HNS Newsletter
Issue 253 - 21.02.2005.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.


----------------------------------------------------------------
REGISTER FOR INFOSECURITY EUROPE 2005
----------------------------------------------------------------
Infosecurity Europe is Europe's number one, dedicated Information
Security event. Now in its 10th anniversary year, Infosecurity
Europe continues to provide an unrivalled education programme,
new products & services, over 250 exhibitors and over 10,000
visitors from every segment of the industry.
----------------------------------------------------------------
Get all the information at: http://www.infosec.co.uk/hns
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Webcasts
7) Conferences
8) Security World
9) Virus News


[ Security news ]


----------------------------------------------------------------

WIRELESS SECURITY HANDSET MECHANISM SET FOR DEMO
Texas Instruments, Orange and Trusted Logic are to demonstrate a new
wireless security handset mechanism designed to eliminate
unauthorised handset use and fraud.
http://www.net-security.org/news.php?id=7135


HP INTRODUCES SERVER-BASED ANTI-WORM SOFTWARE
Hewlett-Packard on Friday rolled out a software add-on for its
ProLiant servers and HP BladeSystem that shuts down the
inside-the-network spread of worms or viruses within milliseconds.
http://www.net-security.org/news.php?id=7136


SPAMMERS OUTWIT BLACKLIST STRATEGY
Spammers now have a trick to help them sneak around junk mail
filters.
http://www.net-security.org/news.php?id=7137


EVALUATING YOUR FIREWALL
John Traenkenschuh considers some of the basic problems confronting
firewall administrators. What's the point of having a firewall, if it
can't keep intruders out? And what are some of the business and
networking issues that cause firewalls to fail at their duty?
http://www.net-security.org/news.php?id=7138


FEAR AND LOATHING IN INFORMATION SECURITY
If I were to tell you that I'm proud to be a hacker, would you wish I
was dead?
http://www.net-security.org/news.php?id=7139


TOP WLAN GEAR
We pitted four top names in wireless against one another in a
bruising battery of testing. Our previous review's Editor's Choice
repeated its victory, thanks to its well-designed switches and
sophisticated access points.
http://www.net-security.org/news.php?id=7140


NEXT VIRUS THREAT: WIRELESS PHONES
McAfee and Innopath teaming up to offer security software.
http://www.net-security.org/news.php?id=7141


E-MAIL: THE THREAT WITHIN
The law treats emails as ‘discoverable documents’ in exactly the same
way as all other forms of written communication, and as such, just as
much care and attention should be taken regarding the content of
emails as with other forms of business communication.
http://www.net-security.org/news.php?id=7142


NOVELL UNVEILS SECURITY APPLIANCE
Novell this week is expected to launch a software-based security
appliance for small and midsized businesses that will protect them
from threats such as hackers, viruses, worms, spam and intrusions.
http://www.net-security.org/news.php?id=7143


WI-FI ALLIANCE TO BEEF UP SECURITY
The Wi-Fi Alliance is trying to further beef up standard security.
http://www.net-security.org/news.php?id=7144


SUPPLIER GROUP TO ADDRESS VOIP SECURITY CONCERNS
Suppliers and consultants have reacted to criticism of the security
of voice over IP technology by forming a group - the VoIP Security
Alliance - to address user concerns.
http://www.net-security.org/news.php?id=7145


DEMO@15 SHOW FOCUSES ON SECURE NETWORKS
Risk assessment is major theme.
http://www.net-security.org/news.php?id=7146


CIOS TURN SPOTLIGHT ON SARBANES SECURITY ISSUE
Security group aims to clear up confusion over the impact of
Sarbanes-Oxley on ITsecurity and the role of the IT department in
ensuring compliance.
http://www.net-security.org/news.php?id=7147


MORE ADVISORIES, MORE SECURITY
More and more, we see articles questioning the security of a given
platform based solely on the number of advisories published - and
this approach is simply wrong, writes Thierry Carrez, of Gentoo
Linux.
http://www.net-security.org/news.php?id=7148


CLEVER SERVICE HAS KEY TO E-MAIL SECURITY
How can you be sure your e-mails are safe from prying eyes? To most
of us e-mailing mom or even sending work-related e-mails, security
really isn't of great concern.
http://www.net-security.org/news.php?id=7149


SECURING LINUX WITH MANDATORY ACCESS CONTROLS
Some in the security industry say that Linux is inherently insecure,
that the way Linux enforces security decsions is fundamentally
flawed, and the only way to change this is to redesign the kernel.
http://www.net-security.org/news.php?id=7150


FEATHER LINUX FOR FIREWALLS
The firewall infrastructure of GNU/Linux consists of two parts, the
kernel (netfilter) and the configuration structure (iptables).
http://www.net-security.org/news.php?id=7151


WHITE HOUSE MAY MAKE NSA THE 'TRAFFIC COP' OVER U.S. COMPUTER
NETWORKS
The Bush administration is considering making the National Security
Agency -- famous for eavesdropping and code breaking -- its "traffic
cop" for ambitious plans to share homeland security information
across government computer networks, a senior NSA official says.
http://www.net-security.org/news.php?id=7152


KEEPING SECRETS
Most organisations would be shocked to learn of the amount of
commercially sensitive information stored in notebook PCs walking out
their office doors each day.
http://www.net-security.org/news.php?id=7153


CISCO UNVEILS SECURITY OFFERINGS
Cisco Systems today is unveiling nine new software and hardware
products, and upgrades to protect corporate computer networks from
hackers and other Internet threats.
http://www.net-security.org/news.php?id=7154


PROTECTING THE ADMINISTRATOR ACCOUNT
There are some basic and advanced options that you can configure
within Windows Active Directory to protect this valued account.
http://www.net-security.org/news.php?id=7155


PASSWORDS? WE DON'T NEED NO STINKING PASSWORDS
Concerns over online security are continuing to slow consumer
e-commerce growth.
http://www.net-security.org/news.php?id=7156


HOW MUCH SECURITY WILL MICROSOFT BE ALLOWED?
Microsoft's announcements at the RSA conference are good news for
Windows users, but one has to wonder if they'll really go through
unchallenged.
http://www.net-security.org/news.php?id=7157


DEFENSE PICKS TWO FOR PKI
Defense Department officials selected two companies to provide
digital certificate validation for the department's public-key
infrastructure (PKI), a decision that some officials feel could spur
a faster move to paperless e-government.
http://www.net-security.org/news.php?id=7158


SECURITY FEARS STILL HURTING E-COMMERCE
Many consumers reluctant to shop or bank online.
http://www.net-security.org/news.php?id=7159


T-MOBILE HACKER PLEADS GUILTY IN LOS ANGELES
A hacker who broke into the network of T-Mobile USA and accessed
personal information of hundreds of customers including a Secret
Service agent has pleaded guilty to a single felony hacking charge.
http://www.net-security.org/news.php?id=7160


MICROSOFT PLANS NEW IE BROWSER, BETTER SECURITY
Microsoft Corp. will release a new version of Internet Explorer, the
world's most widely used Web browsing software, with stronger,
built-in security features, chairman Bill Gates said on Tuesday.
http://www.net-security.org/news.php?id=7161


MICROSOFT WILL MAKE ANTISPYWARE SOFTWARE FREE OF CHARGE
Microsoft Corp. will give away software to battle spyware, adware and
other privacy-invading pests, company co-founder Bill Gates said
Tuesday.
http://www.net-security.org/news.php?id=7162


PROVIDING DATABASE ENCRYPTION
In this paper, we explore a new approach for data privacy and
security in which a security administrator protecting privacy at the
level of individual fields and records, and providing seamless
mechanisms to create, store, and securely access databases.
http://www.net-security.org/news.php?id=7163


HACKING VICTIMS FACE LEGAL THREAT
Or is it an insurance sales pitch?
http://www.net-security.org/news.php?id=7164


MITSUBISHI PREPS ZIGBEE FOR ENTERPRISE SECURITY APPS
Mitsubishi readies wireless system that can carry data at up to
250Kbps and uses very little power.
http://www.net-security.org/news.php?id=7165


LINUX USERS FEELING MORE SECURE
There are thousands of programmers across the world helping to
develop Linux and other open-source applications, and they can
quickly jump to the rescue of users with problems associated with
hackers, said Stephan Scholz of Astaro Corp. and David Allen of CR
Consulting.
http://www.net-security.org/news.php?id=7166


NEW SECURITY TOOLS FOCUS ON THE DATA
The increasing mobility of digitized data and a growing concern over
privacy is driving security from the network perimeter down to the
data level.
http://www.net-security.org/news.php?id=7167


SPAM GETS VOCAL WITH VOIP
We're all learning to live with spam but an even more annoying
nuisance lies just around the corner. Spit (Spam over internet
telephony) is set to become the next pervasive medium for scammers,
penis pill purveyors and the rest.
http://www.net-security.org/news.php?id=7168


MICROSOFT PROMISES HEAVY INVESTMENT TO TACKLE SECURITY THREATS
Microsoft is spending a third of its $6bn research and development
budget on IT security.
http://www.net-security.org/news.php?id=7169


SECURITY SOFTWARE SHOOTOUT
Not only is Symantec ready for Microsoft's looming invasion of its
turf, its feisty CEO John Thompson is positively spoiling for a
fight.
http://www.net-security.org/news.php?id=7170


RESEARCHERS FIND SECURITY FLAW IN SHA-1
Discovery could speed up cracking of the widely used encryption
algorithm.
http://www.net-security.org/news.php?id=7171


DIGITAL-RIGHTS MANAGEMENT A KEY THEME AT RSA CONFERENCE
Authentica, Liquid Machines, and Microsoft were among the companies
offering new or enhanced versions of DRM software.
http://www.net-security.org/news.php?id=7172


SECURITY AT RISK FROM FAILURE TO WIPE DISKS
Study of old PCs shows basic protection measures are being
overlooked.
http://www.net-security.org/news.php?id=7173


MORE WATCHFUL, PROBABLY NOT SAFER
Are you safer now than you were four years ago?
http://www.net-security.org/news.php?id=7174


NEW MYDOOM WORM USES SEARCH ENGINES TO SPREAD
Worm variant is using e-mail addresses found through popular search
engines.
http://www.net-security.org/news.php?id=7175


NOVELL TAKES ENTERPRISE SECURITY FOCUS
Novell is using the platform of this week's LinuxWorld show to roll
out a string of products and open source activities aimed at boosting
Linux security, in many cases to enterprise levels.
http://www.net-security.org/news.php?id=7176


MICROSOFT ON 'ROOTKITS': BE AFRAID, BE VERY AFRAID.
Microsoft security researchers are warning about a new generation of
powerful system monitoring programs, or "rootkits," that are almost
impossible to detect using current security products and that could
pose a serious risk to corporations and individuals.
http://www.net-security.org/news.php?id=7177


IS LINUX SECURITY A MYTH?
There are rare occasions in IT when a particular architecture reaches
a point where it stops being purely IT driven and takes on a life of
its own.
http://www.net-security.org/news.php?id=7178


USERS BYPASS COPY PROTECTION ON PORTABLE NAPSTER
Users have found a way to skirt copy protection on Napster Inc's
portable music subscription service just days after its high-profile
launch, potentially letting them make CDs with hundreds of thousands
of songs for free.
http://www.net-security.org/news.php?id=7179


TREATING INFECTED SYSTEMS
So your computer has a virus, a Trojan, or one of the other growing
range of pests, what do you do?
http://www.net-security.org/news.php?id=7180


RESEARCHERS: TYPING STYLE CAN BE A PASSWORD
The way you type is as unique as your eye color or speech patterns
and can be used instead of a password to protect your computer,
researchers at Louisiana Tech and Penn State say.
http://www.net-security.org/news.php?id=7181


CRYPTOGRAPHERS TO HOLLYWOOD: PREPARE TO FAIL ON DRM
Movie industry representatives at RSA 2005 in San Francisco today
called on the IT industry in thwarting illegal file sharing before
the problem threatened its revenues.
http://www.net-security.org/news.php?id=7182


ANALYST: MICROSOFT SECURITY MOVES 'MANDATORY'
"These are must-do moves for Microsoft," says Yankee Group analyst
Laura DiDio. "They need to show the industry at large -- their
customers, prospective customers, press, analysts and critics -- that
they're stepping up to the plate and making every possible effort to
make their systems more secure."
http://www.net-security.org/news.php?id=7183


STARTUP DIGS OUT NETWORK WORMS
The designers of security semiconductors are finding they must
inspect application flows ever more closely if they are to wall off
computer viruses and worms that are crawling higher up the software
stack.
http://www.net-security.org/news.php?id=7184


STUDY FINDS WINDOWS MORE SECURE THAN LINUX
Believe it or not, a Windows Web server is more secure than a
similarly set-up Linux server, according to a study presented
yesterday by two Florida researchers.
http://www.net-security.org/news.php?id=7185


SECURITY CARD KEEPS UP WITH 10GBIT/S NETWORKS
The MTP-10G is billed as the world's first wire-speed 10Gbit/s
network intrusion detection and prevention system.
http://www.net-security.org/news.php?id=7186


WARNING ON HARD DRIVES' SECURITY
Half the hard disks studied had personal or commercial information.
http://www.net-security.org/news.php?id=7187


SECURITY EXPERTS WARN OF 'SCARY' NEW WEB SCAM
A Lancashire-based PC hardware site has become the victim of a
sophisticated and disturbing new online fraud.
http://www.net-security.org/news.php?id=7188


TEETHING PROBLEMS FOR WIRELESS LANS
The Wireless LAN is an emerging trend, but as with most young
technologies, it is plagued by insecurities.
http://www.net-security.org/news.php?id=7189


CHECK YOUR FILESYSTEMS' INTEGRITY WITH AFICK
With new threats showing up every day, administrators find it
increasingly hard to establish continued trust with their
filesystems.
http://www.net-security.org/news.php?id=7190


CLARKE RIPS MICROSOFT OVER SECURITY
Former White House adviser alludes to its vulnerabilities.
http://www.net-security.org/news.php?id=7191

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

Invision Power Boards 1.3.1 Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=4034


hpm_guestbook.cgi JavaScript Injection Vulnerability
http://www.net-security.org/vuln.php?id=4033


Multiple Vulnerabilities Resulting From Use of Apple OSX  HFS+
http://www.net-security.org/vuln.php?id=4032


osCommerce 2.2-MS2 Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=4031


ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability
http://www.net-security.org/vuln.php?id=4030


Kdelibs 3.3.2  Insecure Temporary File Creation Vulnerability
http://www.net-security.org/vuln.php?id=4029

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Debian Security Advisory - bidwatcher (DSA 687-1)
http://www.net-security.org/advisory.php?id=4537


Fedora Legacy Update Advisory - Updated cyrus-sasl resolves security
vulnerabilities (FLSA:2137)
http://www.net-security.org/advisory.php?id=4536


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2005:005)
http://www.net-security.org/advisory.php?id=4535


Gentoo Linux Security Advisory - GProFTPD: gprostats format string
vulnerability (GLSA 200502-26)
http://www.net-security.org/advisory.php?id=4534


Gentoo Linux Security Advisory - Squid: Denial of Service through DNS
responses (GLSA 200502-25)
http://www.net-security.org/advisory.php?id=4533


Mandrakelinux Security Update Advisory - kdelibs (MDKSA-2005:045)
http://www.net-security.org/advisory.php?id=4532


Mandrakelinux Security Update Advisory - tetex (MDKSA-2005:044)
http://www.net-security.org/advisory.php?id=4531


Mandrakelinux Security Update Advisory - xpdf (MDKSA-2005:043)
http://www.net-security.org/advisory.php?id=4530


Mandrakelinux Security Update Advisory - gpdf (MDKSA-2005:042)
http://www.net-security.org/advisory.php?id=4529


Mandrakelinux Security Update Advisory - cups (MDKSA-2005:041)
http://www.net-security.org/advisory.php?id=4528


Mandrakelinux Security Update Advisory - postgresql (MDKSA-2005:040)
http://www.net-security.org/advisory.php?id=4527


SGI Security Advisory - SGI Advanced Linux Environment 3 Security
Update #27 (20050207-01-U)
http://www.net-security.org/advisory.php?id=4526


Gentoo Linux Security Advisory - Midnight Commander: Multiple
vulnerabilities (GLSA 200502-24)
http://www.net-security.org/advisory.php?id=4525


HP Security Bulletin - HP Web-enabled Management Software Remote
Buffer Overflow (HPSBMA01116)
http://www.net-security.org/advisory.php?id=4524


KDE Security Advisory - Buffer overflow in fliccd of
kdeedu/kstars/indi (2005-02-15)
http://www.net-security.org/advisory.php?id=4523


Debian Security Advisory - gftp (DSA 686-1)
http://www.net-security.org/advisory.php?id=4522


Turbolinux Security Announcement - postgresql, MySQL, squid, cups
(17/Feb/2005)
http://www.net-security.org/advisory.php?id=4521


Ubuntu Security Notice - php4 vulnerability (USN-66-2)
http://www.net-security.org/advisory.php?id=4520


Debian Security Advisory - emacs21 (DSA 685-1)
http://www.net-security.org/advisory.php?id=4519


Ubuntu Security Notice - mailman vulnerabilities (USN-78-2)
http://www.net-security.org/advisory.php?id=4518


Mandrakelinux Security Update Advisory - rwho (MDKSA-2005:039)
http://www.net-security.org/advisory.php?id=4517


Gentoo Linux Security Advisory - KStars: Buffer overflow in fliccd
(GLSA 200502-23)
http://www.net-security.org/advisory.php?id=4516


Gentoo Linux Security Advisory - wpa_supplicant: Buffer overflow
vulnerability (GLSA 200502-22)
http://www.net-security.org/advisory.php?id=4515


Conectiva Linux Security Announcement - evolution (CLA-2005:925)
http://www.net-security.org/advisory.php?id=4514


Ubuntu Security Notice - lesstif1-1 vulnerabilities (USN-83-1)
http://www.net-security.org/advisory.php?id=4513


Debian Security Advisory - typespeed (DSA 684-1)
http://www.net-security.org/advisory.php?id=4512


Mandrakelinux Security Update Advisory - emacs (MDKSA-2005:038)
http://www.net-security.org/advisory.php?id=4511


Gentoo Linux Security Advisory - lighttpd: Script source disclosure
(GLSA 200502-21)
http://www.net-security.org/advisory.php?id=4510


Gentoo Linux Security Advisory - Emacs, XEmacs: Format string
vulnerabilities in movemail (GLSA 200502-20)
http://www.net-security.org/advisory.php?id=4509


Debian Security Advisory - postgresql (DSA 683-1)
http://www.net-security.org/advisory.php?id=4508


Ubuntu Security Notice - linux-source-2.6.8.1 vulnerabilities
(USN-82-1)
http://www.net-security.org/advisory.php?id=4507


Debian Security Advisory - awstats (DSA 682-1)
http://www.net-security.org/advisory.php?id=4506


Mandrakelinux Security Update Advisory - mailman (MDKSA-2005:037)
http://www.net-security.org/advisory.php?id=4505


Gentoo Linux Security Advisory - PostgreSQL: Buffer overflows in
PL/PgSQL parser (GLSA 200502-19)
http://www.net-security.org/advisory.php?id=4504


Gentoo Linux Security Advisory - AWStats: Remote code execution (GLSA
200501-36:03)
http://www.net-security.org/advisory.php?id=4503


Gentoo Linux Security Advisory - VMware Workstation: Untrusted
library search path (GLSA 200502-18)
http://www.net-security.org/advisory.php?id=4502


Gentoo Linux Security Advisory - Opera: Multiple vulnerabilities
(GLSA 200502-17)
http://www.net-security.org/advisory.php?id=4501


Conectiva Linux Security Announcement - XFree86 (CLA-2005:924)
http://www.net-security.org/advisory.php?id=4500


Symantec Security Advisory - Symantec UPX Parsing Engine Heap
Overflow (SYM05-003)
http://www.net-security.org/advisory.php?id=4499


Zone Labs Security Advisory - Zone Labs IPC Instability (ZL05-01)
http://www.net-security.org/advisory.php?id=4498


Debian Security Advisory - htdig (DSA 680-1)
http://www.net-security.org/advisory.php?id=4497


Debian Security Advisory - toolchain-source (DSA 679-1)
http://www.net-security.org/advisory.php?id=4496


SUSE Security Announcement - mailman (SUSE-SA:2005:007)
http://www.net-security.org/advisory.php?id=4495


Gentoo Linux Security Advisory - ht://Dig: Cross-site scripting
vulnerability (GLSA 200502-16)
http://www.net-security.org/advisory.php?id=4494


Gentoo Linux Security Advisory - PowerDNS: Denial of Service
vulnerability (GLSA 200502-15)
http://www.net-security.org/advisory.php?id=4493


Gentoo Linux Security Advisory - mod_python: Publisher Handler
vulnerability (GLSA 200502-14)
http://www.net-security.org/advisory.php?id=4492


Mandrakelinux Security Update Advisory - cpio (MDKSA-2005:032-1)
http://www.net-security.org/advisory.php?id=4491


Gentoo Linux Security Advisory - Perl: Vulnerabilities in perl-suid
wrapper (GLSA 200502-13)
http://www.net-security.org/advisory.php?id=4490


Gentoo Linux Security Advisory - Webmin: Information leak in Gentoo
binary package (GLSA 200502-12)
http://www.net-security.org/advisory.php?id=4489


Trustix Secure Linux Security Advisory - bind clamav cpio cups
mod_python perl postgresql python squid (#2005-0003)
http://www.net-security.org/advisory.php?id=4488


Debian Security Advisory - netkit-rwho (678-1)
http://www.net-security.org/advisory.php?id=4487

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

PROVIDING DATABASE ENCRYPTION AS A SCALABLE ENTERPRISE INFRASTRUCTURE
SERVICE - PROTECTING AGAINST EXTERNAL AND INTERNAL THREATS
As databases become networked in more complex multi-tiered
applications, their vulnerability to external attack grows.
http://www.net-security.org/article.php?id=768


THE THREAT WITHIN - WHY BUSINESSES NEED TO MANAGE AND MONITOR
EMPLOYEE EMAIL USAGE
The law treats emails as ‘discoverable documents’ in exactly the same
way as all other forms of written communication, and as such, just as
much care and attention should be taken regarding the content of
emails as with other forms of business communication.
http://www.net-security.org/article.php?id=767

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3


----------------------------------------------------------------

AIRSCANNER MOBILE ENCRYPTER 2.0b (Pocket PC)
This tool secures data residing on your PDA and lets you lock your
device to keep others from using it.
http://www.net-security.org/software.php?id=547


DANSGUARDIAN 2.8.0.4 (Linux)
DansGuardian is a web content filter. It filters the actual content
of pages based on many methods including phrase matching, PICS
filtering and URL filtering.
http://www.net-security.org/software.php?id=233


IPTABLES 1.3.0 (Linux)
The netfilter/iptables project is the Linux 2.4.x / 2.5.x firewalling
subsystem.
http://www.net-security.org/software.php?id=4


LIBNIDS 1.20 (Linux)
Libnids is an implementation of an E-component of Network Intrusion
Detection System.
http://www.net-security.org/software.php?id=466


MARADNS 1.0.24 (Linux)
MaraDNS is a DNS server that strives to be secure and fully
open-sourced.
http://www.net-security.org/software.php?id=84


NESSUS 2.2.3 (Linux)
Nessus is a free, powerful, up-to-date and easy to use remote
security scanner.
http://www.net-security.org/software.php?id=19


NUFW 1.0 RC1 (Linux)
NuFW is an "authenticating gateway". This means it requires
authentication for any connections to be forwarded through the
gateway.
http://www.net-security.org/software.php?id=526


ROOTKIT HUNTER 1.2.0 (Linux)
This scanning tool ensures you're clean of nasty tools.
http://www.net-security.org/software.php?id=531


SHOREWALL 2.2.1 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


WINSCP 3.7.4 (Windows)
WinSCP is an open source SSH file transfer protocol and secure copy
client for Windows using SSH.
http://www.net-security.org/software.php?id=6


XPROBE2 0.2.2 (Linux)
Xprobe 2 is an active operating system fingerprinting tool with a
different approach to operating system fingerprinting.
http://www.net-security.org/software.php?id=231


XSS-PROXY 0.0.11 (Linux)
XSS-Proxy is a tool for leveraging Cross-Site-Scripting (XSS) flaws
to hijack victim browsers and allows a bi-directional interactive
control channel between attacker, victim browser and an XSS
vulnerable site.
http://www.net-security.org/software.php?id=596

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at:
http://net-security.org/webcasts.php


----------------------------------------------------------------

Where Privacy Policies Fail: Addressing HIPAA Compliance with Secure
Messaging Technology
Organized by ZixCorp on 23 February 2005, 10:00 AM
http://www.net-security.org/webcast.php?id=354


Make Regulatory Compliance Pay with Enterprise Provisioning - 7
steps to reducing the costs of ongoing compliance
Organized by RSA Security on 24 February 2005, 11:00 AM
http://www.net-security.org/webcast.php?id=358

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Winter 2005 Biometrics Summit
Organized by Advanced Learning Institute - 23 February-25 February
2005
http://www.net-security.org/conference.php?id=129


Fast Software Encryption 2005
Organized by European Network of Excellence - 24 February-25 February
2005
http://www.net-security.org/conference.php?id=109


Financial Cryptography and Security (FC 05) Ninth International
Conference
Organized by RSA Security - 28 February-3 March 2005
http://www.net-security.org/conference.php?id=110


International Workshop on Coding and Cryptography (WCC 2005)
Organized by Selmersenteret, INRIA - 14 March-18 March 2005
http://www.net-security.org/conference.php?id=111


Third IEEE International Information Assurance Workshop (IWIA'05)
Organized by IEEE Computer Society Task Force on Information
Assurance - 24 March-25 March 2005
http://www.net-security.org/conference.php?id=112


Black Hat Briefings & Training Europe 2005
Organized by Black Hat Briefings - 26 March-1 April 2005
http://www.net-security.org/conference.php?id=130


ECCE E-crime and Computer Evidence 2005
Organized by n-gate ltd. - 29 March-30 March 2005
http://www.net-security.org/conference.php?id=94


Indonesia Cryptology and Information Security Conference 2005
Organized by Lembaga Sandi Negara RI - 30 March-31 March 2005
http://www.net-security.org/conference.php?id=113


The 1st International Workshop on Systems and Network Security
(SNS2005)
Organized by University of Colorado at Colorado Springs - 4 April-8
April 2005
http://www.net-security.org/conference.php?id=114


Infosec World 2005
Organized by MIS Training Institute - 4 April-6 April 2005
http://www.net-security.org/conference.php?id=128


Black Hat Briefings & Training Asia 2005
Organized by Black Hat Briefings - 5 April-8 April 2005
http://www.net-security.org/conference.php?id=131


4th Annual PKI R&D Workshop (PKI'05)
Organized by National Institute of Standards and Technology - 19
April-21 April 2005
http://www.net-security.org/conference.php?id=115


Infosecurity Europe 2005
Organized by Reed Exhibitions - 26 April-28 April 2005
http://www.net-security.org/conference.php?id=126


DallasCon 2005 Professional Cyber Defense Conference
Organized by DallasCon - 2 May-5 May 2005
http://www.net-security.org/conference.php?id=127


The International Conference on Computational Science & Its
Applications (ICCSA 05)
Organized by Institute of High Performance Computing - 9 May-12 May
2005
http://www.net-security.org/conference.php?id=116

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

AEP Networks' Netilla Security Platform Named "Best VPN Solution" at
SC  Magazine Global Awards
http://www.net-security.org/press.php?id=2960


Secure Memory Cards In Information Security And Digital Content First
http://www.net-security.org/press.php?id=2959


Vircom's Opinion On Data Protection And Email Retention Policies
http://www.net-security.org/press.php?id=2958


(ISC)2 Awards $50,000 In Scholarship Funds To Information Security
Students
http://www.net-security.org/press.php?id=2957


SSL VPN Book Announced
http://www.net-security.org/press.php?id=2956


Kavado Announces Integration Of Interdo With IBM Tivoli Intelligent
Orchestrator
http://www.net-security.org/press.php?id=2955


AEP Networks Unveils Netilla Secure Gateway Appliance-M, Providing
Secure Remote Access To Microsoft Outlook Web Access
http://www.net-security.org/press.php?id=2954


AEP Networks Launches New Website, Brand Identity To "Secure You
Infrastructure"
http://www.net-security.org/press.php?id=2953


New Generation of Signaling Controller Cards To Meet The Demands of
IP Signaling and Security
http://www.net-security.org/press.php?id=2952


Email Systems Appoints Greg Miller As COO
http://www.net-security.org/press.php?id=2951


SSH Unveils SSH Tectia End-To-End Communications Security For Full
Range Of IBM Eserver Linux Platforms
http://www.net-security.org/press.php?id=2950


Thor Technologies Launches Resource Adapter Certification Program
http://www.net-security.org/press.php?id=2949


TriCipher Receives Investment from Intel Capital
http://www.net-security.org/press.php?id=2948


TriCipher, Inc. Raises $10.1 Million in Series B Round
http://www.net-security.org/press.php?id=2947


TriCipher, Inc. Unveils First Flexible Strong Authentication Solution
http://www.net-security.org/press.php?id=2946


Thor Technologies Adds Support For Red Hat Enterprise Linux To
Enterprise Identity Management Solution
http://www.net-security.org/press.php?id=2945


MDI Announces New Security Solutions Partner Certification Program
and Maintenance Service
http://www.net-security.org/press.php?id=2944


Symantec Network Security 7100 Series Adds Protection Against Spyware
And Bots
http://www.net-security.org/press.php?id=2943


(ISC)2 Honors Dr. Dorothy Denning With 2004 Harold F. Tipton Award
http://www.net-security.org/press.php?id=2942


Ulticom Expands Support for MontaVista Linux
http://www.net-security.org/press.php?id=2941


Senforce Launches Endpoint Security Suite 3.0
http://www.net-security.org/press.php?id=2940


Anfibia Announces Watchman 6.1, Keep Systems Safe From Unauthorized
Eyes
http://www.net-security.org/press.php?id=2939


Sophos Enterprise Solutions Add Proactive Threat Detection And
Address Complexity Of Threats
http://www.net-security.org/press.php?id=2938


FrontBridge Further Extends Global Reach
http://www.net-security.org/press.php?id=2937


Google Hack Honeypot v1.0 is Released
http://www.net-security.org/press.php?id=2936


Forum Systems Delivers the First Single-Source Threat Intelligence
Service for XML Web Services Vulnerabilities at RSA 2005
http://www.net-security.org/press.php?id=2935


Cloudmark Unveils New Anti-Phishing And Anti-Fraud Services At Demo
2005
http://www.net-security.org/press.php?id=2934


Symantec Announces Enterprise-Class Anti-Spyware Solutions
http://www.net-security.org/press.php?id=2933


Qualys Expands its Reach in Managed Security Arena
http://www.net-security.org/press.php?id=2932


Kaspersky Lab presents Kaspersky Personal Security Suite 1.0
http://www.net-security.org/press.php?id=2931


The Netherlands Institute for Cultural Heritage protects its
network with Panda GateDefender 8100
http://www.net-security.org/press.php?id=2930


F-Secure Grew Faster Than All The Other Antivirus Vendors On The
Market
http://www.net-security.org/press.php?id=2929


SteelEye Technology announces and demonstrates LifeKeeper on IBM
eServer OpenPower systems
http://www.net-security.org/press.php?id=2928


CyberGuard Announces New Security Appliance Which Delivers
Application-Layer Security at Gigabit Throughput
http://www.net-security.org/press.php?id=2927


CyberGuard Announces Central Management Solution to Support Entire
Suite of Enterprise Network Security Products
http://www.net-security.org/press.php?id=2926


F-Secure Protects Swisscom's Smartphone Customers Against Harmful
Content
http://www.net-security.org/press.php?id=2925


Lucent Licenses Ulticom’s Signalware for Wireless LAN Integration
http://www.net-security.org/press.php?id=2924


SSH Unveils SSH G3, A Powerful Third Generation Secure Shell
Architecture For SSH Tectia
http://www.net-security.org/press.php?id=2923


JVC Secures Web Communications With Blue Coat
http://www.net-security.org/press.php?id=2922


Skybox Security Selected To Showcase Security Risk Management
Software in Premier “Innovation Station” At RSA Conference 2005
http://www.net-security.org/press.php?id=2921


NetContinuum Announces the NC-1000 4.3 - the Market’s Most
Comprehensive Web Application Security Gateway - at RSA Conference
2005
http://www.net-security.org/press.php?id=2920


F-Secure Anti-Virus Receives Virus Bulletin 100% Award Again
http://www.net-security.org/press.php?id=2919

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly Report on Viruses and Intruders - Mydoom AO/AM and Gaobot
DAC/CYK
http://www.net-security.org/virus_news.php?id=528


New Version Of Mydoom-O Spreading In The Wild
http://www.net-security.org/virus_news.php?id=527

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
REGISTER FOR INFOSECURITY EUROPE 2005
----------------------------------------------------------------
Infosecurity Europe is Europe's number one, dedicated Information
Security event. Now in its 10th anniversary year, Infosecurity
Europe continues to provide an unrivalled education programme,
new products & services, over 250 exhibitors and over 10,000
visitors from every segment of the industry.
----------------------------------------------------------------
Get all the information at: http://www.infosec.co.uk/hns
----------------------------------------------------------------