HNS Newsletter Issue 240 - 22.11.2004. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. ---------------------------------------------------------------- INFOSECURITY CONFERENCE AND EXHIBITION Early-bird pricing extended through December 3rd ---------------------------------------------------------------- December 7-9 - Jacob K. Javits Convention Center - New York, NY ---------------------------------------------------------------- Top Five Reasons to Attend Infosecurity New York: - Outstanding FREE Keynote Presentations by Rudy Giuliani, former Mayor of New York City and William Pelgrin, Director of the NYS Office of Cyber Security & Critical Infrastructure. - Expanded conference agenda including seven conference tracks with over 50 sessions, and two pre-conference workshops. - Over 120 exhibitors comprising of the industry's top suppliers from across the country. - Earn up to 10 CISSP/SSCP Continuing Professional Education Credits. - Extraordinary opportunity to increase your professional network and interact with other professionals that share your security goals, issues and challenges. For more information visit: http://www.net-security.org/go/infosecurity ---------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Software 6) Webcasts 7) Conferences 8) Security World 9) Virus News [ Security news ] ---------------------------------------------------------------- IT MANAGERS HAVE FALSE SENSE OF SECURITY Corporate IT managers are a bit bi-polar when it comes to network security, said a survey released this week at the Computer Security Institute's annual conference in Washington, D.C. http://www.net-security.org/news.php?id=6506 SECURITY PROS BEMOAN NEED FOR TACTICAL FOCUS Operational and tactical considerations continue to dominate the IT security agenda, despite a growing need for more strategic approaches to data protection, said attendees at the Computer Security Institute's annual conference here this week. http://www.net-security.org/news.php?id=6507 NEXT-GEN NETWORKS NEED NEXT-GEN SECURITY Hot new networking technologies like VoIP, WLANs, and Voice over WLAN are just as vulnerable as older network technologies. What are networking vendors doing to secure them? http://www.net-security.org/news.php?id=6508 ADOBE IMPROVES COLLABORATION AND SECURITY FEATURES IN ACROBAT 7 Adobe has improved security, collaboration and integration with enterprise software in the new version of the Acrobat document viewer. http://www.net-security.org/news.php?id=6509 AN ENCRYPTED FILE SYSTEM ON A USB THUMBDRIVE In this article, I will explain how to set up FreeBSD to use a USB thumbdrive, how to configure and use the Cryptographic File System (CFS), and then for the FreeBSD 5.X users, how to use the brand new Geom Based Disk Encryption system (gbde). http://www.net-security.org/news.php?id=6510 THE VALUE OF BAD NEWS - VULNERABILITIES NOTIFICATION Federal managers rely on scanners to discover and reduce security risks. http://www.net-security.org/news.php?id=6511 TRIAL SHOWS HOW SPAMMERS OPERATE As one of the world's most prolific spammers, Jeremy Jaynes pumped out at least 10 million e-mails a day with the help of 16 high-speed lines, the kind of Internet capacity a 1,000-employee company would need. http://www.net-security.org/news.php?id=6512 US PLANS WIRELESS NETWORK FOR FUTURE WARS The Pentagon, which invented the precursor to the Internet 40 years ago, has laid the first connections for a secure, wireless Information network that proponents say will fundamentally transform warfare, The New York Times has reported. http://www.net-security.org/news.php?id=6513 TRIO HARMONISES ON SECURITY With the slogan, "Security is everybody's business", Microsoft, Cisco and Dimension Data have just ended a nationwide roadshow, spruiking their message: "we can't do it alone", to corporations. http://www.net-security.org/news.php?id=6514 RFID'S SECURITY CHALLENGE No one has complained of a security breach related to an RFID deployment - yet. http://www.net-security.org/news.php?id=6517 AMD READIES SECURITY, VIRTUALIZATION FEATURES FOR 2006 Advanced Micro Devices plans to build security and virtualization features into its server processors by 2006, the company said Friday during its annual analyst event. http://www.net-security.org/news.php?id=6518 BANKS FACE PRESSURE TO TAKE ACTION AGAINST IDENTITY THEFT Are they moving fast enough to beat the hackers and phishers? http://www.net-security.org/news.php?id=6519 SECURITY SHOWDOWN Four vendors of application-security products have created an alliance to challenge five large security and networking vendors. http://www.net-security.org/news.php?id=6520 THE BEGINNING OF THE CRYPTO ERA In a move that was totally expected, if a little early, Yahoo has announced that it will put its money where its mouth is and start checking Yahoo Mail with its DomainKeys system. http://www.net-security.org/news.php?id=6521 MULTI-LAYERED SECURITY IS VITAL TO STOP NEW WAVE OF ATTACKS Traditional reactionary anti-virus measures are no longer adequate for business. http://www.net-security.org/news.php?id=6522 ARUBA TO BRING WLAN-LEVEL SECURITY TO LANS Wireless switch specialist Aruba will next year bring to wired networks the same tight security it provides for WLANs in a bid to provide better protection from inside-the-firewall attacks. http://www.net-security.org/news.php?id=6523 HACKERS STRIKE AT 'SOFT TARGET' SMALL FIRMS Financial Services Authority warns SMEs to tighten security. http://www.net-security.org/news.php?id=6524 HOW TO PROTECT YOUR PROJECT FROM UNWARRANTED IP ATTACKS This story examines a specific and well-documented situation in which unfounded accusations were leveled against a free software project, describe the tactics used by such assailants, and explain how to successfully deflect these attacks and diffuse the situation. http://www.net-security.org/news.php?id=6525 CISCO STEPS UP SECURITY PROGRAMMES Cisco has unveiled two new channel programmes to recognise and reward partners championing the networking giant’s thrust into the IT security arena. http://www.net-security.org/news.php?id=6526 MICROSOFT TALKS SECURITY, TRUSTWORTHY COMPUTING Scott Charney offers big-picture look at the company's efforts. http://www.net-security.org/news.php?id=6527 BUSINESS GETS THE WIRELESS MESSAGE But not the security one... http://www.net-security.org/news.php?id=6528 VERISIGN: BETTER HACKERS BEHIND ATTACK BOOM Security events in the third quarter jumped 150 percent over the same period last year. http://www.net-security.org/news.php?id=6529 IN AN ADMIN'S PERFECT WORLD Here's a top ten things that would exist or happen in the perfect world of the admin. http://www.net-security.org/news.php?id=6530 DARWINISM MEETS THE VIRUS AND WORM Viruses are largely a threat that is contained if one has an anti-virus solution. This begs the question of what then is the next big threat in terms of malware code? The answer to that would be the new, and more lethal worms such as Slammer for one. What would happen though if someone with coding talent were to harness the chaotic world of the worm? http://www.net-security.org/news.php?id=6531 THE WORST CASE SCENARIO The fine print in an insurance policy becomes an issue when a bizarre chain of IT disasters leaves a company without a single copy of the source code to its flagship product. http://www.net-security.org/news.php?id=6532 SECURITY TOOLS - GUIDEDOG AND GUARDDOG This article discusses two tools: Guidedog and Guarddog. Guidedog is a GUI tool that can be used to set up packet routing/forwarding and IP masquerade (NAT) and port forwarding on a Linux host with iptables. Guarddog is a GUI tool designed to help set up a firewall using iptables and is a great tool to use in conjunction with Guidedog. http://www.net-security.org/news.php?id=6533 PACKAGING SSH FOR YOUR NEEDS This Tech Tip is designed to help you create a widely usable package for SSH. http://www.net-security.org/news.php?id=6534 AN OVERVIEW OF ANTISPYWARE TOOLS Some antispyware companies use confusing ads, and our tests show their $20-$60 products are less effective than free competitors. http://www.net-security.org/news.php?id=6535 WLAN PROTECTION EFFORTS WILL INCREASE ADOPTION Over 50% of organisations will have WLAN deployments by 2006. http://www.net-security.org/news.php?id=6536 US COMPANY FINED FOR UK ROGUE DIALLER SCAM A company based in New York has been fined £100,000 ($185,500) for ripping off UK punters with a premium rate number scam. http://www.net-security.org/news.php?id=6537 WINDOWS MOBILE POCKET PC SECURITY Seth Fogie, VP of Dallas-based Airscanner Corporation presents the latest in our series of security audio sessions. Mr. Fogie, an expert in the field of mobile computing security, discusses all the major security issues that are affecting Windows Mobile Pocket PC devices. http://www.net-security.org/news.php?id=6538 NEW AOL SOFTWARE GIVES ADDED SECURITY America Online's new 9.0 Security Edition promises to bring you enhanced spam control, instant spyware identification, and even a keychain than locks your AOL account. http://www.net-security.org/news.php?id=6539 INFRANET INITIATIVE FOR SECURE PUBLIC NETWORKS Juniper Networks has initiated a collaborative industry-wide effort to develop a universal, public, packet-switched network based on IP and MPLS but powerful enough to support all communications applications, securely and reliably anywhere, anytime. http://www.net-security.org/news.php?id=6540 MICROSOFT IRKED WITH SECURITY FIRM'S IE ALERT Security firm Secunia posted a new advisory today warning users about a pair of vulnerabilities in a fully patched version of Microsoft's Windows XP running SP2. http://www.net-security.org/news.php?id=6541 PETCO SETTLES WITH FTC OVER CYBER SECURITY GAFFE It's the fifth time regulators have taken action against a company for failing to protect consumer data -- and the second time the same California coder blew the whistle. http://www.net-security.org/news.php?id=6542 XML COMPLEXITY INTRODUCES SECURITY RISKS XML security isn't all about shady crackers, malicious code and computer crime for profit -- not yet anyway. http://www.net-security.org/news.php?id=6543 THE DUAL FIREWALL APPROACH Firewalls must inspect at the application layer to address today's threat. http://www.net-security.org/news.php?id=6544 STRONG NETWORK SECURITY SALES DRIVEN BY FEAR Appliances, routers and switches with integrated security selling well. http://www.net-security.org/news.php?id=6545 LIGHTWEIGHT RFID FRAMEWORK For those who can't afford or don't need a full implementation of a Radio Frequency Identification (RFID) system, author Chen Junwei provides an overview of a lightweight version that is separate from existing IT and can enhance inventory and access control at relatively low cost and easy maintenance. http://www.net-security.org/news.php?id=6546 AUTHENTICATION TOOLS TACKLE IDENTITY THEFT Daniel Thomas talks to RSA Security's chief executive about guarding against security threats. http://www.net-security.org/news.php?id=6547 NEW SECURITY STANDARDS TO STRENGTHEN SCADA Industrial control systems seen as vulnerable to Internet threats. http://www.net-security.org/news.php?id=6548 ORACLE MOVES TO QUARTERLY SECURITY-PATCH CYCLE Oracle's new quarterly security-patch schedule departs from its monthly schedule, which Microsoft also uses. http://www.net-security.org/news.php?id=6549 MANAGED SECURITY A managed security services provider (MSSP) can help shoulder the burden of monitoring and managing perimeter security. Here, one MSSP shares its experiences in protecting its clients' front lines. http://www.net-security.org/news.php?id=6550 DETECTING ROOTKITS AND KERNEL-LEVEL COMPROMISES IN LINUX This article outlines useful ways of detecting hidden modifications to a Linux kernel. Often known as rootkits, these stealthy types of malware are installed in the kernel and require special techniques by Incident handlers and Linux system administrators to be detected. http://www.net-security.org/news.php?id=6551 SECURITY MUST BE KEY PART OF OUTSOURCING Third-party suppliers must not be forgotten when it comes to IT security. http://www.net-security.org/news.php?id=6552 LASHINGS OF SEASONAL SPAM Many users may find their inboxes uncomfortably full come Christmas day. http://www.net-security.org/news.php?id=6553 END OF NT 4 SUPPORT GOOD NEWS FOR HACKERS Migration nightmare ahead as software giant axes support. http://www.net-security.org/news.php?id=6554 COMPLACENT UK CORPORATES 'EASY MEAT' FOR CROOKS British businesses are too complacent over IT security and risk becoming easy targets for fraudsters and other would-be cyber criminals, the British Computer Society warns. http://www.net-security.org/news.php?id=6555 SECURITY TRAINING NEEDS COMPLETE OVERHAUL Qualifications 'no indication of true knowledge', claims Doctor of Intrusion Detection and Prevention. http://www.net-security.org/news.php?id=6556 CONFIGURING TREND MICRO CSM FOR SSL WITH ISA SERVER 2000 This article alerts you to some of the pitfalls, point you to some great community resources, and show how to configure ISA to allow SSL communications on the 4343 port for CSM. http://www.net-security.org/news.php?id=6557 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- DMS POP3 Server for Windows 2000/XP 1.5.3 Buffer Overlow Vulnerability http://www.net-security.org/vuln.php?id=3831 Invision Power Board 2.x SQL Injection Vulnerability http://www.net-security.org/vuln.php?id=3830 phpBB2 Cash_Mod Module PHP Code Injection Vulnerability http://www.net-security.org/vuln.php?id=3829 Linux 2.x smbfs Multiple Remote Vulnerabilities http://www.net-security.org/vuln.php?id=3828 PhpNuke Event Calendar Module Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3827 Samba 3.x QFILEPATHINFO Unicode Filename Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3826 Fcron Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3825 Army Men RTS Format String Vulnerability http://www.net-security.org/vuln.php?id=3824 TWiki 20030201 Search Function Arbitrary Shell Command Execution Vulnerability http://www.net-security.org/vuln.php?id=3823 Secure Network Messenger 1.4.2 Denial of Service Vulnerability http://www.net-security.org/vuln.php?id=3822 phpWebSite 0.9.3-4 HTTP Response Splitting Vulnerability http://www.net-security.org/vuln.php?id=3821 TheFaceBook Multiple Cross Site Scripting Vulnerabilities http://www.net-security.org/vuln.php?id=3820 vBulletin Forum last10.php SQL Injection Vulnerability http://www.net-security.org/vuln.php?id=3819 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Cisco Security Advisory - Crafted Timed Attack Evades Cisco Security Agent Protections (63326) http://www.net-security.org/advisory.php?id=4066 Conectiva Linux Security Announcement - MySQL (CLA-2004:892) http://www.net-security.org/advisory.php?id=4065 Mandrakelinux Security Update Advisory - samba (MDKSA-2004:136) http://www.net-security.org/advisory.php?id=4064 Ubuntu Security Notice - linux-source-2.6.8.1 vulnerabilities (USN-30-1) http://www.net-security.org/advisory.php?id=4063 Gentoo Linux Security Advisory - Fcron: Multiple vulnerabilities (GLSA 200411-27) http://www.net-security.org/advisory.php?id=4062 Ubuntu Security Notice - samba vulnerability (USN-29-1) http://www.net-security.org/advisory.php?id=4061 FreeBSD Security Advisory - Overflow error in fetch (FreeBSD-SA-04:16.fetch) http://www.net-security.org/advisory.php?id=4060 Conectiva Linux Security Announcement - libxml2 (CLA-2004:890) http://www.net-security.org/advisory.php?id=4059 Turbolinux Security Announcement - apache (18/Nov/2004) http://www.net-security.org/advisory.php?id=4058 Gentoo Linux Security Advisory - GIMPS, SETI@home, ChessBrain: Insecure installation (GLSA 200411-2) http://www.net-security.org/advisory.php?id=4057 Ubuntu Security Notice - sudo vulnerability (USN-28-1) http://www.net-security.org/advisory.php?id=4056 Mandrakelinux Security Update Advisory - apache2 (MDKSA-2004:135) http://www.net-security.org/advisory.php?id=4055 Mandrakelinux Security Update Advisory - apache (MDKSA-2004:134) http://www.net-security.org/advisory.php?id=4054 Mandrakelinux Security Update Advisory - sudo (MDKSA-2004:133) http://www.net-security.org/advisory.php?id=4053 Mandrakelinux Security Update Advisory - gd (MDKSA-2004:132) http://www.net-security.org/advisory.php?id=4052 Debian Security Advisory - libxpm4 vulnerability (USN-27-1) http://www.net-security.org/advisory.php?id=4051 SUSE Security Announcement - xshared, XFree86-libs, xorg-x11-libs (SUSE-SA:2004:041) http://www.net-security.org/advisory.php?id=4050 Ubuntu Security Notice - bogofilter vulnerability (USN-26-1) http://www.net-security.org/advisory.php?id=4049 Debian Security Advisory - apache (DSA 594-1) http://www.net-security.org/advisory.php?id=4048 Gentoo Linux Security Advisory - SquirrelMail: Encoded text XSS vulnerability (GLSA 200411-25) http://www.net-security.org/advisory.php?id=4047 Trustix Secure Linux Security Advisory - gd samba sqlgrey sudo (#2004-0058) http://www.net-security.org/advisory.php?id=4046 Gentoo Linux Security Advisory - BNC: Buffer overflow vulnerability (GLSA 200411-24) http://www.net-security.org/advisory.php?id=4045 Samba Security Advisory - Possible Buffer Overrun in smbd (CAN-2004-088) http://www.net-security.org/advisory.php?id=4044 Gentoo Linux Security Advisory - Ruby: Denial of Service issue (GLSA 200411-23) http://www.net-security.org/advisory.php?id=4043 Debian Security Advisory - imagemagick (DSA 593-1) http://www.net-security.org/advisory.php?id=4042 SUSE Security Announcement - samba (SUSE-SA:2004:040) http://www.net-security.org/advisory.php?id=4041 Ubuntu Security Notice - libgd2 vulnerability (USN-25-1) http://www.net-security.org/advisory.php?id=4040 SUSE Security Announcement - samba (SUSE-SA:2004:040) http://www.net-security.org/advisory.php?id=4039 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- WINDOWS MOBILE POCKET PC SECURITY Seth Fogie presents the latest in our series of security audio sessions. Mr. Fogie, an expert in the field of mobile computing security, discusses all the major security issues that are affecting Windows Mobile Pocket PC devices. http://www.net-security.org/article.php?id=745 PASSWORDS - COMMON ATTACKS AND POSSIBLE SOLUTIONS This article will provide you with an overview of how important, yet fragile, passwords security really is; you will be acquainted with different techniques for creating and maintaining passwords, and possible alternative methods for authentication, namely passphrases, Biometrics and Public Key Infrastructure (PKI). http://www.net-security.org/article.php?id=744 ---------------------------------------------------------------- [ Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 Pocket PC software is located at: http://net-security.org/software_main.php?cat=3 ---------------------------------------------------------------- DANTE 1.1.15-pre2 (Linux) Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts. http://www.net-security.org/software.php?id=43 SNORT 2.3.0 RC1 (Linux) Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. http://www.net-security.org/software.php?id=112 SUDOSCRIPT 2.1.2b1 (Linux) Sudoscriptd/sudoshell are a pair of Perl scripts that provide an audited shell using sudo. http://www.net-security.org/software.php?id=67 SYMANTEC SOBER REMOVAL TOOL 1.0 (Windows) This removal tool cleans the infections of the several Sober variants. http://www.net-security.org/software.php?id=585 TINC 1.0.3 (Linux) tinc is a VPN daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. http://www.net-security.org/software.php?id=62 YASSL 0.6.0 (Linux) yaSSL is an SSL Library for programmers building security functionality into their applications and devices. http://www.net-security.org/software.php?id=521 ---------------------------------------------------------------- [ Webcasts ] All webcasts are located at: http://net-security.org/webcasts.php ---------------------------------------------------------------- Consolidated email protection: An introduction to PureMessage Organized by Sophos on 8 December 2004, 10:00 AM http://www.net-security.org/webcast.php?id=282 All anti-virus software is not created equal Organized by Sophos on 15 December 2004, 10:00 AM http://www.net-security.org/webcast.php?id=285 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://net-security.org/conferences.php ---------------------------------------------------------------- IBM SecureWorld Conference EMEA 2004 Organized by IBM - 23 November-26 November 2004 http://www.net-security.org/conference.php?id=91 The European Cyber Security in the Financial Services Sector Executive Summit 2004 Organized by Information Management Network - 30 November-1 December 2004 http://www.net-security.org/conference.php?id=100 Infosecurity New York 2004 Organized by Reed Exhibitions - 7 December-9 December 2004 http://www.net-security.org/conference.php?id=102 Middle East IT Security Conference 2004 Organized by MEITSEC - 12 December-14 December 2004 http://www.net-security.org/conference.php?id=97 ECCE E-crime and Computer Evidence 2005 Organized by n-gate ltd. - 29 March-30 March 2005 http://www.net-security.org/conference.php?id=94 ---------------------------------------------------------------- [ Security World ] All press releases are located at: http://www.net-security.org/press_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- TippingPoint Reports Results for Third Quarter, Fiscal Year 2005 http://www.net-security.org/press.php?id=2690 Fast-spreading Sober.I Virus Spotted http://www.net-security.org/press.php?id=2689 New Worm On The Loose - 1,700 Copies Intercepted During First Three Hours http://www.net-security.org/press.php?id=2688 Use Knoppix to Its Full Potential - O'Reilly Releases "Knoppix Hacks" http://www.net-security.org/press.php?id=2687 Panda Software, Prince Felipe Award For Business Excellence http://www.net-security.org/press.php?id=2686 thawte Launches Innovative Flash Based Tool in Reseller Channel http://www.net-security.org/press.php?id=2685 Logicalis Appoints 1st UK PhD In Intrusion Prevention http://www.net-security.org/press.php?id=2684 Hallelujah! Spam Now Offering Salvation http://www.net-security.org/press.php?id=2683 Netscaler Forms Customer Advisory Board To Advance Application Delivery Systems http://www.net-security.org/press.php?id=2682 net.com Adds Significant Multicast and VPN Support to SCREAM Platform http://www.net-security.org/press.php?id=2681 Doomsday DDoS SWAT Team for Available for Hire http://www.net-security.org/press.php?id=2680 New Dekart SIM Card Reader To Manage Mobile Phones Sim Cards and Work with PC Security Applications http://www.net-security.org/press.php?id=2679 Check Point Announces Immediate Availability Of Integrity Clientless Security 3 http://www.net-security.org/press.php?id=2678 Syngress Publishing Announces Publication of "Inside the SPAM Cartel" http://www.net-security.org/press.php?id=2677 Viruses and Famous People: An Extremely Effective Formula For Spreading All Types Of Malware http://www.net-security.org/press.php?id=2676 ForeScout Launches Free Service that Monitors Network Threats and Alerts Subscribers with Accurate, Actionable Data http://www.net-security.org/press.php?id=2675 SteelEye Technology releases LifeKeeper for Linux v4.6 http://www.net-security.org/press.php?id=2674 Sygate Teams With Aruba To Eliminate Rogue Devices From Wi-Fi Networks http://www.net-security.org/press.php?id=2673 F-Secure Provides Security As Service to the Canadian Cogeco Cable http://www.net-security.org/press.php?id=2672 Skybox Adds Industry Veteran Robert Thomas To Board Of Directors http://www.net-security.org/press.php?id=2671 BitDefender 8: UK's Local Access To A Global Product http://www.net-security.org/press.php?id=2670 Aladdin Identifies Potential Mega Virus Related to JPEG Vulnerability http://www.net-security.org/press.php?id=2669 CRYPTOCard Launches CRYPTO-Server 6.2: The First Browser-Integraged Two-Factor Authentication System For Apache Web Servers http://www.net-security.org/press.php?id=2668 Personal Instant Messages A Bigger Problem Than Personal Email Or Phone Use http://www.net-security.org/press.php?id=2667 Dekart Logon version 2.20 released - Protect Access to Desktop and Notebook Computers http://www.net-security.org/press.php?id=2666 Wibhu Becomes Airtight Networks; Secures $10.25 Million To Deploy Industry's First WiFi Firewall http://www.net-security.org/press.php?id=2665 Stave Off the Zero-Day Vulnerability Threat (Straight from the NSA) O'Reilly Releases "SELinux" http://www.net-security.org/press.php?id=2664 iPass Policy Orchestration Automates Continuous Endpoint Security http://www.net-security.org/press.php?id=2663 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Weekly Report On Viruses And Intruders - Sober.I, Bagle.BG, Yanz.A, Drew.A and Aler.A-, and Msnsoug.A Trojan. http://www.net-security.org/virus_news.php?id=486 Panda Software Reports The Appearance of Sober.I http://www.net-security.org/virus_news.php?id=485 European Email Systems Braced For New Variant Of Sober Worm http://www.net-security.org/virus_news.php?id=484 Trouble For 29a Virus-Writing Gang as Russian Member is Sentenced http://www.net-security.org/virus_news.php?id=483 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ---------------------------------------------------------------- INFOSECURITY CONFERENCE AND EXHIBITION Early-bird pricing extended through December 3rd ---------------------------------------------------------------- December 7-9 - Jacob K. Javits Convention Center - New York, NY ---------------------------------------------------------------- Top Five Reasons to Attend Infosecurity New York: - Outstanding FREE Keynote Presentations by Rudy Giuliani, former Mayor of New York City and William Pelgrin, Director of the NYS Office of Cyber Security & Critical Infrastructure. - Expanded conference agenda including seven conference tracks with over 50 sessions, and two pre-conference workshops. - Over 120 exhibitors comprising of the industry's top suppliers from across the country. - Earn up to 10 CISSP/SSCP Continuing Professional Education Credits. - Extraordinary opportunity to increase your professional network and interact with other professionals that share your security goals, issues and challenges. For more information visit: http://www.net-security.org/go/infosecurity ----------------------------------------------------------------