HNS Newsletter
Issue 270 - 20.06.2005.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.


----------------------------------------------------------------
ALERT: Hackers New Trick: Search Engine Hacking/Web App Worms
----------------------------------------------------------------
Web Application Worms utilize a known exploit, apply worm
methodology and then leverage the power of search engines to
accelerate effectiveness. These attacks mark the beginning of
a new generation of worms targeted at web applications. Are
your web apps vulnerable? Easily test your applications for
over 5,100 web app vulnerabilities and attack methodologies
with our complimentary WebInspect 15-day product trial,
which delivers a comprehensive risk report!
----------------------------------------------------------------
http://www.net-security.org/v/spidyn5
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Webcasts
7) Conferences
8) Security World
9) Virus News


[ Security news ]


----------------------------------------------------------------

SECURITY IN WINDOWS MOBILE 5.0 MESSAGING PACK DISAPPOINTS
Windows Mobile 5.0 Messaging and Security Feature Pack (MSFP) does
not go far enough with security for enterprisewide deployment.
http://www.net-security.org/news.php?id=8002


UNDERSTANDING THE WEB PROXY AND FIREWALL CLIENT AUTOMATIC
CONFIGURATION
In this article we will explore how the ISA Server 2004 Web Proxy and
Firewall Client Automatic Configuration really works from a client
point of view.
http://www.net-security.org/news.php?id=8003


THE KEY TO COMPLIANCE
By ensuring regulatory compliance and at the same time reducing IT
costs, secure enterprise provisioning solutions are sure to evolve
from the great opportunity they currently present to a critical
element of the IT infrastructure of successful businesses.
http://www.net-security.org/news.php?id=8004


RSA EASES SECURITY DEVELOPMENT
RSA Security Inc. has unveiled its BSafe Data Security Manager, which
lets security professionals determine the sensitivity of company data
and automatically builds the necessary protection capabilities into
applications during the development process.
http://www.net-security.org/news.php?id=8005


MOTOROLA DOWNPLAYS DATA SECURITY BREACH
A pair of computers containing personal information on Motorola
workers stolen from the office of a third party contractor has
sparked a minor security flap.
http://www.net-security.org/news.php?id=8006


XEN AIMS TO INCREASE SECURITY IN OPEN SOURCE SOFTWARE
Virtualisation engine sets out to secure open source.
http://www.net-security.org/news.php?id=8007


DEAR SIR: YOUR DATA WAS STOLEN
Millions of tales of potential identity theft are circulating in the
digital city. Mine is just one of them.
http://www.net-security.org/news.php?id=8008


SPAM SIGN-UP MAN CONVICTED OF HARASSMENT
A US man who signed his boss up to various spam lists has been
convicted of harassment.
http://www.net-security.org/news.php?id=8009


OUTSOURCED SECURITY CALLED BATTLE TESTED
Outsourcing corporate security is no longer risky business and large
organizations should hand off network monitoring and security
services as soon as possible.
http://www.net-security.org/news.php?id=8010


CISCO PACKS SECURITY PRODUCTS TOGETHER
Cisco Systems last week introduced software that ties together a
variety of its security products so service providers can offer
more-effective protection against DDoS attacks.
http://www.net-security.org/news.php?id=8011


WHY STANDARDS ARE IMPORTANT FOR WIRELESS SECURITY
Industry standards play a critical role in research and development,
product development and marketing initiatives, which in turn help
organizations meet their business objectives.
http://www.net-security.org/news.php?id=8012


NOT ALL AGREE ON 'OVERHYPED' SECURITY THREATS
Two Gartner analysts released their list of the five most overhyped
IT security threats, with IP telephony and malware for mobile devices
making the list, but not all IT security vendors agreed with the
analysts' assessment.
http://www.net-security.org/news.php?id=8013


SECURITY CHIP TO LIMIT OS X TO MACS
Apple looking to keep operating system from running on third-party
hardware.
http://www.net-security.org/news.php?id=8014


VIRUS-SAFE COMPUTING
Want to know why we can't rid ourselves of viruses?
http://www.net-security.org/news.php?id=8015


JAPANESE 'YAHOO! PHISHER' ARRESTED
Japanese police today arrested a man from Osaka who allegedly ran an
Internet phishing scam based around a site called Yafoo.
http://www.net-security.org/news.php?id=8016


VIRUS FLOOD THREATENS HOME USERS
Virus writers have adopted a new tactic to try to make sure their
malicious programs reach as many victims as possible.
http://www.net-security.org/news.php?id=8017


CONSUMERS CLUELESS ABOUT IT SECURITY
Despite a proliferation in internet use, consumer PC owners remain
dangerously unaware of the threats posed by hackers and viruses,
industry experts warned today.
http://www.net-security.org/news.php?id=8018


INVISIBLE ENCRYPTION
Why didn't this happen sooner? Seagate Technology has just announced
a hard disk drive for laptops and other mobile devices that
automatically encrypts all data as it goes into and comes out of the
drive.
http://www.net-security.org/news.php?id=8019


INTRUSION PROTECTION SYSTEMS GET HOT
Web services and internal threats become a new focus.
http://www.net-security.org/news.php?id=8020


US EXPECTED TO ABANDON BIOMETRIC PASSPORT PLAN
Rules requiring Irish citizens to carry high-tech passports when
visiting the US are to be dropped because the technology behind the
scheme is seen as unreliable.
http://www.net-security.org/news.php?id=8021


ARMY TO LOOK AT BEEFING UP SECURITY ALONG GLOBAL INFORMATION GRID
The Joint Task Force for Global Network Operations will unveil a
document next week that looks at improving the way users manage and
defend the Global Information Grid, the Defense Department's
classified and unclassified network.
http://www.net-security.org/news.php?id=8022


SKULLS TROJAN POSES AS SECURITY CODE
Virus writers have created mobile phone malware that poses as a
pirated copy of F-Secure's mobile anti-virus software.
http://www.net-security.org/news.php?id=8023


HP PROCURVE BOOSTS SECURITY
Vendor adds four new higher-end products and upgrades to its high-end
networking series.
http://www.net-security.org/news.php?id=8024


RSS TO CARRY SPYWARE BEFORE END OF YEAR
By the end of the year, spyware programs will have tripled in number,
put Firefox in their sights, and have turned to RSS to distribute its
key loggers and ad spawners, a security expert said Friday.
http://www.net-security.org/news.php?id=8025


MOBILE & WIRELESS WORLD TO FOCUS ON WI-FI, SECURITY, RFID
When it comes to mobile and wireless technology, what keeps a CIO up
at night?
http://www.net-security.org/news.php?id=8026


SECURITY DEMANDS MULTIPLE STRATEGIES
There are three ways to sell security effectively, whether you're in
the business of selling security or an I.T. manager trying to
convince upper management to spend money on security.
http://www.net-security.org/news.php?id=8027


TWO CASES OF LOST DATA SHINE LIGHT ON RISKS
A pair of recent security breaches shows that data loss can happen in
many different ways for just about any reason.
http://www.net-security.org/news.php?id=8028


LAW AND THE SPYWARE PLAGUE
After a U.S. Senate hearing earlier this month, one senator was
quoted as likening spyware to "somebody walking around your house,
kind of invisibly." The analogy was inadequate.
http://www.net-security.org/news.php?id=8029


SHRED IT!
The second worst thing you can do in the face of a government
investigation is to destroy the documents relevant to that
investigation. The worst thing you can do, of course, is to almost
destroy these documents.
http://www.net-security.org/news.php?id=8030


MICROSOFT LOOKS TO REFINE SECURITY BLUEPRINT
Microsoft last week detailed a multi-year plan to tie together its
security and access protection technologies into a policy-based
network model intended to secure distributed computing.
http://www.net-security.org/news.php?id=8031


TESTING SECURITY WITH HPING
hping is based on the ping utility, but the two applications are used
in different ways.
http://www.net-security.org/news.php?id=8032


VISA USA ADDS TOOL TO ITS CREDIT CARD ANTIFRAUD ARSENAL
Aiming to reduce credit card fraud, Visa USA Inc. has launched a
security tool that allows merchants to instantly check transactions
in stores or online, so they can identify fraud before a transaction
is completed.
http://www.net-security.org/news.php?id=8033


PHISHING ATTACKS SHOW SIXFOLD INCREASE THIS YEAR
Since the start of the year, phishing attacks - fake E-mails designed
to lure unsuspecting victims into giving up valuable personal
information - have increased more than sixfold.
http://www.net-security.org/news.php?id=8034


NOKIA DOWNPLAYS MOBILE VIRUS THREAT
'Unlikely to pose an immediate danger', claims handset giant.
http://www.net-security.org/news.php?id=8035


HIRING HACKERS AS SECURITY CONSULTANTS
The subject of whether it is ethical to use former hackers to
evaluate a networkÕs security is a topic that is often hotly debated.
In this article, I will explore the pros and cons of using former
hackers in such roles.
http://www.net-security.org/news.php?id=8036


IS IPSEC ON BORROWED TIME?
The trouble with IPsec is that it gets overly complicated and
expensive to manage as the user base expands.
http://www.net-security.org/news.php?id=8037


INTERPRETING 'ACCESS' AND 'AUTHORIZATION' IN COMPUTER MISUSE STATUTES
No one knows what it means to access a computer, however, nor when
access becomes unauthorized.
http://www.net-security.org/news.php?id=8038


DATA LOSSES PUSH BUSINESSES TO ENCRYPT BACKUP TAPES
The loss of personal data of millions of consumers is prompting
companies to embrace security technology they have neglected.
http://www.net-security.org/news.php?id=8039


CONGRESS MUST DEAL WITH ID THEFT
A series of Senate hearings this week examines the growing problem of
identity theft. Here's what should be done to stop the scourge.
http://www.net-security.org/news.php?id=8040


TOP OPEN-SOURCE SECURITY APPLICATIONS
According to most security professionals, a top-tier, open-source
security tool must have sufficient history to allow a practitioner to
use it with confidence. 
http://www.net-security.org/news.php?id=8041


STEALTHY TROJAN HORSES, MODULAR BOT SOFTWARE DODGING DEFENSES
Software attack tools that turn PCs into remotely controlled zombies
are getting better, but defenses are not keeping up, say security
experts.
http://www.net-security.org/news.php?id=8042


TREND MICRO BUYS IP FILTERING COMPANY
It plans to add features acquired with Kelkea Inc. to its IT security
products.
http://www.net-security.org/news.php?id=8043


SECURE COMPUTING EASES SECURITY INCIDENT REPORTING
In the spirit of making things simpler, Secure Computing on Monday
shipped new integrated security-incident reporting software.
http://www.net-security.org/news.php?id=8044


CA, IBM AND ORACLE: WE'RE CHECKING IDS
Computer Associates, IBM and Oracle announced upgraded applications
in their respective access and identity management product suites.
http://www.net-security.org/news.php?id=8045


HASHING EXPLOIT THREATENS DIGITAL SECURITY
Cryptographers have found a way to snip a digital signature from one
document and attach it to a fraudulent document without invalidating
the signature and giving the fraud away.
http://www.net-security.org/news.php?id=8046


THREAT GROWS FROM BROWSER-BASED ATTACKS
Survey says security officers are concerned with "pharming" and other
practices.
http://www.net-security.org/news.php?id=8047


SECURING AGAINST THE THREAT OF INSTANT MESSENGERS
Unsecured IM client installations are placing enterprise systems at
risk to hackers, viruses, worms, Trojans, legal liability and
violation of privacy laws.
http://www.net-security.org/news.php?id=8048


HOME WORKING DEEMED 'TOO RISKY'
Potential security threats outweigh productivity benefits, say IT
directors.
http://www.net-security.org/news.php?id=8049


ONLINE BANKING WILL LOSE EDGE IF SECURITY FAILS
Customer fears holding back internet banking says Forrester.
http://www.net-security.org/news.php?id=8050


SECURE YOUR LAPTOP
Hundreds of thousands of laptops are stolen or simply forgotten each
year.
http://www.net-security.org/news.php?id=8051


COMPLIANCE REGS PUT BITE IN WIRELESS SECURITY
Sarbanes-Oxley and HIPAA mean a new focus on wireless network
security.
http://www.net-security.org/news.php?id=8052


SECURING STORAGE: COMPLETE DATA ERASURE ON STORAGE SYSTEMS
When storage systems are upgraded companies often delete the data
from the disks and forget about it. However, there is a tremendous
amount of critical, confidential, and competitive information on
those disks that cannot be completely erased by just pressing a
delete button. This exposes competitive intelligence, increases
vulnerability to industrial espionage and litigation.
http://www.net-security.org/news.php?id=8053


(IN)SECURE MAGAZINE ISSUE 2 HAS BEEN RELEASED
(IN)SECURE Magazine is a freely available, freely distributable
digital security magazine in PDF format. Get your copy of the second
issue today!
http://www.net-security.org/news.php?id=8061


THE LIBERTY ALLIANCE PROJECT GOES AFTER PHISHERS
The Liberty Alliance Project, working on XML-based specifications for
federated identity, is extending its remit to tackle the threat to
digital identity posed by phishing.
http://www.net-security.org/news.php?id=8054


AOL BRANDED MOST INFECTED NETWORK
ISP accused of hosting more zombie PCs than any other network.
http://www.net-security.org/news.php?id=8055


COMPTIA: THREAT GROWS FROM BROWSER-BASED ATTACKS
Browser-based attacks such as "pharming" scams rose significantly for
the third straight year, making them the fastest-growing security
threat.
http://www.net-security.org/news.php?id=8056


CASE OF A WIRELESS HACK
This is a short story about using a couple of computers, some
interesting tools, an operating system and a bit of thinking to solve
a not-entirely-artificial problem of getting wireless internet access
where measureas are in place to stop it.
http://www.net-security.org/news.php?id=8057


AOL: WE'RE NOT ZOMBIE HAVEN
America Online hosts more denial-of-service (DoS) spewing zombie PCs
than any other ISP in the world, a report released Tuesday claimed.
AOL thinks that's just fine.
http://www.net-security.org/news.php?id=8058


MAJOR SPAM PURVEYOR AGREES TO PAY SETTLEMENT
Defendant will pay nearly $500,000 to settle charges he caused $5.9
million in consumer injury with spam schemes involving anti-aging and
weight-loss products.
http://www.net-security.org/news.php?id=8059


GAO SAYS U.S. AGENCIES UNPREPARED TO FIGHT CYBERTHREATS
A majority of them aren't ready to combat phishing, spam and spyware.
http://www.net-security.org/news.php?id=8060


BRITAIN WARNS OF E-MAIL ATTACKS
"We have never seen anything like this in terms of the industrial
scale of this series of attacks," NISCC Director Roger Cumming said.
"This is not a few hackers sitting in their bedroom trying to steal
bank account details from individuals."
http://www.net-security.org/news.php?id=8062


HARDENING LINUX: A 10 STEP APPROACH
This list of steps is intended as a guideline with a practical
approach.
http://www.net-security.org/news.php?id=8063


DISTRIBUTED WIRELESS SECURITY MONITORS
We performed an exhaustive review of these specialized overlay
systems that provide wire-side and wireless rogue-device detection,
RF interference and intrusion-detection capabilities as well as user
and performance monitoring in the 2.4-GHz and 5-GHz ranges.
http://www.net-security.org/news.php?id=8064


THE HIGH COSTS OF HACKING
One fixture of computer break-in stories is the estimated cost of
these crimes.
http://www.net-security.org/news.php?id=8065


CORPORATES FOCUS ON BASICS FOR IT SECURITY DEFENCES
IT departments in large organizations still see firewalls, intrusion
detection and prevention, and anti-virus software as priority
security defences despite recent hype about newer more exotic
security technologies and threats, according to a survey by analysts
Gartner.
http://www.net-security.org/news.php?id=8066


ATTACKERS HIT CANADIAN CREDIT BUREAU
Hackers have hit one of Canada's major credit bureaus.
http://www.net-security.org/news.php?id=8067


MOST WANT GOVERNMENT TO MAKE INTERNET SAFE
Most Americans believe the government should do more to make the
Internet safe, but they don't trust the federal institutions that are
largely responsible for creating and enforcing laws online, a new
industry survey says.
http://www.net-security.org/news.php?id=8068


PHISHERS LOOK TO NET SMALL FRY
Online fraudsters have started targeting smaller banks and credit
unions in hopes of fooling a larger percentage of customers,
according to groups that monitor phishing activity.
http://www.net-security.org/news.php?id=8069

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/vulnerabilities.php


----------------------------------------------------------------

Microsoft ISA Server Basic Credentials Exposure
http://www.net-security.org/vulnerability.php?id=17342


mcGallery admin.php lang Variable Traversal Arbitrary File Access
http://www.net-security.org/vulnerability.php?id=17343


mcGallery show.php host Variable Path Disclosure
http://www.net-security.org/vulnerability.php?id=17344


Singapore admin.class.php Path Disclosure
http://www.net-security.org/vulnerability.php?id=17335


Singapore /admin_default/ Multiple Scripts Path Disclosure
http://www.net-security.org/vulnerability.php?id=17336


Singapore Multiple Default Template Path Disclosure
http://www.net-security.org/vulnerability.php?id=17337


Singapore index.php $_GET Variable XSS
http://www.net-security.org/vulnerability.php?id=17338


Multiple Browser Script Code Obfuscation
http://www.net-security.org/vulnerability.php?id=17334


Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation
http://www.net-security.org/vulnerability.php?id=17312


Java Web Start Untrusted Application Privilege Escalation
http://www.net-security.org/vulnerability.php?id=17299


Java Runtime Environment Untrusted Applet Privilege Escalation
http://www.net-security.org/vulnerability.php?id=17340


LokwaBB pm.php pmid Variable Arbitrary Message Access
http://www.net-security.org/vulnerability.php?id=17292


LokwaBB member.php member Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=17293


LokwaBB misc.php Username Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=17294


Novell eDirectory MS-DOS Device Name Request DoS
http://www.net-security.org/vulnerability.php?id=17298

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2005:016)
http://www.net-security.org/advisory.php?id=4905


Conectiva Linux Security Announcement - php4 (CLA-2005:970)
http://www.net-security.org/advisory.php?id=4904


Conectiva Linux Security Announcement - kopete (CLA-2005:969)
http://www.net-security.org/advisory.php?id=4903


Conectiva Linux Security Announcement - conectivaoffice
(CLA-2005:968)
http://www.net-security.org/advisory.php?id=4902


Mandriva Linux Security Update Advisory - gedit (MDKSA-2005:102)
http://www.net-security.org/advisory.php?id=4901


Mandriva Linux Security Update Advisory - tcpdump (MDKSA-2005:101)
http://www.net-security.org/advisory.php?id=4900


Ubuntu Security Notice - gaim vulnerability (USN-140-1)
http://www.net-security.org/advisory.php?id=4899


SUSE Security Announcement - opera (SUSE-SA:2005:031)
http://www.net-security.org/advisory.php?id=4898


Turbolinux Security Announcement - tcpdump, a2ps, xine-lib, wget
(15/Jun/2005)
http://www.net-security.org/advisory.php?id=4897


US-CERT Technical Cyber Security Alert - Microsoft Windows and
Internet Explorer Vulnerabilities (TA05-165A)
http://www.net-security.org/advisory.php?id=4896


Mandriva Linux Security Update Advisory - gaim (MDKSA-2005:099)
http://www.net-security.org/advisory.php?id=4895


Mandriva Linux Security Update Advisory - rsh (MDKSA-2005:100)
http://www.net-security.org/advisory.php?id=4894


Slackware Security Advisory - gaim (SSA:2005-162-01)
http://www.net-security.org/advisory.php?id=4893


Trustix Secure Linux Security Advisory - kerberos5, mailman,
mod_perl, openssl, php, spamassassin, tcpdump, telnet, wget
(#2005-0028)
http://www.net-security.org/advisory.php?id=4892


Conectiva Linux Security Announcement - openslp (CLA-2005:967)
http://www.net-security.org/advisory.php?id=4891


Conectiva Linux Security Announcement - cvs (CLA-2005:966)
http://www.net-security.org/advisory.php?id=4890

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

SECURING STORAGE: COMPLETE DATA ERASURE ON STORAGE SYSTEMS
Out of sight, out of mind. When storage systems are upgraded, retired
due to proactive maintenance, reach the end of their lease, or are
repurposed or resold, companies often delete the data from the disks
and forget about it. However, there is a tremendous amount of
critical, confidential, and competitive information on those disks
that cannot be completely erased by just pressing a delete button.
http://www.net-security.org/article.php?id=797


THE KEY TO COMPLIANCE
By ensuring regulatory compliance and at the same time reducing IT
costs, secure enterprise provisioning solutions are sure to evolve
from the great opportunity they currently present to a critical
element of the IT infrastructure of successful businesses.
http://www.net-security.org/article.php?id=796

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3


----------------------------------------------------------------

ADVANCED HOST MONITOR 5.34 (Windows)
This is a network monitor program.
http://www.net-security.org/software.php?id=290


AIRSCANNER MOBILE FIREWALL 2.3b (Pocket PC)
Airscanner Mobile Firewall is a full-strength, fully configurable,
NDIS packet-filtering TCP/IP firewall.
http://www.net-security.org/software.php?id=573


CLEAN DISK SECURITY 7.4 (Windows)
This program gives you secure file deletion, making sure that deleted
files cannot be undeleted again.
http://www.net-security.org/software.php?id=385


DANTE 1.1.16 pre-2 (Linux)
Dante is a circuit-level firewall/proxy that can be used to provide
convenient and secure network connectivity to a wide range of hosts.
http://www.net-security.org/software.php?id=43


DESKTOP LOCK 7.0 (Windows)
This program can lock you system (desktop, keyboard, mouse, etc.) to
prevent others from accessing your system.
http://www.net-security.org/software.php?id=49


DEVICELOCK 5.71 Build 85 (Windows)
DeviceLock gives network administrators control over which users can
access what devices on a local computer.
http://www.net-security.org/software.php?id=121


FTIMES 3.5.0 (Linux)
FTimes is a system baselining and evidence collection tool.
http://www.net-security.org/software.php?id=382


ISTUMBLER 94 (Mac OS X)
iStumbler is a free, open source tool for finding AirPort networks,
Bluetooth devices and now mDNS services with your Mac.
http://www.net-security.org/software.php?id=620


KISMAC 0.12a (Mac OS X)
KisMAC is a free stumbler application for MacOS X, that puts your
card into the monitor mode.
http://www.net-security.org/software.php?id=625


LITTLE SNITCH 1.2b4 (Mac OS X)
Little Snitch alerts you on outgoing network connections.
http://www.net-security.org/software.php?id=626


LOGWATCH 6.1.2 (Linux)
Logwatch is a customizable log analysis system.
http://www.net-security.org/software.php?id=129


LUTELWALL 0.98 (Linux)
Lutel's Firewall Script is a Linux IPtables shell script written in
bash for use as a firewall and NAT/masquerade router.
http://www.net-security.org/software.php?id=379


MAC GPG 1.4.1 (Mac OS X)
Mac GNU Privacy Guard (Mac GPG for short) is, after a fashion, the
Mac OS X port of GnuPG.
http://www.net-security.org/software.php?id=628


MARADNS 1.1.41 (Linux)
MaraDNS is a DNS server that strives to be secure and fully
open-sourced.
http://www.net-security.org/software.php?id=84


N.E.W.T. 2.0 (Windows)
N.E.W.T. scans all remote networked machines on single or all domains
and attempts to retrieve a wealth of detailed information.
http://www.net-security.org/software.php?id=316


NUFW 1.0.8 (Linux)
NuFW is an "authenticating gateway". This means it requires
authentication for any connections to be forwarded through the
gateway.
http://www.net-security.org/software.php?id=526


SAMHAIN 2.0.7 (Linux)
Samhain is an open source file integrity and host-based intrusion
detection system.
http://www.net-security.org/software.php?id=125


SUSSEN 0.12 (Linux)
Sussen is a client for the Nessus Security Scanner.
http://www.net-security.org/software.php?id=497


VISNETIC FIREWALL 2.2.6 (Windows)
VisNetic Firewall is a stateful packet level firewall.
http://www.net-security.org/software.php?id=111


WEBJOB 1.5.0 (Linux)
WebJob downloads a program over HTTP/HTTPS and executes it in one
unified operation. Output may be directed to stdout/stderr or a Web
resource.
http://www.net-security.org/software.php?id=460


YASSL 1.0.1 (Linux)
yaSSL is an SSL Library for programmers building security
functionality into their applications and devices.
http://www.net-security.org/software.php?id=521

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at:
http://net-security.org/webcasts.php


----------------------------------------------------------------

Correlating Vulnerability and Attack Data to Improve Enterprise
Security
Organized by Symantec on 21 June 2005, 9:00 AM
http://www.net-security.org/webcast.php?id=379


The Basics of WLAN Security
Organized by Funk Software on 21 June 2005, 1:00 PM
http://www.net-security.org/webcast.php?id=275


The Future of Authentication
Organized by RSA Security on 29 June 2005, 2:00 PM
http://www.net-security.org/webcast.php?id=380


eEye and IIS - Implementing a Multi-Layered Security Solution to Best
Address Spyware, Phishing and Zero Day Attacks
Organized by eEye on 14 July 2005, 2:00 PM
http://www.net-security.org/webcast.php?id=376

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Second European PKI Workshop
Organized by University of Salford - 30 June-1 July 2005
http://www.net-security.org/conference.php?id=118


SIG SIDAR Conference on Detection of Intrusions and Malware &
Vulnerability Assessment (DIMVA 2005)
Organized by German Informatics Society - 7 July-8 July 2005
http://www.net-security.org/conference.php?id=119


The 4th European Conference on Information Warfare and Security (ECIW
2005)
Organized by Academic Conferences International - 11 July-15 July
2005
http://www.net-security.org/conference.php?id=120


The 32nd International Colloquium on Automata, Languages and
Programming (ICALP'05)
Organized by European Association for Theoretical Computer Science -
11 July-15 July 2005
http://www.net-security.org/conference.php?id=121


Black Hat Briefings & Training USA 2005
Organized by Black Hat - 23 July-28 July 2005
http://www.net-security.org/conference.php?id=138


14th USENIX Security Symposium
Organized by USENIX - 31 July-5 August 2005
http://www.net-security.org/conference.php?id=136


3rd Annual Midwest Network Security Forum
Organized by The Institute for Applied Network Security - 3 August-4
August 2005
http://www.net-security.org/conference.php?id=139


Crypto 2005
Organized by International Association for Cryptologic Research - 14
August-18 August 2005
http://www.net-security.org/conference.php?id=122


8th Information Security Conference(ISC'05)
Organized by Institute for Infocomm Research - 21 September-23
September 2005
http://www.net-security.org/conference.php?id=123


The 4th International Workshop for Applied PKI (IWAP'05)
Organized by Institute for Infocomm Research - 21 September-23
September 2005
http://www.net-security.org/conference.php?id=124


RSA Conference Europe 2005
Organized by RSA Conference - 17 October-19 October 2005
http://www.net-security.org/conference.php?id=133


CNIS 2005: IASTED International Conference on Communication, Network
and Information Security
Organized by IASTED - 14 November-16 November 2005
http://www.net-security.org/conference.php?id=137


Asiacrypt 2005
Organized by International Association for Cryptologic Research - 1
December-4 December 2005
http://www.net-security.org/conference.php?id=125

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Zertificon Solutions makes it possible - the Òvirtual admin roomÒ in
outsourcing
http://www.net-security.org/press.php?id=3249


Symantec Managed Security Services Integrates Vulnerability Data to
Enhance Customer Protection
http://www.net-security.org/press.php?id=3248


MIS Training Institute Selects Elemental To Present At The Cracking
E-Fraud 2005 Conference Next Week
http://www.net-security.org/press.php?id=3247


Teslain Releases Rohos Welcome 1.20
http://www.net-security.org/press.php?id=3246


Kaspersky Anti-Virus Version 5.5 for Workstations, Mail and File
Servers for Linux, FreeBSD and OpenBSD released
http://www.net-security.org/press.php?id=3245


eEye Digital Security Announces Discovery of New Security Flaw in
Microsoft Windows
http://www.net-security.org/press.php?id=3244


CyberGuard Achieves Common Criteria EAL 4+ Certification for its
Enterprise-Class TSP Network Security Appliances
http://www.net-security.org/press.php?id=3243


CISA Continues to Be the Highest Paying Tech Certification, According
to New Foote PartnersÕ Study
http://www.net-security.org/press.php?id=3242


O'Reilly Releases "SSH, The Secure Shell: The Definitive Guide,
Second Edition"
http://www.net-security.org/press.php?id=3241


University Of Washington Selects SSH Tectia To Secure Faculty And
Student Accounts
http://www.net-security.org/press.php?id=3240


Utimaco Increases Its Investments in Extending Indirect Sales and
Internationalises Partners Strategy
http://www.net-security.org/press.php?id=3239


DISUK Launches First Backup Tape Encryption Solution-In-A-Box For
Smaller And Mid-Sized Companies
http://www.net-security.org/press.php?id=3238


SmoothWall Launches Modular Firewall For Small To Medium Enterprise
Market
http://www.net-security.org/press.php?id=3237


Bad Guys Use Keyloggers to Get Hold of Your Credit Card Numbers
http://www.net-security.org/press.php?id=3236


Forum Systems Achieves Application Oriented Networking Milestone with
OPSEC Certification from Check Point SoftwareForum SystemsÕ
http://www.net-security.org/press.php?id=3235


Symantec Announces New Intrusion Prevention Solution For Desktops And
Servers
http://www.net-security.org/press.php?id=3234


Blue Coat to Offer CyberGuard's Webwasher URL Filtering on Proxy
Appliances
http://www.net-security.org/press.php?id=3233


Panda GateDefender - effective threat detection certified by ICSA
Labs
http://www.net-security.org/press.php?id=3232


SSH Announces University Licensing Program
http://www.net-security.org/press.php?id=3231


Survey shows IT profession see risk of removable media but turn a
blind eye!
http://www.net-security.org/press.php?id=3230


PlainsCapital Deploys Blue Coat As Foundation For Web Security
http://www.net-security.org/press.php?id=3229

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly Report on Viruses and Intruders - Downloader.DC, Dumador.BC,
Looxee
http://www.net-security.org/virus_news.php?id=557

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
ALERT: Hackers New Trick: Search Engine Hacking/Web App Worms
----------------------------------------------------------------
Web Application Worms utilize a known exploit, apply worm
methodology and then leverage the power of search engines to
accelerate effectiveness. These attacks mark the beginning of
a new generation of worms targeted at web applications. Are
your web apps vulnerable? Easily test your applications for
over 5,100 web app vulnerabilities and attack methodologies
with our complimentary WebInspect 15-day product trial,
which delivers a comprehensive risk report!
----------------------------------------------------------------
http://www.net-security.org/v/spidyn5
----------------------------------------------------------------