HNS Newsletter Issue 241 - 29.11.2004. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. ---------------------------------------------------------------- INFOSECURITY CONFERENCE AND EXHIBITION Early-bird pricing extended through December 3rd ---------------------------------------------------------------- December 7-9 - Jacob K. Javits Convention Center - New York, NY ---------------------------------------------------------------- Top Five Reasons to Attend Infosecurity New York: - Outstanding FREE Keynote Presentations by Rudy Giuliani, former Mayor of New York City and William Pelgrin, Director of the NYS Office of Cyber Security & Critical Infrastructure. - Expanded conference agenda including seven conference tracks with over 50 sessions, and two pre-conference workshops. - Over 120 exhibitors comprising of the industry's top suppliers from across the country. - Earn up to 10 CISSP/SSCP Continuing Professional Education Credits. - Extraordinary opportunity to increase your professional network and interact with other professionals that share your security goals, issues and challenges. For more information visit: http://www.net-security.org/go/infosecurity ---------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Software 6) Webcasts 7) Conferences 8) Security World 9) Virus News [ Security news ] ---------------------------------------------------------------- HOW TO DEVELOP .NET SECURITY CODE AS A NON-ADMIN This chapter will help you develop security code for the .NET Windows environment, even if you don't have administrative privileges. Included are helpful hints for developing code when you don't have access to user profiles. http://www.net-security.org/news.php?id=6558 E-MAIL GAINS NEW ARMOR AGAINST SPAM, VIRUS ATTACKS IronPort, MailFrontier, Symantec unleash security offerings. http://www.net-security.org/news.php?id=6560 PRIVACY ADVOCATES FRET OVER ELECTRONIC PASSPORTS The United States hasn't issued any microchip-equipped passports yet, but as the Department of State tests different prototypes, the international standards for the passports are under fire from privacy advocates who worry the technology won't protect travelers from identity thieves. http://www.net-security.org/news.php?id=6561 JUDGE DISMISSES KEYLOGGER CASE A federal judge in Los Angeles has dismissed charges against a California man who used a keystroke logger to spy on his employer, ruling that use of such a device does not violate federal wiretap law. http://www.net-security.org/news.php?id=6562 IS YOUR SITE UNDER ATTACK? Brute force attacks, such as DDoS attacks, are obvious -- the level of traffic to your server is suddenly greatly increased, which should set off the alarms you already have in place. The more subtle attacks are not intended (necessarily) to interfere with people accessing your site; they are designed to take it over. http://www.net-security.org/news.php?id=6563 SECURE AUTHENTICATION FEATURES IN WINDOWS XP In this book chapter, you'll learn the specifics of authentication under Windows XP: the process of verifying the identity of the user attempting to access a computer or other network resource. http://www.net-security.org/news.php?id=6564 REGULAR CHANGE OF PASSWORDS KEEPS SNEAKY CRACKERS GUESSING I'm starting a new tradition this Thanksgiving that I hope will enable me to give thanks each year that my personal information is secure: I'm changing all of my passwords, and you should, too. http://www.net-security.org/news.php?id=6566 BEAT SPAM USING HASHCASH Wouldn't you like to charge spammers for the privilege of cluttering up your inbox? Then charge them in cash -- hashcash, that is. Hashcash stamps can prevent e-mail spam, keep spam off of Wikis, and more. http://www.net-security.org/news.php?id=6567 BILL GATES IS RIGHT? Bill Gates is right about one thing: asking people to use a two-factor form of authentication would go a long way toward alleviating a lot of the password problems that plague computer security today. http://www.net-security.org/news.php?id=6568 STOPPING SPAMMERS IN THEIR TRACKS Spam is not harmless. The motivation for spammers is generally either fraud. http://www.net-security.org/news.php?id=6569 TELECOMMUTERS SEEN AS WEAKEST LINK IN NETWORK SECURITY A recent survey by WatchGuard Technologies of its own customer base of businesses with 1,000 or fewer employees found that 25% of IT administrators believe that remote workers present the biggest security challenge in their organizations. http://www.net-security.org/news.php?id=6570 GET READY FOR BIOMETRIC SECURITY IN THE WORKPLACE UK companies are anticipating the introduction of biometric technology to increase workplace security. http://www.net-security.org/news.php?id=6571 GOOGGUN'S SECURITY PRODUCTS AIMED AT CORPORATE CLIENTS Googgun, which only has three full-time employees and five contract employees, began as a consultancy, but gradually evolved into an R&D hub that develops information security products. http://www.net-security.org/news.php?id=6572 TINY STORAGE COULD MEAN BIG SECURITY HEADACHES Although the small USB devices don't pose a new threat--data theft, after all, has always been a problem--they should put the security issue squarely on the radar. http://www.net-security.org/news.php?id=6573 SECURITY SOFTWARE TURNS ITS ATTENTION TO THE DANGERS WITHIN Technology can safeguard your firm from employee activity. http://www.net-security.org/news.php?id=6574 JAVA VIRUS JUMPS OUT OF SANDBOX Security researchers are calling attention to what they called a "fairly significant" vulnerability in Sun Microsystems' Java virtual machine that gives crackers access to a user's files. http://www.net-security.org/news.php?id=6575 HACKERS COULD TARGET PRINTERS FOR NETWORK ATTACKS Printers can be hacked and used to launch denial of service attacks or compromise employee details over the web, said a security expert last week. http://www.net-security.org/news.php?id=6576 SEVEN WAYS TO FOIL ID THIEVES Don't let unauthorized charges on your credit cards knock the stuffing out of Santa this year. http://www.net-security.org/news.php?id=6577 TEN QUESTIONS TO ASK ABOUT APPLICATION SECURITY SYSTEMS This article offers this checklist of questions to ask when evaluating application security products. http://www.net-security.org/news.php?id=6578 SECURITY: THE HIERARCHY OF NEEDS FOR TODAY'S CIO Corporate antivirus software? Check. Strong firewalls? Check. Now what? Just as with the famous hierarchy of needs for human psychology, security needs go from basic to complex. http://www.net-security.org/news.php?id=6579 BOFRA EXPLOIT TIED TO 'MASSIVE BOTNET' The attack on ad-serving company Falk that redirected some Reg readers on Saturday towards a site running malicious code may be part of a much bigger attack. http://www.net-security.org/news.php?id=6580 U.S. SECURITY CRITIC SUES JAPAN FOR CENSORSHIP A U.S. computer security expert is suing the Japanese government for violation of his freedom of speech, alleging that officals censored him at a recent computer security conference. http://www.net-security.org/news.php?id=6581 PHISHING LEAPS FIVEFOLD AS BANKS FALL PREY TO ATTACKS Fraudsters looking forward to a very merry Christmas. http://www.net-security.org/news.php?id=6582 YAHOO AIMS CRYPTO APP AT SPAM Yahoo rolled out new artillery in the war on spam, arming its online E-mail service with cryptographic technology that can make it harder for junk E-mailers to hide their identities. http://www.net-security.org/news.php?id=6583 GLOBAL IT SECURITY MARKET FORECAST TO NEAR $13B Yankee Group expects more security features to become commoditized and move to the network to improve scalability of deployment and cut the cost of ownership. http://www.net-security.org/news.php?id=6584 WINAMP BLOWS ANOTHER SECURITY FUSE For those enterprise IT managers who've been eagerly anticipating the next major WinAmp security flaw, the wait is over. http://www.net-security.org/news.php?id=6585 TASIN WORMS ATE MY WINDOWS FILES Newly intercepted mutants spreading rapidly. http://www.net-security.org/news.php?id=6586 SSH AND SSH-AGENT This article discusses how to take SSH Identity/Pubkey trust relationships to the next level, by using ssh-agent as a keymaster to manage a user's authentication needs automatically. http://www.net-security.org/news.php?id=6587 CITRIX BUYS UP SECURE REMOTE ACCESS FIRM Citrix Systems is buying Net6, a privately owned maker of SSL VPN technology, for $50m in cash. http://www.net-security.org/news.php?id=6588 FBI SERVES SUBPOENAS ON NMAP CREATOR The FBI has been seeking information from the creator of the network security scanner, Nmap, about a particular attacker who they think may have visited the nmap site at a given time. http://www.net-security.org/news.php?id=6589 INTRUSION DETECTION SYSTEMS This article introduces Snort, a flexible tool that can be used for packet sniffing, packet logging, or network intrusion detection. http://www.net-security.org/news.php?id=6590 SUN VULNERABLE WITH JAVA SECURITY HOLE Sun Microsystems has disclosed a serious vulnerability in the Java Plug-in technology within the SDK and the Java Run-time Environment that allows attackers to bypass the Java sandbox and Java applet security. http://www.net-security.org/news.php?id=6591 CAREER DATABASE 'WIDE OPEN' TO HIJACKING An on-line database containing the career and contact details of over 22 million business people can be edited by anyone. http://www.net-security.org/news.php?id=6592 THE HIDDEN HAZARDS OF PASSWORDS As passwords change hands or remain unchanged, the likelihood of a security breach increases. http://www.net-security.org/news.php?id=6593 MICROSOFT OFFERS TO REPLACE FAKE COPIES OF WINDOWS XP Pilot program aims to track down and replace counterfeit versions of the operating system. http://www.net-security.org/news.php?id=6594 SECURITY TIPS FOR ONLINE SHOPPERS Fraudsters may be licking their chops over nefarious plots to scam online holiday shoppers, but good old common sense can be an effective security shield against their ploys, researchers say. http://www.net-security.org/news.php?id=6596 WHO PROFITS FROM SECURITY HOLES? How much junk can get installed on a user's PC by merely visiting a single site? http://www.net-security.org/news.php?id=6597 FIVE STEPS TO BETTER INTERNET SECURITY Taming the Internet may be an impossible dream, but with proper planning and good advice, you can better protect your company from its less appealing characteristics. http://www.net-security.org/news.php?id=6598 HOW TO HACKER-PROOF YOUR WI-FI NETWORK How do you keep your office building safe from data theft? http://www.net-security.org/news.php?id=6599 IPTABLES: CREATING AN OPEN SOURCE FIREWALL With ever-present threats from online attackers and script kiddies, administrators need a firewall on the border of any network. A Linux box can make a particularly effective and capable firewall at a fraction of the cost of a Cisco or Check Point system. http://www.net-security.org/news.php?id=6600 USING EVENTS-PER-SECOND AS A FACTOR IN SELECTING SEM TOOLS Events Per Second, or EPS, as it is commonly referred to in the world of network security, is a measurement that is used to convey how fast a network generates data from its security devices and/or how fast an SEM product can correlate data from those devices. http://www.net-security.org/news.php?id=6601 BECAUSE OF SECURITY CONCERNS FINLAND WARNS AGAINST USING IE 6.0 Finnish authorities have warned computer users against using Microsoft's Internet Explorer 6.0 as it has a "serious" security flaw that compromises computer systems. http://www.net-security.org/news.php?id=6602 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- CMailServer WebMail v5.2 Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3850 Open Dc Hub 0.7.14 Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3849 Zwiki 0.36.2 Cross Site Scripting Vulnerability http://www.net-security.org/vuln.php?id=3848 JSPWiki v2.1.120-cvs Cross Site Scripting Vulnerability http://www.net-security.org/vuln.php?id=3847 KorWeblog 1.6.2-cvs Directory Traversal Vulnerability http://www.net-security.org/vuln.php?id=3846 Cscope 15.5 Insecure Temp File Creation Vulnerability http://www.net-security.org/vuln.php?id=3845 Fotolog.net Multiple Cross Site Scripting Vulnerabilities http://www.net-security.org/vuln.php?id=3844 Cyrus IMAP Server Multiple Remote Vulnerabilities http://www.net-security.org/vuln.php?id=3843 SecureCRT V4.1 Remote Command Execution http://www.net-security.org/vuln.php?id=3842 Winamp 5.05 IN_CDDA.dll Buffer Overflow http://www.net-security.org/vuln.php?id=3841 CoffeeCup FTP Clients Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3840 WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3839 PHPKIT SQL Injection Cross Site Scripting Vulnerability http://www.net-security.org/vuln.php?id=3838 Router ZyXEL Prestige 650 HW Remote Router Restart Vulnerability http://www.net-security.org/vuln.php?id=3837 IpbProArace 2.5.x SQL Injection Vulnerability http://www.net-security.org/vuln.php?id=3836 Zone Alarm Ad-Blocking Instability Vulnerability http://www.net-security.org/vuln.php?id=3835 Danware NetOp Host 7.65 Multiple Information Disclosure Vulnerabilities http://www.net-security.org/vuln.php?id=3834 Netopia Timbuktu v7.0.3 Remote Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3833 AClient Service for Windows 5.6 SP1 Privilege Escalation Vulnerability http://www.net-security.org/vuln.php?id=3832 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Gentoo Linux Security Advisory - phpMyAdmin: Multiple XSS vulnerabilities (GLSA 200411-36) http://www.net-security.org/advisory.php?id=4096 Conectiva Linux Security Announcement - sun-jre (CLA-2004:900) http://www.net-security.org/advisory.php?id=4095 Gentoo Linux Security Advisory - phpWebSite: HTTP response splitting vulnerability (GLSA 200411-35:02) http://www.net-security.org/advisory.php?id=4094 Mandrakelinux Security Update Advisory - zip (MDKSA-2004:141) http://www.net-security.org/advisory.php?id=4093 Mandrakelinux Security Update Advisory - MDKSA-2004:140 (a2ps) http://www.net-security.org/advisory.php?id=4092 Mandrakelinux Security Update Advisory - cyrus-imapd (MDKSA-2004:139) http://www.net-security.org/advisory.php?id=4091 Conectiva Linux Security Announcement - samba (CLA-2004:899) http://www.net-security.org/advisory.php?id=4090 Debian Security Advisory - tetex-bin (DSA 599-1) http://www.net-security.org/advisory.php?id=4089 Debian Security Advisory - yardradius (DSA 598-1) http://www.net-security.org/advisory.php?id=4088 Ubuntu Security Notice - mysql-dfsg vulnerabilities (USN-32-1) http://www.net-security.org/advisory.php?id=4087 Gentoo Linux Security Advisory - Cyrus IMAP Server: Multiple remote vulnerabilitie (GLSA 200411-34) http://www.net-security.org/advisory.php?id=4086 Debian Security Advisory - cyrus-imapd (DSA 597-1) http://www.net-security.org/advisory.php?id=4085 Debian Security Advisory - sudo (DSA 596-2) http://www.net-security.org/advisory.php?id=4084 Debian Security Advisory - sudo (DSA 596-1) http://www.net-security.org/advisory.php?id=4083 SUSE Security Announcement - SUSE Security Summary Report (SUSE-SR:2004:001) http://www.net-security.org/advisory.php?id=4082 Gentoo Linux Security Advisory - TWiki: Arbitrary command execution (GLSA 200411-33) http://www.net-security.org/advisory.php?id=4081 Gentoo Linux Security Advisory - phpBB: Remote command execution (GLSA 200411-32) http://www.net-security.org/advisory.php?id=4080 Debian Security Advisory - bnc (DSA 595-1) http://www.net-security.org/advisory.php?id=4079 SGI Security Advisory - SGI Advanced Linux Environment 3 Security Update #18 (20041103-01-U) http://www.net-security.org/advisory.php?id=4078 Ubuntu Security Notice - cyrus21-imapd vulnerabilities (USN-31-1) http://www.net-security.org/advisory.php?id=4077 Mandrakelinux Security Update Advisory - XFree86 (MDKSA-2004:138) http://www.net-security.org/advisory.php?id=4076 Mandrakelinux Security Update Advisory - libxpm4 (MDKSA-2004:137) http://www.net-security.org/advisory.php?id=4075 Gentoo Linux Security Advisory - ProZilla: Multiple vulnerabilities (GLSA 200411-31) http://www.net-security.org/advisory.php?id=4074 Conectiva Linux Security Announcement - bugzilla (CLA-2004:896) http://www.net-security.org/advisory.php?id=4073 Conectiva Linux Security Announcement - shadow-utils (CLA-2004:894) http://www.net-security.org/advisory.php?id=4072 Gentoo Linux Security Advisory - pdftohtml: Vulnerabilities in included Xpdf ( GLSA 200411-30) http://www.net-security.org/advisory.php?id=4071 Trustix Secure Linux Security Advisory - apache, kernel, sudo (2004-0061) http://www.net-security.org/advisory.php?id=4070 Zone Labs Security Advisory - Zone Labs Ad-Blocking Instability (ZL04-019) http://www.net-security.org/advisory.php?id=4069 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- SCOPE ON APPLICATION VULNERABILITY DESCRIPTION LANGUAGE The Application Vulnerability Description Language (AVDL) is a rather new security interoperability standard within the Organization for the Advancement of Structured Information Standards (OASIS). Caleb Sima, SPI Dynamics CTO, talks to Help Net Security about this interesting web application security topic. http://www.net-security.org/article.php?id=747 THE SPYWARE THREAT AND HOW TO DEAL WITH IT Latest-generation spyware is becoming increasingly malicious, hijacking users’ browsers and snooping for personal details. This article looks at why spyware has become a problem, and what can be done about it. http://www.net-security.org/article.php?id=746 ---------------------------------------------------------------- [ Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 Pocket PC software is located at: http://net-security.org/software_main.php?cat=3 ---------------------------------------------------------------- CRYPTAINER LE 5.0.1 (Windows) This tool enables you to secure your data and ensure absolute privacy. http://www.net-security.org/software.php?id=586 IPCOP 1.4.1 (Linux) IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. http://www.net-security.org/software.php?id=147 PAM_IMAP 0.3.7 (Linux) This is a PAM module that authenticates a user login against a remote IMAP or IMAPS server. http://www.net-security.org/software.php?id=405 SHOREWALL 2.2.0 Beta 4 (Linux) Shorewall is an iptables based firewall that can be used on a dedicated firewall system, a multi-function masquerade gateway/server or on a standalone Linux system. http://www.net-security.org/software.php?id=40 SNORTALOG 2.3.0c (Linux) Snortalog is a powerful perl script that summarize Snort logs making an easy view of what attacks are being seen through your network. http://www.net-security.org/software.php?id=455 SUDOSCRIPT 2.1.2 (Linux) Sudoscriptd/sudoshell are a pair of Perl scripts that provide an audited shell using sudo. http://www.net-security.org/software.php?id=67 ---------------------------------------------------------------- [ Webcasts ] All webcasts are located at: http://net-security.org/webcasts.php ---------------------------------------------------------------- Biometrics and Identity and Access Management Organized by Evidian on 1 December 2004, 10:00 AM http://www.net-security.org/webcast.php?id=344 Architecting Your 802.1x-Based WLAN Deployment Organized by Funk Software on 7 December 2004, 1:00 PM http://www.net-security.org/webcast.php?id=297 Consolidated email protection: An introduction to PureMessage Organized by Sophos on 8 December 2004, 10:00 AM http://www.net-security.org/webcast.php?id=282 All anti-virus software is not created equal Organized by Sophos on 15 December 2004, 10:00 AM http://www.net-security.org/webcast.php?id=285 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://net-security.org/conferences.php ---------------------------------------------------------------- The European Cyber Security in the Financial Services Sector Executive Summit 2004 Organized by Information Management Network - 30 November-1 December 2004 http://www.net-security.org/conference.php?id=100 Infosecurity New York 2004 Organized by Reed Exhibitions - 7 December-9 December 2004 http://www.net-security.org/conference.php?id=102 Middle East IT Security Conference 2004 Organized by MEITSEC - 12 December-14 December 2004 http://www.net-security.org/conference.php?id=97 ECCE E-crime and Computer Evidence 2005 Organized by n-gate ltd. - 29 March-30 March 2005 http://www.net-security.org/conference.php?id=94 ---------------------------------------------------------------- [ Security World ] All press releases are located at: http://www.net-security.org/press_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- New Bitdefender Enterprise Packs Released http://www.net-security.org/press.php?id=2704 The New Panda GateDefender 8000 Series Protects Corporate Internet Connections With Powerful Web Filtering Technology http://www.net-security.org/press.php?id=2703 Z1 SecureMail Gateway 2.1 Checks Certificates In Real-Time http://www.net-security.org/press.php?id=2702 Dekart Key Formatting Utility Now Available for Free Download http://www.net-security.org/press.php?id=2701 Sophos Launches Anti-Virus For NetApp Storage Systems http://www.net-security.org/press.php?id=2700 Livedoor and Panda Software Team up to Offer Titanium Antivirus in Japan http://www.net-security.org/press.php?id=2699 Five Panda Software Solutions Nominated For the SC Magazine 2005 Awards http://www.net-security.org/press.php?id=2698 TippingPoint Adds Spyware Protection to UnityOne Intrusion Prevention Systems http://www.net-security.org/press.php?id=2697 New Version Of Symantec pcAnywhere To Deliver Additional Security Options And Cross-Platform Support http://www.net-security.org/press.php?id=2696 SSH Tectia Now The Leading FIPS 140-2 Compliant Secure Shell Solution http://www.net-security.org/press.php?id=2695 Cyberguard's Webwasher Thwarts Today's Dangerous Sober.I Attack http://www.net-security.org/press.php?id=2694 Pointsec Extends Award-Winning Data Encryption Solution to Linux http://www.net-security.org/press.php?id=2693 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Weekly report on viruses and intruders -Tasin.A, Tasin.B, Tasin.C and Yanz.B Worms and Skulls.A Trojan http://www.net-security.org/virus_news.php?id=489 Italian Senate Hit By Gay Porn Worm Attack http://www.net-security.org/virus_news.php?id=488 Panda Reports on the Tasin Family of Worms http://www.net-security.org/virus_news.php?id=487 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ---------------------------------------------------------------- INFOSECURITY CONFERENCE AND EXHIBITION Early-bird pricing extended through December 3rd ---------------------------------------------------------------- December 7-9 - Jacob K. Javits Convention Center - New York, NY ---------------------------------------------------------------- Top Five Reasons to Attend Infosecurity New York: - Outstanding FREE Keynote Presentations by Rudy Giuliani, former Mayor of New York City and William Pelgrin, Director of the NYS Office of Cyber Security & Critical Infrastructure. - Expanded conference agenda including seven conference tracks with over 50 sessions, and two pre-conference workshops. - Over 120 exhibitors comprising of the industry's top suppliers from across the country. - Earn up to 10 CISSP/SSCP Continuing Professional Education Credits. - Extraordinary opportunity to increase your professional network and interact with other professionals that share your security goals, issues and challenges. For more information visit: http://www.net-security.org/go/infosecurity ----------------------------------------------------------------