HNS Newsletter Issue 249 - 24.01.2005. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. ---------------------------------------------------------------- ALERT: "How Hackers Launch Blind SQL Injection Attacks" White Paper ---------------------------------------------------------------- The newest web app vulnerability... Blind SQL Injection! Even if your web application does not return error messages, it may still be open to a Blind SQL Injection Attack. Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! http://www.net-security.org/v/spidyn3 ---------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Reviews 6) Software 7) Webcasts 8) Conferences 9) Security World 10) Virus News [ Security news ] ---------------------------------------------------------------- VOIP HACKERS CAN PUT SPAM IN YOUR EAR As an increasing number of companies and individuals make phone calls through the Internet, phone systems can become as vulnerable as computer networks to hackers, computer viruses and network disruptions. http://www.net-security.org/news.php?id=6928 FBI RETIRES ITS CARNIVORE Newly-released reports show the bureau embracing commercial solutions for Internet surveillance, in investigations ranging from providing material support to terrorists to making harassing telephone calls. http://www.net-security.org/news.php?id=6929 EXPERTS WARN OF TRICK TO BYPASS IE SECURITY A computer security researcher and an antivirus company are warning Microsoft customers about an unpatched hole in the company's Internet Explorer Web browser that could allow a remote attacker to bypass security warnings and download malicious content onto vulnerable systems. http://www.net-security.org/news.php?id=6930 CLI MAGIC: TCPDUMP Don't worry, I'm not going to try to turn you into to a network security analyst or administrator. But if you're interested in what's happening under the hood on your Internet connection, I'll be happy to introduce you to an old and respected command-line tool. http://www.net-security.org/news.php?id=6931 IT SECURITY COMPANIES TAKE ROOT, GROW IN EAST BAY Everyone knows Silicon Valley is the world center of information technology. So it makes sense that data and network security companies would be clustered nearby. http://www.net-security.org/news.php?id=6932 REPORTING KERNEL SECURITY ISSUES A lengthy and interesting thread was started on the lkml by Chris Wright looking to define a centralized place to report security issues in the Linux Kernel. http://www.net-security.org/news.php?id=6933 NEW YORK ISP'S DOMAIN HIJACKED The domain name of Panix, the oldest commercial internet service provider in New York, was hijacked on Friday evening US time and the company is in the process of recovering the same. http://www.net-security.org/news.php?id=6934 KEEPING THE WORLD SAFE... RUNNING AS LOCAL ADMINISTRATOR Have you seen the recent AOL commercials pushing their new anti-virus/anti-spyware feature? http://www.net-security.org/news.php?id=6935 COMMON CRITERIA – SALVATION FOR EMAIL SECURITY With the increasing threat of far more sophisticated attacks than just spam and viruses, email security is taking a leap forward. But in implementing new solutions, organisations open up the risk to additional vulnerabilities, because the products they have chosen may not provide an adequate level of security. http://www.net-security.org/news.php?id=6936 TSUNAMI WORM TRICKS NET USERS A new computer worm pretends to offer information on making a donation to help with the Indian Ocean tsunami disaster, security experts have warned. http://www.net-security.org/news.php?id=6937 SCOTTISH MAN APPEARS IN COURT FOR INTERNET EXTORTION Suspect arrested as part of international crackdown on DDOS attacks. http://www.net-security.org/news.php?id=6938 COMPUWARE READIES FAULT SIMULATION, SECURITY TOOLS Offerings set for Microsoft apps development platform Compuware on Tuesday will announce tools providing fault simulation and security analysis for developers building applications on the Microsoft platform. http://www.net-security.org/news.php?id=6939 MALWARE COMES OF AGE The arrival of the true computer parasite. http://www.net-security.org/news.php?id=6940 BUILDING A WIRELESS SNIFFER WITH PERL This article, the first in a two-part report, reviews common issues of wireless security, and shows how to use open source software to suss out wireless networks, get information about them, and start recognizing common security problems. http://www.net-security.org/news.php?id=6941 BLUEPRINT FOR PROFESSIONALISM IN IT SECURITY For most employers, hiring IT security staff is a difficult challenge. The security profession has grown up in an ad hoc way over the past 20 years and there are no widely recognised definitions of what IT security should cover, let alone any consensus on what qualifications and experience IT professionals should have. http://www.net-security.org/news.php?id=6942 THE STATE OF WINDOWS SECURITY In recent years, security, especially of the Windows platform, seems to constantly reawaken as a topic of eager discussion. http://www.net-security.org/news.php?id=6943 ANTI-SPYWARE AS ANTI-PIRACY Is Microsoft's anti-malware giveaway part of a master plan to flush out software pirates? http://www.net-security.org/news.php?id=6944 MICROSOFT URGES PC USERS TO GET SECURE More than two-fifths of PC users fell victim to a computer virus during the last 12 months, a Microsoft survey reveals. http://www.net-security.org/news.php?id=6945 DISASTER RECOVERY: PREPARING FOR THE WORST Steve Gold explores how IT managers can make their disaster recovery plans as watertight as possible. http://www.net-security.org/news.php?id=6946 IT SECURITY GETS FIRST PASSING GRADE - BARELY After three years of failing grades from lawmakers, agencies are finally making progress toward better information security. http://www.net-security.org/news.php?id=6947 THE CONVERGENCE OF HACKING AND SECURITY TOOLS There is beginning to be a blurring of the lines when it comes to security tools, and hacking tools. Is there really a difference anymore between the two of them at all? http://www.net-security.org/news.php?id=6948 MELBOURNE IT ACCEPTS BLAME FOR DOMAIN HIJACK Melbourne IT has acknowledged that it was partially responsible for a Web domain hijacking that left a New York Internet hosting company without an Internet address over the weekend. http://www.net-security.org/news.php?id=6949 NOTES FROM SECURITY SCHOOL Do you want to look inside the world of hackers and learn some lessons about how to thwart their attacks on your network? The SANS Institute's professional training courses may be the best place to start. http://www.net-security.org/news.php?id=6950 APACHE 2 WITH SSL/TLS: STEP-BY-STEP, PART 1 This article begins a series of three articles dedicated to configuring Apache 2.0 with SSL/TLS support, in order to ensure maximum security and optimal performance of secure web communication. This part introduces key aspects of SSL/TLS and then shows how to compile and configure Apache 2.0 with support for these protocols. http://www.net-security.org/news.php?id=6951 FINGERPRINTING PLAYS KEY ROLE IN BIOMETRICS BOOM In the IT space, low-priced fingerprinting systems represent a potential solution to a number of problems. Companies need to supplement password systems, which can be easily compromised, and fingerprinting represents a stronger security check. It also has the potential to lower IT costs. http://www.net-security.org/news.php?id=6952 WIRELESS HACKERS CREEP NEARER TO UK HOMES Security experts are warning the rapid uptake of wireless networks in the UK could spell disaster for home working professionals, if they fail to safeguard their IT systems against “war-driving” attackers. http://www.net-security.org/news.php?id=6954 TOSHIBA RELEASES IP-BASED, POE SECURITY CAMERA Device includes PoE, two-way audio, an SD card slot, and built-in motion detection. http://www.net-security.org/news.php?id=6955 UK GOV READY TO U-TURN ON PASSPORT-ID CARD LINK? As the UK's ID cards bill charges through Parliament, signs are starting to emerge that the Home Office's dubious packaging plans might be coming apart at the seams. http://www.net-security.org/news.php?id=6956 ASTARO BREAKS OUT NEW ALL-IN-ONE SECURITY APPLIANCES If you're one of the most acclaimed security software companies in the market, what do you do for an encore? http://www.net-security.org/news.php?id=6957 POLICE LEARNING TO FIGHT ONLINE CRIME Elearning course introduced after Home Office calls. http://www.net-security.org/news.php?id=6958 WI-FI BOOM MAKES LIFE EASIER FOR COMPUTER HACKERS Most wireless networks come with security features to prevent snoopers reading emails and other documents, but many people do not use them because they are difficult to implement. http://www.net-security.org/news.php?id=6959 NEW THINKPAD T43 LAYERS ON SECURITY The ThinkPad T43 notebook design due out in April layers on several new security functions. http://www.net-security.org/news.php?id=6960 ORACLE RELEASES QUARTERLY PATCH UPDATE A security update from Oracle addresses 23 security holes in several versions of Oracle Database Server that left users vulnerable to denial-of-service attacks, trigger abuse, and outside access to sensitive information. http://www.net-security.org/news.php?id=6961 NEW MOM MANAGEMENT PACK FOR PASSWORD CHANGE NOTIFICATION Microsoft this month introduced a new Microsoft Operations Manager Management Pack for the Microsoft Password Change Notification Service. http://www.net-security.org/news.php?id=6962 PLAYING WITH FIREWALLS In these unfriendly times, keeping vandals and crooks off networks of any size is a constant battle. http://www.net-security.org/news.php?id=6963 POLICE NAB CREATOR OF WEBCAM TROJAN Man is accused of creating a Trojan horse that could steal info and spy on users. http://www.net-security.org/news.php?id=6964 CYBER-CRIME BIGGER THREAT THAN CYBER-TERROR Cyber security experts say governments have largely succeeded in stopping the most vulnerable computer systems from cyber-terror, but civilian and business networks remain wide open. http://www.net-security.org/news.php?id=6965 HOW TO MAKE YOUR PC SECURE An unguarded PC is a potentially dangerous window into your life and finances. We show you how to make it secure and keep it secure. http://www.net-security.org/news.php?id=6966 INTERNET PHISHING SCAMS GETTING MORE DEVIOUS Cybercriminals are devising new tricks to get people to reveal sensitive data. http://www.net-security.org/news.php?id=6967 CHINESE COMPANIES JOIN CISCO-LED SECURITY PROGRAM Chinese antivirus software vendors join Cisco's NAC security program. http://www.net-security.org/news.php?id=6968 BEST-KEPT SECRETS - QUANTUM CRYPTOGRAPHY Quantum cryptography has marched from theory to laboratory to real products. http://www.net-security.org/news.php?id=6969 INTRUSION DETECTION WITH AIDE Installing an intrusion detection system (IDS) can give you a heads up on whether or not filesystems have been modified. http://www.net-security.org/news.php?id=6970 MINIMIZING CORPORATE INSTANT MESSAGING RISKS Instant messaging is, for the most part, a less secure way to communicate than through corporate e-mail, especially if one is using a public instant messaging system offered by a commercial provider. http://www.net-security.org/news.php?id=6971 SECURITY COMPANIES MIGHT BE MESSING WITH IT MANAGERS' MINDS If users believed the marketing bumf security vendors peddle, they'd be looking for viruses in their morning coffee. http://www.net-security.org/news.php?id=6972 SYMANTEC CONTINUES GROWTH PATH Quarterly revenue grew more than 40%, as Symantec executives vowed to both partner with and compete against Microsoft. http://www.net-security.org/news.php?id=6975 VIRUSES PLAGUE HALF OF UK WINDOWS USERS Microsoft survey finds lackadaisical approach to security. http://www.net-security.org/news.php?id=6976 FRAUD VICTIMS FACING COLD SHOULDER Banks can no longer guarantee refunds after growth in phishing and identity theft. http://www.net-security.org/news.php?id=6977 CNN WORM POSES AS NEWS ALERT News-hungry surfers are the target of a new worm that masquerades as a breaking news story but actually leave computers vulnerable to hackers. http://www.net-security.org/news.php?id=6978 CACERT CERTIFICATES OFFER FREE SECURITY Securing the transfer of information while traversing the Internet requires an X.509 security certificate to guarantee its integrity. http://www.net-security.org/news.php?id=6979 THE AFTERMATH OF A DOMAIN NAME HIJACK The industry needs to find a way to establish stronger trust in registrars if it is to avoid a repeat of last weekend's hijacking of the Panix.com domain name, says Alexis Rosen, Panix president. http://www.net-security.org/news.php?id=6980 MSN MESSENGER INVADED BY NEW WORM Open IM windows on the desktop are vulnerable. http://www.net-security.org/news.php?id=6981 EXPERTS: 'PHISHING' MORE SOPHISTICATED Internet "phishing" scams are becoming more difficult to detect as criminals develop new ways to trick consumers into revealing passwords, bank account numbers and other sensitive information, security experts say. http://www.net-security.org/news.php?id=6982 IS YOUR COMPUTER PART OF A CRIMINAL NETWORK? Programs called 'bots' increasingly turn PCs into zombies, often for illicit gains. http://www.net-security.org/news.php?id=6983 SPYWARE: AN UPDATE How big of a problem is spyware? It’s big enough that the U.S. House of Representatives voted unanimously to stiffen jail sentences for those who use secret surveillance programs to steal credit card numbers or commit other crimes. http://www.net-security.org/news.php?id=6984 ACCUSED SPAMMER SUES INDIVIDUAL WHO REPORTED IT Atriks claims it's innocent, but company shows up on independent spam monitor list. http://www.net-security.org/news.php?id=6985 A CURE FOR THE COMMON SSH LOGIN ATTACK A few months ago, I began seeing our 'secure' log files fill up with entries stating: "Failed password for illegal user [username]"... http://www.net-security.org/news.php?id=6986 A FIREWALL FOR YOUR MOBILE EMPLOYEES If you have a business and you have a network, you probably also have a firewall in place to protect it. http://www.net-security.org/news.php?id=6987 VIRUS DISGUISED AS BITDEFENDER UPDATE Anti-virus company BitDefender has warned computer users that a new virus falsely claims to offer security updates from its support team. http://www.net-security.org/news.php?id=6988 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/archive_vuln.php ---------------------------------------------------------------- Apache mod_auth_radius Remote Integer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3997 Oracle Database and Oracle Applications Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3996 GForge 3.x Directory Traversal Vulnerability http://www.net-security.org/vuln.php?id=3995 JSBoard 2.0.9 File Disclosure Vulnerability http://www.net-security.org/vuln.php?id=3994 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities http://www.net-security.org/vuln.php?id=3993 RealPlayer 10.5 Miscellaneous Vulnerabilities http://www.net-security.org/vuln.php?id=3992 RealPlayer 10.5 Arbitrary File Deletion Vulnerability http://www.net-security.org/vuln.php?id=3991 RealPlayer 10.5 'ShowPreferences' Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3990 Microsoft Internet Explorer Install Engine Control Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3989 AtHoc Toolbar Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3988 Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability http://www.net-security.org/vuln.php?id=3987 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow Vulnerability http://www.net-security.org/vuln.php?id=3986 Gallery v1.3.4-pl1 / v1.4.4-pl2 Cross Site Scripting Vulnerability http://www.net-security.org/vuln.php?id=3985 NodeManager Professional V2.00 Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3984 Netgear FVS318 Router Multiple Vulnerabilities http://www.net-security.org/vuln.php?id=3983 phpGiftReq 1.4.0 SQL Injection Vulnerability http://www.net-security.org/vuln.php?id=3982 MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3981 SGI IRIX inpview Design Error Vulnerability http://www.net-security.org/vuln.php?id=3980 Exim dns_buld_reverse() Buffer Overflow Vulnerability http://www.net-security.org/vuln.php?id=3979 Apple Airport WDS Denial of Service Vulnerability http://www.net-security.org/vuln.php?id=3978 Siteman v1.1.9 Cross Site Scripting Vulnerability http://www.net-security.org/vuln.php?id=3977 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Gentoo Linux Security Advisory - CUPS: Stack overflow in included Xpdf code (GLSA 200501-30) http://www.net-security.org/advisory.php?id=4361 Gentoo Linux Security Advisory - Mailman: Cross-site scripting vulnerability (GLSA 200501-29) http://www.net-security.org/advisory.php?id=4360 SGI Security Advisory - SGI Advanced Linux Environment 3 Security Update #23 (20050101-01-U) http://www.net-security.org/advisory.php?id=4359 Novell Security Advisory - GroupWise WebAccess Error modules loading (NOVL-2005-10096251) http://www.net-security.org/advisory.php?id=4358 Gentoo Linux Security Advisory - Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2 (GLSA 200501-28) http://www.net-security.org/advisory.php?id=4357 SUSE Security Announcement - kernel (SUSE-SA:2005:003) http://www.net-security.org/advisory.php?id=4356 Debian Security Advisory - enscript (DSA 654-1) http://www.net-security.org/advisory.php?id=4355 Debian Security Advisory - ethereal (DSA 653-1) http://www.net-security.org/advisory.php?id=4354 Debian Security Advisory - unarj (DSA 652-1) http://www.net-security.org/advisory.php?id=4353 Debian Security Advisory - ethereal (DSA 653-1) http://www.net-security.org/advisory.php?id=4352 Debian Security Advisory - unarj (DSA 652-1) http://www.net-security.org/advisory.php?id=4351 SCO Security Advisory - UnixWare 7.1.3 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities (SCOSA-2005.7) http://www.net-security.org/advisory.php?id=4350 Gentoo Linux Security Advisory - Ethereal: Multiple vulnerabilities ( GLSA 200501-27) http://www.net-security.org/advisory.php?id=4349 Gentoo Linux Security Advisory - ImageMagick: PSD decoding heap overflow (GLSA 200501-26) http://www.net-security.org/advisory.php?id=4348 SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : bind remote attacker can poison the nameserver cache (SCOSA-2005.4) http://www.net-security.org/advisory.php?id=4347 Ubuntu Security Notice - squid vulnerabilities (USN-67-1) http://www.net-security.org/advisory.php?id=4346 Ubuntu Security Notice - php4 vulnerabilities (USN-66-1) http://www.net-security.org/advisory.php?id=4345 Ubuntu Security Notice - php4 vulnerabilities (USN-66-1) http://www.net-security.org/advisory.php?id=4344 Debian Security Advisory - squid (DSA 651-1) http://www.net-security.org/advisory.php?id=4343 Debian Security Advisory - sword (DSA 650-1) http://www.net-security.org/advisory.php?id=4342 Conectiva Linux Security Announcement - libtiff3 (CLA-2005:920) http://www.net-security.org/advisory.php?id=4341 Debian Security Advisory - xtrlock (DSA 649-1) http://www.net-security.org/advisory.php?id=4340 Turbolinux Security Announcement - xpdf, libtiff, Xfree86, imlib (20/Jan/2005) http://www.net-security.org/advisory.php?id=4339 Mandrakelinux Security Update Advisory - xine-lib (MDKSA-2005:011) http://www.net-security.org/advisory.php?id=4338 Mandrakelinux Security Update Advisory - playmidi (MDKSA-2005:010) http://www.net-security.org/advisory.php?id=4337 Mandrakelinux Security Update Advisory - mpg123 (MDKSA-2005:009) http://www.net-security.org/advisory.php?id=4336 Ubuntu Security Notice - apache vulnerabilities (USN-65-1) http://www.net-security.org/advisory.php?id=4335 Conectiva Linux Security Announcement - xine-lib (CLA-2005:919) http://www.net-security.org/advisory.php?id=4334 Debian Security Advisory - xpdf (DSA 648-1) http://www.net-security.org/advisory.php?id=4333 Debian Security Advisory - mysql (DSA 647-1) http://www.net-security.org/advisory.php?id=4332 Ubuntu Security Notice - xpdf, cupsys vulnerabilities (USN-64-1) http://www.net-security.org/advisory.php?id=4331 Debian Security Advisory - imagemagick (DSA 646-1) http://www.net-security.org/advisory.php?id=4330 Debian Security Advisory - cupsys (DSA 645-1) http://www.net-security.org/advisory.php?id=4329 SCO Security Advisory - UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison (SCOSA-2005.2) http://www.net-security.org/advisory.php?id=4328 Ubuntu Security Notice - mysql-dfsg vulnerability (USN-63-1) http://www.net-security.org/advisory.php?id=4327 Ubuntu Security Notice - imagemagick vulnerability (USN-62-1) http://www.net-security.org/advisory.php?id=4326 Ubuntu Security Notice - vim vulnerabilities (USN-61-1) http://www.net-security.org/advisory.php?id=4325 Debian Security Advisory - chbg (DSA 644-1) http://www.net-security.org/advisory.php?id=4324 Debian Security Advisory - queue (DSA 643-1) http://www.net-security.org/advisory.php?id=4323 Mandrakelinux Security Update Advisory - cups (MDKSA-2005:008) http://www.net-security.org/advisory.php?id=4322 SUSE Security Announcement - php4, mod_php4 (SUSE-SA:2005:002) http://www.net-security.org/advisory.php?id=4321 Debian Security Advisory - gallery (DSA 642-1) http://www.net-security.org/advisory.php?id=4320 OpenPKG Security Advisory - a2ps (OpenPKG-SA-2005.003) http://www.net-security.org/advisory.php?id=4319 OpenPKG Security Advisory - OpenPKG-SA-2005.002 (sudo) http://www.net-security.org/advisory.php?id=4318 Debian Security Advisory - playmidi (DSA 641-1) http://www.net-security.org/advisory.php?id=4317 Debian Security Advisory - gatos (DSA 640-1) http://www.net-security.org/advisory.php?id=4316 Gentoo Linux Security Advisory - Squid: Multiple vulnerabilities (GLSA 200501-25) http://www.net-security.org/advisory.php?id=4315 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- SPYWARE: AN UPDATE How big of a problem is spyware? It’s big enough that the U.S. House of Representatives voted unanimously to stiffen jail sentences for those who use secret surveillance programs to steal credit card numbers or commit other crimes. http://www.net-security.org/article.php?id=761 COMMON CRITERIA – SALVATION FOR EMAIL SECURITY With the increasing threat of far more sophisticated attacks than just spam and viruses, email security is taking a leap forward. But in implementing new solutions, organisations open up the risk to additional vulnerabilities, because the products they have chosen may not provide an adequate level of security. http://www.net-security.org/article.php?id=760 ---------------------------------------------------------------- [ Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- PRIVACY: WHAT DEVELOPERS AND IT PROFESSIONALS SHOULD KNOW Whether you are manager, IT professional, developer, or security specialist, this book will get you some quality information you need to protect your customers and your organization. http://www.net-security.org/review.php?id=147 ---------------------------------------------------------------- [ Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 Pocket PC software is located at: http://net-security.org/software_main.php?cat=3 ---------------------------------------------------------------- GFI LANGUARD NETWORK SECURITY SCANNER 6 (Windows) This tool is used to audit network security and proactively secure it. http://www.net-security.org/software.php?id=481 MAIL SNOOP PRO 1.11.029 (Windows) Mail Snoop is an anti-spam filter system and email checker. http://www.net-security.org/software.php?id=92 SHOREWALL 2.2.0 RC5 (Linux) Shorewall is an iptables based firewall that can be used on a dedicated firewall system, a multi-function masquerade gateway/server or on a standalone Linux system. http://www.net-security.org/software.php?id=40 TCPICK 0.2.1 (Linux) Tcpick is a textmode sniffer that can track TCP streams and saves the data captured in files or displays them in the terminal. http://www.net-security.org/software.php?id=288 ---------------------------------------------------------------- [ Webcasts ] All webcasts are located at: http://net-security.org/webcasts.php ---------------------------------------------------------------- Writing Secure Code (Part 2 of 3) - Threat Defense Organized by Microsoft on 26 January 2005, 11:00 AM http://www.net-security.org/webcast.php?id=351 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://net-security.org/conferences.php ---------------------------------------------------------------- 8th International Workshop on Practice and Theory in Public Key Cryptography (PKC 05) Organized by Ecole Polytechnique Federale de Lausanne - 23 January-26 January 2005 http://www.net-security.org/conference.php?id=106 Australasian Information Security Workshop 2005 Organized by Australian Computer Society and The University of Newcastle - 31 January-3 February 2005 http://www.net-security.org/conference.php?id=107 Airscanner Wireless Security Bootcamp Organized by Airscanner - 3 February-4 February 2005 http://www.net-security.org/conference.php?id=103 The 12th Annual Network and Distributed System Security Smposium 2005 Organized by The Internet Society Organization Commitee - 3 February-4 February 2005 http://www.net-security.org/conference.php?id=108 Winter 2005 Biometrics Summit Organized by Advanced Learning Institute - 23 February-25 February 2005 http://www.net-security.org/conference.php?id=129 Fast Software Encryption 2005 Organized by European Network of Excellence - 24 February-25 February 2005 http://www.net-security.org/conference.php?id=109 Financial Cryptography and Security (FC 05) Ninth International Conference Organized by RSA Security - 28 February-3 March 2005 http://www.net-security.org/conference.php?id=110 International Workshop on Coding and Cryptography (WCC 2005) Organized by Selmersenteret, INRIA - 14 March-18 March 2005 http://www.net-security.org/conference.php?id=111 Third IEEE International Information Assurance Workshop (IWIA'05) Organized by IEEE Computer Society Task Force on Information Assurance - 24 March-25 March 2005 http://www.net-security.org/conference.php?id=112 ECCE E-crime and Computer Evidence 2005 Organized by n-gate ltd. - 29 March-30 March 2005 http://www.net-security.org/conference.php?id=94 Indonesia Cryptology and Information Security Conference 2005 Organized by Lembaga Sandi Negara RI - 30 March-31 March 2005 http://www.net-security.org/conference.php?id=113 The 1st International Workshop on Systems and Network Security (SNS2005) Organized by University of Colorado at Colorado Springs - 4 April-8 April 2005 http://www.net-security.org/conference.php?id=114 Infosec World 2005 Organized by MIS Training Institute - 4 April-6 April 2005 http://www.net-security.org/conference.php?id=128 4th Annual PKI R&D Workshop (PKI'05) Organized by National Institute of Standards and Technology - 19 April-21 April 2005 http://www.net-security.org/conference.php?id=115 Infosecurity Europe 2005 Organized by Reed Exhibitions - 26 April-28 April 2005 http://www.net-security.org/conference.php?id=126 ---------------------------------------------------------------- [ Security World ] All press releases are located at: http://www.net-security.org/press_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- Router Protection is Necessary in 2005 http://www.net-security.org/press.php?id=2863 StreamShield Predicts the End of the Phishing Season http://www.net-security.org/press.php?id=2862 New Virus Masquerades as Message from BitDefender http://www.net-security.org/press.php?id=2861 Apani Networks Announces the VPN Client v3.1.1 for Nortel VPN Routers http://www.net-security.org/press.php?id=2860 McKesson Corporation Selects Authenex for Identity and Network Access Management http://www.net-security.org/press.php?id=2859 Advanced HTML Encrypt and Password Protect: A Smart Tool To Make Pagejackers And Spam Robots Very Unhappy http://www.net-security.org/press.php?id=2858 Symantec Reports Record Revenue And Earnings In Fiscal Third Quarter http://www.net-security.org/press.php?id=2857 The 10 Worst Internet Scams for 2005 http://www.net-security.org/press.php?id=2856 GWGuardian Among the Top Three Anti-Spam Solutions Chosen by Network World http://www.net-security.org/press.php?id=2855 Secure-It Protects Against Various Windows Vulnerabilities Including some Not Patched by Microsoft http://www.net-security.org/press.php?id=2854 BirdsEye Wizard Puts Magic into System Monitoring Setup http://www.net-security.org/press.php?id=2853 Snoops Don't Need Physical Access to Your PC to Spy On You http://www.net-security.org/press.php?id=2852 3WTel Remains a World Leader in VoIP Security as Vomit and Sniff Wreak Havoc http://www.net-security.org/press.php?id=2851 FlowSense Awarded Contract to Supply Biometric Identification Systems to the National Defense University http://www.net-security.org/press.php?id=2850 Symantec And Veritas Announce Integration Team http://www.net-security.org/press.php?id=2849 GFI MailEssentials named Messaging Product of the Year by SearchWin2000.com http://www.net-security.org/press.php?id=2848 Sophos Protects Portsmouth College From Viruses And Spam http://www.net-security.org/press.php?id=2847 GFI LANguard N.S.S. 6 Now Detects Wireless Nodes And Suspicious USB Devices http://www.net-security.org/press.php?id=2846 Wick Hill Appointed Pan-European Distributor For Finjan Software http://www.net-security.org/press.php?id=2845 Vircom Warns About Tsunami Aid Scams http://www.net-security.org/press.php?id=2844 Fortune 10 Manufacturing Company Selects Pointsec to Provide Mobile Device Security http://www.net-security.org/press.php?id=2843 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- New Worm Poses As Breaking News Headlines http://www.net-security.org/virus_news.php?id=515 Tsunami Disaster Donation Plea Is Really A Virus http://www.net-security.org/virus_news.php?id=514 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ---------------------------------------------------------------- ALERT: "How Hackers Launch Blind SQL Injection Attacks" White Paper ---------------------------------------------------------------- The newest web app vulnerability... Blind SQL Injection! Even if your web application does not return error messages, it may still be open to a Blind SQL Injection Attack. Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! http://www.net-security.org/v/spidyn3 ----------------------------------------------------------------