HNS Newsletter Issue 272 - 04.07.2005. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. ---------------------------------------------------------------- FREE COMPUTER SECURITY WHITEPAPERS, CASE STUDIES AND MORE! ---------------------------------------------------------------- Find the latest white papers, case studies, webcasts and product information to help you with your technical purchasing decisions. View the Daily Top 50 Reports for the most popular IT reports on technology products and services. ---------------------------------------------------------------- http://net-security.bitpipe.com/ ---------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Software 6) Webcasts 7) Conferences 8) Security World 9) Virus News [ Security news ] ---------------------------------------------------------------- GERMAN TECH UNIVERSITY OFFERS SUMMER HACKING COURSE Summer school gives researchers opportunity to explore intrusion techniques. http://www.net-security.org/news.php?id=8127 UK ID CARDS COSTS GO UP The government's proposals for ID cards are under fire today from the London School of Economics which estimates the scheme could cost twice as much as the government claims. http://www.net-security.org/news.php?id=8128 TARGETED ATTACKS POSE NEW SECURITY CHALLENGE Targeted hacker attacks, such as the one believed to have caused the massive credit card security breach disclosed this month, are low tech and well understood. http://www.net-security.org/news.php?id=8129 UK TO OUTSOURCE BIOMETRIC VISA CHECKS TO MUMBAI The UK is to outsource visa application checks "wherever there is an outsource partner", following trials in its largest visa posts in Mumbai, Delhi and Islamabad. http://www.net-security.org/news.php?id=8130 THEY WELCOME WIRELESS SPAM? Wireless carriers will have to fortify their defenses in the battle against text-messaging spam or eventually risk a customer revolt, industry watchers say. http://www.net-security.org/news.php?id=8131 WHAT IS SPYWARE? THE INDUSTRY CAN'T AGREE Many anti-spyware programs scour computer hard drives for those data-tracking files called cookies that we often get from Web visits. http://www.net-security.org/news.php?id=8132 UNDERSTANDING CONTINUOUS DATA PROTECTION A critical element of total backup systems, CDP products can help you find that needle in your data haystack. More importantly, they offer restoration capabilities that tape, replication and snapshot technologies lack. http://www.net-security.org/news.php?id=8133 HOMELAND SECURITY CIO MUST BUILD AUTHORITY President Bush last week tapped Agriculture Department CIO Scott Charbo for the top IT position at the Department of Homeland Security, a job rife with organizational and technological challenges. http://www.net-security.org/news.php?id=8134 ADOPTION OF ALTERNATE E-MAIL SECURITY TECHNOLOGIES PUSHED "Each protocol provides different answers to different problems involving e-mail security issues. But both new protocols deal with sender authentication," Thomas Gillis, senior vice president for worldwide marketing at IronPort Systems, said. http://www.net-security.org/news.php?id=8135 AUSSIES PROSECUTE FIRST 'SPAMMER' Australia is prosecuting the first alleged spammer under its new-ish Spam Act. http://www.net-security.org/news.php?id=8136 USERS WANT PRAGMATIC SECURITY RULES The massive scope of the CardSystems Solutions security breach earlier this month is likely to fuel even more calls for new data-protection regulations and tougher enforcement of existing ones, security managers said last week. http://www.net-security.org/news.php?id=8137 ESECURITY MANAGEMENT COMES OF AGE To keep pace with increasing complexity in enterprise business operations, the related information security processes and technologies have evolved into a reliable, mature system. http://www.net-security.org/news.php?id=8138 BROWSER IDENTIFICATION FOR WEB APPLICATIONS This paper outlines techniques that allow users to determine client browser types remotely. http://www.net-security.org/news.php?id=8139 WHEN GOOD SECURITY GOES BAD You've installed all the right hardware, and so your network is safe, right? Wrong! Too many administrators have found out that security is about more than hardware alone. Here's what to do when good security goes bad. http://www.net-security.org/news.php?id=8140 SECURITY WORRIES NET USERS US consumers are more concerned about identity theft and the security of online commerce in the wake of recent data breaches, say surveys released last week. http://www.net-security.org/news.php?id=8141 PORN SPAM ON THE RISE AGAIN Inboxes sizzle as junk mailers resurrect the old scams. http://www.net-security.org/news.php?id=8142 FEDS FACE DEADLINES ON SMART ID CARDS Plans due this week; technical issues, coordination pose hurdles for agencies. http://www.net-security.org/news.php?id=8143 CYBERSECURITY GROUP SPREADS TO EUROPE CSIA works on issues such as privacy and information integrity. http://www.net-security.org/news.php?id=8144 PRIVACY FEARS PROMPT CVS TO TURN OFF ONLINE SERVICE Drugstore chain CVS Corp. has temporarily disabled a feature on its Web site after concerns were raised that unauthorized persons could improperly obtain customer-purchase records via e-mail. http://www.net-security.org/news.php?id=8145 CA BUYS FIREWALL DEVELOPER TINY SOFTWARE CA buys firewall developer Tiny Software http://www.net-security.org/news.php?id=8146 U.S. OFFICIALS: INFORMATION SHARING KEY TO SECURITY IT should be an important consideration when reforming U.S. intelligence systems, according to a government report. http://www.net-security.org/news.php?id=8147 ENCRYPT DATA OR INVITE DISASTER In today’s workplace, stealing information doesn’t require a covert Special Forces team. http://www.net-security.org/news.php?id=8148 PROTECTING THE NUMBERS E-commerce is buried beneath a blanket of fear. Online purchases, according to some observers, are down by nearly half; Internet banking by nearly a third. http://www.net-security.org/news.php?id=8149 WHERE'S THE THREAT? As consultants, seeing one client who recognizes the importance of security, regardless of their size, is vilifying. http://www.net-security.org/news.php?id=8150 RSS: SAFE AT ANY FEED? When Microsoft laid out its plans last week for building RSS into Longhorn, it didn't say anything about how it might secure the automated feeds. http://www.net-security.org/news.php?id=8151 SECURITY EXECS: UNDER PRESSURE AND UNDER PREPARED A new survey of corporate security executives shows that their jobs are more difficult to handle than just a year ago, and they're not prepared to handle some significant security issues. http://www.net-security.org/news.php?id=8152 ADWARE FIRM 180SOLUTIONS IN IMAGE MAKEOVER Adware maker 180solutions has embarked on an image makeover with a campaign to notify users that its software is installed on their systems and tips on removing its software. http://www.net-security.org/news.php?id=8153 SECURITY VENDORS RESPOND TO HEIGHTENED CONCERNS CA adds firewall, other vendors offer updates. http://www.net-security.org/news.php?id=8154 POPE WORM TURNS NASTY 'Conspiracy theory' about death of John Paul II lures unsuspecting users. http://www.net-security.org/news.php?id=8155 HP INTRODUCES BIOMETRIC LAPTOP The new notebook PC includes a fingerprint sensor. http://www.net-security.org/news.php?id=8156 NASA HACKER JAILED A US man was jailed for four months last week after he was convicted of hacking into US government computers and defacing web sites. http://www.net-security.org/news.php?id=8157 CYBERCRIMINALS GET A 10-YEAR JAIL SENTENCE Two men have been sentenced to a total of 10 years in prison for their roles in a wide range of online fraud activities, U.K. authorities said this week. http://www.net-security.org/news.php?id=8158 DENIAL OF SERVICE ATTACKS: "SMURFING" This article provides good information on what a Denial of Service (DoS) attack is and why they can be so harmful to networks and sites on the Internet. http://www.net-security.org/news.php?id=8159 XEN DEVELOPERS FOCUS ON SECURITY Enhanced virtual desktop could protect remote consumer transactions. http://www.net-security.org/news.php?id=8160 TRIAL FOR GERMAN SASSER WRITER BEGINS NEXT TUESDAY Plenty of eyeballs will be scouring the 'Net next Tuesday to learn more about the fate of Sven Jaschan. http://www.net-security.org/news.php?id=8161 LINUX SECURITY DEFINED A system running Linux is highly versatile and can be made as secure as a system running UNIX. http://www.net-security.org/news.php?id=8162 SMART HANDHELDS ARE DUMB SECURITY RISK Nearly half of UK businesses do not secure smart handheld devices to the same high level they secure laptop computers. http://www.net-security.org/news.php?id=8163 SECURITY FEATURES ON MPEG DECODER PREVENT PIRACY To prevent the piracy of digital broadcasts on pay television, NEC Electronics America, Inc. rolled out a single-chip MPEG decoder with enhanced security features for digital set-top boxes (STBs). http://www.net-security.org/news.php?id=8164 FOR BETTER SECURITY, KEEP AN EYE ON ACTIVEX You probably have encountered ActiveX controls on the Internet. Web pages that play music probably use them. ActiveX controls also can open Windows Media movies or Microsoft Word documents inside a browser window. http://www.net-security.org/news.php?id=8165 ANTI-SPYWARE MARKET TO ROCKET The corporate anti-spyware market is predicted to explode over the next four years extending to more than 540m seats in 2009, a 30-fold increase from an estimated 16m seats in 2005, according to a study by analysts the Radicati Group published this week. http://www.net-security.org/news.php?id=8166 CO-OPERATING WITH THE INTERNET POLICE National Hi-Tech Crime Unit chief Sharon Lemon aims to work with businesses and IT vendors. http://www.net-security.org/news.php?id=8167 HOW TO DEAL WITH PUSHY SECURITY VENDORS I find myself feeling disturbed this month. Why? Because of security vendors that don't know how to tone down the hype. http://www.net-security.org/news.php?id=8168 BLUETOOTH BACKERS OFFER SECURITY TIPS Users of the wireless technology are urged to take precautions to avoid attacks. http://www.net-security.org/news.php?id=8169 INDIA TO TIGHTEN DATA-SECRECY LAWS India will tighten laws to prevent cyber crimes and ensure data secrecy after a call center employee allegedly sold personal data on 1,000 British customers, an official said Wednesday. http://www.net-security.org/news.php?id=8170 OPEN SOURCE HIDES SECRET DATA The art of hiding information from anyone except from the intended receiver has been used for many centuries. http://www.net-security.org/news.php?id=8171 MICROSOFT HELPS JAPAN'S CYBERCOPS Microsoft Corp. is providing Japan's National Police Agency (NPA) with early warnings about security threats. http://www.net-security.org/news.php?id=8172 NORWEGIAN POSTS CRACK FOR GOOGLE VIDEO SOFTWARE It took only a day for this experienced hacker to crack Google's new video viewer. http://www.net-security.org/news.php?id=8173 SECURITY FEARS OVER MEDICAL DATABASE Electronic records pose greater threat than ID cards, BMA told. http://www.net-security.org/news.php?id=8174 MICROSOFT READY TO DISCUSS RSS SECURITY Microsoft will be taking a closer look at the security of a new Web publishing technology it plans to integrate into the next major version of Windows, code-named Longhorn. http://www.net-security.org/news.php?id=8175 ENCRYPTION - THE MISSING DEFENCE TOOL IN MANY COMPANIES’ SECURITY POLICY There is a real threat to data security if tapes are not encrypted, no matter how high the level of physical security used when transporting tapes to a ‘secure’ area away from the primary business location for disaster recovery plans. http://www.net-security.org/news.php?id=8176 CREDIT CARD SECURITY: SAGA OF BROKEN RULES Remember this equation: (security + privacy) - action = liability http://www.net-security.org/news.php?id=8177 MEN BLAMED FOR SPYWARE SURGE Male workers are twice as likely as their female colleagues to swap music files at work on a daily basis, according to a new survey by censorware firm Surfcontrol. http://www.net-security.org/news.php?id=8178 ATTACKERS SEEK VULNERABLE VERITAS BACKUP INSTALLATIONS Users urged to apply patch. http://www.net-security.org/news.php?id=8179 THREAT TO ENTERPRISE SECURITY - WI-FI With the rapid adoption of Wi-Fi networks by enterprise IT departments everywhere, network security now involves an entirely new dimension of vulnerability to malicious hackers and casual intruders. http://www.net-security.org/news.php?id=8180 FBI PROBES PHISHING OF EBAY IN NORWAY A Norwegian Internet radio site has been shut down pending an FBI investigation of a possible attempt to swindle customers of the eBay Web auction house, the company hosting the site said Wednesday. http://www.net-security.org/news.php?id=8181 MICROSOFT IN TALKS TO BUY ADWARE DEVELOPER Purchase could fall through because of concerns about how deal would be seen by the public. http://www.net-security.org/news.php?id=8182 SHARE PERMISSIONS This article will take an in-depth look at the pitfalls and suggested methods on how to protect the resources that are shared from servers to users on the network. http://www.net-security.org/news.php?id=8183 FIGHTING EPO VIRUSES This article studies complex Entry Point Obscuring (EPO) viruses, by looking at the detection and removal of the difficult Win32.CTX.Phage virus. http://www.net-security.org/news.php?id=8184 ID THEFT TIPS When you and your family or friends go on vacation, you can't let your guard against ID theft go too! Don't let identity thieves take away all the fun from your summer vacation. http://www.net-security.org/news.php?id=8185 HACKERS UNLEASH INDUSTRIAL SPY TROJAN Malware targets very small number of high value domains. http://www.net-security.org/news.php?id=8186 RATS IN THE SECURITY WORLD There are many rats in the security world, starting with email and other insecure protocols that should be abandoned overnight. http://www.net-security.org/news.php?id=8187 ANTI-SPAM SUCCESS DRIVES MALWARE AUTHORS DOWNMARKET Crooks are turning to spyware scams because it's getting harder to make money from spam, according to a leading UK anti-virus expert. http://www.net-security.org/news.php?id=8188 FAKE MICROSOFT SECURITY ALERT INCLUDES TROJAN PATCH Bogus security bulletin links to malicious software that gives attackers complete access to the infected machine. http://www.net-security.org/news.php?id=8189 AFFORDABLE IT: SECURING YOUR IM SYSTEMS Your end users are going to use Instant Messaging systems - with or without IT's blessing. Find out how to keep your network safe and secure, whether your IM app is public or private. http://www.net-security.org/news.php?id=8190 FIRMS STILL NEGLECTING PDA SECURITY Survey finds high number of firms failing to enforce security guidelines. http://www.net-security.org/news.php?id=8191 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/vulnerabilities.php ---------------------------------------------------------------- Golden FTP Server Pro LS Command Traversal Information Disclosure http://www.net-security.org/vulnerability.php?id=17678 Golden FTP Server Pro Nonexistant File Request Path Disclosure http://www.net-security.org/vulnerability.php?id=17679 Comdev News Publisher wce.editnews.php s_type Variable XSS http://www.net-security.org/vulnerability.php?id=17651 Nortel Communication Server FTP CEL Command Remote DoS http://www.net-security.org/vulnerability.php?id=17618 IA eMailServer IMAP4 LIST Command Remote DoS http://www.net-security.org/vulnerability.php?id=17609 Linux Kernel on AMD64 Crafted syscall() Argument Local DoS http://www.net-security.org/vulnerability.php?id=17545 PHP-Fusion submit.php Multiple Variable XSS http://www.net-security.org/vulnerability.php?id=17611 paFAQ index.php id Variable XSS http://www.net-security.org/vulnerability.php?id=17563 paFAQ index.php username Variable SQL Injection http://www.net-security.org/vulnerability.php?id=17564 paFAQ Unspecified Multiple Scripts id Variable SQL Injection http://www.net-security.org/vulnerability.php?id=17565 paFAQ Upload a Language Pack Arbitrary Code Execution http://www.net-security.org/vulnerability.php?id=17567 paFAQ backup.php Database Disclosure Privilege Escalation http://www.net-security.org/vulnerability.php?id=17566 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- SCO Security Advisory - UnixWare 7.1.4 : Mozilla updated to 1.7.8 fixes security issues (SCOSA-2005.29) http://www.net-security.org/advisory.php?id=4949 Trustix Secure Linux Security Advisory - clamav, cpplus, dev, imagemagick, kerberos5, kernel, openldap, pam_ldap, perl-net-server, php, php4, sqlgrey, swup (#2005-0031) http://www.net-security.org/advisory.php?id=4948 Mandriva Linux Security Update Advisory - kernel-2.4 (MDKSA-2005:111) http://www.net-security.org/advisory.php?id=4947 Mandriva Linux Security Update Advisory - kernel (MDKSA-2005:110) http://www.net-security.org/advisory.php?id=4946 Debian Security Advisory - spamassassin (736-1) http://www.net-security.org/advisory.php?id=4945 Mandriva Linux Security Update Advisory - kernel (MDKSA-2005:110) http://www.net-security.org/advisory.php?id=4944 Debian Security Advisory - spamassassin (736-1) http://www.net-security.org/advisory.php?id=4943 Mandriva Linux Security Update Advisory - php-pear (MDKSA-2005:109) http://www.net-security.org/advisory.php?id=4942 Mandriva Linux Security Update Advisory - squirrelmail (MDKSA-2005:108) http://www.net-security.org/advisory.php?id=4941 Debian Security Advisory - sudo (735-1) http://www.net-security.org/advisory.php?id=4940 NetBSD Security Advisory - Local DoS via audio device with specific drivers (2005-002) http://www.net-security.org/advisory.php?id=4939 NetBSD Security Advisory - Crypto leaks across HyperThreaded CPUs (2005-001) http://www.net-security.org/advisory.php?id=4938 Debian Security Advisory - crip (DSA 733-1) http://www.net-security.org/advisory.php?id=4937 FreeBSD Security Advisory - TCP connection stall denial of service (FreeBSD-SA-05:15.tcp) http://www.net-security.org/advisory.php?id=4936 EnGarde Secure Linux Advisory - bzip2 denial of service and permission race vulnerabilities (FreeBSD-SA-05:14.bzip2) http://www.net-security.org/advisory.php?id=4935 FreeBSD Security Advisory - ipfw packet matching errors with address tables (FreeBSD-SA-05:13.ipfw) http://www.net-security.org/advisory.php?id=4934 US-CERT Technical Cyber Security Alert - VERITAS Backup Exec Software is actively being exploited (TA05-180A) http://www.net-security.org/advisory.php?id=4933 Cisco Security Advisory - RADIUS Authentication Bypass (1.0) http://www.net-security.org/advisory.php?id=4932 SUSE Security Announcement - clamav (SUSE-SA:2005:038) http://www.net-security.org/advisory.php?id=4931 Ubuntu Security Notice - ruby1.8 vulnerability (USN-146-1) http://www.net-security.org/advisory.php?id=4930 Mandriva Linux Security Update Advisory - ImageMagick (MDKSA-2005:107) http://www.net-security.org/advisory.php?id=4929 Mandriva Linux Security Update Advisory - spamassassin (MDKSA-2005:106) http://www.net-security.org/advisory.php?id=4928 Ubuntu Security Notice - wget vulnerabilities (USN-145-1) http://www.net-security.org/advisory.php?id=4927 Turbolinux Security Announcement - squid, libtiff, sudo, ruby (28/Jun/2005) http://www.net-security.org/advisory.php?id=4926 Ubuntu Security Notice - dbus vulnerability (USN-144-1) http://www.net-security.org/advisory.php?id=4925 SUSE Security Announcement - RealPlayer (SUSE-SA:2005:037) http://www.net-security.org/advisory.php?id=4924 Ubuntu Security Notice - linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities (USN-143-1) http://www.net-security.org/advisory.php?id=4923 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- ENCRYPTION - THE MISSING DEFENCE TOOL IN MANY COMPANIES’ SECURITY POLICY There is a real threat to data security if tapes are not encrypted, no matter how high the level of physical security used when transporting tapes to a ‘secure’ area away from the primary business location for disaster recovery plans. http://www.net-security.org/article.php?id=801 BROWSER IDENTIFICATION FOR WEB APPLICATIONS This paper outlines techniques that allow users to determine client browser types remotely. http://www.net-security.org/article.php?id=800 ---------------------------------------------------------------- [ Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 Pocket PC software is located at: http://net-security.org/software_main.php?cat=3 Mac OS X software is located at: http://net-security.org/software_main.php?cat=5 ---------------------------------------------------------------- 1ST SECURITY AGENT 6.1 (Windows) 1st Security Agent offers an administrative support for controlling which users are allowed to access your PC and the level of access each user may have. http://www.net-security.org/software.php?id=255 AIRSNORT 0.2.7e (Linux) AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. http://www.net-security.org/software.php?id=262 ANTIPHARMING 1.00 (Windows) AntiPharming uses active and passive protections for identifying and stopping Pharming attacks. http://www.net-security.org/software.php?id=203 CAIN & ABEL 2.7.3 (Windows) Cain & Abel is a password recovery tool for Microsoft operating systems. http://www.net-security.org/software.php?id=110 FAKE AP 0.3.2 (Linux) Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. http://www.net-security.org/software.php?id=259 GENERIC SECURITY SERVICE 0.0.15 (Windows) A Generic Security Service (GSS-API) implementation. http://www.net-security.org/software.php?id=96 IP-TOOLS 2.50 (Windows) IP-Tools offers many TCP/IP utilities in one program. http://www.net-security.org/software.php?id=275 KEYCHAIN 2.5.4.1 (Linux) Keychain helps you to manage RSA and DSA keys in a convenient and secure manner. http://www.net-security.org/software.php?id=239 MAILSCANNER 4.43.8 (Linux) MailScanner is a virus scanner for e-mail designed for use on e-mail gateways. http://www.net-security.org/software.php?id=144 NIKTO 1.35 (Linux) Nikto is a web server scanner which performs comprehensive tests against web servers. http://www.net-security.org/software.php?id=223 NMAP PARSER 1.01 (Linux) An nmap parser for xml scan data using PERL. http://www.net-security.org/software.php?id=532 OPENPROTECT 5.0.3 (Linux) OpenProtect is a server-side email protector which guards against spam and viruses in addition to providing content filtering, using a variety of open- source packages. http://www.net-security.org/software.php?id=247 ORACLE PASSWORD REPOSITORY 1.1.8 (Linux) This is a Unix-based secure tool for storage and retrieval of Oracle database passwords. http://www.net-security.org/software.php?id=418 PASSWORD POLICY ENFORCER 4.01 (Windows) Password Policy Enforcer checks every new password for compliance with the password policy. http://www.net-security.org/software.php?id=98 PDFKEY PRO 1.0 (Mac OS X) With PDFKey Pro you can easily recover editing and printing capabilities to password protected PDF documents. http://www.net-security.org/software.php?id=246 PRELUDE MANAGER 0.9.0 RC6 (Linux) Prelude Manager is the main program of the Prelude Hybrid IDS suite. http://www.net-security.org/software.php?id=264 RSSH 2.2.3 (Linux) rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. http://www.net-security.org/software.php?id=236 SAMHAIN 2.0.8 (Linux) Samhain is an open source file integrity and host-based intrusion detection system. http://www.net-security.org/software.php?id=125 SECRETS PROTECTOR PRO 2005 3.01 (Windows) A three-in-one privacy tool: folder locker, secure eraser and privacy manager. http://www.net-security.org/software.php?id=234 SECURE HIVE 1.1.0.0 (Windows) Secure Hive encryption software protects files, emails, graphics and text. http://www.net-security.org/software.php?id=240 SECURITY ADMINISTRATOR 10.1 (Windows) This password-protected security utility enables you to impose a variety of access restrictions to protect your privacy and stop others from tampering with your PC. http://www.net-security.org/software.php?id=256 SECURITY FILTER 2.0 (Windows) SecurityFilter is a Java Servlet Filter that mimics container managed security. http://www.net-security.org/software.php?id=237 SPYWARE/ADWARE REMOVER 9.2.0.8 (Windows) BPS Spyware/Adware Remover is a multi adware, spyWare, trackware, thiefware and Big Brotherware removal utility with multi-language support. http://www.net-security.org/software.php?id=277 SSL-EXPLORER 0.1.12 (Windows) The 3SP SSL-Explorer is the world's first open-source SSL-based VPN solution of its kind. http://www.net-security.org/software.php?id=579 TOR 0.1.0.11 (Windows) An anonymous Internet communication system. http://www.net-security.org/software.php?id=253 TRACKS ERASER PRO 5.3 (Windows) Tracks Eraser Pro is a privacy cleaner that can clean up all Internet tracks and other activity trails on your computer. http://www.net-security.org/software.php?id=268 WINDEVELOPER IMF TUNE 2.5 (Windows) Unleash the full power of the MS Exchange Intelligent Message Filter. http://www.net-security.org/software.php?id=244 WINDOW WASHER 6.0 (Windows) Wash away your online and offline tracks to protect your privacy. http://www.net-security.org/software.php?id=260 XYRIA:DNSD 0.6 (Linux) Xyria:DNSd is an high performance DNS server that supports only the most important features and resource records while being extremely fast and secure. http://www.net-security.org/software.php?id=93 ZONEALARM 5.5.094.000 (Windows) Firewalls must protect you from incoming as well as outgoing traffic, and ZoneAlarm delivers. http://www.net-security.org/software.php?id=95 ---------------------------------------------------------------- [ Webcasts ] All webcasts are located at: http://net-security.org/webcasts.php ---------------------------------------------------------------- Securing the Development Phase of the Application Development Lifecycle Organized by Symantec on 7 July 2005, 9:00 AM http://www.net-security.org/webcast.php?id=382 Email Security and Availability - How to Maximize Availability and Minimize Risk for your Critical Messaging Environment Organized by Symantec on 12 July 2005, 9:00 AM http://www.net-security.org/webcast.php?id=381 Wireless Networks: How to Win the Race with Hackers Organized by AirDefense on 13 July 2005, 2:00 PM http://www.net-security.org/webcast.php?id=383 eEye and IIS - Implementing a Multi-Layered Security Solution to Best Address Spyware, Phishing and Zero Day Attacks Organized by eEye on 14 July 2005, 2:00 PM http://www.net-security.org/webcast.php?id=376 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://net-security.org/conferences.php ---------------------------------------------------------------- SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2005) Organized by German Informatics Society - 7 July-8 July 2005 http://www.net-security.org/conference.php?id=119 The 4th European Conference on Information Warfare and Security (ECIW 2005) Organized by Academic Conferences International - 11 July-15 July 2005 http://www.net-security.org/conference.php?id=120 The 32nd International Colloquium on Automata, Languages and Programming (ICALP'05) Organized by European Association for Theoretical Computer Science - 11 July-15 July 2005 http://www.net-security.org/conference.php?id=121 Black Hat Briefings & Training USA 2005 Organized by Black Hat - 23 July-28 July 2005 http://www.net-security.org/conference.php?id=138 14th USENIX Security Symposium Organized by USENIX - 31 July-5 August 2005 http://www.net-security.org/conference.php?id=136 3rd Annual Midwest Network Security Forum Organized by The Institute for Applied Network Security - 3 August-4 August 2005 http://www.net-security.org/conference.php?id=139 Crypto 2005 Organized by International Association for Cryptologic Research - 14 August-18 August 2005 http://www.net-security.org/conference.php?id=122 8th Information Security Conference(ISC'05) Organized by Institute for Infocomm Research - 21 September-23 September 2005 http://www.net-security.org/conference.php?id=123 The 4th International Workshop for Applied PKI (IWAP'05) Organized by Institute for Infocomm Research - 21 September-23 September 2005 http://www.net-security.org/conference.php?id=124 RSA Conference Europe 2005 Organized by RSA Conference - 17 October-19 October 2005 http://www.net-security.org/conference.php?id=133 CNIS 2005: IASTED International Conference on Communication, Network and Information Security Organized by IASTED - 14 November-16 November 2005 http://www.net-security.org/conference.php?id=137 Asiacrypt 2005 Organized by International Association for Cryptologic Research - 1 December-4 December 2005 http://www.net-security.org/conference.php?id=125 ---------------------------------------------------------------- [ Security World ] All press releases are located at: http://www.net-security.org/press_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- AGAVA Software announces AGAVA AntispamServant http://www.net-security.org/press.php?id=3281 Corporate Productivity Suffers As Volume of Legitimate Mail Falls During UK Heatwave Says Email Systems http://www.net-security.org/press.php?id=3280 Criston Selects Data Management for its leadership in the Security Market http://www.net-security.org/press.php?id=3279 Criston expands into Australian Market http://www.net-security.org/press.php?id=3278 Packaging manufacturer signs each e-mail to protect against phishing and spam http://www.net-security.org/press.php?id=3277 Prominent International Bank Chooses ASC to Protect Customer Privacy http://www.net-security.org/press.php?id=3276 Senforce Announces Expanded Anti-Virus Enforcement and Support http://www.net-security.org/press.php?id=3275 MDI’s iTRUST Integrated Access Control & Video Security Solution Nominated for 2005 Security Technology Award by Secure Convergence Journal http://www.net-security.org/press.php?id=3274 CyberGuard Raises the Bar for Web Filtering Security with Triple Anti-Virus Engines for its Webwasher Content Security Suite http://www.net-security.org/press.php?id=3273 SmoothWall launches modular firewall and web content filter for school and college networks http://www.net-security.org/press.php?id=3272 Utimaco and Microsoft­ enable authentication for accessing Windows systems through Belgian eID http://www.net-security.org/press.php?id=3271 MessageLabs Welcomes Stiffer Sentencing Given To Phishing Gang http://www.net-security.org/press.php?id=3270 AppSecInc First to Offer Comprehensive Best-Practice Database Security Policies for Payment Card Industry (PCI) Standard http://www.net-security.org/press.php?id=3269 Orange Switzerland and F-Secure start pilot phase of an antivirus service for mobile phone customers http://www.net-security.org/press.php?id=3268 IMF Tune Whitelisting, Blacklisting and SCL Management to Beef Up the Exchange Intelligent Message Filter http://www.net-security.org/press.php?id=3267 Announcing Ethical Hacking 101 course in London and Brussels http://www.net-security.org/press.php?id=3266 BeCrypt Launches Disk Protect 3.0 With Disk Encryption With Enhanced Options For Mobile Devices http://www.net-security.org/press.php?id=3265 O'Reilly Releases "Mac OS X Tiger for Unix Geeks" http://www.net-security.org/press.php?id=3264 Criston Announces the Availability of Precision 5.2 http://www.net-security.org/press.php?id=3263 Providers must take preventative action now to combat mobile phone viruses - says StreamShield http://www.net-security.org/press.php?id=3262 Award-winning Kerio WinRoute Firewall adds Clientless SSL VPN to its new version http://www.net-security.org/press.php?id=3261 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Weekly Report on Viruses and Intruders - Trj/PGPCoder.B, Trj/Mitglieder.DQ and Trj/Bancos.GW, W32/Oscarbot.AY and W32/Codbot.AP http://www.net-security.org/virus_news.php?id=560 Virtual Postcard Spam Delivers Malware Surprise http://www.net-security.org/virus_news.php?id=559 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ---------------------------------------------------------------- FREE COMPUTER SECURITY WHITEPAPERS, CASE STUDIES AND MORE! ---------------------------------------------------------------- Find the latest white papers, case studies, webcasts and product information to help you with your technical purchasing decisions. View the Daily Top 50 Reports for the most popular IT reports on technology products and services. ---------------------------------------------------------------- http://net-security.bitpipe.com/ ----------------------------------------------------------------