HNS NewsletterIssue 260 - 11.04.2005.http://net-security.orgThis is a newsletter delivered to you by Help Net Security. Itcovers weekly roundups of security events that were in thenews the past week.----------------------------------------------------------------REGISTER FOR INFOSECURITY EUROPE 2005----------------------------------------------------------------Infosecurity Europe is Europe's number one, dedicated InformationSecurity event. Now in its 10th anniversary year, InfosecurityEurope continues to provide an unrivalled education programme,new products & services, over 250 exhibitors and over 10,000visitors from every segment of the industry.----------------------------------------------------------------Get all the information at: http://www.infosec.co.uk/hns----------------------------------------------------------------


Table of contents:1) Security news2) Vulnerabilities3) Advisories4) Articles5) Software6) Webcasts7) Conferences8) Security World9) Virus News[ Security news ]----------------------------------------------------------------SECURE REMOTE ACCESS TO OUTLOOK WEB ACCESS WEB SITESIn this article we'll dive into a key ISA firewall OWA securitytechnology - SSL to SSL Bridging.http://www.net-security.org/news.php?id=7484SMARTCARDS MOVE A STEP CLOSEREftpos network operator ETSL has successfully processed its firstsmartcard transactions, another step on the road to retirement forconventional debit and credit cards that store information onmagnetic stripes.http://www.net-security.org/news.php?id=7485REVIEW: PROGRAMS THAT MANAGE PASSWORDSDon't think taking your passwords with you on a USB drive solves allyour security problems. A computer with a surreptitious keyloggingprogram can still capture your passwords.http://www.net-security.org/news.php?id=7486MICROSOFT EX-EMPLOYEE SENTENCED FOR SOFTWARE THEFTA former employee of Microsoft was sentenced to two years in prisonand ordered to pay more than $5 million in restitution for sellingthe world's largest software maker's products for personal gain,federal prosecutors said.http://www.net-security.org/news.php?id=7487IT SECURITY TASK FORCE SETS DEADLINESAn interagency task force charged with identifying federal ITsecurity functions that could be provided centrally has set anambitious timeline for completing its work.http://www.net-security.org/news.php?id=7488HOT SPOTS FOR HACKERS: WIRELESS NETWORKSWar drivers are people who ride in their cars with laptop computersand scout for wireless Internet, or WiFi, connections.http://www.net-security.org/news.php?id=7489GOOGLE YOURSELF TO IDENTIFY SECURITY HOLESGoogle your own network or sites to identify possible security holes.http://www.net-security.org/news.php?id=7490STOLEN VOICES - THE CHALLENGE OF SECURING VOIPThough securing VoIP calls brings with it a set of new and oftenunique challenges, businesses should give as much seriousconsideration to securing their voice traffic as they do to theirdata today.http://www.net-security.org/news.php?id=7491OLD VIRUSES STILL GOING STRONGSecurity vendor Sophos has published a report revealing the top tenviruses causing problems for businesses around the world during themonth of March 2005.http://www.net-security.org/news.php?id=7492NEW BUGS PUTS OUTLOOK AND IE USERS AT RISKSoftware flaws ranked high risk.http://www.net-security.org/news.php?id=7493DATABASE ROOTKIT MENACE LOOMSCrackers are developing more sophisticated techniques for take overthe control of corporate databases using malicious code akin tomalware already common on Unix platforms.http://www.net-security.org/news.php?id=7494RED HAT LINUX 4.0 OFFERS POWER, SECURITYIn our Clear Choice test of Red Hat Enterprise Linux 4.0, (we testedRHEL 4.0 Advanced Server, Red HatÕs most robust Linux distribution),we found huge performance gains over previous editions, beefed upsecurity options and vastly improved hardware detection mechanisms.http://www.net-security.org/news.php?id=7495ALLOWING THE ISA 2004 SERVER TO USE WINDOWS UPDATE SERVICESSteve Moffat provides a step by step walkthrough on allowing the ISAfirewall to use Windows Update Services.http://www.net-security.org/news.php?id=7496LOCAL AUTHORITIES UNDER GREAT WEB SECURITY THREATLocal authorities and small government departments are at thegreatest risk of IT security breaches in the public sector accordingto web management specialists, System Associates.http://www.net-security.org/news.php?id=7497ENTERPRISE I.T. STILL WARY OF XP SP2On April 12th, the tool that Microsoft provided to block updates willbe deactivated and PCs around the world will begin downloading the266-MB upgrade. Only seven percent of those questioned in theAssetMetrix survey had already installed the software.http://www.net-security.org/news.php?id=7498HANDHELD SECURITY TOO EXPENSIVE FOR THE ENTERPRISE?If your enterprise relies on PDAs and smartphones to get businessdone, you may be paying too much to secure it.http://www.net-security.org/news.php?id=7499THE PRICE OF RESTRICTING VULNERABILITY PUBLICATIONSAs in other fields of science, there is a real danger thatpublication restrictions will inhibit the advancement of the state ofthe art in computer security.http://www.net-security.org/news.php?id=7500CARJACKERS SWIPE BIOMETRIC MERC, PLUS OWNER'S FINGERA Malaysian businessman has lost a finger to car thieves impatient toget around his Mercedes' fingerprint security system. Accountant KKumaran, the BBC reports, had at first been forced to start theS-class Merc, but when the carjackers wanted to start it againwithout having him along, they chopped off the end of his indexfinger with a machete.http://www.net-security.org/news.php?id=7501SYBASE INVOKES LICENCE GAG IN FLAW DISCLOSURE ROWDatabase maker Sybase will likely drop legal threats against aUK-based security company this week, allowing the company to publishdetails on six flaws, a source familiar with the negotiations said onMonday.http://www.net-security.org/news.php?id=7502THE DAY AFTER: YOUR FIRST RESPONSE TO A SECURITY BREACHWhat can you do to prevent this from ever happening again?http://www.net-security.org/news.php?id=7503MARCH 2005 DNS POISONING SUMMARYThis report is intended to provide useful details about this incidentto the community.http://www.net-security.org/news.php?id=7504COMPUTER CRIME COST TO BUSINESS SOARSNHTCU figures put cost at £2.4bn in 2004.http://www.net-security.org/news.php?id=7505SERVER AND DOMAIN ISOLATION USING IPSEC AND GROUP POLICYThis article demonstrates how IPsec transport mode can be leveragedas one of the best means currently available to protect corporatenetworks.http://www.net-security.org/news.php?id=7506INTERVIEW WITH JON LECH JOHANSENDepending on your point of view, Jon Lech Johansen is either yourhero or adversary. To the copyright industry, Jon Lech Johansen hasbeen a detriment to their policy of control since the advent ofDe_CSS (Decrypt Content Scrambling System.)http://www.net-security.org/news.php?id=7507THE FEDS CAN OWN YOUR WLAN TOOThis article will be a general overview of the procedures used by theFBI team.http://www.net-security.org/news.php?id=7508MAKING THE MICROSOFT OPERATIONS MANAGER MORE SECUREMicrosoft Operations Manager (MOM) 2005 is a great solution formanaging your Exchange, SQL and other servers - but what aboutsecurity?http://www.net-security.org/news.php?id=7509IN PRAISE OF WINDOWS 2003 SP1Usually I get to use this space to complain about Microsoft's poorsecurity practices, but not this time -- with last week's release ofWindows 2003 Service Pack 1, this time they get praise.http://www.net-security.org/news.php?id=7510WEB POSTCARDS HIDE TROJAN HORSE PROGRAMSSANS Institute warns of attacks that trick users into installingTrojan remote access programs.http://www.net-security.org/news.php?id=7511MABIR MOBILE VIRUS ON THE PROWLWhile the Mabir virus can spread by Bluetooth, there appears to be aflaw in the virus program.http://www.net-security.org/news.php?id=7512WOMAN TO LEAD UK FIGHT AGAINST CYBERCRIMEDetective chief superintendent Sharon Lemon has been appointed headof the National Hi-Tech Crime Unit.http://www.net-security.org/news.php?id=7513THE WIRELESS SECURITY BALANCE GAMEMaking sure that your wireless LAN network is secure is clearlyimportant, but with the technology changing so rapidly, it appearsthat many are sticking with the "good enough" approach.http://www.net-security.org/news.php?id=7514THE INVISIBLE THREAT FROM MOBILE DEVICESWith the increasing convergence of phone and network aware devices,come new and often unnoticed threats. Features such as built-incameras, wireless networking, Bluetooth, calendars, phone books, allpresent their own particular problems, and associated risks.http://www.net-security.org/news.php?id=7515UNIVERSITY SYSTEM WORKS TO THWART HACKERSThe state university system's computing service building, which is atUNLV, is one of the most protected buildings on campus -- or so locallegend goes.http://www.net-security.org/news.php?id=7516MORE SOPHISTICATED CYBER CRIME COSTS UK BILLIONSNational Hi-Tech Crime Unit puts cost at $4.61 billion.http://www.net-security.org/news.php?id=7517GERMANY'S POSTBANK IS HIT BY NEW PHISHING ATTACKGermany's Postbank has been the target of another phishing attack,its third after two back-to-back assaults last year.http://www.net-security.org/news.php?id=7518VIRUS ATTACKS UP 50 PER CENTThe number of virus attacks on enterprises increased by half between2003 and 2004, according to ICSA Labs, an independent division ofinternet security company Cybertrust.http://www.net-security.org/news.php?id=7519IT MANAGERS IGNORE MOBILE SECURITYBlame the user instead.http://www.net-security.org/news.php?id=7520DOES SECURITY RUN IN YOUR VEINS?Fujitsu's system uses palm vein patterns to identify bank customersin Japan.http://www.net-security.org/news.php?id=7521OPENING EYES TO HACKERSEuropeans bracing for rise in data theft.http://www.net-security.org/news.php?id=7522RFID POLICY PANEL RAISES PRIVACY CONCERNSLack of authentication means identity thieves could set up fakereaders.http://www.net-security.org/news.php?id=7523HOW 20% EFFORT CAN GET YOU 80% SECURITYTo manage risk, maintain razor-sharp security architecture and stillenjoy a peaceful night's sleep, security professionals at this week'sInfoSec World conference offered this advice: Know your limits, speakthe boss's language and embrace change.http://www.net-security.org/news.php?id=7524FEWER PERMISSIONS ARE KEY TO LONGHORN SECURITYQuestions remain about Microsoft's plans for a new user privilegesmodel.http://www.net-security.org/news.php?id=7525CHECK POINT TO ROLL OUT SECURE WIRELESS ACCESS POINTCheck Point next week will announce a security appliance for largenumbers of remote sites that are part of corporate VPNs.http://www.net-security.org/news.php?id=7526MARKET ANALYSIS: STORAGE SECURITYYou wouldn't hire any old security service to guard your company'simportant physical assets, would you? We outline areas ofvulnerability and present questions to get you thinking about thelevel of protection your organization needs.http://www.net-security.org/news.php?id=7527SECURITY IN THE PALM OF YOUR HANDWhile the number of corporate employees that work remotely has grownsignificantly during the past several years, the number of threatsand ability to cause significant damage to the corporate network hasalso skyrocketed.http://www.net-security.org/news.php?id=7528DRESSING UP FOR SECURITY SUCCESSLinux PAM (Pluggable Authentication Modules) is a wonderfulauthentication application library that's used by essential programslike 'login' and 'passwd', and, so, is included in virtually everyLinux distribution.http://www.net-security.org/news.php?id=7529WILL SONY CRACKDOWN ON PSP HACKS?Less than two weeks after Sony released its long-anticipatedPlayStation Portable, a handheld gaming device with multimediacapabilities, the device's most ardent fans began spreading detailsabout their successful hacks.http://www.net-security.org/news.php?id=7530DNS ATTACKS ATTEMPT TO MISLEAD CONSUMERSEmployees at more than 500 companies have fallen victim to domainattacks in the last month, underscoring the increasing popularity ofthe tactic among Internet fraudsters, security experts said thisweek.http://www.net-security.org/news.php?id=7531PHONEY MICROSOFT MAIL CAUSES CONCERNTrojan attack spreading.http://www.net-security.org/news.php?id=7532EIGHT PATCHES LINED UP FOR MS APRIL PATCH BATCHMicrosoft is due to publish critical updates for Office and MSNMessenger when it delivers its next batch of security updates nextTuesday (12 April).http://www.net-security.org/news.php?id=7533PARANOID PENGUIN - LINUX VPN TECHNOLOGIESWhich virtual private network is right for you? Mick runs down theoptions and comes up with some winners and some warnings.http://www.net-security.org/news.php?id=7534UNDERENCRYPTED AND OVEREXPOSEDDo you know where your pictures are? A stolen hard drive teaches alesson.http://www.net-security.org/news.php?id=7535----------------------------------------------------------------[ Vulnerabilities ]All vulnerabilities are located here:http://www.net-security.org/vulnerabilities.php----------------------------------------------------------------PostNuke Reviews Module id Variable Path Disclosurehttp://www.net-security.org/vulnerability.php?id=15368PostNuke admin.php module Variable XSShttp://www.net-security.org/vulnerability.php?id=15369PostNuke user.php op Variable XSShttp://www.net-security.org/vulnerability.php?id=15370PostNuke News Module sid Parameter SQL Injectionhttp://www.net-security.org/vulnerability.php?id=15371WebWasher CSM Conf Script navTo2 Variable XSShttp://www.net-security.org/vulnerability.php?id=15354AN HTTPD Server cmdIS.DLL user-agent Field Remote Overflowhttp://www.net-security.org/vulnerability.php?id=15361AN HTTPD Server httpd.log Arbitrary Text Injectionhttp://www.net-security.org/vulnerability.php?id=15362SCO OpenServer auditsh HOME Environment Variable Local Overflowhttp://www.net-security.org/vulnerability.php?id=15358SCO OpenServer termsh HOME Environment Variable Local Overflowhttp://www.net-security.org/vulnerability.php?id=15359SCO OpenServer atcronsh HOME Environment Variable Local Overflowhttp://www.net-security.org/vulnerability.php?id=15360Ocean12 Membership Manager main.asp UserID Variable XSShttp://www.net-security.org/vulnerability.php?id=15306Ocean12 Membership Manager main.asp UserID Parameter SQL Injectionhttp://www.net-security.org/vulnerability.php?id=15307CubeCart index.php Multiple Variable Path Disclosurehttp://www.net-security.org/vulnerability.php?id=15315CubeCart tellafriend.php product Variable Path Disclosurehttp://www.net-security.org/vulnerability.php?id=15316CubeCart view_cart.php add Variable Path Disclosurehttp://www.net-security.org/vulnerability.php?id=15317CubeCart view_product.php product Variable Path Disclosurehttp://www.net-security.org/vulnerability.php?id=15318LiteCommerce cart.php Malformed target Parameter Script SourceDisclosurehttp://www.net-security.org/vulnerability.php?id=15313LiteCommerce cart.php Multiple Parameter SQL Injectionhttp://www.net-security.org/vulnerability.php?id=15314ColdFusion debug Mode Information Disclosurehttp://www.net-security.org/vulnerability.php?id=15301PaFileDB pafiledb.php start Parameter SQL Injectionhttp://www.net-security.org/vulnerability.php?id=15294FreeBSD amd64 Direct Hardware Access Privilege Escalationhttp://www.net-security.org/vulnerability.php?id=15288Active Auction House default.asp Multiple Parameter SQL Injectionhttp://www.net-security.org/vulnerability.php?id=15281Active Auction House ItemInfo.asp itemID Parameter SQL Injectionhttp://www.net-security.org/vulnerability.php?id=15282Active Auction House sendpassword.asp Email Field SQL Injectionhttp://www.net-security.org/vulnerability.php?id=15283Active Auction House start.asp ReturnURL Variable XSShttp://www.net-security.org/vulnerability.php?id=15284Active Auction House account.asp ReturnURL Variable XSShttp://www.net-security.org/vulnerability.php?id=15285Active Auction House sendpassword.asp Title Variable XSShttp://www.net-security.org/vulnerability.php?id=15286Active Auction House watchthisitem.asp itemid Variable XSShttp://www.net-security.org/vulnerability.php?id=15287Gaim gaim_markup_strip_html Function Malformed HTML DoShttp://www.net-security.org/vulnerability.php?id=15276Gaim IRC Plugin Multiple Function Arbitrary Gaim Markup Injectionhttp://www.net-security.org/vulnerability.php?id=15277Gaim Jabber Malformed File Transfer Request DoShttp://www.net-security.org/vulnerability.php?id=15278ProductCart advSearch_h.asp Multiple Parameter SQL Injectionhttp://www.net-security.org/vulnerability.php?id=15263ProductCart advSearch_h.asp keyword Variable XSShttp://www.net-security.org/vulnerability.php?id=15264ProductCart NewCust.asp redirectUrl Variable XSShttp://www.net-security.org/vulnerability.php?id=15266ProductCart storelocator_submit.asp country Variable XSShttp://www.net-security.org/vulnerability.php?id=15267ProductCart techErr.asp error Variable XSShttp://www.net-security.org/vulnerability.php?id=15268Spymac WebOS index.php Multiple Variable XSShttp://www.net-security.org/vulnerability.php?id=15243Spymac WebOS member.php memberid Variable XSShttp://www.net-security.org/vulnerability.php?id=15244Spymac WebOS show_photo.php picid Variable XSShttp://www.net-security.org/vulnerability.php?id=15245Spymac WebOS show_pics.php Multiple Variable XSShttp://www.net-security.org/vulnerability.php?id=15246Spymac WebOS upload_picture.php poll Variable XSShttp://www.net-security.org/vulnerability.php?id=15247Spymac WebOS notes.php Multiple Variable XSShttp://www.net-security.org/vulnerability.php?id=15248Spymac WebOS showthread.php threadid Variable XSShttp://www.net-security.org/vulnerability.php?id=15249Spymac WebOS threadlist.php catid Variable XSShttp://www.net-security.org/vulnerability.php?id=15250Spymac WebOS newreply.php threadid Variable XSShttp://www.net-security.org/vulnerability.php?id=15251Spymac WebOS newthread.php Multiple Variable XSShttp://www.net-security.org/vulnerability.php?id=15252Spymac WebOS manager.php Multiple Variable XSShttp://www.net-security.org/vulnerability.php?id=15253Spymac WebOS newpoll.php Multiple Variable XSShttp://www.net-security.org/vulnerability.php?id=15254Spymac WebOS network.php tos Variable XSShttp://www.net-security.org/vulnerability.php?id=15255Linux Kernel is_hugepage_only_range() Function DoShttp://www.net-security.org/vulnerability.php?id=15256MailEnable SMTP Malformed EHLO Request DoShttp://www.net-security.org/vulnerability.php?id=15232MailEnable IMAP A001 AUTHENTICATE Command Remote Overflowhttp://www.net-security.org/vulnerability.php?id=15231----------------------------------------------------------------[ Advisories ]All advisories are located at:http://www.net-security.org/archive_advi.php----------------------------------------------------------------SUSE Security Announcement - SUSE Security Summary Report(SUSE-SR:2005:010)http://www.net-security.org/advisory.php?id=4705Mandrakelinux Security Update Advisory - sharutils (MDKSA-2005:067)http://www.net-security.org/advisory.php?id=4704Mandrakelinux Security Update Advisory - gtk+2.0 (MDKSA-2005:068)http://www.net-security.org/advisory.php?id=4703SCO Security Advisory - UnixWare 7.1.4 : cdrecord local root exploit(SCOSA-2005.20)http://www.net-security.org/advisory.php?id=4702SCO Security Advisory - UnixWare 7.1.4 : libtiff Multiplevulnerabilities (SCOSA-2005.19)http://www.net-security.org/advisory.php?id=4701SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : cscopelocal attacker can remove arbitrary files (SCOSA-2005.11)http://www.net-security.org/advisory.php?id=4700SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : termshatcronsh auditsh environment buffer overflows (SCOSA-2005.15)http://www.net-security.org/advisory.php?id=4699SCO Security Advisory - UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1: CDE dtlogin unspecified double free (SCOSA-2005.18)http://www.net-security.org/advisory.php?id=4698Mandrakelinux Security Update Advisory - gdk-pixbuf (MDKSA-2005:069)http://www.net-security.org/advisory.php?id=4697Cisco Security Advisory - Vulnerabilities in Cisco IOS Secure ShellServer (1.0)http://www.net-security.org/advisory.php?id=4696SGI Security Advisory - SGI Advanced Linux Environment 3 SecurityUpdate #33 (20050401-01-U)http://www.net-security.org/advisory.php?id=4695Ubuntu Security Notice - mysql-dfsg vulnerability (USN-109-1)http://www.net-security.org/advisory.php?id=4694FreeBSD Security Advisory - unprivileged hardware access on amd64(FreeBSD-SA-05:03.amd64)http://www.net-security.org/advisory.php?id=4693Slackware Security Advisory - PHP (SSA:2005-095-01)http://www.net-security.org/advisory.php?id=4692Ubuntu Security Notice - gtk+2.0, gdk-pixbuf vulnerabilities(USN-108-1)http://www.net-security.org/advisory.php?id=4691Ubuntu Security Notice - ipsec-tools vulnerability (USN-107-1)http://www.net-security.org/advisory.php?id=4690OpenPKG Security Advisory - imapd (OpenPKG-SA-2005.005)http://www.net-security.org/advisory.php?id=4689Trustix Secure Linux Security Advisory - kernel (2005-0011)http://www.net-security.org/advisory.php?id=4688Ubuntu Security Notice - gaim vulnerabilities (USN-106-1)http://www.net-security.org/advisory.php?id=4687Ubuntu Security Notice - php4 vulnerabilities (USN-105-1)http://www.net-security.org/advisory.php?id=4686FreeBSD Security Advisory - sendfile kernel memory disclosure(FreeBSD-SA-05:02.sendfile)http://www.net-security.org/advisory.php?id=4685SUSE Security Announcement - kernel (SUSE-SA:2005:021)http://www.net-security.org/advisory.php?id=4684Conectiva Linux Security Announcement - MySQL (CLA-2005:946)http://www.net-security.org/advisory.php?id=4683Debian Security Advisory - wu-ftpd (DSA 705-1)http://www.net-security.org/advisory.php?id=4682Debian Security Advisory - remstats (DSA 704-1)http://www.net-security.org/advisory.php?id=4681Ubuntu Security Notice - sharutils vulnerability (USN-104-1)http://www.net-security.org/advisory.php?id=4680----------------------------------------------------------------[ Articles ]All articles are located at:http://www.net-security.org/articles_main.phpArticles can be contributed to articles@net-security.org----------------------------------------------------------------THE INVISIBLE THREAT FROM MOBILE DEVICESWith the increasing convergence of phone and network aware devices,come new and often unnoticed threats. Features such as built-incameras, wireless networking, Bluetooth, calendars, phone books, allpresent their own particular problems, and associated risks.http://www.net-security.org/article.php?id=780STOLEN VOICES - THE CHALLENGE OF SECURING VOIPThough securing VoIP calls brings with it a set of new and oftenunique challenges, businesses should give as much seriousconsideration to securing their voice traffic as they do to theirdata today.http://www.net-security.org/article.php?id=779----------------------------------------------------------------[ Software ]Windows software is located at:http://net-security.org/software_main.php?cat=1Linux software is located at:http://net-security.org/software_main.php?cat=2Pocket PC software is located at:http://net-security.org/software_main.php?cat=3----------------------------------------------------------------AUTOPSY FORENSIC BROWSER 2.05 (Linux)The Autopsy Forensic Browser is a graphical interface to the commandline digital forensic analysis tools in The Sleuth Kit.http://www.net-security.org/software.php?id=216CHKROOTKIT 0.45 (Linux)Chkrootkit is a tool to locally check for signs of a rootkit.http://www.net-security.org/software.php?id=210EASY INTEGRITY CHECK SYSTEM 3.1b (Linux)Easy integrity check system is designed primarily for systemadministrators for filesystem intergrity checkings.http://www.net-security.org/software.php?id=410GFI MAILESSENTIALS FOR EXCHANGE/SMTP 11 (Windows)This is a server based anti spam & email management solution forMicrosoft Exchange Server & Notes/SMTP servers.http://www.net-security.org/software.php?id=329HONEYNET SECURITY CONSOLE 2.0 (Windows)Honeynet Security Console is an analysis tool to view events on yourpersonal network or honeynet.http://www.net-security.org/software.php?id=587KISMAC 0.10a (Mac OS X)KisMAC is a free stumbler application for MacOS X, that puts yourcard into the monitor mode.http://www.net-security.org/software.php?id=625LITTLE SNITCH 1.1.1 (Mac OS X)Little Snitch alerts you on outgoing network connections.http://www.net-security.org/software.php?id=626MAC GPG 1.2.4 (Mac OS X)Mac GNU Privacy Guard (Mac GPG for short) is, after a fashion, theMac OS X port of GnuPG.http://www.net-security.org/software.php?id=628NAGIOS 2.0b3 (Linux)Nagios is a host and service monitor designed to inform you ofnetwork problems before your clients, end-users or managers do.http://www.net-security.org/software.php?id=279OP 1.27 (Linux)The op tool provides a flexible means for system administrators togrant access to certain root operations without having to give themfull superuser privileges.http://www.net-security.org/software.php?id=321PASSWORD SAFE 2.09 (Windows)Password Safe is a password database utility.http://www.net-security.org/software.php?id=172SAFE'N'SEC 1.1 (Windows)Safe'n'Sec is a security solution to combat unknown viruses, spywarepackages, Trojans, zero day exploits and combined attacks.http://www.net-security.org/software.php?id=627SHOREWALL 2.2.3 (Linux)Shorewall is an iptables based firewall that can be used on adedicated firewall system, a multi-function masquerade gateway/serveror on a standalone Linux system.http://www.net-security.org/software.php?id=40SILC CLIENT 1.0.2 (Linux)SILC is much more than just about encrypting the traffic. That iseasy enough to do with IRC and SSL hybrids, but even then the entirenetwork cannot be secured, only part of it.http://www.net-security.org/software.php?id=189SSL-EXPLORER 0.1.9 (Windows)The 3SP SSL-Explorer is the world's first open-source SSL-based VPNsolution of its kind.http://www.net-security.org/software.php?id=579THE SLEUTH KIT 2.01 (Linux)The Sleuth Kit is a collection of UNIX-based command line file systemforensic tools.http://www.net-security.org/software.php?id=215YASSL 0.9.8 (Linux)yaSSL is an SSL Library for programmers building securityfunctionality into their applications and devices.http://www.net-security.org/software.php?id=521----------------------------------------------------------------[ Webcasts ]All webcasts are located at:http://net-security.org/webcasts.php----------------------------------------------------------------Best Practices for Deploying & Securing Wireless NetworksOrganized by Airdefense on 12 April 2005, 2:00 PMhttp://www.net-security.org/webcast.php?id=369Vulnerability Expert Forum USOrganized by eEye on 13 April 2005, 1:00 PMhttp://www.net-security.org/webcast.php?id=277Exposing Spyware. Don't be lured into the TrapOrganized by ISS on 13 April 2005, 3:00 PMhttp://www.net-security.org/webcast.php?id=370Vulnerability Expert Forum EuropeOrganized by eEye on 14 April 2005, 3:30 PMhttp://www.net-security.org/webcast.php?id=258----------------------------------------------------------------[ Conferences ]All conferences are located at:http://net-security.org/conferences.php----------------------------------------------------------------OWASP AppSec Europe 2005 ConferenceOrganized by OWASP - 9 April-10 August 2005http://www.net-security.org/conference.php?id=1324th Annual PKI R&D Workshop (PKI'05)Organized by National Institute of Standards and Technology - 19April-21 April 2005http://www.net-security.org/conference.php?id=115Infosecurity Europe 2005Organized by Reed Exhibitions - 26 April-28 April 2005http://www.net-security.org/conference.php?id=126DallasCon 2005 Professional Cyber Defense ConferenceOrganized by DallasCon - 2 May-5 May 2005http://www.net-security.org/conference.php?id=127The International Conference on Computational Science & ItsApplications (ICCSA 05)Organized by Institute of High Performance Computing - 9 May-12 May2005http://www.net-security.org/conference.php?id=116The 18th International FLAIRS ConferenceOrganized by The American Association of Artificial Intelligence - 16May-18 May 2005http://www.net-security.org/conference.php?id=117Second European PKI WorkshopOrganized by University of Salford - 30 June-1 July 2005http://www.net-security.org/conference.php?id=118SIG SIDAR Conference on Detection of Intrusions and Malware &Vulnerability Assessment (DIMVA 2005)Organized by German Informatics Society - 7 July-8 July 2005http://www.net-security.org/conference.php?id=119The 4th European Conference on Information Warfare and Security (ECIW2005)Organized by Academic Conferences International - 11 July-15 July2005http://www.net-security.org/conference.php?id=120The 32nd International Colloquium on Automata, Languages andProgramming (ICALP'05)Organized by European Association for Theoretical Computer Science -11 July-15 July 2005http://www.net-security.org/conference.php?id=121Crypto 2005Organized by International Association for Cryptologic Research - 14August-18 August 2005http://www.net-security.org/conference.php?id=1228th Information Security Conference(ISC'05)Organized by Institute for Infocomm Research - 21 September-23September 2005http://www.net-security.org/conference.php?id=123The 4th International Workshop for Applied PKI (IWAP'05)Organized by Institute for Infocomm Research - 21 September-23September 2005http://www.net-security.org/conference.php?id=124RSA Conference Europe 2005Organized by RSA Conference - 17 October-19 October 2005http://www.net-security.org/conference.php?id=133Asiacrypt 2005Organized by International Association for Cryptologic Research - 1December-4 December 2005http://www.net-security.org/conference.php?id=125----------------------------------------------------------------[ Security World ]All press releases are located at:http://www.net-security.org/press_main.phpSend your press releases to press@net-security.org----------------------------------------------------------------Protect Your Network from Hackers - Linux Network Security Releasedhttp://www.net-security.org/press.php?id=30684A International Cautions Against Lack of Cohesive Physical and ITSecurity Strategies as Critical Pitfall for Business Efficiency andEffectiveness in 2005http://www.net-security.org/press.php?id=3067GFI MailEssentials 11's new SURBL Feature Further Extends Its Lead InSpam Detectionhttp://www.net-security.org/press.php?id=3066Convergence Of IT And Physical Security Continues To Acceleratehttp://www.net-security.org/press.php?id=3065Senforce Enforces Remote Access and Wi-Fi Security for Public Sectorhttp://www.net-security.org/press.php?id=3064Privacy of Online Banking Key to Customer Loyaltyhttp://www.net-security.org/press.php?id=3063SPI Dynamics Announces SecureObjects 1.5 to Automate Development ofSecure Application Codehttp://www.net-security.org/press.php?id=3062SteelEye Launches Next Generation Linux High Availability ClusteringSolutionhttp://www.net-security.org/press.php?id=3061Elemental Delivers Security Compliance Management Products For SafeHarborÕs DoD And Federal Agency Customershttp://www.net-security.org/press.php?id=3060Top Secret German Police Hard Drive Sold Over Ebay For 20 Euroshttp://www.net-security.org/press.php?id=3059CipherTrust announces Peapod UK as new channel partnerhttp://www.net-security.org/press.php?id=3058Safe'n'Sec: The New Generation Of Computer Security Software IsAlready Therehttp://www.net-security.org/press.php?id=3057Elemental Introduces New Security Compliance Management Products ForSatisfying Compliance Requirements And Measurably Improving Securityhttp://www.net-security.org/press.php?id=3056DigitalStakeout Acquires Atlanta-based ScannerXhttp://www.net-security.org/press.php?id=3055Kanguru Solutions Teams Up With Securewave To Provide Complete USB Device Control And Network Security Solutionhttp://www.net-security.org/press.php?id=3054CyberGuard's Paul Henry, Leading IT Security Expert, Provides TenTips for Corporations to Protect Customer Information from IdentityThefthttp://www.net-security.org/press.php?id=3053Cirond Corporation Appoints Network Utilities as UK Partnerhttp://www.net-security.org/press.php?id=3052MDI Announces Several Key Promotions in the Sales Organization andHires New Director of Corporate Marketinghttp://www.net-security.org/press.php?id=3051----------------------------------------------------------------[ Virus News ]All virus news are located at:http://www.net-security.org/viruses.php----------------------------------------------------------------Weekly Report on Viruses and Intruders - Mytob Worm Affecting CellPhoneshttp://www.net-security.org/virus_news.php?id=542Fake Microsoft Security Update Website Used To Deliver Trojan Horsehttp://www.net-security.org/virus_news.php?id=541----------------------------------------------------------------Questions, contributions, comments or ideas go to:Help Net Security staffstaff@net-security.orghttp://net-security.org----------------------Unsubscribe from this weekly digest on:http://www.net-security.org/subscribe.phpThe archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php

----------------------------------------------------------------REGISTER FOR INFOSECURITY EUROPE 2005----------------------------------------------------------------Infosecurity Europe is Europe's number one, dedicated InformationSecurity event. Now in its 10th anniversary year, InfosecurityEurope continues to provide an unrivalled education programme,new products & services, over 250 exhibitors and over 10,000visitors from every segment of the industry.----------------------------------------------------------------Get all the information at: http://www.infosec.co.uk/hns----------------------------------------------------------------