HNS Newsletter
Issue 275 - 25.07.2005.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.


----------------------------------------------------------------
RSA Conference Europe 2005
----------------------------------------------------------------
Register Today and Save
17-19 October, Austria Center, Vienna
Early Bird Deadline 29 July 2005

The No 1 Event for Information Security
New Threats: New Rules: New Technologies
----------------------------------------------------------------
Visit http://2005.rsaconference.com/europe to learn more.
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Software
7) Webcasts
8) Conferences
9) Security World
10) Virus News


[ Security news ]


----------------------------------------------------------------

SMALL DOESN'T MEAN ANYTHING TO HACKERS
Being small doesnÕt make you invisible.
http://www.net-security.org/news.php?id=8302


ORACLE SIMPLIFIES SOA, WEB SERVICES SECURITY
Oracle announced the industry's first integrated, standards-based
business process platform that simplifies the security of
service-oriented architectures (SOAs) and Web services.
http://www.net-security.org/news.php?id=8303


MOZILLA SITE ATTACKED TO SPREAD SPAM
A site promoting Firefox was attacked last weekend in order to
commandeer it to send spam, the Mozilla Foundation said on Friday.
http://www.net-security.org/news.php?id=8304


RETHINKING THE DATA SECURITY BOX
Computer security can be a difficult problem to get a handle on, so
sometimes it takes some creative thinking. I would say it involves
"thinking outside the box," but that's a little too trite and
overused.
http://www.net-security.org/news.php?id=8305


GOOGLE GROWTH YIELDS PRIVACY FEAR
Google is at once a powerful search engine and a growing e-mail
provider. It runs a blogging service, makes software to speed web
traffic and has ambitions to become a digital library. And it is
developing a payments service.
http://www.net-security.org/news.php?id=8306


HOW TO PREVENT PHARMING
Protect your company's online reputation by locking down DNS and
guarding against domain hijacking.
http://www.net-security.org/news.php?id=8307


ONLINE PRIVACY REGULATIONS FORCING BETTER HANDLING OF DATA
In essence, computerized banking transactions and Internet commerce
practices have put new twists on old identity theft methods used by
criminals. Federal guidelines are just now starting to focus on
electronic processes that did not exist when other federal
regulations were first designed.
http://www.net-security.org/news.php?id=8308


HOW TO PREVENT YOUR WEBSITE FROM BEING USED AGAINST YOU IN A PHISHING
ATTACK
Phishing has become more and more commonplace and these attacks put
companies that conduct online business at risk, and threaten to
undermine consumer confidence.
http://www.net-security.org/news.php?id=8309


SECURE RSS SYNDICATION
I have a problem. It's actually a pretty common problem. I have data
that I want to syndicate to myself, but I don't want you to see it.
http://www.net-security.org/news.php?id=8310


TROUBLESHOOTING IPSEC TUNNEL MODE SCENARIOS
In this article weÕll take a look at how to troubleshoot a common
site to site IPSec tunnel-mode VPN scenario.
http://www.net-security.org/news.php?id=8311


MALWARE MAELSTROM MENACES UK
Lock up your email servers - there's a blizzard of Windows malware
out there.
http://www.net-security.org/news.php?id=8312


VIRUS BOUNTIES NO LONGER EFFECTIVE
Wild West methods increasingly irrelevant, say security experts.
http://www.net-security.org/news.php?id=8313


PREPARE FOR DISASTERS THAT COULD BRING YOUR BUSINESS TO A HALT
This article looks at how Ònon-traditionalÓ disasters, such as gas
leaks and human error, can impact on the operations of your
organisation.
http://www.net-security.org/news.php?id=8314


MICROSOFT ADMITS TO MEDIA CENTER HOLE
Security flaw could allow hackers to crash PCs.
http://www.net-security.org/news.php?id=8315


WATCH OUT FOR THIRD-PARTY SYSTEMS WHEN MANAGING NETWORK SECURITY
Even the best security efforts may be missing an entire class of
susceptible systems: equipment maintained by other companies. Here's
what to watch out for.
http://www.net-security.org/news.php?id=8316


EMAIL AUTHENTICATION TAKES BIG BITE OF SPAM
New research suggests anti-spam tools are slowly winning the war on
junk mail.
http://www.net-security.org/news.php?id=8317


FINANCIAL IMPACT OF SOME SECURITY BREACHES SKYROCKETS
The financial impact of the theft of proprietary information has more
than doubled in the last year, according to the 10th annual CSI/FBI
Computer Crime and Security Survey.
http://www.net-security.org/news.php?id=8318


TO STOP HACKER ATTACKS, DON'T RELY ON ISPS
Your Internet service provider isn't to blame if your company is hit
with a distributed denial-of-service attack.
http://www.net-security.org/news.php?id=8319


WINDOWS XP DOS BUG WORSE THAN THOUGHT
It affects several other editions of Windows, and could have buffer
overflow potential.
http://www.net-security.org/news.php?id=8320


BRINGING SPAMMERS TO THEIR KNEES
PC World Senior Writer Tom Spring discusses the latest trends in spam
and gives you the tips and tools for getting rid of it.
http://www.net-security.org/news.php?id=8321


THE NEED TO FOCUS ON HIDDEN SECURITY THREATS
Keeping up with spyware, key loggers, Trojans, exploits and other
malicious software is challenge on its own.
http://www.net-security.org/news.php?id=8322


GAO: FEDERAL SYSTEMS SECURITY STILL LACKING
The good news: Federal agencies are making progress in implementing
stronger information security regimes. The bad news: It hasn't helped
much.
http://www.net-security.org/news.php?id=8323


TROJANS STAMPEDE ACROSS THE WEB
Malicious code targeting bank accounts.
http://www.net-security.org/news.php?id=8324


ETHICAL ISSUES FOR IT SECURITY PROFESSIONALS
This article takes a look at a neglected area of most computer
security professionals' training: how to deal with the ethical issues
that can - and invariably do - crop up during the course of doing your
job.
http://www.net-security.org/news.php?id=8325


NETWORK MONITORING WITH NGREP
With ngrep, you can analyze network traffic in a manner similar to
that of other network sniffers. However, unlike its brethern, ngrep
can match regular expressions within the network packet payloads.
http://www.net-security.org/news.php?id=8326


A SECURITY QUALIFICATION IS A MUST BUT MAKE SURE IT FITS YOUR FIELD
Europe will need another 680,000 information security professionals
by 2008.
http://www.net-security.org/news.php?id=8327


NEW WORM POSES AS ITUNES
Worm writers are piggy-backing on the success of AppleÕs iTunes
digital juke box according to an anti-virus software firm.
http://www.net-security.org/news.php?id=8328


CAN'T RECALL PASSWORDS? WRITE THEM DOWN
Flying in the face of convention, a security expert is now telling
users to write down passwords and stick the slip of paper in their
wallets.
http://www.net-security.org/news.php?id=8329


VISA, AMEX CUT TIES WITH CARDSYSTEMS
Visa USA has dumped a card processing firm blamed for a security
breach affecting anything up to 40m The payment-processing company
left 40 million accounts vulnerable to hackers. A Visa spokeswoman
said CardSystems "has not corrected, and cannot at this point
correct, the failure to provide proper data security for Visa
accounts."
http://www.net-security.org/news.php?id=8330


ORACLE TAKEN TO TASK FOR TIME TO FIX VULNERABILITIES
Claiming that Oracle has failed to fix six vulnerabilities despite
having more than 650 days to issue a patch, researchers at security
firm Red Database Security published details of the flaws on Tuesday.
http://www.net-security.org/news.php?id=8331


WRITING SECURE PHP
Here are a few of the more common security problems and how to avoid
them.
http://www.net-security.org/news.php?id=8332


ATTACKERS TURNING TO FAKE ONLINE GREETING CARDS
The next e-mail greeting card you get may come with a nasty surprise.
http://www.net-security.org/news.php?id=8333


BILL PUTS SPOTLIGHT BACK ON DATA THEFT
Several prominent U.S. Senators, including the leaders of the
Commerce Committee, have introduced another bill that takes on the
growing online menace of identity and data theft.
http://www.net-security.org/news.php?id=8334


INTERNET USERS IGNORANT ABOUT DATA PRIVACY
U.S. Internet users are dangerously ignorant about the type of data
that Web site owners collect from them.
http://www.net-security.org/news.php?id=8335


SECURING WIRELESS TECHNOLOGY
Wireless networking frees mobile workers from wires and cables,
allowing them to collect and view data whenever, wherever they
choose.
http://www.net-security.org/news.php?id=8336


ADVANCED CODE INJECTION TECHNIQUES AND TESTING PROCEDURES
Depending upon the nature of the application and the way the
malicious data is stored or rendered, the attacker may be able to
conduct a second-order code injection attack.
http://www.net-security.org/news.php?id=8337


SMALL BUSINESSES LACK IT SECURITY
Companies are not increasing budgets for the most basic systems,
including email and wireless network connections.
http://www.net-security.org/news.php?id=8338


HP PROLIANT DL320 HARDWARE ISA FIREWALL REVIEW
This sturdy ISA-based hardware firewall is targeted at the
experienced ISA firewall administrator who wants a pre-built and
pre-hardened ISA firewall delivered to the door, ready to plug in and
deploy.
http://www.net-security.org/news.php?id=8339


MICROSOFT BUYS ANOTHER SECURITY FIRM
Software maker buys FrontBridge Technologies, makers of an e-mail
security product.
http://www.net-security.org/news.php?id=8340


REVIEW: GFI LANGUARD NETWORK SECURITY SCANNER 6
This is a review of the new release of LANguard Network Security
Scanner (GFI LANguard NSS) from GFI. NSS will scan computers for
known vulnerabilities and common misconfigurations and other
potential security issues. It produces reports that can be used to
assist in the tracking and mitigation of security issues that have
been identified.
http://www.net-security.org/news.php?id=8341


INTERVIEW WITH DAN KAMINKSY ON MICROSOFT 'S SECURITY
Dan Kaminsky is a security researcher focusing on applied mechanisms
for analyzing and understanding very large scale networks.
http://www.net-security.org/news.php?id=8342


SYSTEM SECURITY: A COMPREHENSIVE APPROACH
This security white paper outlines the seven critical categories of
system security necessary to implement a comprehensive security
framework.
http://www.net-security.org/news.php?id=8343


SECURITY FLAWS SLIP THROUGH ORACLE PATCH CYCLE
A security research firm has reported details of six vulnerabilities
in products from Oracle that were not fixed in the supplierÕs last
round of patches.
http://www.net-security.org/news.php?id=8344


ID THEFT FEARS PROMPT ECOMMERCE BOYCOTT
Identity theft fears are prompting some UK consumers to avoid buying
goods or services online or over the phone, according to a national
survey published this week.
http://www.net-security.org/news.php?id=8345


'ALIEN GREETING' HARBOURS WINDOWS MALWARE
A message purporting to come from an alien is in reality, you've
guessed it, the latest Windows PC-infecting computer virus.
http://www.net-security.org/news.php?id=8346


SYS ADMIN: FRIEND OR FOE?
The network system administrator is the first line, and sometimes
last line of defence that a network has. What happens though if that
very same defender becomes more of a liability?
http://www.net-security.org/news.php?id=8347


IS WIRELESS SECURITY POINTLESS?
While no personal information appears to have been compromised,
SpreadFirefox has encouraged all users to log into their accounts and
change their passwords. The site sent out an e-mail to all account
holders with instructions on how to do so.
http://www.net-security.org/news.php?id=8348


CARDSYSTEMS MAY BE DRIVEN OUT OF BUSINESS AFTER THE ATTACK
The head of a payment-processing firm that was infiltrated by
computer hackers, exposing as many as 40 million credit card holders
to possible fraud, told Congress on Thursday that his company is
"facing imminent extinction" because of its disclosure of the breach
and industry's reaction to it.
http://www.net-security.org/news.php?id=8349


IDENTIFYING P2P USERS USING TRAFFIC ANALYSIS
With the emergence of Napster in the fall of 1999, peer to peer (P2P)
applications and their user base have grown rapidly in the Internet
community. With the popularity of P2P and the bandwidth it consume,
there is a growing need to identify P2P users within the network
traffic.
http://www.net-security.org/news.php?id=8350


BIG BROTHER? THE REST OF THE FAMILY IS LURKING ONLINE
With personal data so available, cyber-posses face few barriers in
using it as a weapon.
http://www.net-security.org/news.php?id=8351


BIGGEST 419 BUST IN HISTORY
The FBI and Spanish police have arrested 310 people in Malaga, Spain
in connection with a Û100m bogus (email) lottery scam run by Nigerian
gangs.
http://www.net-security.org/news.php?id=8352


LINUX SCRIPTS MAKE WIRELESS MANAGEMENT A SNAP
Powerful tools can help you run your own wireless ISP.
http://www.net-security.org/news.php?id=8353


SECURE VOIP ON GOVERNMENT'S HIT LIST
Given recent forecasts of growth in the government telecom market,
security issues associated with VoIP are understandably in the
spotlight.
http://www.net-security.org/news.php?id=8354


ORACLE TAKES YEARS TO FIX HOLES
The database vendor fails to patch security holes, despite knowing
about the vulnerabilities for as long as two years, an accuser says.
But Oracle says it fixes holes in order of severity.
http://www.net-security.org/news.php?id=8355


LOST DOG SCAMS BITE ONLINE USERS
Scammers have taken a traditional double-cross played on owners of
lost dogs to the Internet.
http://www.net-security.org/news.php?id=8356


INTRUSION DETECTION ON STEROIDS
I like Sourcefire's strategy of employing several technologies to
detect intrusions, but I was more impressed by the RNA sensors'
ability to detect vulnerabilities in specific hosts in real time.
http://www.net-security.org/news.php?id=8357


80 SECURITY TIPS
Whether your PC is 3 years or 3 days old, it faces the same,
sometimes scary security issues.
http://www.net-security.org/news.php?id=8358


DESKTOP SECURITY: PROACTIVE PROTECTION AGAINST KNOWN AND UNKNOWN
DESKTOP SECURITY THREATS
With security threats growing, it is imperative to have a
multi-layered security solution that is fast, strong and nimble.
http://www.net-security.org/news.php?id=8359


MITNICK PREACHES SOCIAL ENGINEERING AWARENESS
Mitnick says people are the weakest link and organizations must build
'human firewall'.
http://www.net-security.org/news.php?id=8360


BEWARE THE ICE VIRUS HOAX
Experts at Sophos have warned of a new virus hoax. If you receive a
mail claiming that ICE is a virus, first don't believe it, second
don't forward it, because it's a hoax.
http://www.net-security.org/news.php?id=8361


SPY WORM SPREADS OVER INSTANT MESSAGING
Microsoft's MSN Messenger and AOL's Instant Messenger services are
being targeted by malicious messages containing links that could
infect a computer with a Trojan horse or dangerous worm.
http://www.net-security.org/news.php?id=8362


UK COMPANIES DON'T HAVE BASIC SECURITY MEASURES FOR SMART HANDHELDS
Forty per cent of businesses feel they do not secure handheld devices
to the level they secure laptops.
http://www.net-security.org/news.php?id=8363

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/vulnerabilities.php


----------------------------------------------------------------

Contrexx CMS Poll Module votingoption Parameter SQL Injection
http://www.net-security.org/vulnerability.php?id=18166


Contrexx CMS Gallery Module pId Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18167


Contrexx CMS Search Form term Variable XSS
http://www.net-security.org/vulnerability.php?id=18168


Contrexx CMS Blog Aggregation Module title Field XSS
http://www.net-security.org/vulnerability.php?id=18169


Contrexx CMS version.xml Information Disclosure
http://www.net-security.org/vulnerability.php?id=18170


Website Generator spaw_control.class.php Direct Request Path
Disclosure
http://www.net-security.org/vulnerability.php?id=18155


Website Generator img_popup.php img_url Variable XSS
http://www.net-security.org/vulnerability.php?id=18156


Website Generator colorpicker.php theme Variable XSS
http://www.net-security.org/vulnerability.php?id=18157


Website Generator table.php theme Variable XSS
http://www.net-security.org/vulnerability.php?id=18158


Website Generator td.php theme Variable XSS
http://www.net-security.org/vulnerability.php?id=18159


Website Generator confirm.php theme Variable XSS
http://www.net-security.org/vulnerability.php?id=18160


Website Generator a.php theme Variable XSS
http://www.net-security.org/vulnerability.php?id=18161


Website Generator banner_library.php theme Variable XSS
http://www.net-security.org/vulnerability.php?id=18162


sendcard sendcard.php id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18153


Mambo com_contents Component cur_template Variable XSS
http://www.net-security.org/vulnerability.php?id=18149


PHPSiteSearch search.php query Variable XSS
http://www.net-security.org/vulnerability.php?id=18142


Ultimate PHP Board (UPB) send.php css Variable XSS
http://www.net-security.org/vulnerability.php?id=18143


Ultimate PHP Board (UPB) users.php css Variable XSS
http://www.net-security.org/vulnerability.php?id=18144


Ultimate PHP Board (UPB) top.php css Variable XSS
http://www.net-security.org/vulnerability.php?id=18145


Ultimate PHP Board (UPB) main.php css Variable XSS
http://www.net-security.org/vulnerability.php?id=18146


Ultimate PHP Board (UPB) header.php title Variable XSS
http://www.net-security.org/vulnerability.php?id=18147


phpSurveyor question.php Path Disclosure
http://www.net-security.org/vulnerability.php?id=18086


phpSurveyor survey.php Path Disclosure
http://www.net-security.org/vulnerability.php?id=18087


phpSurveyor group.php Path Disclosure
http://www.net-security.org/vulnerability.php?id=18088


phpSurveyor html.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18089


phpSurveyor database.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18090


phpSurveyor dumpquestion.php qid Variable Path Disclosure
http://www.net-security.org/vulnerability.php?id=18091


phpSurveyor labels.php Path Disclosure
http://www.net-security.org/vulnerability.php?id=18092


phpSurveyor dumplabel.php Path Disclosure
http://www.net-security.org/vulnerability.php?id=18093


phpSurveyor sessioncontrol.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18094


phpSurveyor browse.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=18095


phpSurveyor dataentry.php sid Variable XSS
http://www.net-security.org/vulnerability.php?id=18096


phpSurveyor export.php sid Variable XSS
http://www.net-security.org/vulnerability.php?id=18097


phpSurveyor labels.php lid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18098


phpSurveyor dumplabel.php lid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18099


phpSurveyor browse.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18100


phpSurveyor dataentry.php sid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18101


phpSurveyor export.php sid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18102


phpSurveyor admin.php sid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18103


phpSurveyor conditions.php sid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18104


phpSurveyor spss.php sid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18105


phpSurveyor deletesurvey.php sid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18106


phpSurveyor dumpsurvey.php sid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18107


phpSurveyor statistics.php sid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18108


PHP-Fusion BBcode color Tag Arbitrary CSS Code Insertion
http://www.net-security.org/vulnerability.php?id=18111


Oracle Reports rwservlet report Variable Arbitrary Report Executable
Execution
http://www.net-security.org/vulnerability.php?id=18114


Oracle Reports desname Parameter Arbitrary File Overwrite
http://www.net-security.org/vulnerability.php?id=18115


Oracle Forms f90servlet module Parameter Arbitrary fmx Execution
http://www.net-security.org/vulnerability.php?id=18116


Oracle Reports rwservlet Multiple Variable Arbitrary File Segment
Access
http://www.net-security.org/vulnerability.php?id=18117


Oracle Reports showenv debug Variable XSS
http://www.net-security.org/vulnerability.php?id=18118


Oracle Reports parsequery test Variable XSS
http://www.net-security.org/vulnerability.php?id=18119


Oracle Reports rwservlet Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=18120


e107 BBcode Nested URL Tag XSS
http://www.net-security.org/vulnerability.php?id=18079


Simple Message Board forum.cfm FID Variable XSS
http://www.net-security.org/vulnerability.php?id=18073


Simple Message Board user.cfm UID Variable XSS
http://www.net-security.org/vulnerability.php?id=18074


Simple Message Board thread.cfm TID Variable XSS
http://www.net-security.org/vulnerability.php?id=18075


Simple Message Board search.cfm PostDate Variable XSS
http://www.net-security.org/vulnerability.php?id=18076


KDE Kate/KWrite Backup File Insecure Permission Information
Disclosure
http://www.net-security.org/vulnerability.php?id=18063


MDaemon IMAP CREATE Command Remote Overflow
http://www.net-security.org/vulnerability.php?id=18070


PHPPageProtect admin.php username Variable XSS
http://www.net-security.org/vulnerability.php?id=18065


PHPPageProtect login.php username Variable XSS
http://www.net-security.org/vulnerability.php?id=18066


Cisco Spoofed EIGRP Packet Saturation DoS
http://www.net-security.org/vulnerability.php?id=18055

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

KDE Security Advisory - KDE Security Advisory: libgadu
vulnerabilities (2005-07-21)
http://www.net-security.org/advisory.php?id=5061


Ubuntu Security Notice - openldap2, libpam-ldap, libnss-ldap
vulnerabilities (CAN-2005-2069)
http://www.net-security.org/advisory.php?id=5060


Ubuntu Security Notice - zlib vulnerability (USN-151-1)
http://www.net-security.org/advisory.php?id=5059


Ubuntu Security Notice - kdelibs vulnerability (USN-150-1)
http://www.net-security.org/advisory.php?id=5058


Ubuntu Security Notice - mozilla-firefox vulnerabilities (USN-149-1)
http://www.net-security.org/advisory.php?id=5057


Debian Security Advisory - cacti (DSA 764-1)
http://www.net-security.org/advisory.php?id=5056


Debian Security Advisory - zlib (DSA 763-1)
http://www.net-security.org/advisory.php?id=5055


Mandriva Linux Security Update Advisory - shorewall (MDKSA-2005:123)
http://www.net-security.org/advisory.php?id=5054


Mandriva Linux Security Update Advisory - kdelibs (MDKSA-2005:122)
http://www.net-security.org/advisory.php?id=5053


Slackware Security Advisory - emacs movemail POP utility
(SSA:2005-201-02)
http://www.net-security.org/advisory.php?id=5052


Slackware Security Advisory - dnsmasq (SSA:2005-201-01)
http://www.net-security.org/advisory.php?id=5051


FreeBSD Security Advisory - devfs ruleset bypass
(FreeBSD-SA-05:17.devfs)
http://www.net-security.org/advisory.php?id=5050


Mandriva Linux Security Update Advisory - cpio (MDKSA-2005:116-1)
http://www.net-security.org/advisory.php?id=5049


Mandriva Linux Security Update Advisory - nss_ldap (MDKSA-2005:121)
http://www.net-security.org/advisory.php?id=5048


Debian Security Advisory - affix (DSA 762-1)
http://www.net-security.org/advisory.php?id=5047


Debian Security Advisory - heartbeat (DSA 761-1)
http://www.net-security.org/advisory.php?id=5046


Debian Security Advisory - ekg (DSA 760-1)
http://www.net-security.org/advisory.php?id=5045


Debian Security Advisory - heimdal (DSA 758-1)
http://www.net-security.org/advisory.php?id=5044


Debian Security Advisory - krb5 (DSA 757-1)
http://www.net-security.org/advisory.php?id=5043


Debian Security Advisory - phppgadmin (DSA 759-1)
http://www.net-security.org/advisory.php?id=5042


Debian Security Advisory - heimdal (DSA 758-1)
http://www.net-security.org/advisory.php?id=5041


Debian Security Advisory - krb5 (DSA 757-1)
http://www.net-security.org/advisory.php?id=5040

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

PREPARE FOR DISASTERS THAT COULD BRING YOUR BUSINESS TO A HALT
This article looks at how Ònon-traditionalÓ disasters, such as gas
leaks and human error, can impact on the operations of your
organisation.
http://www.net-security.org/article.php?id=805

----------------------------------------------------------------




[ Reviews ]


All reviews are located at:
http://www.net-security.org/reviews.php


----------------------------------------------------------------

GFI LANGUARD NETWORK SECURITY SCANNER 6
This is a review of the new release of LANguard Network
Security Scanner (GFI LANguard NSS) from GFI. NSS will scan
computers for known vulnerabilities and common misconfigurations
and other potential security issues. It produces reports that
can be used to assist in the tracking and mitigation of
security issues that have been identified.
http://www.net-security.org/review.php?id=151

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

ACUNETIX WEB VULNERABILITY SCANNER 2.0 (Windows)
This tool can automatically audit the security of your website and
web applications.
http://www.net-security.org/software.php?id=633


ARPALERT 0.4.10 (Linux)
This software listens on a network interface (without using
'promiscuous' mode) and catches all conversations of MAC address to
IP request.
http://www.net-security.org/software.php?id=335


CRYPTAINER LE 6.0.1.0 (Windows)
This tool enables you to secure your data and ensure absolute
privacy.
http://www.net-security.org/software.php?id=586


DEKART PRIVATE DISK 2.05 (Windows)
Easy-to-use, secure and reliable AES disk encryption software.
http://www.net-security.org/software.php?id=562


DEVICELOCK 5.72 Beta 1 (Windows)
DeviceLock gives network administrators control over which users can
access what devices on a local computer.
http://www.net-security.org/software.php?id=121


DSPAM 3.4.8 (Linux)
DSPAM is an extremely scalable, open-source statistical anti-spam
filter.
http://www.net-security.org/software.php?id=582


FE3D 0.8-3 (Windows)
fe3d is a 3D visualization tool for network (security) information.
http://www.net-security.org/software.php?id=590


HARDENED PHP 0.3.2 (Linux)
Hardened-PHP adds security hardening features to PHP.
http://www.net-security.org/software.php?id=563


KERBCRACK 1.3d3 (Windows)
KerbCrack consists of two programs, kerbsniff and kerbcrack.
http://www.net-security.org/software.php?id=377


MAILWASHER 4.1.9 (Windows)
MailWasher is a powerful email checker with effective spam
elimination.
http://www.net-security.org/software.php?id=430


MOD_SECURITY 1.8.7 (Linux)
ModSecurity is an open source intrusion detection and prevention
engine for web applications.
http://www.net-security.org/software.php?id=518


NET TOOL BOX 3.1 (Mac OS X)
Net Tool Box is a multi-purpose network utility.
http://www.net-security.org/software.php?id=598


NETSTAT AGENT 1.2 (Windows)
Netstat Agent is set of network tools useful in diagnosing network
and monitoring network connections on your computer.
http://www.net-security.org/software.php?id=584


NOTRAX 1.4.0.11 (Windows)
NoTrax is a web browser that lets you Surf the Net anonymously since
it cleans as you surf.
http://www.net-security.org/software.php?id=523


PAROS 3.2.3 (Windows)
Paros is a proxy which acts as a middleware between the web server
and your PC.
http://www.net-security.org/software.php?id=486


PASSWORD RESET 1.2 (Windows)
Password Reset is a self-service password management system that
allows users to reset their own password, even if they have forgotten
their current password.
http://www.net-security.org/software.php?id=520


PC SECURITY 6.3 (Windows)
This program offers multiple locking systems for the Windows
environment and the Internet.
http://www.net-security.org/software.php?id=386


PRIVATE SHELL 2.0 (Windows)
SSH client for Windows with SSH1 and SSH2 protocols support, includes
Secure FTP client and command line tools.
http://www.net-security.org/software.php?id=517


ROOTKITREVEALER 1.55 (Windows)
RootkitRevealer is an advanced rootkit detection utility.
http://www.net-security.org/software.php?id=623


SANDCAT SCANNER 1.6 (Windows)
Sandcat Scanner is a powerful tool for security auditors and system
administrators.
http://www.net-security.org/software.php?id=535


SERVER INSPECTOR 2.3.5 (Windows)
Server Inspector is a professional monitoring tool.
http://www.net-security.org/software.php?id=574


SHOREWALL 2.4.2 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


SOFTROS LAN MESSENGER 3.5.2 (Windows)
This is easy LAN messaging software for effective intraoffice
communication. It offers strong encryption.
http://www.net-security.org/software.php?id=561


SPAMWEASEL PRO 1.0.42 (Windows)
This junkmail-busting freeware utility will K.O. spam according to
both objective and personal criteria.
http://www.net-security.org/software.php?id=393


SPYBOT - SEARCH & DESTROY 1.4 (Windows)
Spybot - Search & Destroy can detect and remove spyware of different
kinds from your computer.
http://www.net-security.org/software.php?id=556


SPYWAREBLASTER 3.4 (Windows)
SpywareBlaster doesn't scan and clean for spyware - it prevents it
from ever being installed.
http://www.net-security.org/software.php?id=396


TCPDUMP FOR WINDOWS 3.9 (Windows)
Command-line packet capture tool for Windows.
http://www.net-security.org/software.php?id=624


TOR 0.1.0.12 (Windows)
An anonymous Internet communication system.
http://www.net-security.org/software.php?id=253


TREND MICRO ANTI-SPYWARE 3.0 (Windows)
Trend Micro Anti-Spyware is a comprehensive spyware detection and
removal solution, designed especially for home users.
http://www.net-security.org/software.php?id=512


TRILLIAN RECOVERY PRO 2.0 (Windows)
This program decrypts and display passwords stored by the Trillian
Instant Messaging client.
http://www.net-security.org/software.php?id=564


VTHROTTLE 0.55 (Linux)
Allows the administrator to control how much email users and hosts
may send, hindering the rapid spread of viruses, worms, and spam.
http://www.net-security.org/software.php?id=533


WEBGOAT 3.5 (Windows)
WebGoat is based on the concept of teaching a user a real world
lesson and then asking the user to demonstrate their understanding by
exploiting a real vulnerability on the local system.
http://www.net-security.org/software.php?id=538


WEPLAB 0.1.5 (Linux)
Weplab is a tool to review the security of WEP encryption in wireless
networks from an educational point of view.
http://www.net-security.org/software.php?id=539

----------------------------------------------------------------




[ Webcasts ]


All webcasts are located at:
http://net-security.org/webcasts.php


----------------------------------------------------------------

Automate and Streamline with Symantec LiveState Patch Manager
Organized by Symantec on 28 July 2005, 9:00 AM
http://www.net-security.org/webcast.php?id=384

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Black Hat Briefings & Training USA 2005
Organized by Black Hat - 23 July-28 July 2005
http://www.net-security.org/conference.php?id=138


14th USENIX Security Symposium
Organized by USENIX - 31 July-5 August 2005
http://www.net-security.org/conference.php?id=136


3rd Annual Midwest Network Security Forum
Organized by The Institute for Applied Network Security - 3 August-4
August 2005
http://www.net-security.org/conference.php?id=139


Crypto 2005
Organized by International Association for Cryptologic Research - 14
August-18 August 2005
http://www.net-security.org/conference.php?id=122


8th Information Security Conference(ISC'05)
Organized by Institute for Infocomm Research - 21 September-23
September 2005
http://www.net-security.org/conference.php?id=123


The 4th International Workshop for Applied PKI (IWAP'05)
Organized by Institute for Infocomm Research - 21 September-23
September 2005
http://www.net-security.org/conference.php?id=124


RSA Conference Europe 2005
Organized by RSA Conference - 17 October-19 October 2005
http://www.net-security.org/conference.php?id=133


CNIS 2005: IASTED International Conference on Communication, Network
and Information Security
Organized by IASTED - 14 November-16 November 2005
http://www.net-security.org/conference.php?id=137


Asiacrypt 2005
Organized by International Association for Cryptologic Research - 1
December-4 December 2005
http://www.net-security.org/conference.php?id=125

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Linux Security, Audit and Control Guidance Featured In New Book from
Information Systems Audit and Control Association
http://www.net-security.org/press.php?id=3325


Acunetix combats rise in web attacks with Acunetix Web Vulnerability
Scanner 2
http://www.net-security.org/press.php?id=3324


Study From SBTI And Symantec Exposes Small Business Information
Security Gaps And Provides Insight On How To Mitigate Risk
http://www.net-security.org/press.php?id=3323


CyberGuard's Customers and Partners From Across the Globe Converge on
Las Vegas for Annual Advisory Board Meeting
http://www.net-security.org/press.php?id=3322


Panda Software launches new versions of its corporate products with
highly effective anti-phishing protection
http://www.net-security.org/press.php?id=3321


Linux Community Embraces Free Distribution Backed By Professional
Development Team
http://www.net-security.org/press.php?id=3320


Kaspersky Lab acquires the Spamtest Project
http://www.net-security.org/press.php?id=3319


BitDefender Antivirus Solutions Certified by Mandriva
http://www.net-security.org/press.php?id=3318


Panda Software joins the Anti-Spyware Coalition (ASC), a new
institution dedicated to the fight against spyware
http://www.net-security.org/press.php?id=3317


karalon Ltd Announces the Release of Traffic IQ Pro and Traffic IQ
Basic
http://www.net-security.org/press.php?id=3316


Trend Micro Announces Network Anti-Spam Services
http://www.net-security.org/press.php?id=3315


Sproqit Announces Multi-User Version Of Innovative Wireless Access
Solution
http://www.net-security.org/press.php?id=3314


ChinaÕs Leading Domain Name Registry Service Provider Deploys NFR
SecurityÕs Sentivist Solution
http://www.net-security.org/press.php?id=3313


NetContinuum Launches the NC-2000 Application Security Gateway
Advancing Trend Toward Consolidated Security and Delivery Appliances
http://www.net-security.org/press.php?id=3312

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly Report on Viruses and Intruders - Lebreat worm variants,
RemoteLogger and AFXFireWall.A and E-Eliminator malware
http://www.net-security.org/virus_news.php?id=566

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
RSA Conference Europe 2005
----------------------------------------------------------------
Register Today and Save
17-19 October, Austria Center, Vienna
Early Bird Deadline 29 July 2005

The No 1 Event for Information Security
New Threats: New Rules: New Technologies
----------------------------------------------------------------
Visit http://2005.rsaconference.com/europe to learn more.
----------------------------------------------------------------