HNS Newsletter Issue 273 - 11.07.2005. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. ---------------------------------------------------------------- InfoSec Research Library - http://net-security.bitpipe.com ---------------------------------------------------------------- In association with BitPipe, Help Net Security is giving you a possibility to freely read the latest white papers, case studies, webcasts and product information related to information security. Some of the topics covered include: Authentication, Email Security, Identity Management, Network Security, Security Policies. VPN and Wireless Security. ---------------------------------------------------------------- Point your bowsers to: http://net-security.bitpipe.com ---------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Articles 5) Software 6) Webcasts 7) Conferences 8) Security World 9) Virus News [ Security news ] ---------------------------------------------------------------- LAPTOP THEFT - AN INSIDER'S GUIDE TO NOT BECOMING ANOTHER STATISTIC Protecting against laptop and data theft would appear to be relatively easy but, in a business sense, is rarely so. This article provides some basic steps for employees to follow in order to protect laptops. http://www.net-security.org/news.php?id=8192 PASSIVE FINGERPRINTING WITH P0F P0f is a passive fingerprinting tool that offers interesting possibilities for gathering information about other systems, without generating any traffic at all (unlike active port scanners ala Nmap). http://www.net-security.org/news.php?id=8193 DATA SECURITY IS RETAILERS' JOB, TOO BJ's Wholesale Club provides a sobering example of what can happen when identity thieves attack, stealing customer data. http://www.net-security.org/news.php?id=8194 CISCO SNAPS UP SECURITY FIRM Cisco last week said it has agreed to pay $30 million for a year-old start-up called NetSift. http://www.net-security.org/news.php?id=8195 JUDGE BANS COMPANY'S DECEPTIVE ANTI-SPYWARE CLAIMS The Federal Trade Commission in the US has won an preliminary injunction against Trustsoft. http://www.net-security.org/news.php?id=8196 REVERSE ENGINEERING PATCHES MAKING DISCLOSURE A MOOT CHOICE? When Microsoft released limited information on a critical vulnerability in Internet Explorer last month, reverse engineer Halvar Flake decided to dig deeper. http://www.net-security.org/news.php?id=8197 HOW (AND WHY) TO TURN A LINUX SERVER INTO A ROUTER Peter Harrison explains why Linux can reduce the cost of routers and how to make that happen. http://www.net-security.org/news.php?id=8198 TALE OF THE TAPE: ENCRYPT DATA NOW Data should be encrypted in transit. http://www.net-security.org/news.php?id=8199 DNS NAME SERVING THROUGH NSD Given the sheer importance of name servers in providing Domain Name System (DNS) resolution, not many people put much thought into the available software alternatives for pulling off this feat. One compelling application is NSD, an alternative to the widely deployed BIND name server. http://www.net-security.org/news.php?id=8200 KEEPING EMAIL UNDER LOCK AND (PUBLIC) KEY With governments and law enforcement organizations pushing for increasingly intrusive monitoring and logging of business email messages, network administrators are put in an uncomfortable situation. http://www.net-security.org/news.php?id=8201 ARE FIREWALLS EXPENDABLE? The firewall's fate is up for debate. http://www.net-security.org/news.php?id=8202 SYMBIAN TROJAN DRAINS THE LIFE FROM PHONES Virus writers have created a new Symbian Trojan called Doomboot-A that loads an earlier mobile virus (Commwarrior-B) onto vulnerable smartphones. http://www.net-security.org/news.php?id=8203 HACKERS CRACK TWO-FACTOR SECURITY Technology is not the golden bullet to stop web fraud, warn security experts. http://www.net-security.org/news.php?id=8204 CHINA SIGNS ANTI-SPAM PACT China - the world's second biggest producer of spam behind the US - has signed up to an international agreement to crack down on unsolicited email. http://www.net-security.org/news.php?id=8205 DECOYS SUGGESTED FOR PENTAGON NETWORK Two of the Pentagon's leading technologists propose defending the military's Global Information Grid by using decoy networks and "honey pots" to fool hackers. http://www.net-security.org/news.php?id=8206 RBC CENTURA WARNS 10,000 IN SECURITY BREACH RBC Centura has notified 10,000 customers in five states that their credit and debit card numbers were among those stolen when computer hackers penetrated a credit card processing company. http://www.net-security.org/news.php?id=8207 SECURING YOUR NETWORK FROM INBOUND AND OUTBOUND THREATS A case study of deploying strong authentication and Web filtering to protect from inbound and outbound security threats. http://www.net-security.org/news.php?id=8208 OPEN SOURCE VS. WINDOWS: SECURITY DEBATE RAGES It's a topic of fierce debate among high-tech cognoscenti: What's more secure -- "open source" code such as Linux and Apache, or proprietary "closed source" operating systems and applications, Microsoft's in particular? http://www.net-security.org/news.php?id=8209 RANDOM NUMBER GENERATORS: WHAT DO YOU NEED ONE FOR? Random numbers are utilized in many different areas, ranging from cryptography (in general) to source port and process ID randomization in some operating systems. http://www.net-security.org/news.php?id=8210 SECURITY EXPERTS WARN OVER MOBILE THREATS While still just a drop in the ocean compared to internet security threats, the incidences of malware targeting mobile phones is growing. http://www.net-security.org/news.php?id=8211 IBM AND BANKS DRAW UP DATA SECURITY BLUEPRINT IBM has formed a Data Governance Council with dozens of leading financial companies and other suppliers to develop a ÒblueprintÓ to protect personal data. http://www.net-security.org/news.php?id=8212 NEW TROJAN HITS SYMBIAN SMARTPHONES A Trojan capable of ruining smartphones running the Symbian Series 60 operating system has been discovered, a security expert said Tuesday. http://www.net-security.org/news.php?id=8213 AIR FORCE TAPS SECURE ULTRAWIDEBAND Sandia National Laboratories has combined ultrawideband (UWB) radio signals with advanced encryption techniques to develop a secure sensor and communications network for the U.S. military. http://www.net-security.org/news.php?id=8214 OUTSOURCERS PLAY DOWN SECURITY RISK Offshoring industry moves to calm UK customers' fears after Indian security breach. http://www.net-security.org/news.php?id=8215 GERMAN TEENAGER ADMITS IN COURT TO CREATING SASSER WORM Teenager faces maximum of five years in prison for worm that crashed hundreds of thousands of computers. http://www.net-security.org/news.php?id=8216 HACKERS MAKE WAY FOR CRIMINALS, EXPERTS SAY Spotty teenage hackers who set off global email viruses are being replaced by serious online crooks whose stealth attacks don't make headlines but cause more damage, security software makers said on Tuesday. http://www.net-security.org/news.php?id=8217 PREVENTING MALICIOUS SPYWARE IN THE ENTERPRISE Malicious spyware is an increasing threat to the enterprise. Older technologies are fast becoming ineffective; what is needed is a behavioral heuristics approach. http://www.net-security.org/news.php?id=8218 HACKERS TURN TO ROOT KITS FOR WEB ATTACKS Growing in popularity and difficult to beat. http://www.net-security.org/news.php?id=8219 FLAWED USC ADMISSIONS SITE ALLOWED ACCESS TO APPLICANT DATA A programming error in the University of Southern California's online system for accepting applications from prospective students left the personal information of users publicly accessible, school officials confirmed this week. http://www.net-security.org/news.php?id=8220 WHO'S TO BLAME FOR INSECURITY? If there's one thing the security industry is really good at, it's pointing fingers. http://www.net-security.org/news.php?id=8221 FINANCIAL FIRMS TO SHARE ID THEFT DATA WITH FTC They hope it will help law enforcement probes of ID thefts. http://www.net-security.org/news.php?id=8222 AVOIDING IDENTITY THEFT This article is designed to help network administrators and consumers understand the issues surrounding the rapidly growing concern of "Identity Theft". http://www.net-security.org/news.php?id=8223 IN THE STOLEN-DATA TRADE, MOSCOW IS THE WILD EAST The most expensive wares in Moscow's software markets, the items that some Russians are calling a threat to their personal safety, aren't on public display. http://www.net-security.org/news.php?id=8224 WI-FI CLOAKS A NEW BREED OF INTRUDER Though wireless mooching is preventable, it often goes undetected. http://www.net-security.org/news.php?id=8225 THREAT INCREASES FROM IM-BASED ATTACKS Hackers exploit weaknesses with viruses, worms and phishing scams. http://www.net-security.org/news.php?id=8226 ADOBE UPDATE QUELLS UNIX PDF PERIL Adobe has issued patches for a common vulnerability in various Unix versions of its Acrobat Reader software to guard against possible hacker attack. http://www.net-security.org/news.php?id=8227 WHY SPAM FILTERS DON'T WORK The best analogy might be comparing a spam filter to a cigarette filter -- the heaviest duty cigarette filters still let toxins, fibers and tar through. http://www.net-security.org/news.php?id=8228 AFTER A PRIVACY BREACH, HOW SHOULD YOU BREAK THE NEWS? Based on a recent study conducted by Ponemon Institute, we can provide some insight on what customers' expectations are when they receive notification. http://www.net-security.org/news.php?id=8229 LONGHORN LOCKED DOWN TO FIGHT HACKERS Intruders wished "good luck" as new OS prevents unauthorised access. http://www.net-security.org/news.php?id=8230 SIMPLIFY YOUR LIFE - ELIMINATE PASSWORDS In this whitepaper, you learn how you can easily implement IBM's recommended password elimination Single Sign-On architecture. http://www.net-security.org/news.php?id=8231 MS DOWNGRADES CLARIA ADWARE DETECTION Here's one for the conspiracy theorists. Microsoft has downgraded detection of the Claria adware application by its anti-spyware software days after reports began circulating that Redmond might buy the online marketing firm. http://www.net-security.org/news.php?id=8232 A SMALL PRICE TO PAY FOR CUTTING E-CRIME Companies could help to reduce the £2.4bn UK e-crime bill. http://www.net-security.org/news.php?id=8233 CHECK POINT BEEFS UP SPYWARE DEFENCES Check Point Software is to build improved spyware defences into the next version of its ZoneAlarm. http://www.net-security.org/news.php?id=8234 IS IT SPYWARE OR ADWARE? People are used to antivirus programs where everything is black and white. http://www.net-security.org/news.php?id=8235 MAN ARRESTED FOR HOPPING ON TO HOME WI-FI NETWORK Although security options exist, unprotected wireless LANs are still common. http://www.net-security.org/news.php?id=8236 THE ROOT OF THE ROOTKIT Rootkits are hard to detect and can give hackers full control of your system. http://www.net-security.org/news.php?id=8237 NAT TRAVERSAL (NAT-T) SECURITY ISSUES Network Address Translation (NAT) is a technology that has, in a small way, revolutionized Internet communications. http://www.net-security.org/news.php?id=8238 WINDOWS AND OFFICE PATCHES AHEAD Patch Tuesday around the corner. http://www.net-security.org/news.php?id=8239 HACKERS FOR HIRE What started out as an online businessman's dirty tactic lasted for almost half a year and cost victims over US$2 million. http://www.net-security.org/news.php?id=8240 SASSER SUSPECT WALKS FREE The teenage author of the infamous Sasser worm has been sentenced to one year and nine months probation. http://www.net-security.org/news.php?id=8241 EFFECTIVE NETWORK MANAGEMENT FOR SECURITY AND COMPLIANCE This white paper provides an overview of network security and compliance for network managers, network architects and network security experts and outlines key solutions. http://www.net-security.org/news.php?id=8242 SURFERS GET SMART ON SPYWARE Internet users claim to have changed their habits. http://www.net-security.org/news.php?id=8243 ---------------------------------------------------------------- [ Vulnerabilities ] All vulnerabilities are located here: http://www.net-security.org/vulnerabilities.php ---------------------------------------------------------------- pngcntrp kaiseki.cgi Arbitrary Command Execution http://www.net-security.org/vulnerability.php?id=17784 phpWebSite index.php Search Module Multiple Variable SQL Injection http://www.net-security.org/vulnerability.php?id=17788 phpWebSite index.php Search Module mod Variable Traversal Arbitrary File Access http://www.net-security.org/vulnerability.php?id=17789 Xerox WorkCentre Unspecified Authentication Bypass http://www.net-security.org/vulnerability.php?id=17765 Xerox WorkCentre Crafted HTTP Request DoS http://www.net-security.org/vulnerability.php?id=17766 MediaWiki Page Move Template XSS http://www.net-security.org/vulnerability.php?id=17763 AutoIndex PHP Script index.php search Variable XSS http://www.net-security.org/vulnerability.php?id=17753 Covide Groupware-CRM User ID SQL Injection http://www.net-security.org/vulnerability.php?id=17752 QuickBlogger Comment sys.php Multiple Variable Arbitrary Script Insertion http://www.net-security.org/vulnerability.php?id=17751 Mark Kronsbein MyGuestbook form.inc.php3 lang Variable Remote File Inclusion http://www.net-security.org/vulnerability.php?id=17750 Access Remote PC Registry Cleartext User Credential Disclosure http://www.net-security.org/vulnerability.php?id=17749 Gossamer Threads Links user.cgi Email Field Arbitrary Script Insertion http://www.net-security.org/vulnerability.php?id=17742 Gossamer Threads Links add.cgi Multiple Field Arbitrary Script Insertion http://www.net-security.org/vulnerability.php?id=17743 Adobe Acrobat Reader UnixAppOpenFilePerform() Function /Filespec Tag Processing Overflow http://www.net-security.org/vulnerability.php?id=17740 Jinzora include_path Variable Remote File Inclusion http://www.net-security.org/vulnerability.php?id=17736 Yahoo! 360¡ User Status Disclosure http://www.net-security.org/vulnerability.php?id=17729 EasyPHPCalendar calendar.php serverPath Variable Remote File Inclusion http://www.net-security.org/vulnerability.php?id=17723 EasyPHPCalendar popup.php serverPath Variable Remote File Inclusion http://www.net-security.org/vulnerability.php?id=17731 EasyPHPCalendar header.inc.php serverPath Variable Remote File Inclusion http://www.net-security.org/vulnerability.php?id=17732 EasyPHPCalendar datePicker.php serverPath Variable Remote File Inclusion http://www.net-security.org/vulnerability.php?id=17733 EasyPHPCalendar setupSQL.php serverPath Variable Remote File Inclusion http://www.net-security.org/vulnerability.php?id=17734 ekg Symlink Arbitrary File Manipulation http://www.net-security.org/vulnerability.php?id=17722 ASP Nuke forgot_password.asp email Variable XSS http://www.net-security.org/vulnerability.php?id=17700 ASP Nuke register.asp Multiple Variable XSS http://www.net-security.org/vulnerability.php?id=17701 ASP Nuke language_select.asp HTTP Response Splitting http://www.net-security.org/vulnerability.php?id=17702 ASP Nuke comment_post.asp TaskID Variable SQL Injection http://www.net-security.org/vulnerability.php?id=17703 Cacti SQL Injection Filter Bypass http://www.net-security.org/vulnerability.php?id=17721 Quick & Dirty PHPSource Printer source.php Traversal Arbitrary File Access http://www.net-security.org/vulnerability.php?id=17713 log4sh Symlink Arbitrary File Manipulation http://www.net-security.org/vulnerability.php?id=17711 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Debian Security Advisory - drupal (DSA 745-1) http://www.net-security.org/advisory.php?id=4982 Slackware Security Advisory - zlib DoS (SSA:2005-189-01) http://www.net-security.org/advisory.php?id=4981 US-CERT Technical Cyber Security Alert - Targeted Trojan Email Attacks http://www.net-security.org/advisory.php?id=4980 SUSE Security Announcement - php/pear XML::RPC (SUSE-SA:2005:041) http://www.net-security.org/advisory.php?id=4979 Debian Security Advisory - DSA 744-1 (fuse) http://www.net-security.org/advisory.php?id=4978 Debian Security Advisory - ht (DSA 743-1) http://www.net-security.org/advisory.php?id=4977 Trustix Secure Linux Security Advisory - net-snmp, zlib (#2005-0034) http://www.net-security.org/advisory.php?id=4976 Debian Security Advisory - sudo (DSA 735-2) http://www.net-security.org/advisory.php?id=4975 Debian Security Advisory - spamassassin (DSA 736-2) http://www.net-security.org/advisory.php?id=4974 Debian Security Advisory - DSA 742-1 (cvs) http://www.net-security.org/advisory.php?id=4973 Conectiva Linux Security Announcement - cacti (CLA-2005:978) http://www.net-security.org/advisory.php?id=4972 Mandriva Linux Security Update Advisory - MDKSA-2005:112 (zlib) http://www.net-security.org/advisory.php?id=4971 OpenPKG Security Advisory - zlib (OpenPKG-SA-2005.013) http://www.net-security.org/advisory.php?id=4970 Debian Security Advisory - bzip2 (DSA 741-1) http://www.net-security.org/advisory.php?id=4969 SUSE Security Announcement - heimdal (SUSE-SA:2005:040) http://www.net-security.org/advisory.php?id=4968 SUSE Security Announcement - SUSE-SA:2005:039 (zlib) http://www.net-security.org/advisory.php?id=4967 Ubuntu Security Notice - php4, php4-universe fixed packages (USN-147-2) http://www.net-security.org/advisory.php?id=4966 Debian Security Advisory - zlib (DSA 740-1) http://www.net-security.org/advisory.php?id=4965 Ubuntu Security Notice - zlib vulnerability (USN-148-1) http://www.net-security.org/advisory.php?id=4964 Debian Security Advisory - trac (DSA 739-1) http://www.net-security.org/advisory.php?id=4963 FreeBSD Security Advisory - Buffer overflow in zlib (FreeBSD-SA-05:16.zlib) http://www.net-security.org/advisory.php?id=4962 Turbolinux Security Announcement - ImageMagick, wget (06/Jul/2005) http://www.net-security.org/advisory.php?id=4961 Debian Security Advisory - razor (DSA 738-1) http://www.net-security.org/advisory.php?id=4960 Debian Security Advisory - clamav (DSA 737-1) http://www.net-security.org/advisory.php?id=4959 Conectiva Linux Security Announcement - sun-jre (CLA-2005:977) http://www.net-security.org/advisory.php?id=4958 Conectiva Linux Security Announcement - sudo (CLA-2005:976) http://www.net-security.org/advisory.php?id=4957 Conectiva Linux Security Announcement - gzip (CLA-2005:974) http://www.net-security.org/advisory.php?id=4956 Conectiva Linux Security Announcement - bzip2 (CLA-2005:972) http://www.net-security.org/advisory.php?id=4955 Conectiva Linux Security Announcement - clamav (CLA-2005:973) http://www.net-security.org/advisory.php?id=4954 Debian Security Advisory - gaim (DSA 734-1) http://www.net-security.org/advisory.php?id=4953 Ubuntu Security Notice - php4, php4-universe vulnerability (USN-147-1) http://www.net-security.org/advisory.php?id=4952 Debian Security Advisory - ppxp (DSA 725-2) http://www.net-security.org/advisory.php?id=4951 Conectiva Linux Security Announcement - ipsec-tools (CLA-2005:971) http://www.net-security.org/advisory.php?id=4950 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- LAPTOP THEFT - AN INSIDERÕS GUIDE TO NOT BECOMING ANOTHER STATISTIC Protecting against laptop and data theft would appear to be relatively easy but, in a business sense, is rarely so. This article provides some basic steps for employees to follow in order to protect laptops. http://www.net-security.org/article.php?id=802 ---------------------------------------------------------------- [ Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 Pocket PC software is located at: http://net-security.org/software_main.php?cat=3 Mac OS X software is located at: http://net-security.org/software_main.php?cat=5 ---------------------------------------------------------------- ACSV 1.5.0 (Windows) The handy and fast program with an clear interface for calculation and verifying the MD5 and CRC32 checksums of files in specified folder. http://www.net-security.org/software.php?id=306 ANTI-KEYLOGGER 6.0.1 (Windows) Anti-keylogger is a program designed to combat against various types of intrusion and monitoring programs. http://www.net-security.org/software.php?id=284 ARPALERT 0.4.5 (Linux) This software listens on a network interface (without using 'promiscuous' mode) and catches all conversations of MAC address to IP request. http://www.net-security.org/software.php?id=335 BASTILLE LINUX 3.0.5 (Linux) The Bastille Hardening System attempts to "harden" or "tighten" the Linux operating system. http://www.net-security.org/software.php?id=217 CONSOLE PASSWORD MANAGER (CPM) 0.13 Beta (Linux) cpm is a small console tool to manage passwords and store them public key encrypted in a file - even for more than one person. http://www.net-security.org/software.php?id=287 CRYPTOEXPERT 2005 LITE 6.1.0 (Windows) CryptoExpert creates encrypted virtual disks and these disks are visible as usual disks with drive letters. http://www.net-security.org/software.php?id=305 DAEMON SHIELD 0.4.0 (Linux) A daemon that creates realtime dynamic, expirable iptables rules to block/drop IP addresses attempting brute-force breakin attacks on a linux host via ssh or other mechanism. http://www.net-security.org/software.php?id=300 DANTE 1.1.16 (Linux) Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts. http://www.net-security.org/software.php?id=43 DIGITAL INVISIBLE INK TOOLKIT 2.1 Beta (Windows) Digital Invisible Ink Toolkit is a simple Java-based steganography tool. http://www.net-security.org/software.php?id=312 DISTRIBUTED ACCESS CONTROL SYSTEM 1.4.4 (Linux) DACS is an open source identity management and access control system for web services. http://www.net-security.org/software.php?id=346 DROPBEAR SSH SERVER 0.46 (Linux) Dropbear is an SSH 2 server, designed to be usable in small memory environments. http://www.net-security.org/software.php?id=490 FIREWALL BUILDER 2.0.8 (Linux) Firewall Builder consists of an object-oriented GUI and a set of policy compilers for various firewall platforms. http://www.net-security.org/software.php?id=230 FOREMOST 1.0 (Linux) Foremost is a console program to recover files based on their headers and footers. http://www.net-security.org/software.php?id=318 FRANKENWALL 0.5.10 (Linux) Frankenwall is a bash shell script intended to create a highly secure IPTables based linux firewall/router with QOS/traffic shaping/bandwidth management. http://www.net-security.org/software.php?id=313 GNUPG 1.4.1 (Linux) GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. http://www.net-security.org/software.php?id=295 GROKEVT 0.1.1 (Linux) GrokEVT is a collection of scripts for reading Windows event log files. http://www.net-security.org/software.php?id=328 INTEGCHECK 1.0.3 (Linux) Integcheck is a system integrity checker. http://www.net-security.org/software.php?id=291 IPTABLES 1.3.2 (Linux) The netfilter/iptables project is the Linux 2.4.x / 2.5.x firewalling subsystem. http://www.net-security.org/software.php?id=4 MEGAPING 4.4 (Windows) MegaPing is a set of diagnostics and information tools. http://www.net-security.org/software.php?id=298 MUDPIT 1.4 (Linux) MudPit is a spool processor for the Snort intrusion detection system. http://www.net-security.org/software.php?id=375 NUFW 1.0.9 (Linux) NuFW is an "authenticating gateway". This means it requires authentication for any connections to be forwarded through the gateway. http://www.net-security.org/software.php?id=526 PASSWORD GORILLA 1.2 (Windows) The Password Gorilla helps you manage your logins. http://www.net-security.org/software.php?id=12 PHPANTIVIRUS 1.0.2 (Linux) Scans your web server's file system for dangerous and malicious code. http://www.net-security.org/software.php?id=265 PHPKRM 1.4.1 (Linux) PHPkrm is a Web-based GNUPG keyring manager. http://www.net-security.org/software.php?id=347 PPTPPROXY 2.0 (Linux) This program will forward a PPTP VPN connection through a Linux firewall. http://www.net-security.org/software.php?id=191 PROSHIELD 3.7.19 (Linux) ProShield is a security program for Debian Linux. http://www.net-security.org/software.php?id=282 RADDUMP 0.3.1 (Linux) raddump interprets captured RADIUS packets to print a timestamp, packet length, RADIUS packet type, source and destination hosts and ports, and included attribute names and values for each packet. http://www.net-security.org/software.php?id=357 SCPONLY 4.1 (Linux) "scponly" is an alternative 'shell' (of sorts) for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. http://www.net-security.org/software.php?id=337 SMARTWHOIS 4.0 Build 163 (Windows) SmartWhois is a useful network information utility that allows you to find all the available information about an IP address, hostname, or domain. http://www.net-security.org/software.php?id=299 SNORT SMS 0.15.9 (Linux) A Web-based remote sensor management and monitoring system. http://www.net-security.org/software.php?id=342 SPAMPAL 1.591 (Windows) SpamPal sits between your email program and your mailbox, checking your email as you retrieve it. http://www.net-security.org/software.php?id=296 SPYSITES 2.0 (Windows) SpySites includes a database of over 1,500 known Spy/Sleaze sites and guides you through the simple process of including them in Internet Explorer's Restricted Zone. http://www.net-security.org/software.php?id=289 SUPER WEBSCAN 8.8 (Windows) Super Webscan is a tool for network administrators that allows to detect open relay SMTP servers. http://www.net-security.org/software.php?id=301 SURF INSPECTOR HOME EDITION 1.2 (Windows) Monitor your kids online to prevent them from explicit and violent websites. http://www.net-security.org/software.php?id=323 SYSMASK 1.0 (Linux) Sysmask is a powerful and flexible security enhancement package for Linux systems. http://www.net-security.org/software.php?id=352 SYSTEM SHIELD 2.1c (Windows) System Shield prevents recovery of private or confidential information on your computer by securely overwriting the data. http://www.net-security.org/software.php?id=297 T-BEAR 1.3 (Linux) T-BEAR is the Transient Bluetooth Environment security AuditoR. http://www.net-security.org/software.php?id=360 TCPVIEW 2.4 (Windows) TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. http://www.net-security.org/software.php?id=319 THE SLEUTH KIT 2.02 (Linux) The Sleuth Kit is a collection of UNIX-based command line file system forensic tools. http://www.net-security.org/software.php?id=215 TRANSPARENT SCREEN LOCK PRO 4.10 (Windows) Password protect your workstation or server while viewing programs that are running. http://www.net-security.org/software.php?id=292 TROUSERS 0.2.0 (Linux) TrouSerS is a Trusted Computing Group Software Stack (TCG TSS) implementation. http://www.net-security.org/software.php?id=266 VISUALROUTE 2005 9.3d (Windows) VisualRoute delivers the functionality of key Internet "ping," "whois," and "traceroute" tools, in a high-speed visually integrated package. http://www.net-security.org/software.php?id=2 WEBCERT 1.3.0 (Linux) WebCert is a simple, OpenSSL based CA Interface to generate Certificates. http://www.net-security.org/software.php?id=257 XYRIA:DNSD 0.6.1 (Linux) Xyria:DNSd is an high performance DNS server that supports only the most important features and resource records while being extremely fast and secure. http://www.net-security.org/software.php?id=93 ---------------------------------------------------------------- [ Webcasts ] All webcasts are located at: http://net-security.org/webcasts.php ---------------------------------------------------------------- Email Security and Availability - How to Maximize Availability and Minimize Risk for your Critical Messaging Environment Organized by Symantec on 12 July 2005, 9:00 AM http://www.net-security.org/webcast.php?id=381 Wireless Networks: How to Win the Race with Hackers Organized by AirDefense on 13 July 2005, 2:00 PM http://www.net-security.org/webcast.php?id=383 eEye and IIS - Implementing a Multi-Layered Security Solution to Best Address Spyware, Phishing and Zero Day Attacks Organized by eEye on 14 July 2005, 2:00 PM http://www.net-security.org/webcast.php?id=376 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://net-security.org/conferences.php ---------------------------------------------------------------- The 4th European Conference on Information Warfare and Security (ECIW 2005) Organized by Academic Conferences International - 11 July-15 July 2005 http://www.net-security.org/conference.php?id=120 The 32nd International Colloquium on Automata, Languages and Programming (ICALP'05) Organized by European Association for Theoretical Computer Science - 11 July-15 July 2005 http://www.net-security.org/conference.php?id=121 Black Hat Briefings & Training USA 2005 Organized by Black Hat - 23 July-28 July 2005 http://www.net-security.org/conference.php?id=138 14th USENIX Security Symposium Organized by USENIX - 31 July-5 August 2005 http://www.net-security.org/conference.php?id=136 3rd Annual Midwest Network Security Forum Organized by The Institute for Applied Network Security - 3 August-4 August 2005 http://www.net-security.org/conference.php?id=139 Crypto 2005 Organized by International Association for Cryptologic Research - 14 August-18 August 2005 http://www.net-security.org/conference.php?id=122 8th Information Security Conference(ISC'05) Organized by Institute for Infocomm Research - 21 September-23 September 2005 http://www.net-security.org/conference.php?id=123 The 4th International Workshop for Applied PKI (IWAP'05) Organized by Institute for Infocomm Research - 21 September-23 September 2005 http://www.net-security.org/conference.php?id=124 RSA Conference Europe 2005 Organized by RSA Conference - 17 October-19 October 2005 http://www.net-security.org/conference.php?id=133 CNIS 2005: IASTED International Conference on Communication, Network and Information Security Organized by IASTED - 14 November-16 November 2005 http://www.net-security.org/conference.php?id=137 Asiacrypt 2005 Organized by International Association for Cryptologic Research - 1 December-4 December 2005 http://www.net-security.org/conference.php?id=125 ---------------------------------------------------------------- [ Security World ] All press releases are located at: http://www.net-security.org/press_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- Network World Declares Senforce Endpoint Security ÒClear Choice for InnovationÓ http://www.net-security.org/press.php?id=3294 F-Secure announces Data Security Six Month Summary http://www.net-security.org/press.php?id=3293 (ISC)2 Publishes Guide To Information Security Profession For High School And College Students http://www.net-security.org/press.php?id=3292 FrontBridge Positioned in Leaders Quadrant of Top Analyst Report on Email Security Boundary http://www.net-security.org/press.php?id=3291 Criston Signs Major Japan Partner NEC Soft http://www.net-security.org/press.php?id=3290 SHOUT VoIP Migration Appliance Delivers Hardened Security Features that make VoIP Viable for Large Enterprises http://www.net-security.org/press.php?id=3289 Trend Micro Extends and Enhances Security for Corporate Messaging Communication and Collaboration Environments http://www.net-security.org/press.php?id=3288 Senforce Wi-Fi Security Eliminates Critical Threat to Enterprises: Wireless Network Risks http://www.net-security.org/press.php?id=3287 Utimaco Technology Gains Certification in Accordance with Leading US Security Standard http://www.net-security.org/press.php?id=3286 Safety-Lab International Releases New Version of Shadow Security Scanner http://www.net-security.org/press.php?id=3285 Panda BusinesSecure with TruPrevent Technologies, the best anti-malware solution in the tests carried out by the prestigious Dutch publication Computable http://www.net-security.org/press.php?id=3284 MessageLabs Positioned in ÒLeadersÓ Quadrant in Email Security Boundary Magic Quadrant by Leading Industry Research Firm http://www.net-security.org/press.php?id=3283 Bluesocket Wins Frost & Sullivan VoWLAN Product Innovation Award http://www.net-security.org/press.php?id=3282 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Sasser Worm Writer Walks Free From Court http://www.net-security.org/virus_news.php?id=564 New Virus Poses As London Terrorist Attack News Footage http://www.net-security.org/virus_news.php?id=563 Weekly Report on Viruses and Intruders - Gaobot.IUF and Prex.AM Worms, Banker.XP Trojan etc http://www.net-security.org/virus_news.php?id=562 Two New Strains of Trojan Downloader on the Loose http://www.net-security.org/virus_news.php?id=561 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php ---------------------------------------------------------------- InfoSec Research Library - http://net-security.bitpipe.com ---------------------------------------------------------------- In association with BitPipe, Help Net Security is giving you a possibility to freely read the latest white papers, case studies, webcasts and product information related to information security. Some of the topics covered include: Authentication, Email Security, Identity Management, Network Security, Security Policies. VPN and Wireless Security. ---------------------------------------------------------------- Point your bowsers to: http://net-security.bitpipe.com ----------------------------------------------------------------