HNS Newsletter
Issue 239 - 15.11.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.


----------------------------------------------------------------
INFOSECURITY CONFERENCE AND EXHIBITION
Information security solutions for your business
----------------------------------------------------------------
December 7-9 - Jacob K. Javits Convention Center - New York, NY
----------------------------------------------------------------
Join us to discover solutions that can protect your data
and your business:

*More than 55 educational sessions
*CISSP continuing professional education credits
*A full spectrum of security products, systems, solutions
*Information to create & implement more effective policies
*Networking with colleagues and experts in the field
*The latest issues shaping the future of information security

For more information visit:
http://www.net-security.org/go/infosecurity
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Webcasts
7) Conferences
8) Security World
9) Virus News


[ Security news ]


----------------------------------------------------------------

ALLEGED DDOS KINGPIN JOINS MOST WANTED LIST
The feds turn up the heat on a corporate executive who went on the
lam after being charged with paying hackers to take down the
competition.
http://www.net-security.org/news.php?id=6459


SOURCEFIRE - THE OPEN SOURCE ANSWER TO NETWORK SECURITY
In the past couple of years, technologies such as intrusion detection
and protection systems have become mainstream tools in the corporate
security arsenal. But many feel less than satisfied with the
performance of some of these technologies.
http://www.net-security.org/news.php?id=6460


PHISHERS ADOPT SCAM TRICKS FROM VIRUS WRITERS
You know all about phishing scams, right?
http://www.net-security.org/news.php?id=6461


ONLINE FRAUD TUTORIALS... FROM THE SECRET SERVICE?
U.S. law enforcement closed down the thriving criminal marketplace
Shadowcrew.com last week, but left its database of forbidden
knowledge open to the public.
http://www.net-security.org/news.php?id=6462


EXPERTS DEBUNK LINUX SECURITY CRITICISMS
Linux experts slam a report naming the OS as a favorite hacker
target, citing methodology flaws and "suspicious" conclusions.
http://www.net-security.org/news.php?id=6463


FINDING YOUR WEAKEST LINK
The Interceptors find public- and private-sector wireless
vulnerabilities.
http://www.net-security.org/news.php?id=6464


ENCRYPTION GETS PERSONAL
Identity-based encryption avoids the need for a public key
infrastructure.
http://www.net-security.org/news.php?id=6465


REPORT: A MISPLACED SENSE OF SECURITY?
Despite feeling safer now than a year ago, 20 percent of businesses
in a network security survey of 300 IT staffers in companies with
more than $30 million in annual revenues admitted to unauthorized
breaches into their company networks.
http://www.net-security.org/news.php?id=6466


DEMAND FOR IT SECURITY PROS GROWING FAST
Government regulations and dynamic threats driving need for qualified
staff.
http://www.net-security.org/news.php?id=6467


CZECH VIRUS WRITER JOINS ANTI-VIRUS FIRM
Benny, one-time member of the 29A virus writing group, has begun work
as the main developer of Zoner Anti-Virus (ZAV), according to an entry
on his home page.
http://www.net-security.org/news.php?id=6468


SECURITY STATS SOBERING AS CSI SHOW OPENS
Survey finds that 81 percent of companies say attacks on their
network are increasing.
http://www.net-security.org/news.php?id=6469


AN IT MANAGER'S INSIGHT INTO SECURING REMOVABLE MEDIA
Removable media devices are here to stay. Their ease of use and low
cost have made them ubiquitous in the work environment – but at what
price? In this article we look at the pros and cons of removable
media, and the steps IT managers can take to mitigate the security
risks associated with them.
http://www.net-security.org/news.php?id=6470


ENFORCEMENT, NOT FLAWLESSNESS, KEY TO SECURITY
Surviving a security audit requires good policies, procedures and
practices — and auditors look unfavorably on federal agencies with
policy and procedural deficiencies, a security compliance official
said today at a conference in Washington, D.C.
http://www.net-security.org/news.php?id=6471


BUILDING A LAMP SERVER W/ LDAP AUTHENTICATION
This tutorial is designed to guide you through the initial steps of
setting up an Apache, MySQL, and PHP server on Linux which will
utilize an external LDAP server for authenticating users.
http://www.net-security.org/news.php?id=6472


SECURITY BREACHED AGAIN AT US GIANTS
Two major US corporates have suffered apparent security breaches
embarrassingly similar to incidents earlier this year.
http://www.net-security.org/news.php?id=6473


BOOM TIMES AHEAD FOR IT SECURITY PROFESSION
Boom times are ahead for security pros. The information security
workforce will expand by an estimated 13.7 per cent annually to reach
2.1m workers by 2008. Approximately 680,000 of this expanded workforce
will work in Europe.
http://www.net-security.org/news.php?id=6475


NOKIA BEEFS UP SSL VPN
New Secure Connector feature gives remote users secure network-level
access, including access to business applications, data, and network
services.
http://www.net-security.org/news.php?id=6476


SECURITY COMPANY DEFENDS LINUX-IS-VULNERABLE SURVEY
A UK security company has published an open letter following a furore
in the Linux camp after a study claimed that nearly two thirds of
successful Internet-based attacks occurred on the open source
operating system.
http://www.net-security.org/news.php?id=6477


SECURITY GROUP SETS BASELINE STANDARD FOR FIREWALLS
Four security software rivals are have teamed up to set a baseline
standard for application security firewalls, challenging others in
the industry to join them.
http://www.net-security.org/news.php?id=6478


FIRMS WARN OF NEW MYDOOM WORM
Anti-virus software maker McAfee Inc. is warning about a new version
of the Mydoom worm that infects computers of people who click on a
link in e-mail they receive.
http://www.net-security.org/news.php?id=6479


BOFRA WORM SETS TRAP FOR UNWARY
A new family of worms which uses an unpatched vulnerability in
Internet Explorer is spreading widely across the net.
http://www.net-security.org/news.php?id=6480


SPAMMERS TAKE AIM AT CHRISTMAS
Study reveals junk mail tactics becoming ever more sophisticated.
http://www.net-security.org/news.php?id=6481


ADMIRAL CALLS FOR IMPROVED PROTECTION FOR CLASSIFIED DATA
Defense Department officials need a better way to compartmentalize
classified information as part of an information assurance program
that also embodies information sharing, the deputy commander of the
U.S. Pacific Command said.
http://www.net-security.org/news.php?id=6482


CRYPTOGRAPHY RESEARCH EXPANDS INTO EUROPE
Recognizing the strategic significance of Europe in driving the
deployment of smart cards, Cryptography Research announced it has set
up operations in the UK to provide enhanced support for European
licensees of its recently launched DPA Countermeasures Licensing
Program.
http://www.net-security.org/news.php?id=6483


JUNIPER LOOKS TOWARD FUTURE, EYES INTEGRATED SECURITY
Fresh off record third-quarter growth, Juniper Networks outlined its
strategy for the next 12 months, including plans to move to
integrated security and to secure the Infranet, a profitable public
IP network.
http://www.net-security.org/news.php?id=6484


DHS PLOTS SECURITY DATABASE
The Homeland Security Department is developing a single security
clearance database that will include state, local and private-sector
officials who will be authorized to gain access to a secure facility
or classified information.
http://www.net-security.org/news.php?id=6485


TROJAN HORSE TARGETS MOBILE PHONES
A new Trojan horse sends unauthorized spam to mobile phones via SMS.
Called Troj/Delf-HA by security firm Sophos, the malware has only
infected a few users of a Russian wireless network, but Sophos warns
that similar attacks may occur elsewhere.
http://www.net-security.org/news.php?id=6486


MICROSOFT FLAW LEAVES PCS OPEN TO PHISHING
ISA Server 2000 and Proxy Server 2.0 affected by internet spoofing
scam.
http://www.net-security.org/news.php?id=6487


PROTECT YOUR ORGANIZATION'S SITES WITH A LEAK-PROOF SECURITY POLICY
Every organization requires some type of a network site security
policy that will protect the organization's valuable assets --
everything from systems to data.
http://www.net-security.org/news.php?id=6488


ANTIVIRUS SUBSCRIPTION PRICES CLIMB
Troublesome Trojan horses, virulent worms, nasty viruses--sometimes
it may seem like the Internet exists just to let the bad guys attack
your PC.
http://www.net-security.org/news.php?id=6489


CYBER CRIME TOOLS COULD SERVE TERRORISTS: FBI
The hacking and identity theft tools now earning big money for mainly
eastern European organised crime could be used by terrorists to attack
the US, an FBI official claims.
http://www.net-security.org/news.php?id=6490


BANKS PREPARE FOR ATM CYBER CRIME
An international group of law enforcement and financial industry
associations hopes to prevent a new type of bank robbery before it
gets off the ground: cyber attacks against automated teller machines.
http://www.net-security.org/news.php?id=6491


I.T. SECURITY WORKFORCE TO NEARLY DOUBLE BY 2008
The key to a successful security strategy is involvement. It appears
the enterprises that remain free of viruses, break-ins and thefts
will be those that refrain from throwing money or software at
problems, and instead bring people in to respond to the shifting
sands of I.T. hazards.
http://www.net-security.org/news.php?id=6492


SECURITY BASICS - BEATING HACKERS, PIRATES AND THIEVES
Internet pirates are looting bank accounts, stealing medical research
and business secrets and taking over computers for malicious uses.
Luckily, there are a few ways to thwart these evil-doers, and we'll
offer a few in this article.
http://www.net-security.org/news.php?id=6493


IBM CANADA PUMPS CASH INTO SECURITY SERVICES
In an effort to establish a Canadian front on the international fight
to secure corporate IT infrastructure, IBM Canada announced a US$33.5
million investment over five years in its Canadian security practice
and the creation of a security operations center (SOC).
http://www.net-security.org/news.php?id=6494


MICROSOFT ISSUES ONLY ONE FIX IN MONTHLY SECURITY UPDATE
However, Internet Explorer vulnerability make force additional patch.
http://www.net-security.org/news.php?id=6495


TEN SP2 FLAWS LEAVE XP USERS OPEN TO HACKERS
Millions at risk from 'silent and remote' attacks, claims security
firm.
http://www.net-security.org/news.php?id=6496


DEFENDANT: MICROSOFT SOURCE CODE SALE WAS A SETUP
A 27-year-old Connecticut man facing felony economic espionage
charges for allegedly selling a copy of Microsoft's leaked source
code for $20 says he's being singled out only because the software
giant and law enforcement officials can't find the people who stole
the code in the first place.
http://www.net-security.org/news.php?id=6497


US, INDIA LAUNCH SECURITY PARTNERSHIP
The United States and India agreed in talks to launch a new phase in
cyber security co-operation, including scientific exchanges,
officials said.
http://www.net-security.org/news.php?id=6498


WINDOWS SERVER 'R2' DETAILS BEGIN TO LEAK
'R2' still has yet to go to beta, but Microsoft is well on its way to
finalizing the product due to ship in the latter half of 2005,
according to sources.
http://www.net-security.org/news.php?id=6499


NEW MYDOOM ATTACKS MAY SIGNAL 'ZERO DAY'
Latest version of worm occurs just as PC vulnerability is discovered.
http://www.net-security.org/news.php?id=6500


RESEARCHER ISSUES OWN PATCH FOR IE FLAW
A German researcher has released an unofficial patch to fix the
FRAME/IFRAME vulnerability in Internet Explorer, exploits for which
were released on public mailing lists last week.
http://www.net-security.org/news.php?id=6501


HOW TO CLEAN A COMPUTER VIRUS FROM YOUR PC
There's no shortage on advice of how to avoid catching a computer
virus. But when it comes to advice about disinfecting contaminated
PCs advice is thin on the ground.
http://www.net-security.org/news.php?id=6502


RED HAT TARGETS SECURITY WITH FEDORA CORE 3
Red Hat Inc's Fedora Project community has introduced version 3 of
the Fedora Core Linux operating system, including changes to the
SELinux policy that enables users to target the most vulnerable
programs.
http://www.net-security.org/news.php?id=6503


E-MAIL AUTHENTICATION WILL NOT END SPAM
For consumers and businesses increasingly shaken by the growing
onslaught of unwanted e-mail and the computer viruses and other
nefarious hacking spam can bring, any hope for quick relief was
soundly dashed yesterday during a government-hosted gathering of
technology experts.
http://www.net-security.org/news.php?id=6504


HACKERS SHARPENING THEIR BYTE
It's not just computers and IT systems that are getting faster by the
nanosecond, says a leading information security expert.
http://www.net-security.org/news.php?id=6505

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

HP PSC 2510 Printer Anonymous Access FTP Daemon Vulnerability
http://www.net-security.org/vuln.php?id=3818


04WebServer 1.42 Multiple  Vulnerabilities
http://www.net-security.org/vuln.php?id=3817


Hotfoon Ver 4.0 Automatic URL Opening Vulnerability
http://www.net-security.org/vuln.php?id=3816


BNC 2.8.9 Remote Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3815


WebCalendar Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3814


Kerio Personal Firewall Multiple IP Options Denial of Service
Vulnerability
http://www.net-security.org/vuln.php?id=3813


Samba SMBD Remote Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3812


Icewarp Web Mail 5.2.8  Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3811


Java Runtime Environment DNS Lookup Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3810


Symantec LiveUpdate "ZIP Bombing" Denial of Service
Vulnerability
http://www.net-security.org/vuln.php?id=3809


602 Lan Suite 2004.0.04.0909 Resources Consumption Vulnerability
http://www.net-security.org/vuln.php?id=3808


Microsoft Internet Explorer Local File Existence Discovery
Vulnerability
http://www.net-security.org/vuln.php?id=3807

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

US-CERT Technical Cyber Security Alert - Cisco IOS Input Queue
Vulnerability (TA04-316A)
http://www.net-security.org/advisory.php?id=4038


Debian Security Advisory - ez-ipupdate (DSA 592-1)
http://www.net-security.org/advisory.php?id=4037


Ubuntu Security Notice - apache2 vulnerability (USN-23-1)
http://www.net-security.org/advisory.php?id=4036


Ubuntu Security Notice - openssl script vulnerability (USN-24-1)
http://www.net-security.org/advisory.php?id=4035


Gentoo Linux Security Advisory - Davfs2, lvm-user: Insecure tempfile
handling (GLSA 200411-22)
http://www.net-security.org/advisory.php?id=4034


Gentoo Linux Security Advisory - Samba: Remote Denial of Service
(GLSA 200411-21)
http://www.net-security.org/advisory.php?id=4033


Cisco Security Advisory - Crafted Timed Attack Evades Cisco Security
Agent Protections (Revision 1.0 FINAL)
http://www.net-security.org/advisory.php?id=4032


Conectiva Linux Security Announcement - sasl2 (CLA-2004:889)
http://www.net-security.org/advisory.php?id=4031


Gentoo Linux Security Advisory - ez-ipupdate: Format string
vulnerability (GLSA 200411-20)
http://www.net-security.org/advisory.php?id=4030


SquirrelMail Security Notice - Cross Site Scripting in encoded text
http://www.net-security.org/advisory.php?id=4029


Mandrakelinux Security Update Advisory - samba (MDKSA-2004:131)
http://www.net-security.org/advisory.php?id=4028


Mandrakelinux Security Update Advisory - speedtouch (MDKSA-2004:130)
http://www.net-security.org/advisory.php?id=4027


Mandrakelinux Security Update Advisory - ez-ipupdate (MDKSA-2004:129)
http://www.net-security.org/advisory.php?id=4026


Mandrakelinux Security Update Advisory - webmin (MDKA-2004:042)
http://www.net-security.org/advisory.php?id=4025


Gentoo Linux Security Advisory - Pavuk: Multiple buffer overflows
(GLSA 200411-19)
http://www.net-security.org/advisory.php?id=4024


US-CERT Technical Cyber Security Alert - Buffer Overflow in Microsoft
Internet Explorer (TA04-315A)
http://www.net-security.org/advisory.php?id=4023


Gentoo Linux Security Advisory - Apache 2.0: Denial of Service by
memory consumption (GLSA 200411-18)
http://www.net-security.org/advisory.php?id=4022


Cisco Security Advisory - Cisco IOS DHCP Blocked Interface
Denial-of-Service (Revision 1.0)
http://www.net-security.org/advisory.php?id=4021


Ubuntu Security Notice - samba vulnerability (USN-22-1)
http://www.net-security.org/advisory.php?id=4020


Ubuntu Security Notice - libgd vulnerabilities (USN-21-1)
http://www.net-security.org/advisory.php?id=4019


Microsoft Security Bulletin - Summary for November 2004 (1.0)
http://www.net-security.org/advisory.php?id=4018


Gentoo Linux Security Advisory - GLSA 200411-17 (200411-17)
http://www.net-security.org/advisory.php?id=4017


Gentoo Linux Security Advisory - zip: Path name buffer overflow
(200411-16)
http://www.net-security.org/advisory.php?id=4016


Debian Security Advisory - libgd2 (DSA 591-1)
http://www.net-security.org/advisory.php?id=4015


Debian Security Advisory - gnats (DSA 590-1)
http://www.net-security.org/advisory.php?id=4014


Debian Security Advisory - libgd (DSA 589-1)
http://www.net-security.org/advisory.php?id=4013


Ubuntu Security Notice - ruby1.8 vulnerability (USN-20-1)
http://www.net-security.org/advisory.php?id=4012


Mandrakelinux Security Update Advisory - ruby (MDKSA-2004:128)
http://www.net-security.org/advisory.php?id=4011


Debian Security Advisory - gzip (DSA 588-1)
http://www.net-security.org/advisory.php?id=4010


Trustix Secure Linux Security Advisory - php, postfix, kernel,
sqlgrey, sqlite (2004-0057)
http://www.net-security.org/advisory.php?id=4009


Conectiva Linux Security Announcement - CLA-2004:888 (libtiff3)
http://www.net-security.org/advisory.php?id=4008


Conectiva Linux Security Announcement - rsync (CLA-2004:887)
http://www.net-security.org/advisory.php?id=4007


Conectiva Linux Security Announcement - xpdf (CLA-2004:886)
http://www.net-security.org/advisory.php?id=4006


Debian Security Advisory - freeamp (DSA 587-1)
http://www.net-security.org/advisory.php?id=4005


Gentoo Linux Security Advisory - OpenSSL, Groff: Insecure tempfile
handling (GLSA 200411-15)
http://www.net-security.org/advisory.php?id=4004


Debian Security Advisory - ruby (DSA 586-1)
http://www.net-security.org/advisory.php?id=4003


Gentoo Linux Security Advisory - Kaffeine, gxine: Remotely
exploitable buffer overflow (GLSA 200411-14:01)
http://www.net-security.org/advisory.php?id=4002


Gentoo Linux Security Advisory - Portage, Gentoolkit: Temporary file
vulnerabilities (GLSA 200411-13:01)
http://www.net-security.org/advisory.php?id=4001


Gentoo Linux Security Advisory - zgv: Multiple buffer overflows (GLSA
200411-12:01)
http://www.net-security.org/advisory.php?id=4000


Ubuntu Security Notice - squid vulnerabilities (USN-19-1)
http://www.net-security.org/advisory.php?id=3999


Gentoo Linux Security Advisory - ImageMagick: EXIF buffer overflow
(GLSA 200411-11:01)
http://www.net-security.org/advisory.php?id=3998


Gentoo Linux Security Advisory - Gallery: Cross-site scripting
vulnerability (GLSA 200411-10:01)
http://www.net-security.org/advisory.php?id=3997


Gentoo Linux Security Advisory - GPdf, KPDF, KOffice: Vulnerabilities
in included xpdf (GLSA 200410-30:02)
http://www.net-security.org/advisory.php?id=3996


Gentoo Linux Security Advisory - Xpdf, CUPS: Multiple integer
overflows (GLSA 200410-20:02)
http://www.net-security.org/advisory.php?id=3995


SGI Security Advisory - SGI Advanced Linux Environment 3 Security
Update #17 (20041102-01-U)
http://www.net-security.org/advisory.php?id=3994


Ubuntu Security Notice - zip vulnerability (USN-18-1)
http://www.net-security.org/advisory.php?id=3993


Trustix Secure Linux Security Advisory - apache (2004-0056)
http://www.net-security.org/advisory.php?id=3992


Debian Security Advisory - shadow (DSA 585-1)
http://www.net-security.org/advisory.php?id=3991


Fedora Legacy Update Advisory - Updated foomatic package fixes
security vulnerability (FLSA:2076)
http://www.net-security.org/advisory.php?id=3990

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

AN IT MANAGER'S INSIGHT INTO SECURING REMOVABLE MEDIA
Removable media devices are here to stay. Their ease of use and low
cost have made them ubiquitous in the work environment – but at what
price? In this article we look at the pros and cons of removable
media, and the steps IT managers can take to mitigate the security
risks associated with them.
http://www.net-security.org/article.php?id=743


NOT A PATCH ON THE NEW BREED OF CYBER-CRIMINAL
Whatever the reason for a malicious cyber-attack, whether it be for
financial gain, espionage or just for the sheer hell of it, companies
must protect against unwarranted incursion into their system.
http://www.net-security.org/article.php?id=742

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3


----------------------------------------------------------------

AIRSCANNER MOBILE FIREWALL 1.0 (Pocket PC)
Airscanner Mobile Firewall is a full-strength, fully configurable,
NDIS packet-filtering TCP/IP firewall.
http://www.net-security.org/software.php?id=573


BASTILLE LINUX 2.1.6 (Linux)
The Bastille Hardening System attempts to "harden" or "tighten" the
Linux operating system.
http://www.net-security.org/software.php?id=217


CHKROOTKIT 0.43 (Linux)
Chkrootkit is a tool to locally check for signs of a rootkit.
http://www.net-security.org/software.php?id=210


GNUPG 1.2.6 (Linux)
GnuPG stands for GNU Privacy Guard and is GNU's tool for secure
communication and data storage.
http://www.net-security.org/software.php?id=295


MAIL SNOOP PRO 1.10 Build 46 (Windows)
Mail Snoop is an anti-spam filter system and email checker.
http://www.net-security.org/software.php?id=92


OUTPOST FIREWALL PRO 2.5.370.370 (Windows)
This is a comprehensive solution for online protection.
http://www.net-security.org/software.php?id=276


SAMHAIN 2.0.2a (Linux)
Samhain is an open source file integrity and host-based intrusion
detection system.
http://www.net-security.org/software.php?id=125


SHOREWALL 2.2.0 Beta 3 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


WINFINGERPRINT 0.5.13 (Windows)
Winfingerprint is a Win32 MFC VC++ .NET based security tool that is
able to Determine OS, enumerate users, groups, shares, and more.
http://www.net-security.org/software.php?id=103


YASSL 0.5.0 (Linux)
yaSSL is an SSL Library for programmers building security
functionality into their applications and devices.
http://www.net-security.org/software.php?id=521

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at:
http://net-security.org/webcasts.php


----------------------------------------------------------------

Next Generation Wireless LAN Risks & Defenses
Organized by AirDefense on 16 November 2004, 2:00 PM
http://www.net-security.org/webcast.php?id=341


All anti-virus software is not created equal
Organized by Sophos on 17 November 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=286


Are You Secure - Can you Know?
Organized by Core Security on 17 November 2004, 1:00 PM
http://www.net-security.org/webcast.php?id=342


Federated Identity in the Real World: How To Gain Competitive
Advantage Now with this Powerful New Technology
Organized by RSA Security on 18 November 2004, 11:00 AM
http://www.net-security.org/webcast.php?id=343


Trust, but Verify: How to Manage Risk in Outsourced Applications
Organized by Foundstone on 18 November 2004, 4:00 PM
http://www.net-security.org/webcast.php?id=334


Consolidated email protection: An introduction to PureMessage
Organized by Sophos on 8 December 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=282


All anti-virus software is not created equal
Organized by Sophos on 15 December 2004, 10:00 AM
http://www.net-security.org/webcast.php?id=285

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

IBM SecureWorld Conference EMEA 2004
Organized by IBM - 23 November-26 November 2004
http://www.net-security.org/conference.php?id=91


The European Cyber Security in the Financial Services Sector
Executive Summit 2004
Organized by Information Management Network - 30 November-1 December
2004
http://www.net-security.org/conference.php?id=100


Infosecurity New York 2004
Organized by Reed Exhibitions - 7 December-9 December 2004
http://www.net-security.org/conference.php?id=102


Middle East IT Security Conference 2004
Organized by MEITSEC - 12 December-14 December 2004
http://www.net-security.org/conference.php?id=97


ECCE E-crime and Computer Evidence 2005
Organized by n-gate ltd. - 29 March-30 March 2005
http://www.net-security.org/conference.php?id=94

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Senforce Announces Participation in The Cisco Network Admission
Control Program
http://www.net-security.org/press.php?id=2662


Outpost Firewall Pro: More Protection in a New Version
http://www.net-security.org/press.php?id=2661


FrontBridge Expands EMEA VAR Channel for Enterprise Message Security
Services with Infratects Partnership
http://www.net-security.org/press.php?id=2660


MessageLabs Recognised as a Leader in Secure Content Management
Services & Anti-Virus Services by Prominent IT Market Research Firm
http://www.net-security.org/press.php?id=2659


CipherTrust Study Reveals 75 Percent Increase In Sender ID Framework
Adoption In Last Three Months
http://www.net-security.org/press.php?id=2658


Healthbridge Implements SSL VPN Remote Access Security Solution From
Juniper Networks
http://www.net-security.org/press.php?id=2657


European Storage Vendor Bridgeworks Signs Anacomp To Deliver European
Service And Support For Its Data Transfer Products
http://www.net-security.org/press.php?id=2656


Intellireach Secures $7 Million In Series A Venture Funding
http://www.net-security.org/press.php?id=2655


Vircom and ISP*D Sign Distribution Agreement
http://www.net-security.org/press.php?id=2654


Fortinet Unveils Large-Scale Security Management Solution
http://www.net-security.org/press.php?id=2653


Anonymizer Launches New Enterprise Division and Products
http://www.net-security.org/press.php?id=2652


Senforce Joins Trusted Computing Group to Advance Open Information
Security Standards
http://www.net-security.org/press.php?id=2651


Syngress Publishing Announces Publication of  "Programmer's Ultimate
Security DeskRef"
http://www.net-security.org/press.php?id=2650


Competing Security Vendors Join Forces and Create Industry Initiative
to Make the Web Safer
http://www.net-security.org/press.php?id=2649


SafeNet, Inc. Announces Completion of Tender Offer for Datakey, Inc.
http://www.net-security.org/press.php?id=2648


Cyberguard's Webwasher Fills Gap In Internet Explorer Hole
http://www.net-security.org/press.php?id=2647


Top Layer Networks Announces Breakthrough Adaptive Threat Management
Solution with OpenService
http://www.net-security.org/press.php?id=2646


Bigfix Unveils Unified Security, Configuration And Management
Solution
http://www.net-security.org/press.php?id=2645


Enhanced F-Secure SSH For UNIX 5.0 Released
http://www.net-security.org/press.php?id=2644


CREDANT Technologies Secures $16 Million Series B Funding Led by
Crescendo Ventures with Strategic Investment by Cisco Systems
http://www.net-security.org/press.php?id=2643


Dekart Private Disk Light Version 1.22 - Faster And Even More
Reliable Now
http://www.net-security.org/press.php?id=2642


Check Point Raises The Bar For Endpoint Security
http://www.net-security.org/press.php?id=2641


Visionael Adds Industry's Most Powerful Portal Customization and
Reporting Automation to Vulnerability Management Solution
http://www.net-security.org/press.php?id=2640


LURHQ Debuts Threat Management Dashboard At 31st Annual Computer
Security Institute Conference
http://www.net-security.org/press.php?id=2639


Customers Worldwide Transform Online Collaboration Business Practices
With Juniper Networks’ Secure Meeting Solution
http://www.net-security.org/press.php?id=2638


Cyber-Ark Central Password Manager Secures And Simplifies Day-To-Day
Management  Of Administrative Passwords
http://www.net-security.org/press.php?id=2637


Email Scammer Who Stole More Than £2 Million Sent To Jail,
Reports Sophos
http://www.net-security.org/press.php?id=2636


Bitdefender Is First European AV To Offer Korean Version
http://www.net-security.org/press.php?id=2635


French Service Provider Numericable Offers Subscription-Based
Antivirus And  Firewall Services In Cooperation With F-Secure
http://www.net-security.org/press.php?id=2634


Museum Of London Selects Policy Patrol For Anti-Spam And Signatures
http://www.net-security.org/press.php?id=2633


Kaspersky Anti-Virus for Windows Workstations 'Designed for Windows
XP', Optimized For Intel Centrino Technology For Mobile Users
http://www.net-security.org/press.php?id=2632

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly Virus Report - IFRAME.BoF Exploit, Mydoom.AE, Mydoom.AF and
Gavir.A Worms
http://www.net-security.org/virus_news.php?id=482


Bored Computer Virus Offers To Play A Musical Tune
http://www.net-security.org/virus_news.php?id=481


Trojan Horse Sends Mobile Phone Spam
http://www.net-security.org/virus_news.php?id=480


Bin Laden Video Email Is Really A Virus
http://www.net-security.org/virus_news.php?id=479

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
INFOSECURITY CONFERENCE AND EXHIBITION
Information security solutions for your business
----------------------------------------------------------------
December 7-9 - Jacob K. Javits Convention Center - New York, NY
----------------------------------------------------------------
Join us to discover solutions that can protect your data
and your business:

*More than 55 educational sessions
*CISSP continuing professional education credits
*A full spectrum of security products, systems, solutions
*Information to create & implement more effective policies
*Networking with colleagues and experts in the field
*The latest issues shaping the future of information security

For more information visit:
http://www.net-security.org/go/infosecurity
----------------------------------------------------------------