-security.org/news.php?id=6086


MYSQL ADMINISTRATOR
In this article, the author recommends MySQL Administrator, which
allows an adminstrator to configure a MySQL server easily.
http://www.net-security.org/news.php?id=6087


EXTORTION ONLINE
Technology can help fight the growing cyberextortion threat, but
experts say not enough companies are prepared.
http://www.net-security.org/news.php?id=6088


SHARING FILES OVER A NETWORK WITH NFS
As users chose to supplement their RISC OS computers with a second
machine, there grows a need to manage files over a network. With this
in mind, Paul Stewart guides us through evaluating and configuring NFS
with RISC OS and Windows.
http://www.net-security.org/news.php?id=6089


MAN PLEADS GUILTY IN MASSIVE CREDIT INFO THEFT CASE
Personal financial information stolen from more than 30,000 people
http://www.net-security.org/news.php?id=6090


BUGWATCH: MANAGING NETWORK SECURITY RISK
Jukka Sieppi, director of product management at network protection
firm Stonesoft, warns of the dangers of adopting a so-called 'silver
bullet' solution to network security.
http://www.net-security.org/news.php?id=6091


PHONES GAIN CODED SECURITY
"Pressure for greater security is coming from enterprise customers.
[Security] used to be seen as an add-on to IT systems, but lately it
has been regarded as something that has to be embedded from the
beginning," commented Certicom's vice-president of marketing, Roy
Pereira.
http://www.net-security.org/news.php?id=6092


SYMANTEC TO ACQUIRE @STAKE
Symantec has agreed to acquire @Stake, a Cambridge, Mass.-based
provider of IT security consulting services.
http://www.net-security.org/news.php?id=6093


HACKERS JUMP ON WINDOWS VULNERABILITY
Hackers are drooling at the thought of exploiting Microsoft's most
recent vulnerabilities, security analysts said Thursday.
http://www.net-security.org/news.php?id=6094


NEC EXTENDS QUANTUM CRYPTOGRAPHY RANGE AND SPEED
NEC researchers have developed a quantum cryptography system with
sufficient speed and range to make it commercially viable. It could
go on sale in the second half of 2005.
http://www.net-security.org/news.php?id=6095


MICROSOFT: SECURITY NOW KEY ISSUE IN BROWSER MARKET
Another security scare has hit Microsoft's Internet Explorer.
http://www.net-security.org/news.php?id=6096


HACKERS SEEK TO SAVE AMERICA
A new cyber security centre has been launched in a remote area of
eastern Idaho in the US to give expert hackers access to an entire
isolated infrastructure to test computing vulnerabilities.
http://www.net-security.org/news.php?id=6097


SSH - THE SECURE SHELL: AN OVERVIEW
SSH is an application protocol and software suite that allows secure
network services over an insecure network such as the public
Internet.
http://www.net-security.org/news.php?id=6098


HOW TO PROTECT YOURSELF IF YOU USE WINDOWS
If you use a Windows personal computer to access the Internet, your
personal files, your privacy and your security are all in jeopardy.
http://www.net-security.org/news.php?id=6099


OPEN SOURCE SECURITY: STILL A MYTH
This article looks at why open source software may currently be less
secure than its commercial counterparts.
http://www.net-security.org/news.php?id=6100

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Microsoft WordPerfect 5.x Converter Heap Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3713


IE6 + XP SP2 Vulnerability
http://www.net-security.org/vuln.php?id=3712


Vulnerability In IBM Windows XP Default Hidden Administrator Account
Allows Local Administrator Access
http://www.net-security.org/vuln.php?id=3711


Apache Config File Env Variable Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3710


SMC7004VWBR / SMC7008ABR "Spoofing" Vulnerability
http://www.net-security.org/vuln.php?id=3709


McAfee VirusScan Privilege Escalation Vulnerability
http://www.net-security.org/vuln.php?id=3708


Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3707


SUS 2.0.2 Local Root Vulnerability
http://www.net-security.org/vuln.php?id=3706


Inkra 1504GX DoS In Conducting IP Protocol Vulnerability
http://www.net-security.org/vuln.php?id=3705


Qnx Crrtrap Possible Race Condition Vulnerability
http://www.net-security.org/vuln.php?id=3704

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

SUSE Security Announcement - XFree86-libs, xshared (SUSE-SA:2004:034)
http://www.net-security.org/advisory.php?id=3756


Gentoo Linux Security Advisory - SnipSnap: HTTP response splitting
(GLSA 200409-23)
http://www.net-security.org/advisory.php?id=3755


SUSE Security Announcement - gtk2, gdk-pixbuf (SUSE-SA:2004:033)
http://www.net-security.org/advisory.php?id=3754


Debian Security Advisory - New gtk+2.0 packages fix several
vulnerabilities (DSA 549-1)
http://www.net-security.org/advisory.php?id=3753


Apple Security Update - Security Update 2004-09-16
(APPLE-SA-2004-09-16)
http://www.net-security.org/advisory.php?id=3752


Gentoo Linux Security Advisory - phpGroupWare: XSS vulnerability in
wiki module (GLSA 200409-22)
http://www.net-security.org/advisory.php?id=3751


Gentoo Linux Security Advisory - Apache 2, mod_dav: Multiple
vulnerabilities (GLSA 200409-21)
http://www.net-security.org/advisory.php?id=3750


US-CERT Technical Cyber Security Alert - Microsoft Windows JPEG
component buffer overflow (TA04-260A)
http://www.net-security.org/advisory.php?id=3749


Trustix Secure Linux Security Advisory - apache, cups,
foomatic-filters, iptables, squid (TSLSA-2004-0047)
http://www.net-security.org/advisory.php?id=3748


Debian Security Advisory - New imlib packages fix arbitrary code
execution (DSA 548-1)
http://www.net-security.org/advisory.php?id=3747


Gentoo Linux Security Advisory - mpg123: Buffer overflow
vulnerability (GLSA 200409-20)
http://www.net-security.org/advisory.php?id=3746


Debian Security Advisory - New Imagemagic packages fix buffer
overflows (DSA 547-1)
http://www.net-security.org/advisory.php?id=3745


Debian Security Advisory - New gdk-pixbuf packages fix several
vulnerabilities (DSA 546-1)
http://www.net-security.org/advisory.php?id=3744


Gentoo Linux Security Advisory - Heimdal: ftpd root escalation (GLSA
200409-19)
http://www.net-security.org/advisory.php?id=3743


Turbolinux Security Announcement - krb5, php, squid, samba, cdrtools,
imlib, httpd (16/Sep/2004)
http://www.net-security.org/advisory.php?id=3742


Mandrakelinux Security Update Advisory - Updated XFree86 packages fix
libXpm overflow vulnerabilities (MDKSA-2004:099)
http://www.net-security.org/advisory.php?id=3741


Mandrakelinux Security Update Advisory - Updated libxpm4 packages fix
libXpm overflow vulnerabilities (MDKSA-2004:098)
http://www.net-security.org/advisory.php?id=3740


Mandrakelinux Security Update Advisory - Updated cups packages fix
DoS vulnerability (MDKSA-2004:096)
http://www.net-security.org/advisory.php?id=3739


Mandrakelinux Security Update Advisory - Updated apache2 packages fix
multiple vulnerabilities (MDKSA-2004:096)
http://www.net-security.org/advisory.php?id=3738


Mandrakelinux Security Update Advisory - Updated gdk-pixbuf packages
fix image loading vulnerabilities (MDKSA-2004:095)
http://www.net-security.org/advisory.php?id=3737


Debian Security Advisory - New cupsys packages fix denial of service
(DSA 545-1)
http://www.net-security.org/advisory.php?id=3736


Mandrakelinux Security Update Advisory - Updated printer-drivers
packages fix vulnerability in foomatic (MDKSA-2004:094)
http://www.net-security.org/advisory.php?id=3735


Mandrakelinux Security Update Advisory - Updated squid packages fix
DoS vulnerability (MDKSA-2004:093)
http://www.net-security.org/advisory.php?id=3734


SUSE Security Announcement - apache2 (SUSE-SA:2004:032)
http://www.net-security.org/advisory.php?id=3733


SUSE Security Announcement - cups (SUSE-SA:2004:031)
http://www.net-security.org/advisory.php?id=3732


OpenPKG Security Advisory - aspell (OpenPKG-SA-2004.042)
http://www.net-security.org/advisory.php?id=3731


OpenPKG Security Advisory - spamassassin (OpenPKG-SA-2004.041)
http://www.net-security.org/advisory.php?id=3730


OpenPKG Security Advisory - samba (OpenPKG-SA-2004.040)
http://www.net-security.org/advisory.php?id=3729


Microsoft Security Bulletin - Septermber 2004
http://www.net-security.org/advisory.php?id=3728


Gentoo Linux Security Advisory - cdrtools: Local root vulnerability
in cdrecord if set SUID root (GLSA 200409-18)
http://www.net-security.org/advisory.php?id=3727


Gentoo Linux Security Advisory - SUS: Local root vulnerability (GLSA
200409-17)
http://www.net-security.org/advisory.php?id=3726


Debian Security Advisory - New webmin packages fix insecure temporary
directory (DSA 544-1)
http://www.net-security.org/advisory.php?id=3725


Slackware Security Advisory - samba DoS (SSA:2004-257-01)
http://www.net-security.org/advisory.php?id=3724


Mandrakelinux Security Update Advisory - Updated samba packages fix
multiple vulnerabilities (MDKSA-2004:092)
http://www.net-security.org/advisory.php?id=3723


Conectiva Linux Security Announcement - zlib (CLA-2004:865)
http://www.net-security.org/advisory.php?id=3722


Conectiva Linux Security Announcement - kde (CLA-2004:864)
http://www.net-security.org/advisory.php?id=3721


OpenPKG Security Advisory - kerberos (OpenPKG-SA-2004.039)
http://www.net-security.org/advisory.php?id=3720


Gentoo Linux Security Advisory - Samba: Denial of Service
vulnerabilities (GLSA 200409-16)
http://www.net-security.org/advisory.php?id=3719


Gentoo Linux Security Advisory - Webmin, Usermin: Multiple
vulnerabilities in Usermin (GLSA 200409-15)
http://www.net-security.org/advisory.php?id=3718

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

VIDEO INTERVIEW WITH CHRIS POTTER, PRICEWATERHOUSECOOPERS INFORMATION
SECURITY ASSURANCE PARTNER
In this video Mr. Potter talks about what can be done in order to
minimize the recovery time from an incident, discusses the threat
posed by increased mobile computing, the most important step
businesses must take in order to manage their information security
risks in the future, and more.

The video interview is 06:12 minutes in length, available for
download in Windows Media 9 256K (11.5 MB) and 64K (2.81 MB).
http://www.net-security.org/article.php?id=729

----------------------------------------------------------------




[ Reviews ]


All reviews are located at:
http://www.net-security.org/reviews.php


----------------------------------------------------------------

MOVING TO THE LINUX BUSINESS DESKTOP
I've read countless articles debating whether Linux is ready for the
desktop showcasing the strengths and weaknesses of this OS. This book
goes beyond that discussion as the author doesn't think Linux is just
ready for the desktop but for the business desktop. Did Gagne manage
to guide the reader as well as in his previous books? Read on and
find out.
http://www.net-security.org/review.php?id=139

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3


----------------------------------------------------------------

AD-AWARE SE PERSONAL EDITION Build 1.05 (Windows)
Ad-aware is a free multi spyware removal utility.
http://www.net-security.org/software.php?id=135


P0F 2.0.5 (Linux)
P0f is a versatile passive OS fingerprinting tool.
http://www.net-security.org/software.php?id=164


PASSWORD SAFE 2.05 (Windows)
Password Safe is a password database utility.
http://www.net-security.org/software.php?id=172


ROOTKIT HUNTER 1.1.8 (Linux)
This scanning tool ensures you're clean of nasty tools.
http://www.net-security.org/software.php?id=531


WEPLAB 0.1.2 (Linux)
Weplab is a tool to review the security of WEP encryption in wireless
networks from an educational point of view.
http://www.net-security.org/software.php?id=539


XINTEGRITY 1.4.2 (Windows)
Xintegrity provides modification detection and data integrity
validation.
http://www.net-security.org/software.php?id=528

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at:
http://net-security.org/webcasts.php


----------------------------------------------------------------

All anti-virus software is not created equal
Organized by Sophos on 21 September 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=286


Combating SPAM: An Overview of Leading Anti-SPAM Solutions
Organized by KnowledgeStorm on 21 September 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=330


Running Effective and Auditable Change and Configuration Management
Processes
Organized by Tripwire on 28 September 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=326


Building Effective & Auditable ITIL Change Management Processes in 4
Steps: Phase 3 and 4 of The Visible Ops Methodology
Organized by Tripwire on 5 October 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=328

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

HealthSec Conference & Expo / Mobile & Wireless Information Security
Expo 2004
Organized by MIS Training Institute - 27 September-28 September 2004
http://www.net-security.org/conference.php?id=93


The 14th Virus Bulletin International Conference (VB2004)
Organized by Virus Bulletin - 29 September-1 October 2004
http://www.net-security.org/conference.php?id=83


HITBSecConf2004
Organized by Hack In The Box - 4 October-7 October 2004
http://www.net-security.org/conference.php?id=95


SecurIT Summit
Organized by Marcus Evans - 18 October-20 October 2004
http://www.net-security.org/conference.php?id=98


RSA Conference Europe 2004
Organized by RSA Security - 3 November-5 November 2004
http://www.net-security.org/conference.php?id=90


e-Nordic: Business & Technology Integration Summit
Organized by Marcus Evans - 8 November-10 November 2004
http://www.net-security.org/conference.php?id=99


IBM SecureWorld Conference EMEA 2004
Organized by IBM - 23 November-26 November 2004
http://www.net-security.org/conference.php?id=91


Middle East IT Security Conference 2004
Organized by MEITSEC - 12 December-14 December 2004
http://www.net-security.org/conference.php?id=97


ECCE E-crime and Computer Evidence 2005
Organized by n-gate ltd. - 29 March-30 March 2005
http://www.net-security.org/conference.php?id=94

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

StealthWatch Management Console by Lancope Receives Excellent Rating
http://www.net-security.org/press.php?id=2453


Leading File Encryption Solution ProtectFile 3.2.1 Now Available with
AES and Integration into RSA Products
http://www.net-security.org/press.php?id=2452


Yankee Group Names Imperva to "Winner" Category in Application
Security Market
http://www.net-security.org/press.php?id=2451


Vircom Named 5-Time Winner of Readers’ Choice Awards
http://www.net-security.org/press.php?id=2450


Juniper Networks Achieves Leader Status In Meta Group's Evaluation Of
The SSL VPN Market
http://www.net-security.org/press.php?id=2449


StreamShield Networks Cleans-Up The Internet With Revolutionary New
Technology
http://www.net-security.org/press.php?id=2448


StreamShield Networks Launches World’s First Internet Protection
Service For Web And Email
http://www.net-security.org/press.php?id=2447


Technology Companies Least Concerned About Virus Attacks But Most
Concerned About Hackers
http://www.net-security.org/press.php?id=2446


More Than Electronic Paper - O'Reilly Releases "PDF Hacks"
http://www.net-security.org/press.php?id=2445


ServGate Wins Its Third Product Review with InfoWorld
http://www.net-security.org/press.php?id=2444


Forum Systems Xwall Web Services Firewall Released On Borland
Jbuilder 2005 Companion CD
http://www.net-security.org/press.php?id=2443


Netilla Launches Secure Gateway Appliance Family of
Application-Specific SSL VPN Products
http://www.net-security.org/press.php?id=2442


Bigfix Announces Customer Deployment Momentum In Response To
Increased Network Vulnerabilities And Security Configuration
Challenges
http://www.net-security.org/press.php?id=2441


Cloudmark Anti-Spam Community Crests 1 Million Members; Ships SpamNet
3.0
http://www.net-security.org/press.php?id=2440


Mindreef SOAPscope 4.0 First to Connect Development, Testing and
Support
http://www.net-security.org/press.php?id=2439


Wick Hill Appointed By Check Point To Target Small Business Market
http://www.net-security.org/press.php?id=2438


Corsaire Identify Multiple Vulnerabilities In Core MIME Protocol
http://www.net-security.org/press.php?id=2437


Intrusion Detection with Open Source Tools O'Reilly Releases
"Managing Security with Snort and IDS Tools"
http://www.net-security.org/press.php?id=2436


Brightview, A Leading ISP In The UK Selects Vexira Antivirus To
Protect Over 350,000 Email Users From Viruses
http://www.net-security.org/press.php?id=2435


Sygate Introduces Next Phase Of Comprehensive Endpoint Security
Solution For Windows XP Embedded Devices
http://www.net-security.org/press.php?id=2434

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

How to safely download files from the Internet
http://www.net-security.org/virus_news.php?id=463


Chinese Government Report Reveals Computer Virus And Spam Crisis,
Sophos Comments
http://www.net-security.org/virus_news.php?id=462

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
Multi-Save Offer! Register three colleagues at this year’s RSA
Conference, Europe 3rd-5th November 2004, Barcelona and receive
a saving of €100 per registration.

If you haven’t already registered your place at the RSA
Conference, Europe – the most important information
security event of 2004 – time is running out.
----------------------------------------------------------------
Visit www.2004.rsaconference.com/europe to register on-line
today – you’ll find all the latest information and critical
highlights on the Conference.
----------------------------------------------------------------