HNS Newsletter
Issue 276 - 01.08.2005.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.

----------------------------------------------------------------
InfoSec Research Library - http://net-security.bitpipe.com
----------------------------------------------------------------
In association with BitPipe, Help Net Security is giving you a
possibility to freely read the latest white papers, case studies,
webcasts and product information related to information security.

Some of the topics covered include: Authentication, Email Security,
Identity Management, Network Security, Security Policies. VPN and
Wireless Security.
----------------------------------------------------------------
Point your bowsers to: http://net-security.bitpipe.com
----------------------------------------------------------------

Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Conferences
7) Security World
8) Virus News


[ Security news ]


----------------------------------------------------------------

NEW SECURITY THREAT IS WITHIN
On the eve of the third anniversary of the Sarbanes-Oxley corporate
accountability law, it isn't just the accountants who are making
money.
http://www.net-security.org/news.php?id=8364


VIRUS WRITERS TAKE A DIFFERENT TACT
Virus writers who once favored releasing malware that would clog
corporate networks by the thousands have shifted to a strategy of
secrecy in which they commandeer PCs on the Internet in the pursuit
of dollars instead of notoriety, a security expert said Friday.
http://www.net-security.org/news.php?id=8365


POLL FINDS SECURITY STILL KEEPS IT EXECS AWAKE AT NIGHT
A recent poll has found that 88 percent of IT managers believe the
complexity in their IT organisation is now higher than it was 18
months ago.
http://www.net-security.org/news.php?id=8366


HOW TO BEAT SPAMMERS AT THEIR OWN GAME
Don't think about blocking spam - imagine instead that you are
playing a game against the spammers, with cash at stake.
http://www.net-security.org/news.php?id=8367


UK POLICE CHIEFS SEEK POWERS TO ATTACK TERROR WEBSITES
The Association of Chief Police Officers has asked for new
legislation giving the security services "powers to attack identified
websites".
http://www.net-security.org/news.php?id=8368


SPAM HATERS GIVEN RIGHT OF REPLY
Now you have a chance to let spammers know how you feel about junk
mail.
http://www.net-security.org/news.php?id=8369


THEY'RE PLAYING OUR VIRUS
These days, digital attacks on PCs are coming disguised as media
files or targeting corporate backup systems.
http://www.net-security.org/news.php?id=8370


FDIC ADVISES BANKS ON HOW TO PROTECT AGAINST SPYWARE
The Federal Deposit Insurance Corp. (FDIC) today issued a list of
best practices for financial services firms that details how to
protect against spyware
http://www.net-security.org/news.php?id=8371


BANKS WARNED OVER M-COMMERCE SECURITY PERIL
Banks risk exposing customer data to hacking attacks in deploying
mobile-phone ATM applications.
http://www.net-security.org/news.php?id=8372


LAPD RECRUITS COMPUTER TO STOP ROGUE COPS
The $35 million computer system tracks complaints and other telling
data about officers and then alerts top supervisors to possible signs
of misconduct.
http://www.net-security.org/news.php?id=8373


WEB SITES: THE WEAKEST LINK IN SECURITY
Poorly designed Web sites can open the door to hackers trying to
access proprietary information.
http://www.net-security.org/news.php?id=8374


REAL-WORLD STRATEGIES FOR OVERCOMING SPAM AND PHISHING ATTACKS
This paper presents an overview of the threats posed by spam and
Phishing, discusses why traditional technologies fail, and focuses on
the requirements for an effective solution.
http://www.net-security.org/news.php?id=8375


UK WAR DRIVER FINED £500
A man was last week fined £500 after a British jury found him
guilty of using a neighborhood wireless broadband connection without
permission.
http://www.net-security.org/news.php?id=8376


TRIKE - A CONCEPTUAL FRAMEWORK FOR THREAT MODELING
Trike is a unified conceptual framework for security auditing from a
risk management perspective through the generation of threat models
in a reliable, repeatable manner. A security auditing team can use it
to completely and accurately describe the security characteristics of
a system from its highlevel architecture to its low-level
implementation details.
http://www.net-security.org/news.php?id=8377


SECURITY PROFESSIONAL BODY BLUEPRINT RELEASED
Proposals to create a professional institution to raise standards in
IT security moved a step forward this week after working groups
released detailed blueprints for the new organisation.
http://www.net-security.org/news.php?id=8378


GIVE UP PRIVACY TO SKIP AIRPORT SECURITY LINES?
Industry pushes for nationwide Registered Traveler program to allow
frequent fliers to bypass security holdups.
http://www.net-security.org/news.php?id=8379


AIRBORNE VIRUSES: REAL THREAT OR JUST HYPE?
"The biggest threat that I see right now is that Research In Motion's
Blackberries and palmOne's PDAs are connected to names and addresses,"
said IBM Global Solutions Manager for Managed Security Services Doug
Conorich.
http://www.net-security.org/news.php?id=8380


LINKSYS SIMPLIFIES WLAN SECURITY SETUP
SecureEasySetup technology aims to make it easier to set up secure
wireless LANs.
http://www.net-security.org/news.php?id=8381


GET PAID FOR HACKING? IT'S NOT JUST FOR MOVIES ANYMORE!
I remember the days when hackers kept security exploits to themselves
in order to gain hacker points among their fellow hackers. These days
they just sell them to companies like TippingPoint... or do they?
http://www.net-security.org/news.php?id=8382


NTT ADVANCES QUANTUM CRYPTO KEY DISTRIBUTION
In what could be a step forward in the development of quantum
cryptography systems, a Japanese laboratory has demonstrated that it
can send quantum keys through an optical switch designed for normal
optical communications.
http://www.net-security.org/news.php?id=8383


SECURITY GETS SMARTER
3Com, VeriSign, Arbor add intelligence to wares.
http://www.net-security.org/news.php?id=8384


A NEW STAB AT PASSWORD PROTECTION
The increase in identity theft has prompted two Stanford University
professors to develop software that protects computer passwords from
internet thieves.
http://www.net-security.org/news.php?id=8385


THREAT ALERT HIGHLIGHTS VULNERABILITIES IN BACKUP SOFTWARE
The SANS Institute Monday reported 422 new Internet security
vulnerabilities discovered during the second quarter, up nearly 11%
from the first quarter, with weaknesses in popular backup software
highlighting the report.
http://www.net-security.org/news.php?id=8386


SQL SERVER PORT UNDER HEAVY SCANNING
Symantec issued an alert Monday that it had detected unusual amounts
of scanning of a port normally associated with Microsoft SQL Server,
a possible precursor to an attack.
http://www.net-security.org/news.php?id=8387


SYSTEM SECURITY: A COMPREHENSIVE APPROACH
This security white paper outlines the seven critical categories of
system security necessary to implement a comprehensive security
framework.
http://www.net-security.org/news.php?id=8388


Q&A WITH LIBERTY ALLIANCE ON IDENTITY THEFT PREVENTION
The Liberty Alliance Project is committed to developing an open
standard for federated network identity that supports all current and
emerging network devices.
http://www.net-security.org/news.php?id=8389


MICROSOFT STEPS UP PIRACY FIGHT
Anyone downloading updates for Windows XP will be required to check
that their operating system is genuine.
http://www.net-security.org/news.php?id=8390


RUSSIAN SPAMMER MURDERED
The spammer headed the Center for American English whose aggressive
spamming practices have angered net users.
http://www.net-security.org/news.php?id=8391


PROFESSORS' PRODUCT PROTECTS WEB PASSWORDS
Pwdhash scrambles passwords typed into Web sites, then creates a
unique sign-on for each site visited.
http://www.net-security.org/news.php?id=8392


INSTALLING AND CONFIGURING MICROSOFT’S DATA PROTECTION MANAGER PART 1
The beta of Microsoft's new Data Protection Manager (formerly called
Data Protection Server) is now available to the public.
http://www.net-security.org/news.php?id=8393


PRIVACY GURU LOCKS DOWN VOIP
Zimmermann has developed a prototype program for encrypting
voice-over IP.
http://www.net-security.org/news.php?id=8394


THE CHANGING THREAT FROM PRANKSTERS TO PROFESSIONALS
In this white paper, we will discuss the magnitude of the new
generation of cyber-crime, direction these threats are headed and
what is needed to fight back.
http://www.net-security.org/news.php?id=8395


HOW SHOULD ONE RESPOND TO A NETWORK BREAK IN?
How seriously should one react?
http://www.net-security.org/news.php?id=8396


NETSCAPE RELEASES FOUR CRITICAL PATCHES
Browser maker lists another 10 flaws that remain to be patched.
http://www.net-security.org/news.php?id=8397


GOOD SECURITY MEANS COVERING THE BASICS
It's important to keep your eye on your overall security practices,
and not get distracted by the continual hype.
http://www.net-security.org/news.php?id=8398


HACKERS TAPPING FREE WEB HOSTING
Websense announced that it had discovered thousands of cases of
hackers using free personal Web hosting services to store and
distribute malicious code and certain dangerous varieties of spyware.
http://www.net-security.org/news.php?id=8399


HACKERS LOOKING HARD FOR ANTI-VIRUS SOFTWARE VULNERABILITIES
A pair of researchers will outline at the Black Hat security
conference how they were able to spot vulnerabilities in several
anti-virus software packages earlier this year, and why hackers are
interested in digging up dirt on enterprise defensive software.
http://www.net-security.org/news.php?id=8400


DEPLOYING AUTHENTICODE WITH CRYPTOGRAPHIC HARDWARE FOR SECURE
SOFTWARE PUBLISHING
The paper looks at the importance of protecting the credentials that
underpin Authenticode and the role of cryptographic hardware in
securing digital keys and certificates.
http://www.net-security.org/news.php?id=8401


HOW PHISHERS KILLED THE PASSWORD (AND WHY THAT'S A GOOD THING)
Passwords just don’t cut it anymore.
http://www.net-security.org/news.php?id=8402


AN INTRODUCTION TO TCP WRAPPERS
TCP Wrappers is designed to filter incoming connections to network
services. This article looks at how this package can be used to
enhance the security of a networking system.
http://www.net-security.org/news.php?id=8403


YOU SIMPLY CAN'T STEAL WIFI...
Like many in the tech community, I found it rather disturbing that
someone could be arrested, and then charged with stealing a WiFi
signal. What a complete waste of taxpayer resources. I believe (hope)
that the judge who sits on the bench will throw out the case.
http://www.net-security.org/news.php?id=8404


IDENTITY MANAGEMENT COMES OF AGE
Identity management is an idea whose time has come, as evidenced by
the variety of tools, initiatives and services. We discuss a few in
this article, but there are many more that affect not only employees
and partners, but consumers as well.
http://www.net-security.org/news.php?id=8405


SECURE SERVERS STANDARDS LAUNCHED
The Trusted Computing Group has announced an open specification for
trusted servers to allow manufacturers to offer better data and
transaction security.
http://www.net-security.org/news.php?id=8406


VENDORS COMPETE FOR HACKER ZERO DAYS
Competition has come to the vulnerability research market, with 3Com
Corp yesterday saying it will pay independent security researchers
for their zero-day vulnerabilities.
http://www.net-security.org/news.php?id=8407


UK 'HACKER' FIGHTS US EXTRADITION
The extradition hearing of a British man accused of hacking into the
US military computer system has begun.
http://www.net-security.org/news.php?id=8408


IBM SAYS NEW BIG BOX SAFER FROM HACKERS
Trying to stay atop the market for corporate computer servers, IBM
renewed its lucrative line of mainframe computers with a new system
aimed at helping banks, government agencies and other big customers
keep data secure.
http://www.net-security.org/news.php?id=8409


ID THEFT - BANK FINDS A WAY TO PROFIT
Federal regulators say Wells Fargo jeopardized the personal
information of hundreds of thousands of customers through a string of
security breaches over the past two years. Wells in turn has found a
way to profit from the problem.
http://www.net-security.org/news.php?id=8410


COUNTER-ESPIONAGE FOR YOUR PC
When it comes to defenses, there are things you can do on your own to
avoid being a victim and there are software tools you can load on your
PC to help prevent or remove malicious software or e-mail.
http://www.net-security.org/news.php?id=8411


HOW TO ELIMINATE SPYWARE TO PROTECT YOUR BUSINESS
IT security experts warn that spyware is rapidly moving from personal
computers to business networks connected to the Internet.
http://www.net-security.org/news.php?id=8412


INTRODUCTION TO .NET SECURITY
.Net is a software framework from Microsoft that enables
language-non-specific software development, resulting in applications
that can easily interoperate across platforms and networks.
http://www.net-security.org/news.php?id=8413


ETHICAL HACKING IS CHALLENGING BUT TRAINING IS EXPENSIVE
According to one site listing ethical hackers' resources, most large
organisations now make use of their services.
http://www.net-security.org/news.php?id=8414


SECURITY VENDORS HOLDING OFF ON 64-BIT WINDOWS
Any software that runs in kernel mode, such as anti-virus, will need
to be rewritten for 64-bit Windows.
http://www.net-security.org/news.php?id=8415


CISCO, ISS FILE SUIT AGAINST RESEARCHER
Cisco and Internet Security Systems filed a restraining order against
the management of the Black Hat Conference and a security expert who
told conference attendees that attackers can broadly compromise Cisco
routers.
http://www.net-security.org/news.php?id=8416


BUILD A SECURE ENTERPRISE INFRASTRUCTURE WITH GERONIMO
A real-world demonstration of Geronimo's robust security features.
http://www.net-security.org/news.php?id=8417


WIRELESS HIJACKING UNDER SCRUTINY
A recent court case, which saw a West London man fined £500 and
sentenced to 12 months' conditional discharge for hijacking a
wireless broadband connection, has repercussions for almost every
user of wi-fi networks.
http://www.net-security.org/news.php?id=8418


WORKSTATION SECURITY: LOCK DOWN THAT MAC
In this series on Macintosh infrastructure security, I've opted to
include as many ways to secure a network as possible.
http://www.net-security.org/news.php?id=8419


SECURING WINDOWS MEMBER SERVERS
This article will discuss some of key security configurations that
can be made to help protect your member servers.
http://www.net-security.org/news.php?id=8420


PHISHING IS YESTERDAY'S NEWS - GET READY FOR PHARMING
Phishing and pharming attacks are both on the rise, but pharming is
much more dangerous and difficult to detect, learn how to protect
against phishing and pharming.
http://www.net-security.org/news.php?id=8421


LIGHTEN UP: SPAM SHOULD BE A GAME
Treating spam as if it was a game could be the key to the undoing of
bulk-mailers everywhere, according to a Greek scientist.
http://www.net-security.org/news.php?id=8422


WARNING ON LONDON UNDERGROUND SPAM
Bogus advice spreads to inboxes in sick prank.
http://www.net-security.org/news.php?id=8423


GROWING CONCERN OVER IDENTITY CLONING
Protecting consumer identity and preventing data loss and leakage are
the new brand protection priorities facing large organisations.
http://www.net-security.org/news.php?id=8424


GEEKS GATHER AT 'WHAT THE HACK' CONFERENCE
There are hundreds of tents on the hot and soggy campground, but this
isn't your ordinary summertime outing, considering that it includes
workshops with such titles as "Politics of Psychedelic Research" or
"Fun and Mayhem with RFID."
http://www.net-security.org/news.php?id=8425


HACKERS LOOK OUTSIDE WINDOWS FOR FLAWS
Security vulnerabilities are on the rise with a 10.8 percent increase
in vulnerabilities over last quarter, according to a study from the
SANS Institute.
http://www.net-security.org/news.php?id=8426


BEEFED UP OWASP 2.0 INTRODUCED AT BLACKHAT
The Open Web Application Security Project yesterday unveiled a
revised and more robust popular guide for protecting Web services
that reflects best practices, common coding errors and the increasing
threat of phishing.
http://www.net-security.org/news.php?id=8427


SECURE WIRELESS NETWORKING USING SSL VPNS
While providing users wireless access to file shares, applications,
and other network resources offers many benefits, doing so can
present security and manageability challenges.
http://www.net-security.org/news.php?id=8428


DATA-SECURITY BILL ADVANCES IN SENATE
Measure would require notification when sensitive information is
compromised.
http://www.net-security.org/news.php?id=8429


SOPHOS IS LATEST ANTI-VIRUS VENDOR WITH VULNERABILITIES
A bug in Sophos' anti-virus software can be exploited by attackers to
gain complete control of a compromised computer, the bug tracker firm
Secunia said on Thursday.
http://www.net-security.org/news.php?id=8430


FUROR OVER CISCO IOS ROUTER EXPLOIT ERUPTS AT BLACK HAT
Cisco and ISS filed lawsuits against Michael Lynn and the Black Hat
conference.
http://www.net-security.org/news.php?id=8431

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/vulnerabilities.php


----------------------------------------------------------------

Thomson NETg Web Skill Vantage Manager Login SQL Injection
http://www.net-security.org/vulnerability.php?id=18330


PHPlist admin/about.php Direct Request path Disclosure
http://www.net-security.org/vulnerability.php?id=18320


PHPlist admin/index.php id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18316


PHPlist attributes.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18317


PHPlist helloworld.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18318


PHPlist main.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18319


PHPlist admin/connect.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18321


PHPlist admin/domainstats.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18322


PHPlist admin/usercheck.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18323


PHPlist plugins/sidebar.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18324


PHPlist pages/dbcheck.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18325


PHPlist pages/importcsv.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18326


PHPlist pages/user.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18327


PHPlist pages/usermgt.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18328


PHPlist pages/users.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=18329


Cisco IOS Crafted IPv6 Packet Remote Code Execution
http://www.net-security.org/vulnerability.php?id=18332


BMForum topic.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=18306


BMForum forums.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=18307


BMForum post.php forumid Variable XSS
http://www.net-security.org/vulnerability.php?id=18308


BMForum announcesys.php forumid Variable XSS
http://www.net-security.org/vulnerability.php?id=18309


BMForum sendmail.php Path Disclosure
http://www.net-security.org/vulnerability.php?id=18310


BMForum post_global.php Path Disclosure
http://www.net-security.org/vulnerability.php?id=18311


BMForum regipbans.php Banned IP List Disclosure
http://www.net-security.org/vulnerability.php?id=18312


BMForum bbslog2.txt Information Disclosure
http://www.net-security.org/vulnerability.php?id=18313


VBZooM show.php SubjectID Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18296


Siemens Santis 50 Wireless Router Port 280 DoS Authentication Bypass
http://www.net-security.org/vulnerability.php?id=18294


ProFTPD ftpshut Shutdown Message Format String
http://www.net-security.org/vulnerability.php?id=18270


ProFTPD mod_sql SQLShowInfo Directive Format String
http://www.net-security.org/vulnerability.php?id=18271


3com OfficeConnect Wireless 11g Access Point Hidden Pages Information
Disclosure
http://www.net-security.org/vulnerability.php?id=18256


Clam AntiVirus FSG File Processing Overflow
http://www.net-security.org/vulnerability.php?id=18259


Clam AntiVirus TNEF File Processing Multiple Overflows
http://www.net-security.org/vulnerability.php?id=18257


Clam AntiVirus CHM File Processing Filename Overflow
http://www.net-security.org/vulnerability.php?id=18258


GoodTech SMTP Server RCPT TO Command Remote Overflow
http://www.net-security.org/vulnerability.php?id=18250

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Slackware Security Advisory - telnet client (SSA:2005-210-01)
http://www.net-security.org/advisory.php?id=5106


US-CERT Technical Cyber Security Alert - Cisco IOS IPv6 Vulnerability
(TA05-210A)
http://www.net-security.org/advisory.php?id=5105


Debian Security Advisory - gopher (DSA 770-1)
http://www.net-security.org/advisory.php?id=5104


Conectiva Linux Security Announcement - clamav (CLA-2005:987)
http://www.net-security.org/advisory.php?id=5103


Ubuntu Security Notice - tiff vulnerability (USN-156-1)
http://www.net-security.org/advisory.php?id=5102


Cisco Security Advisory - IPv6 Crafted Packet Vulnerability (1.0)
http://www.net-security.org/advisory.php?id=5101


Debian Security Advisory - gaim (DSA 769-1)
http://www.net-security.org/advisory.php?id=5100


Mandriva Linux Security Update Advisory - mozilla-thunderbird
(MDKSA-2005:127)
http://www.net-security.org/advisory.php?id=5099


Mandriva Linux Security Update Advisory - fetchmail (MDKSA-2005:126)
http://www.net-security.org/advisory.php?id=5098


Fedora Legacy Update Advisory - Updated php packages fix security
issues (FLSA:163559)
http://www.net-security.org/advisory.php?id=5097


Ubuntu Security Notice - epiphany-browser regressions (USN-155-2)
http://www.net-security.org/advisory.php?id=5096


SUSE Security Announcement - SUSE Security Announcement (zlib)
http://www.net-security.org/advisory.php?id=5095


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2005:018)
http://www.net-security.org/advisory.php?id=5094


Ubuntu Security Notice - mozilla vulnerabilities (USN-155-1)
http://www.net-security.org/advisory.php?id=5093


OpenPKG Security Advisory - fetchmail (OpenPKG-SA-2005.016)
http://www.net-security.org/advisory.php?id=5092


OpenPKG Security Advisory - spamassassin (OpenPKG-SA-2005.015)
http://www.net-security.org/advisory.php?id=5091


Ubuntu Security Notice - mozilla-firefox vulnerabilities (USN-149-3)
http://www.net-security.org/advisory.php?id=5090


OpenPKG Security Advisory - zlib (OpenPKG-SA-2005.014)
http://www.net-security.org/advisory.php?id=5089


SCO Security Advisory - UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1
: RPCBind updated to prevent remote Denial of Service attack
(SCOSA-2005.31)
http://www.net-security.org/advisory.php?id=5088


Mandriva Linux Security Update Advisory - clamav (MDKSA-2005:125)
http://www.net-security.org/advisory.php?id=5087


Debian Security Advisory - phpbb2 (DSA 768-1)
http://www.net-security.org/advisory.php?id=5086


Debian Security Advisory - ekg (DSA 767-1)
http://www.net-security.org/advisory.php?id=5085


FreeBSD Security Advisory - Incorrect key usage in AES-XCBC-MAC
(FreeBSD-SA-05:19.ipsec)
http://www.net-security.org/advisory.php?id=5084


FreeBSD Security Advisory - Buffer overflow in zlib
(FreeBSD-SA-05:18.zlib)
http://www.net-security.org/advisory.php?id=5083


Debian Security Advisory - webcalendar (DSA 766-1)
http://www.net-security.org/advisory.php?id=5082


Debian Security Advisory - heimdal (DSA 765-1)
http://www.net-security.org/advisory.php?id=5081


Symantec Security Advisory - netkit-combo,  cpio (27/Jul/2005)
http://www.net-security.org/advisory.php?id=5080


Ubuntu Security Notice - vim vulnerability (USN-154-1)
http://www.net-security.org/advisory.php?id=5079


Ubuntu Security Notice - fetchmail vulnerability (USN-153-1)
http://www.net-security.org/advisory.php?id=5078


Ubuntu Security Notice - mozilla-firefox regressions (USN-149-2)
http://www.net-security.org/advisory.php?id=5077


Conectiva Linux Security Announcement - tcpdump (2005-07-25)
http://www.net-security.org/advisory.php?id=5076


Conectiva Linux Security Announcement - dhcpcd (dhcpcd)
http://www.net-security.org/advisory.php?id=5075


Conectiva Linux Security Announcement - wget (CLA-2005:985)
http://www.net-security.org/advisory.php?id=5074


Conectiva Linux Security Announcement - ruby (CLA-2005:984)
http://www.net-security.org/advisory.php?id=5073


Conectiva Linux Security Announcement - apache (CLA-2005:982)
http://www.net-security.org/advisory.php?id=5072


Fedora Legacy Update Advisory - Updated lvm package fixes security
issue (FLSA:152842)
http://www.net-security.org/advisory.php?id=5071


Fedora Legacy Update Advisory - Updated krb5 packages fix security
issues (FLSA:154276)
http://www.net-security.org/advisory.php?id=5070


Mandriva Linux Security Update Advisory - zlib (MDKSA-2005:124)
http://www.net-security.org/advisory.php?id=5069


Mandriva Linux Security Update Advisory - mozilla-firefox
(MDKSA-2005:120-1)
http://www.net-security.org/advisory.php?id=5068


Slackware Security Advisory - gxine format string vulnerability
(SSA:2005-203-04)
http://www.net-security.org/advisory.php?id=5067


Slackware Security Advisory - fetchmail (SSA:2005-203-05)
http://www.net-security.org/advisory.php?id=5066


Slackware Security Advisory - zlib (SSA:2005-203-03)
http://www.net-security.org/advisory.php?id=5065


Slackware Security Advisory - kdenetwork (SSA:2005-203-02)
http://www.net-security.org/advisory.php?id=5064


Slackware Security Advisory - Mozilla/Firefox (SSA:2005-203-01)
http://www.net-security.org/advisory.php?id=5063


Ubuntu Security Notice - dpkg, ia32-libs, amd64-libs vulnerabilities
(USN-151-2)
http://www.net-security.org/advisory.php?id=5062

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

INNOMINATE MGUARD INDUSTRIAL - AN ALL-IN-ONE SECURITY SOLUTION
The Innominate mGuard industrial is an all-in-one security solution
that has been specifically designed for use in a production
environment.
http://www.net-security.org/article.php?id=808


TRIKE - A CONCEPTUAL FRAMEWORK FOR THREAT MODELING
Trike is a unified conceptual framework for security auditing from a
risk management perspective through the generation of threat models
in a reliable, repeatable manner. A security auditing team can use it
to completely and accurately describe the security characteristics of
a system from its highlevel architecture to its low-level
implementation details.
http://www.net-security.org/article.php?id=807


NEW CAR SAFE FOR YOUR IT EQUIPMENT
SecureITsafe Ltd announced the launch of a totally portable steel
case that can be mounted in the boot of any car using the existing
vehicle anchorages. 
http://www.net-security.org/article.php?id=806

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

CONSOLE PASSWORD MANAGER (CPM) 0.14 Beta (Linux)
cpm is a small console tool to manage passwords and store them public
key encrypted in a file - even for more than one person.
http://www.net-security.org/software.php?id=287


CRIPPIN 2.6 (Pocket PC)
Crippin was designed to protect confidential files in case a Pocket
PC is lost or stolen.
http://www.net-security.org/software.php?id=544


ETHEREAL 0.10.12 (Linux)
Ethereal is a free network protocol analyzer.
http://www.net-security.org/software.php?id=99


GNUPG 1.4.2 (Linux)
GnuPG stands for GNU Privacy Guard and is GNU's tool for secure
communication and data storage.
http://www.net-security.org/software.php?id=295


IPTABLES 1.3.3 (Linux)
The netfilter/iptables project is the Linux 2.4.x / 2.5.x firewalling
subsystem.
http://www.net-security.org/software.php?id=4


KERIO PERSONAL FIREWALL 4.2.0 (Windows)
Kerio Personal Firewall represents smart, easy-to-use personal
security technology that fully protects personal computers against
attackers.
http://www.net-security.org/software.php?id=108


KISMET 2005-07-R1 (Linux)
Kismet is a 802.11b wireless network sniffer.
http://www.net-security.org/software.php?id=218


LINUX TRUSTEES 3.0 (Linux)
The main goal of the Linux Trustees project is to create an advanced
permission management system for Linux.
http://www.net-security.org/software.php?id=179


NESSUS 2.2.5 (Linux)
Nessus is a free, powerful, up-to-date and easy to use remote
security scanner.
http://www.net-security.org/software.php?id=19


NUFW 1.0.11 (Linux)
NuFW is an "authenticating gateway". This means it requires
authentication for any connections to be forwarded through the
gateway.
http://www.net-security.org/software.php?id=526


PROSHIELD 3.7.22 (Linux)
ProShield is a security program for Debian Linux.
http://www.net-security.org/software.php?id=282


SNORT 2.4.0 (Linux)
Snort is a lightweight network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP
networks.
http://www.net-security.org/software.php?id=112


T-BEAR 1.5 (Linux)
T-BEAR is the Transient Bluetooth Environment security AuditoR.
http://www.net-security.org/software.php?id=360


TOR 0.1.0.13 alpha (Windows)
An anonymous Internet communication system.
http://www.net-security.org/software.php?id=253


TROUSERS 0.2.1 (Linux)
TrouSerS is a Trusted Computing Group Software Stack (TCG TSS)
implementation.
http://www.net-security.org/software.php?id=266


YASSL 1.0.2 (Linux)
yaSSL is an SSL Library for programmers building security
functionality into their applications and devices.
http://www.net-security.org/software.php?id=521

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

14th USENIX Security Symposium
Organized by USENIX - 31 July-5 August 2005
http://www.net-security.org/conference.php?id=136


3rd Annual Midwest Network Security Forum
Organized by The Institute for Applied Network Security - 3 August-4
August 2005
http://www.net-security.org/conference.php?id=139


Crypto 2005
Organized by International Association for Cryptologic Research - 14
August-18 August 2005
http://www.net-security.org/conference.php?id=122


8th Information Security Conference(ISC'05)
Organized by Institute for Infocomm Research - 21 September-23
September 2005
http://www.net-security.org/conference.php?id=123


The 4th International Workshop for Applied PKI (IWAP'05)
Organized by Institute for Infocomm Research - 21 September-23
September 2005
http://www.net-security.org/conference.php?id=124


RSA Conference Europe 2005
Organized by RSA Conference - 17 October-19 October 2005
http://www.net-security.org/conference.php?id=133


CNIS 2005: IASTED International Conference on Communication, Network
and Information Security
Organized by IASTED - 14 November-16 November 2005
http://www.net-security.org/conference.php?id=137


Asiacrypt 2005
Organized by International Association for Cryptologic Research - 1
December-4 December 2005
http://www.net-security.org/conference.php?id=125

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

CallingID Announces New Anti-Phishing Solution
http://www.net-security.org/press.php?id=3346


Cross Platform Alternative to Exchange Fights Back
http://www.net-security.org/press.php?id=3345


Utimaco Awarded Best Marks for Securing Mobile Data
http://www.net-security.org/press.php?id=3344


Watchfire Announces New Security Zone Website and Free Web
Application Security Developer Tools
http://www.net-security.org/press.php?id=3343


Free Qualys Vulnerability Scan Available for New SANS Top 20
Quarterly Update
http://www.net-security.org/press.php?id=3342


Innovative Software Helps Organizations Achieve Web Application
Security Compliance
http://www.net-security.org/press.php?id=3341


ISACA’s Information Security Management and Network Security
Conferences Highlight Control and Convergence Issues
http://www.net-security.org/press.php?id=3340


Flowmaster International Secures And Expands Its Business With The
Help Of Watchguard Firewalls And VPNs
http://www.net-security.org/press.php?id=3339


BlackBerry Connectivity Available for Cyrus IMAP Server Using
Consilient2 Software
http://www.net-security.org/press.php?id=3338


Kaspersky Lab's product receives "Certified for Windows" status for
Microsoft Windows Server 2003 Standard Edition
http://www.net-security.org/press.php?id=3337


Preventsys Automates Payment Card Industry Data Security Compliance
For Merchants Worldwide
http://www.net-security.org/press.php?id=3336


200 Anti-Adware and Anti-Spyware Tips to Help Increase Computer
Security and Privacy
http://www.net-security.org/press.php?id=3335


Bob West Launches Echelon One, Innovative Information Security
Advisory Services Company
http://www.net-security.org/press.php?id=3334


Tricipher Survey Reveals the Need For Strong Authentication Systems
That Better Address
http://www.net-security.org/press.php?id=3333


Intellitactics, Covelight Systems Team to Guard Against Insider
Threats to Web-enabled Sensitive Data
http://www.net-security.org/press.php?id=3332


MDI Security Systems Signs Business Agreement with PSA Security
Network
http://www.net-security.org/press.php?id=3331


3Com Launches Revolutionary Vulnerability Discovery Program, Setting
The Clock Back On Zero Day Attacks
http://www.net-security.org/press.php?id=3330


MDI Receives Product of the Month Award for its ViewPoint Video IP
Security Camera
http://www.net-security.org/press.php?id=3329


Whittles Solicitors guards vital email communications from downtime
with SteelEye LifeKeeper for Exchange
http://www.net-security.org/press.php?id=3328


visKeeper 2.2: The burglar-proof data safe easy as pie for PPC
http://www.net-security.org/press.php?id=3327


New Solution To Detect And Locate Rogue Wireless Networks
http://www.net-security.org/press.php?id=3326

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly Report on Viruses and Intruders - Killfiles.AC, Killfiles.AD
and Banker.AEP Trojans, Ip-Harvester and Redhand
http://www.net-security.org/virus_news.php?id=567

----------------------------------------------------------------



----------------------------------------------------------------
InfoSec Research Library - http://net-security.bitpipe.com
----------------------------------------------------------------
In association with BitPipe, Help Net Security is giving you a
possibility to freely read the latest white papers, case studies,
webcasts and product information related to information security.

Some of the topics covered include: Authentication, Email Security,
Identity Management, Network Security, Security Policies. VPN and
Wireless Security.
----------------------------------------------------------------
Point your bowsers to: http://net-security.bitpipe.com
----------------------------------------------------------------




Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php