HNS Newsletter
Issue 244 - 20.12.2004.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.


----------------------------------------------------------------
FREE SOFTWARE AND WHITE PAPER FROM APPLICATION SECURITY!
----------------------------------------------------------------
Today, traditional methods of network perimeter security do not 
protect an organization's greatest asset: its databases. Hackers 
tend to go where the targets are the most attractive, and the 
defenses are the weakest. Therefore, it shouldn't be surprising 
that enterprise applications and databases are increasingly coming 
under attack from the kind of threats once associated mostly 
with operating systems and desktop applications.

Register to receive a *FREE* white paper on protecting your 
organization's crown jewels from Application Security to learn more:
http://www.appsecinc.com/wpreg or get a jumpstart by downloading 
a *FREE* evaluation copy of AppDetective, the most comprehensive 
database security solution available at 
http://www.appsecinc.com/products/appdetective/
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Conferences
7) Security World
8) Virus News


[ Security news ]


----------------------------------------------------------------

SECURE ELEMENTS ADDS AUTOMATED REMEDIATION TO CISCO PROGRAM
Secure Elements announced its participation in the Network Admission
Control (NAC) program, an industry-wide effort led by Cisco Systems.
http://www.net-security.org/news.php?id=6711


E-VOTING STILL EXPENSIVE, FRAUGHT WITH SECURITY ISSUES
Unlike the U.S. willingness to adopt the latest technology, Canada
"is not quite there," explained Hollins, who's based in Pickering,
Ontario. "We don't put as much emphasis on voting technology. I think
it becomes a bit of a cost issue. We don't have as frequent elections
in Canada."
http://www.net-security.org/news.php?id=6712


INFORMATION SECURITY: A LEGAL PERSPECTIVE
Security is one of the biggest concerns that affects the world today,
not only in the actual world but in the context of the electronic
format and the information stored therein.
http://www.net-security.org/news.php?id=6713


LONGHORN SERVER TO HAVE ONE VERSION FOR MANY ROLES
Users can configure the OS to specific tasks.
http://www.net-security.org/news.php?id=6714


POLICE GIVEN COMPUTER SPY POWERS
Federal and state police now have the power to use computer spyware
to gather evidence in a broad range of investigations after legal
changes last week.
http://www.net-security.org/news.php?id=6715


ROADSHOWS WARN OF IT SECURITY RISKS IN DEPLOYING VOIP
A series of roadshows has highlighted the growing security threat to
IP telephony systems and the need to protect voice over IP
deployments.
http://www.net-security.org/news.php?id=6716


TWO CONVERGING WORLDS: CYBER AND PHYSICAL SECURITY
Push for standards, guidelines will help industry, government.
http://www.net-security.org/news.php?id=6717


STILL NO CYBERSECURITY CZAR
DHS officials opposed to idea, but proposal likely to surface again.
http://www.net-security.org/news.php?id=6718


TROUBLESHOOTING SMTP SERVER PUBLISHING RULES
In this article we’ll take a look at one approach to troubleshooting
SMTP Server Publishing Rules.
http://www.net-security.org/news.php?id=6719


ATTACKERS DEFACE CROATIAN SKI CHAMP'S WEB SITE
Serb hackers apparently attacked the official Web site of Croatian
Alpine skiing champion Janica Kostelic on Monday, replacing her
picture with that of a bearded Serb World War II fascist leader.
http://www.net-security.org/news.php?id=6720


ADAPTIVE AND BEHAVIORAL APPROACH TO NEW THREATS
To really understand what is going on in your network, you must do
more than deploy security devices, you must also monitor your
security situation on a constant basis. Intrusion detection
monitoring is a major trend in the security industry.
http://www.net-security.org/news.php?id=6722


SECURING WIRELESS E-RECORDS
Few understand how tough it can be to lock down wireless networks
better than Stephen Lewack, director of technical services and
communications at Columbus Regional Healthcare System.
http://www.net-security.org/news.php?id=6723


GROUP POLISHES GUIDELINES ON HIPAA SECURITY RULES
A working group made up of members from three organizations plans
this month to release guidelines for complying with the data security
requirements of the Health Insurance Portability and Accountability
Act (HIPAA).
http://www.net-security.org/news.php?id=6724


HOW TO GET A JOB AS A LINUX ADMINISTRATOR
If you ask Scot Melland, it's a good time to be a Linux professional.
http://www.net-security.org/news.php?id=6725


SECURE STORAGE STARTS TO BECOME HIGHER PRIORITY
As deployment of IP storage networks grows, so do the risks.
http://www.net-security.org/news.php?id=6726


ONLINE EXTORTION WORKS
Online extortion is quietly affecting thousands of businesses, for a
very simple reason: it works. The big question then becomes, how will
you and your company decide to respond?
http://www.net-security.org/news.php?id=6727


MICROSOFT HITS SECURITY MILESTONE
Microsoft has released Windows Server 2003 Service Pack 1 (SP1), the
next milestone in its Trustworthy Computing initiative.
http://www.net-security.org/news.php?id=6728


MOBILE PROCESSORS GAIN CHIPSET-LEVEL SECURITY
The Discretix CryptoCell security platform has been selected to be
included in the entire range of Renesas' SH-Mobile processors.
http://www.net-security.org/news.php?id=6729


GOVERNMENT CALLS FOR TIGHTER HOME PC SECURITY
Home Office internet crime report outlines major threats.
http://www.net-security.org/news.php?id=6730


A BOUNCER FOR YOUR PC
AntiHook is an Australian-developed desktop intrusion detection and
prevention application that protects threats, blocking any suspicious
activity rather than pattern matching or waiting to be given a list of
threats.
http://www.net-security.org/news.php?id=6731


BEWARE OF CHRISTMAS PCS BEARING VIRUSES
Shop-bought computers often unpatched and vulnerable to malicious
code.
http://www.net-security.org/news.php?id=6732


GAIT ADVANCES IN EMERGING BIOMETRICS
Retinal scans, finger printing or facial recognition get most of the
publicity but researchers across the world are quietly labouring away
at alternative types of biometrics.
http://www.net-security.org/news.php?id=6733


HOLLYWOOD TO SUE SERVER OPERATORS BEHIND BITTORRENT, EDONKEY
The U.S. film industry is preparing to sue computer server operators
in the United States and Europe who help relay digitized movie files
across online file-sharing networks, a source familiar with the movie
studios' plans said Tuesday.
http://www.net-security.org/news.php?id=6734


WEB SERVER SECURITY ISSUES AND FRONT PAGE SERVER EXTENSIONS
What are the risks associated with FrontPage and what can you do
about them? What are the recommended best practices for securing FP
Web sites?
http://www.net-security.org/news.php?id=6735


WEP: DEAD AGAIN, PART 1
This article is the first of a two-part series that looks at the new
generation of WEP cracking tools for WiFi networks, which offer
dramatically faster speeds for penetration testers over the previous
generation of tools.
http://www.net-security.org/news.php?id=6736


LINUX: FEWER BUGS THAN RIVALS
Linux advocates have long insisted that open-source development
results in better and more secure software. Now they have statistics
to back up their claims.
http://www.net-security.org/news.php?id=6737


MICROSOFT FIXES THREE FLAWS IN XP SP2
Microsoft has released five security advisories for the month.
http://www.net-security.org/news.php?id=6738


LINUX BANGALORE/2004: HACKERS GALORE
Linux Bangalore/2004, India's biggest tech-fest for free and open
source software was held in Bangalore, the country's IT hub, last
week.
http://www.net-security.org/news.php?id=6739


AIR FORCE SEEKS CYBERWAR EDGE
Air Force officials plan to award contracts worth up to $25 million
for computer warfare technologies, according to a solicitation issued
today.
http://www.net-security.org/news.php?id=6740


CRYPTOGRAPHY RESEARCH WANTS PIRACY SPEED BUMP ON HD DVDS
The Content Scrambling System of the DVD has come in for a lot of
criticism over the years, as piracy has become relatively rampant.
http://www.net-security.org/news.php?id=6741


VIDEO INTERVIEW WITH GEORGE P. JAPAK, VICE PRESIDENT OF ICSA LABS
In this video Mr. Japak talks about the importance of product
certification, the full disclosure of vulnerabilities, how ICSA Labs
approaches product testing, how they determine the severity of a
vulnerability, and much more.
http://www.net-security.org/news.php?id=6742


VINCENZO CIAGLIA SPEAKS SECURITY 2004
Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux
security.
http://www.net-security.org/news.php?id=6743


SAP OFFERS AUTOMATED SECURITY-CHECK SERVICE
The service, conducted remotely and without consultants, will check
customers' SAP applications for security vulnerabilities.
http://www.net-security.org/news.php?id=6744


LOWE'S HARDWARE HACKER GETS NINE YEARS
One of three Michigan men who hacked into the national computer
system of Lowe's hardware stores and tried to steal customers' credit
card information was sentenced Wednesday to nine years in federal
prison.
http://www.net-security.org/news.php?id=6745


BUSH PREPARES FOR SHUTDOWN OF GPS NETWORK IN NATIONAL CRISIS
President Bush has ordered plans for temporarily disabling the U.S.
network of global positioning satellites during a national crisis to
prevent terrorists from using the navigational technology, the White
House said Wednesday.
http://www.net-security.org/news.php?id=6746


MERRY VIRUS TO YOU
Security firms are reporting the spread of two holiday-themed
viruses. Zafi.D and Atak.age use Christmas greetings and promises of
an electronic holiday card to lure users to open malicious files.
Zafi.D is circulating in multiple languages.
http://www.net-security.org/news.php?id=6747


PHISHING SITES ON THE RISE
The number of phishing sites reported to the Anti-Phishing Working
Group has risen by 28 percent each month from July to November this
year, the group says in its latest Phishing Attack Trends Report.
http://www.net-security.org/news.php?id=6748


XANDROS DESKTOP OS 3.0 REVIEW
LinuxLinks decided to put the Deluxe version through its paces. So,
what do you get in this distro?
http://www.net-security.org/news.php?id=6749


CHRISTMAS CARD VIRUS HITS ONE IN 10 EMAILS
Zafi-D spreading rapidly around the world.
http://www.net-security.org/news.php?id=6750


MICROSOFT BUYS GIANT TO ATTACK SPYWARE
Microsoft today announced that it will beef up Windows security after
buying Giant Company Software, a developer of anti-spyware and
internet security offerings.
http://www.net-security.org/news.php?id=6751


UK SPAMMER CHARGED WITH FURTHER OFFENCES
More charges keep UK spammer in jail.
http://www.net-security.org/news.php?id=6752


MILITARY TAPS NSA FOR SECURITY HELP
National Security Agency officials will lead the Defense Department's
efforts to better protect the military's data and systems, the DOD
deputy chief information officer said this week.
http://www.net-security.org/news.php?id=6753


SP2 FIREWALL COULD SHARE SETTINGS WITH THE WHOLE INTERNET
Microsoft has released an update to Windows XP to fix a potentially
serious configuration problem in the firewall that ships as part of
Windows XP Service Pack 2 (SP2).
http://www.net-security.org/news.php?id=6754


I.T. SECURITY A PEOPLE PROBLEM
The key to a successful security strategy is involvement. It appears
the enterprises that remain free of viruses, break-ins and thefts
will be those that refrain from throwing money or software at
problems, and instead bring people in to respond to the shifting
sands of I.T. hazards.
http://www.net-security.org/news.php?id=6755


SURVIVOR'S GUIDE TO 2005: SECURITY
The best way to safeguard your network is with centralized management
and multilayered protection. But how much of the P.R. you read is
hype? Learn to tell the marketing babble from the truth.
http://www.net-security.org/news.php?id=6756


UNITE YOUR LINUX AND ACTIVE DIRECTORY AUTHENTICATION
Authentication is easily one of the most critical services provided
by your network infrastructure. It is the gatekeeper for every
resource on your network.
http://www.net-security.org/news.php?id=6757


ZERO VIRUSES IN 2005?
It's the time of year to reflect on the good security choices you've
made over the year, the defense-in-depth strategy that you've decided
to follow, and plan for your response to future threats and virus
outbreaks.
http://www.net-security.org/news.php?id=6758

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3912


MPlayer MMST Streaming Stack Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3911


MPlayer Remote RTSP HeapOverflow Vulnerability
http://www.net-security.org/vuln.php?id=3910


Veritas Backup Exec Agent Browser Registration Request Buffer
Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3909


Samba smbd Security Descriptor Integer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3908


Computer Associates eTrust EZ Antivirus Insecure File Permissions
Vulnerability
http://www.net-security.org/vuln.php?id=3907


Ikonboard 3.1.X SQL Injection Vulnerability
http://www.net-security.org/vuln.php?id=3906


PHP 4.3.9 Input Validation Vulnerabilities
http://www.net-security.org/vuln.php?id=3905


Wordpress 1.2.1 Multiple Cross Site Scripting Vulnerabilities
http://www.net-security.org/vuln.php?id=3904


phpBB Attachment Mod Multiple Extensions File Uploading Vulnerability
http://www.net-security.org/vuln.php?id=3903


MediaWiki Multiple Extensions File Uploading Vulnerability
http://www.net-security.org/vuln.php?id=3902


HyperTerminal .ht File Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3901


PHP 4/5 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3900


Microsoft Internet Explorer DHTML Edit Control Cross Site Scripting
Vulnerability
http://www.net-security.org/vuln.php?id=3899


Asante FM2008 10/100 Ethernet Switch Backdoor Login Vulnerability
http://www.net-security.org/vuln.php?id=3898


GNUBoard 3.39 PHP Injection  Vulnerability
http://www.net-security.org/vuln.php?id=3897


MoniWiki Multiple Extensions File Uploading Vulnerability
http://www.net-security.org/vuln.php?id=3896


phpGroupWare 0.9.16.003 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3895


Adobe Reader 6.0 .ETD File Format String Vulnerability
http://www.net-security.org/vuln.php?id=3894


Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow
Vulnerability
http://www.net-security.org/vuln.php?id=3893


Microsoft Word 6.0/95 Document Converter Buffer Overflow
Vulnerability
http://www.net-security.org/vuln.php?id=3892


phpBB Attachment Mod Directory Traversal HTTP POST Injection
Vulnerability
http://www.net-security.org/vuln.php?id=3891


Multiple Kerio Software Products Insecure default file system
permissions Vulnerabilities
http://www.net-security.org/vuln.php?id=3890


Multiple Kerio Software Products Insecure Credential Storage
Vulnerabilities
http://www.net-security.org/vuln.php?id=3889


RICOH Aficio 450/455 PCL 5e Printer ICMP Denial of Service
Vulnerability
http://www.net-security.org/vuln.php?id=3888


UseModWiki Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=3887


ASP Calendar Admin Access Vulnerability
http://www.net-security.org/vuln.php?id=3886


ASP-rider SQL Injection Vulnerability
http://www.net-security.org/vuln.php?id=3885


Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=3884


Winamp 5.07 Remote Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=3883


Symantec LiveUpdate Privillege Elevation Vulnerability
http://www.net-security.org/vuln.php?id=3882


Citadel/UX v6.27 Remote Format String Vulnerability
http://www.net-security.org/vuln.php?id=3881


phpMyAdmin 2.6.1-rc1 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3880


SugarSales 2.0.1c Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3879


Gadu-Gadu Instant Messenger Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=3878


F-Secure Policy Manager Management Agent Physical Path Disclosure
Vulnerability
http://www.net-security.org/vuln.php?id=3877

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

OpenPKG Security Advisory - samba (OpenPKG-SA-2004.054)
http://www.net-security.org/advisory.php?id=4165


Ubuntu Security Notice - samba vulnerability (USN-41-1)
http://www.net-security.org/advisory.php?id=4164


Debian Security Advisory - cscope (DSA 610-1)
http://www.net-security.org/advisory.php?id=4163


NetBSD Security Advisory - Insufficient argument validation in compat
code (2004-010)
http://www.net-security.org/advisory.php?id=4162


Gentoo Linux Security Advisory -  Adobe Acrobat Reader: Buffer
overflow vulnerability (GLSA 200412-12)
http://www.net-security.org/advisory.php?id=4161


OpenPKG Security Advisory - php (OpenPKG-SA-2004.053)
http://www.net-security.org/advisory.php?id=4160


Gentoo Linux Security Advisory - Cscope: Insecure creation of
temporary files (GLSA 200412-11)
http://www.net-security.org/advisory.php?id=4159


Ubuntu Security Notice - php4 vulnerabilities (USN-40-1)
http://www.net-security.org/advisory.php?id=4158


Ubuntu Security Notice - linux-source-2.6.8.1 vulnerability
(USN-39-1)
http://www.net-security.org/advisory.php?id=4157


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2004:004)
http://www.net-security.org/advisory.php?id=4156


Mandrakelinux Security Update Advisory - kdelibs (MDKSA-2004:150)
http://www.net-security.org/advisory.php?id=4155


Cisco Security Advisory - Default Administrative Password in Cisco
Guard (1.0)
http://www.net-security.org/advisory.php?id=4154


OpenPKG Security Advisory - vim (OpenPKG-SA-2004.052)
http://www.net-security.org/advisory.php?id=4153


Cisco Security Advisory - Cisco Unity Integrated with Exchange Has
Default Passwords (1.0)
http://www.net-security.org/advisory.php?id=4152


Gentoo Linux Security Advisory - Vim, gVim: Vulnerable options in
modelines (GLSA 200412-10)
http://www.net-security.org/advisory.php?id=4151


Gentoo Linux Security Advisory - ncpfs: Buffer overflow in ncplogin
and ncpmap (GLSA 200412-09)
http://www.net-security.org/advisory.php?id=4150


Microsoft Security Bulletin - Summary for December 2004 (2.0)
http://www.net-security.org/advisory.php?id=4149


Ubuntu Security Notice - linux-source-2.6.8.1 vulnerabilities
(USN-38-1)
http://www.net-security.org/advisory.php?id=4148


Debian Security Advisory - zgv (DSA 608-1)
http://www.net-security.org/advisory.php?id=4147


Gentoo Linux Security Advisory - nfs-utils: Multiple remote
vulnerabilities (GLSA 200412-08)
http://www.net-security.org/advisory.php?id=4146


Mandrakelinux Security Update Advisory - postgresql (MDKSA-2004:149)
http://www.net-security.org/advisory.php?id=4145


Mandrakelinux Security Update Advisory - iproute2 (MDKSA-2004:148)
http://www.net-security.org/advisory.php?id=4144


Gentoo Linux Security Advisory - file: Arbitrary code execution (GLSA
200412-07)
http://www.net-security.org/advisory.php?id=4143


KDE Security Advisory - Konqueror Window Injection Vulnerability
(2004-12-13)
http://www.net-security.org/advisory.php?id=4142


Turbolinux Security Announcement - kernel (13/Dec/2004)
http://www.net-security.org/advisory.php?id=4141


Gentoo Linux Security Advisory - PHProjekt: setup.php vulnerability
(GLSA 200412-06)
http://www.net-security.org/advisory.php?id=4140

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

VIDEO INTERVIEW WITH GEORGE P. JAPAK, VICE PRESIDENT OF ICSA LABS
In this video Mr. Japak talks about the importance of product
certification, the full disclosure of vulnerabilities, how ICSA Labs
approaches product testing and how they determing the severity of a
vulnerability, and much more.
http://www.net-security.org/article.php?id=752


ADAPTIVE AND BEHAVIORAL APPROACH TO NEW THREATS
To really understand what is going on in your network, you must do
more than deploy security devices, you must also monitor your
security situation on a constant basis. Intrusion detection
monitoring is a major trend in the security industry.
http://www.net-security.org/article.php?id=751

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3


----------------------------------------------------------------

AIRSNORT 0.2.7 (Linux)
AirSnort is a wireless LAN (WLAN) tool which recovers encryption
keys.
http://www.net-security.org/software.php?id=262


COMMVIEW 5.0 (Windows)
CommView is a program for monitoring Internet and LAN activity
capable of capturing and analyzing network packets.
http://www.net-security.org/software.php?id=283


ETHEREAL 0.10.8 (Linux)
Ethereal is a free network protocol analyzer.
http://www.net-security.org/software.php?id=99


GNU ANUBIS 4.0 (Linux)
GNU Anubis is an outgoing mail processor and the SMTP tunnel between
MUA and MTA. It is also a secure/anonymous SMTP client.
http://www.net-security.org/software.php?id=7


HONEYNET SECURITY CONSOLE 1.2.0 (Windows)
Honeynet Security Console is an analysis tool to view events on your
personal network or honeynet.
http://www.net-security.org/software.php?id=587


IDS POLICY MANAGER 1.5.0 (Windows)
IDS Policy Manager is a Visual Basic application that was written to
easily manage policies for multiple Snort sensors.
http://www.net-security.org/software.php?id=5


IPCOP 1.4.2 (Linux)
IPCop Firewall is a Linux firewall distribution geared towards home
and SOHO (Small Office/Home Office) users.
http://www.net-security.org/software.php?id=147


NAGIOS 2.0b1 (Linux)
Nagios is a host and service monitor designed to inform you of
network problems before your clients, end-users or managers do.
http://www.net-security.org/software.php?id=279


NUFW 0.9.6 (Linux)
NuFW is an "authenticating gateway". This means it requires
authentication for any connections to be forwarded through the
gateway.
http://www.net-security.org/software.php?id=526


SAMHAIN 2.0.3 (Linux)
Samhain is an open source file integrity and host-based intrusion
detection system.
http://www.net-security.org/software.php?id=125


SHOREWALL 2.2.0 RC1 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


SNORT 2.3.0 RC2 (Linux)
Snort is a lightweight network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP
networks.
http://www.net-security.org/software.php?id=112


SSL-EXPLORER 0.1.5 RC (Windows)
The 3SP SSL-Explorer is the world's first open-source SSL-based VPN
solution of its kind.
http://www.net-security.org/software.php?id=579


SUSSEN 0.10 (Linux)
Sussen is a client for the Nessus Security Scanner.
http://www.net-security.org/software.php?id=497


TRACEPROTO 1.1.0 (Linux)
Traceproto is a traceroute replacement written in c that allows the
user to specify the protocol and port to trace to.
http://www.net-security.org/software.php?id=196


WINFINGERPRINT 0.6.0 (Windows)
Winfingerprint is a Win32 MFC VC++ .NET based security tool that is
able to Determine OS, enumerate users, groups, shares, and more.
http://www.net-security.org/software.php?id=103

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Workshop on the Issues in the Theory of Security (WITS 2005)
Organized by IFIP WG 1.7 , ACM SIGPLAN - 10 January-11 January 2005
http://www.net-security.org/conference.php?id=105


8th International Workshop on Practice and Theory in Public Key
Cryptography (PKC 05)
Organized by Ecole Polytechnique Federale de Lausanne - 23 January-26
January 2005
http://www.net-security.org/conference.php?id=106


Australasian Information Security Workshop 2005
Organized by Australian Computer Society and The University of
Newcastle - 31 January-3 February 2005
http://www.net-security.org/conference.php?id=107


Airscanner Wireless Security Bootcamp
Organized by Airscanner - 3 February-4 February 2005
http://www.net-security.org/conference.php?id=103


The 12th Annual Network and Distributed System Security Smposium 
2005
Organized by The Internet Society Organization Commitee - 3
February-4 February 2005
http://www.net-security.org/conference.php?id=108


Fast Software Encryption 2005
Organized by European Network of Excellence - 24 February-25 February
2005
http://www.net-security.org/conference.php?id=109


Financial Cryptography and Security (FC 05) Ninth International
Conference
Organized by RSA Security - 28 February-3 March 2005
http://www.net-security.org/conference.php?id=110


International Workshop on Coding and Cryptography (WCC 2005)
Organized by Selmersenteret, INRIA - 14 March-18 March 2005
http://www.net-security.org/conference.php?id=111


Third IEEE International Information Assurance Workshop (IWIA'05)
Organized by IEEE Computer Society Task Force on Information
Assurance - 24 March-25 March 2005
http://www.net-security.org/conference.php?id=112


ECCE E-crime and Computer Evidence 2005
Organized by n-gate ltd. - 29 March-30 March 2005
http://www.net-security.org/conference.php?id=94


Indonesia Cryptology and Information Security Conference 2005
Organized by Lembaga Sandi Negara RI - 30 March-31 March 2005
http://www.net-security.org/conference.php?id=113


The 1st International Workshop on Systems and Network Security
(SNS2005)
Organized by University of Colorado at Colorado Springs - 4 April-8
April 2005
http://www.net-security.org/conference.php?id=114


4th Annual PKI R&D Workshop (PKI'05)
Organized by National Institute of Standards and Technology - 19
April-21 April 2005
http://www.net-security.org/conference.php?id=115


Infosecurity Europe 2005
Organized by Reed Exhibitions - 26 April-28 April 2005
http://www.net-security.org/conference.php?id=126


DallasCon 2005 Professional Cyber Defense Conference
Organized by DallasCon - 2 May-5 May 2005
http://www.net-security.org/conference.php?id=127

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Your Anti-virus is Not the Answer to Your Total Internet Security
http://www.net-security.org/press.php?id=2803


Version3, Inc. Announces Version3 Simple Sign-On 2.0 An Affordable
Easy to Use Single Sign-on Solution
http://www.net-security.org/press.php?id=2802


Skelta Workflow.NET 2004 Certified for Application Security by
Paladion Networks
http://www.net-security.org/press.php?id=2801


Stolen Laptops Are a Thing of the Past
http://www.net-security.org/press.php?id=2800


SPAMfighter Pro Has Been Released
http://www.net-security.org/press.php?id=2799


DeepNines Annihilates Malicious Traffic at Hamline University
http://www.net-security.org/press.php?id=2798


Cloudmark Helps PayPal Deliver "No-Phishing" Solution to Its
Customers
http://www.net-security.org/press.php?id=2797


Software Industry Leaders Symantec and VERITAS Software To Merge
http://www.net-security.org/press.php?id=2796


Intellitactics is First SIM Software Provider To Achieve Common
Criteria Certification
http://www.net-security.org/press.php?id=2795


Back Up Your Sensitive Computer Data, TK8 Backup v. 3.0 Released
http://www.net-security.org/press.php?id=2794


Aladdin eSafe Attacks Spyware at the Enterprise Gateway With
Real-Time Inspection
http://www.net-security.org/press.php?id=2793


Anti-Virus Software Now Running On Arm-Based Security Appliances
http://www.net-security.org/press.php?id=2792


Cyber Security Industry Alliance Kicks Off Sarbanes-Oxley Compliance
Initiative
http://www.net-security.org/press.php?id=2791


Anti-Spyware Gives Consumers False Sense of Security
http://www.net-security.org/press.php?id=2790


Apreo Enforces Appropriate Use of Google Desktop Search to Reduce
Security Risk of Data Exposure and Spyware Infection
http://www.net-security.org/press.php?id=2789


pcInternet Patrol Turns the Release of a Windows Firewall Into an
Opportunity to Expand Its Market Share
http://www.net-security.org/press.php?id=2788


NetContinuum Adds Web Anti-Crawl Protection to Application Security
Gateway
http://www.net-security.org/press.php?id=2787


Warning: Zafi.D Spreads Some Festive Misery
http://www.net-security.org/press.php?id=2786


F-Secure Corporation's Data Security Summary for 2004
http://www.net-security.org/press.php?id=2785


McAfee, Inc. Appoints Eric F. Brown Executive Vice President and
Chief Financial Officer
http://www.net-security.org/press.php?id=2784


OPSWAT is working With Microsoft’s Network Access Protection to Help
Customers Address Security Threats
http://www.net-security.org/press.php?id=2783


Tolly Group Test Results Verify That Top Layer’s IPS 5500 Offers the
Highest Levels of Protection and Performance for Real-World Networks
http://www.net-security.org/press.php?id=2782


iQuate secures €700,000 investment
http://www.net-security.org/press.php?id=2781


OnlyMyEmail Captures the Anti-Spam "Holy Grail"
http://www.net-security.org/press.php?id=2780


SSH Builds Upon The Evolution Of Its World Leading Secure Shell
Technology In 2005
http://www.net-security.org/press.php?id=2779


IPxray Issues Industry Alert for Top-5 Network Intrusion
Vulnerabilities
http://www.net-security.org/press.php?id=2778


Skybox Security Introduces Breakthrough Worm Attack Simulation With
The Availability Of Skybox View 2.0
http://www.net-security.org/press.php?id=2777


Global DataGuard Releases Licensable Version of its Empirical
Surveillance Program
http://www.net-security.org/press.php?id=2776


Anti-Virus Vendor “Wows” Customers With Free Installation and Support
Services
http://www.net-security.org/press.php?id=2775


FrontBridge Sees Holiday Spam Volumes Surpass 90 per cent
http://www.net-security.org/press.php?id=2774


Lucid Security, NCS Technologies Announce OEM Partnership
http://www.net-security.org/press.php?id=2773


Live Memory Forensics Added to ProDiscover Incident Response
http://www.net-security.org/press.php?id=2772


Imperva Delivers Unique Security Insight into Applications in
Production
http://www.net-security.org/press.php?id=2771


Forum Systems Announces Integration With IBM Tivoli Access Manager
Software To Simplify SOA Security
http://www.net-security.org/press.php?id=2770


Iometrix And Trapeze Networks Build And Test The Largest, Most
Scalable And Secure Enterprise-Class Wireless Network
http://www.net-security.org/press.php?id=2769


Sandia National Laboratories Provides Secure Wireless Lan Access To
All Its Employees With The Trapeze Mobility System
http://www.net-security.org/press.php?id=2768


Canadian ISP to Offer Anti-Virus and Security Services   to its
High-Speed Internet Users Under "Shaw Secure" Brand
http://www.net-security.org/press.php?id=2767


F-Secure announces support for Network Access Protection Technology
from  Microsoft
http://www.net-security.org/press.php?id=2766


ActMon Password Recovery XP Has Been Released
http://www.net-security.org/press.php?id=2765


i-Guard.Net Launches the First Complete Email Security and
Productivity Improvement Software for Windows Desktop
http://www.net-security.org/press.php?id=2764


Seventh Knight Launches Revolutionary Technology with z7 Security
Appliance
http://www.net-security.org/press.php?id=2763

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly Report on Viruses and Intruders - Zafi.D, Atak.H, Atak.I,
Atak.J and Janx.A Worms and HideProc.B Trojan
http://www.net-security.org/virus_news.php?id=501


One in Every Ten Emails Infected By Christmas Card Virus
http://www.net-security.org/virus_news.php?id=500


Three Christmas Worms -Atak.H, Atak.I and Atak.J
http://www.net-security.org/virus_news.php?id=499


Latest Zafi Worm Spreading In The Wild As Email Christmas Greeting
http://www.net-security.org/virus_news.php?id=498


The New Zafi.D Worm Wishes You "Happy Holidays"
http://www.net-security.org/virus_news.php?id=497


New Christmas Card Email Worm Spreading
http://www.net-security.org/virus_news.php?id=496

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
FREE SOFTWARE AND WHITE PAPER FROM APPLICATION SECURITY!
----------------------------------------------------------------
Today, traditional methods of network perimeter security do not 
protect an organization's greatest asset: its databases. Hackers 
tend to go where the targets are the most attractive, and the 
defenses are the weakest. Therefore, it shouldn't be surprising 
that enterprise applications and databases are increasingly coming 
under attack from the kind of threats once associated mostly 
with operating systems and desktop applications.

Register to receive a *FREE* white paper on protecting your 
organization's crown jewels from Application Security to learn more:
http://www.appsecinc.com/wpreg or get a jumpstart by downloading 
a *FREE* evaluation copy of AppDetective, the most comprehensive 
database security solution available at 
http://www.appsecinc.com/products/appdetective/
----------------------------------------------------------------