HNS Newsletter
Issue 279 - 22.08.2005.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.

----------------------------------------------------------------
********* Acunetix Web Vulnerability Scanner *********
----------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability
Scanner: Attackers are concentrating their efforts on attacking
applications on your website. Up to 75% of cyber attacks are
launched on shopping carts, forms, login pages, dynamic
content etc. Check your website for vulnerabilities to SQL
injection, Cross site scripting and other web attacks.
----------------------------------------------------------------
Download Trial: http://www.net-security.org/v/acunetix2
----------------------------------------------------------------


Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Conferences
7) Security World
8) Virus News


[ Security news ]


----------------------------------------------------------------

FEDS PUSH FLIER BACKGROUND CHECKS
Homeland Security officials quietly lobby Congress to ease oversight
of the planned Secure Flight passenger-screening program and allow
private databases to help probe travelers' lives.
http://www.net-security.org/news.php?id=8566


ATTACKS REPORTED FOR CRITICAL VERITAS BACKUP EXEC FLAW
Flaw is discovered in Network Data Management Protocol agent.
http://www.net-security.org/news.php?id=8567


THE PRIVACY LAWYER: WIRELESS FREELOADERS ARE BREAKING THE LAW
You can try to justify it, but there's no way around the fact. And if
you fear it's your wireless connection that's being stolen, it's time
to get proactive about securing that network.
http://www.net-security.org/news.php?id=8568


DATA DUMPED IN SECURE FLIGHT TEST
Information about airline travelers collected to test a new
passenger-screening system is being destroyed by the feds, leaving
some privacy advocates wondering why.
http://www.net-security.org/news.php?id=8569


OPEN FIRMWARE SECURITY FOR MAC WORKSTATIONS
When Apple Computer Inc. introduced Open Firmware with the first G3
Macintosh computers, it was big news because it allowed Apple to
easily modify system information previously stored in ROM.
http://www.net-security.org/news.php?id=8570


COST-EFFECTIVE APPLICATION PROTECTION AND RECOVERY
Since the network world is constantly under attack from
application-crashing viruses, worms and bugs, data protection and
recovery is an advantage for the forward-thinking network executive.
http://www.net-security.org/news.php?id=8571


DID 'SPAM FACTORY' STEAL DATA?
On the hunt for a hacker two years ago, security officials at
data-management company Acxiom discovered that an internet address at
one of its clients' contractors was taking far more data than it
should have.
http://www.net-security.org/news.php?id=8572


FLAW ON TUESDAY, WORM BY SUNDAY
Virus writers have created a worm that spreads using a Microsoft
Plug-and-Play vulnerability disclosed only last week.
http://www.net-security.org/news.php?id=8573


IS VOIP WIRETAPPING A PRIVACY THREAT?
Has the Federal Communications Commission radically enhanced the
powers of law enforcement with its new regulation to allow for
Internet wiretapping, as some civil libertarians have been
suggesting?
http://www.net-security.org/news.php?id=8574


FLEXIBLE, SAFE AND SECURE?
This article looks beyond the hype of mobile working to consider some
of the practical issues of an organisation implementing an ICT
strategy that ensures data security wherever employees connect to
corporate systems.
http://www.net-security.org/news.php?id=8575


SO YOU THINK YOUR DATA IS SECURE?
Everything I'm about to tell you is true. And if you're a corporate
executive who's serious about information security, corporate
governance and compliance, you will cut this column out and nail it
to your CEO's office door.
http://www.net-security.org/news.php?id=8576


DON'T SHOOT THE SECURITY MESSENGER
Security through transparency takes on a whole new point of view.
http://www.net-security.org/news.php?id=8577


STORAGE SECURITY BASICS: CONFIDENTIALITY AND INTEGRITY
If you manage a storage network, one of your primary goals is to
ensure that the data is secure.
http://www.net-security.org/news.php?id=8578


BULK MAILER CONVICTED OF DATA THEFT SCAM
A Florida man has been convicted of stealing vast amounts of personal
information from Acxiom.
http://www.net-security.org/news.php?id=8579


PHISHERS TARGET GOOD SAMARITANS
An 89 year old needs your money.
http://www.net-security.org/news.php?id=8580


CHAIN ATTACK TROJAN NETS 3M EMAIL ADDRESSES
Can infect victim PCs with up to 19 malicious malware programs.
http://www.net-security.org/news.php?id=8581


WINDOWS WORM ZOTOB A THREAT
Trend Micro reports that a new Windows worm, dubbed ZOTOB, exploits
"critical" security issues Microsoft patched just last week.
http://www.net-security.org/news.php?id=8582


MCAFEE READIES HOME WI-FI SECURITY TOOL
All home Wi-Fi gear comes with the bricks and mortar to put up at
least a basic security wall against intruders and eavesdroppers, but
McAfee wants to sell consumers a better trowel for building it.
http://www.net-security.org/news.php?id=8583


(IN)SECURE MAGAZINE ISSUE 3 HAS BEEN RELEASED
(IN)SECURE Magazine is a freely available, freely distributable
digital security magazine in PDF format. Get your copy of the third
issue today!
http://www.net-security.org/news.php?id=8584


IRC BOT LATCHES ONTO PLUG-AND-PLAY VULN
he Microsoft Plug-and-Play vulnerability exploited by the ZoTob worm
has been harnessed to create an IRC bot.
http://www.net-security.org/news.php?id=8585


US CYBER SECURITY 'ALMOST OUT OF CONTROL'
Vulnerable to terrorist and criminal attacks.
http://www.net-security.org/news.php?id=8586


IIS VS. APACHE: WHICH IS THE RIGHT SECURITY CHOICE?
From a security perspective, the choice is debatable.
http://www.net-security.org/news.php?id=8587


THREAT CHAOS: MAKING SENSE OF THE ONLINE THREAT LANDSCAPE
Download this white paper for an analysis of the vulnerabilities and
discover a threat model that can be used to clear up the confusing
nomenclature.
http://www.net-security.org/news.php?id=8588


WINDOWS VISTA PUTS TESTERS' SECURITY AT RISK
Problems with beta version, warns expert.
http://www.net-security.org/news.php?id=8589


DISASTER RECOVERY: DEALING WITH 21ST CENTURY THREATS
The good news is technology has advanced to a point where disaster
recovery isn't a single choice, but a collection of choices.
http://www.net-security.org/news.php?id=8590


SCORE LIST HACKING
This article covers just a few of the potential problems and examines
ways in which you can work to defeat a score list hacker.
http://www.net-security.org/news.php?id=8591


NETFILTER AND IPTABLES: UNDERSTANDING HOW THEY HARDEN LINUX
Linux firewalls are often more secure than Windows firewalls because
of the way they're implemented, according to James Turnbull, author
of Hardening Linux.
http://www.net-security.org/news.php?id=8592


IDEAL-TO-REALIZED SECURITY ASSURANCE IN CRYPTOGRAPHIC KEYS
In the first installment of this two-part series, we'll cover key
length, and relative concerns, such as entropy and how password
etiquette affects key space complexity.
http://www.net-security.org/news.php?id=8593


KENTUCKY IS FIRST STATE TO COMPLETE SECURITY REQUIREMENT
The Kentucky Office of Homeland Security was told by the U.S.
Department of Homeland Security that Kentucky is the first state in
the nation to complete the National Incident Management System
Capability Assessment Support Tool.
http://www.net-security.org/news.php?id=8594


USING THE WINDOWS SERVER 2003 SECURITY CONFIGURATION WIZARD TO HARDEN
THE ISA FIREWALL
While many of us made gallant attempts at coming up with
comprehensive hardening plans that wouldn’t break core ISA Server
2000 firewall functionality, it always seemed like we were feeling
our way through the dark.
http://www.net-security.org/news.php?id=8595


IS IT TIME FOR A VOIP FIREWALL?
Spam commonly proliferates using STMP and HTTP protocols, which are
critical to e-mail and the Internet, but it could soon become the
nemesis of SIP as well.
http://www.net-security.org/news.php?id=8596


TOOLS DRIVE POINT-AND-CLICK CRIME
New software tools make stealing data from users as easy as browsing
the web.
http://www.net-security.org/news.php?id=8597


WINDOWS WORM KNOCKS DOWN CORPORATIONS
A new computer has succeeded at knocking out several large
corporations in the US.
http://www.net-security.org/news.php?id=8598


SYMANTEC WILL BUY SYGATE
Symantec announced that it has signed an agreement to acquire Sygate
Technologies, a technology leader in endpoint compliance solutions.
http://www.net-security.org/news.php?id=8599


SECURITY FOR ENTERPRISES IN THE 21ST CENTURY
Enterprise security solutions are a combination of hard/software that
will consolidate from disparate perimeter implementation into holistic
platforms with centralized intelligence and policy-based control.
http://www.net-security.org/news.php?id=8600


AVOIDING THE AUTO DIALER VIRUS
This article provides some thoughts and helpful tips on avoiding
being scammed for hundreds or even thousands of dollars by
"auto-dialers". Sometimes even experienced computer users can be
caught off guard by this scam.
http://www.net-security.org/news.php?id=8601


MICROSOFT AND FEDERATED IDENTITIES: THE ROAD TO SINGLE SIGN-ON
Single sign-on. Symbolically at least, it may be a kind of grail for
IT staffers who today need to administer thousands of user accounts.
http://www.net-security.org/news.php?id=8602


THE RIGHT COPROCESSOR CAN HELP WITH ENCRYPTION
Encryption is a key aspect of security for any application or system.
Furthermore, encryption is algorithmically complex, requiring
significant resources for implementation, and most often, significant
hardware acceleration.
http://www.net-security.org/news.php?id=8603


IBM WORKS TOWARD REPLACABLE BIOMETRICS
Big Blue researching the area of 'cancelable biometrics'.
http://www.net-security.org/news.php?id=8604


COMPUTER VIRUS WRITERS AT WAR, SECURITY FIRM SAYS
We seem to have a botwar on our hands.
http://www.net-security.org/news.php?id=8605


EX-AOL EMPLOYEE SENTENCED TO 15 MONTHS IN SPAM CASE
Stole 92 million e-mail screen names and sold them to a spammer.
http://www.net-security.org/news.php?id=8606


'SPEAR PHISHING' TESTS EDUCATE PEOPLE ON ONLINE SCAMS
To fight computer crime, the good guys are masquerading as bad guys
pretending to be good guys.
http://www.net-security.org/news.php?id=8607


WINDOWS 2000 WORMS NOW AFFECTING 250,000
McAfee raises risk to "high" for one variant, called IRCBot worm.
http://www.net-security.org/news.php?id=8608


PROACTIVE HONEYPOTS
Honeypots sit on a server and wait for intrusion attempts.
http://www.net-security.org/news.php?id=8609


LONDON EYES SINGLE SMARTCARD STRATEGY
Councils should collaborate for a London-wide card, says report.
http://www.net-security.org/news.php?id=8610


VIRUS WRITERS MOVING FASTER WITH ATTACKS
Companies struck by worms this week are back to normal.
http://www.net-security.org/news.php?id=8611


COPY-PROTECTION GEAR SNEAKS INTO PRODUCTS
Controversial copy-protection technology is quietly being added to
e-books, CDs, DVDs and other products.
http://www.net-security.org/news.php?id=8612


MAN LOGS INTO DABS.COM CUSTOMER ACCOUNT SHOCKER
Blind chance has helped to expose a password security issue at
dabs.com over the way it and many other online retailers deal with
forgotten passwords.
http://www.net-security.org/news.php?id=8613


ADWARE MAKERS SUES NAUGHTY AFFILIATES
But it's still adware, warns researcher.
http://www.net-security.org/news.php?id=8614


IMPLEMENTING PRINCIPLE OF LEAST PRIVILEGE
This article will go over some of the most common configurations that
you can make to implement these principles and reduce the possibility
of an attack from a typical end user.
http://www.net-security.org/news.php?id=8615


DEVELOPMENT TOOL SECURITY HOLE THREATENS INTERNET APPS
A security hole in a popular development tool has severe implications
for a number of the Internet's most popular applications, including
Gmail, Flikr and MSN Virtual Earth.
http://www.net-security.org/news.php?id=8616


SECURITY IGNORES ENEMIES WITHIN
Half of all data theft carried out by employees.
http://www.net-security.org/news.php?id=8617


FIRST AND FOREMOST, SECURITY MUST MAKE BUSINESS SENSE
Return on investment analysis is useful, but prioritizing security
projects and focusing on business objectives are necessities.
http://www.net-security.org/news.php?id=8618


WARILY WATCHING WORM VARIANTS
While security firms continue to debate the severity of the Zotob
worm plaguing the Windows Plug-and-Play vulnerability, hackers have
released a new wave of worms aimed at taking over PCs running the
nearly ubiquitous operating system.
http://www.net-security.org/news.php?id=8619


FINNS URGE BETTER WI-FI SECURITY AFTER BANK BREAK-IN
Finland called on its citizens to take more care securing their Wi-Fi
networks.
http://www.net-security.org/news.php?id=8620


SECURE COMPUTING TO ACQUIRE CYBERGUARD
Secure Computing announced it had reached an agreement to acquire
CyberGuard for approximately $295 million,
http://www.net-security.org/news.php?id=8621


CONSUMER WORRIES ABOUT ONLINE SECURITY ON THE RISE
Survey finds that recent security and data-loss incidents have taken
their toll on consumer confidence in E-commerce.
http://www.net-security.org/news.php?id=8622


MICROSOFT ISSUES ZOTOB CLEANING TOOL
Microsoft late Wednesday rushed out a new version of its Windows
Malicious Software Removal Tool as one response to a bot worm attack
that began earlier this week.
http://www.net-security.org/news.php?id=8623


CISCO ISSUES HACKER PATCH
Cisco has released a patch for its Cisco Clean Access (CCA) software,
which is designed to seek out unsafe hardware on a network.
http://www.net-security.org/news.php?id=8624


STRATEGIES FOR PROTECTING LAPTOP DATA
Any machine that has the potential to hold sensitive data or e-mail
should be encrypted.
http://www.net-security.org/news.php?id=8625


APPLE SECURITY UPDATE RE-ISSUED
Apple Computer re-releases its massive Mac OS X security update after
the upgrade broke 64-bit applications.
http://www.net-security.org/news.php?id=8626


NEW ZERO-DAY IE BUG CAN GIVE ATTACKERS CONTROL
Microsoft's Internet Explorer browser appears vulnerable to an
unpatched bug similar to one fixed last week, according to several
security vendors.
http://www.net-security.org/news.php?id=8627


DESKTOP SECURITY THREATS
With security threats growing, it is imperative to have a
multi-layered security solution that is fast, strong and nimble.
http://www.net-security.org/news.php?id=8628


WINDOWS SPYWARE SURVIVAL TOOLS
The popular and free Lavasoft AdAware and Spy-Bot Search and Destroy
anti-spyware programs do a decent job of removing spyware after it
has already been installed, but aren't much help in keeping spyware
from getting onto a system in the first place.
http://www.net-security.org/news.php?id=8629

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/vulnerabilities.php


----------------------------------------------------------------

HAURI Anti-Virus Compressed Archive Extraction Traversal Arbitrary
File Write
http://www.net-security.org/vulnerability.php?id=18812


PHPFreeNews SearchResults.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=18849


PHPFreeNews AccessControl.php Multiple Field SQL Injection
http://www.net-security.org/vulnerability.php?id=18850


PHPFreeNews NewsCategoryForm.php NewsMode Variable XSS
http://www.net-security.org/vulnerability.php?id=18851


Mac OS X Server Weblog Server Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=18793


Mac OS X WebKit Safari Crafted PDF Arbitrary Command Execution
http://www.net-security.org/vulnerability.php?id=18792


Mac OS X traceroute Local Overflow
http://www.net-security.org/vulnerability.php?id=18791


Mac OS X Server servermgr_ipfilter Admin Tool Rule Write Failure
http://www.net-security.org/vulnerability.php?id=18790


Mac OS X Server servermgrd Authentication Local Overflow
http://www.net-security.org/vulnerability.php?id=18789


Mac OS X SecurityInterface Password Assistant Recently-suggested
Password Disclosure
http://www.net-security.org/vulnerability.php?id=18788


Mac OS X Safari XSL Formatted Form Information Disclosure
http://www.net-security.org/vulnerability.php?id=18795


Mac OS X Safari Maliciously-crafted Rich Text File Arbitrary Command
Execution
http://www.net-security.org/vulnerability.php?id=18794


Mac OS X RSS Visualizer QuartzComposerScreenSaver Restriction Bypass
http://www.net-security.org/vulnerability.php?id=18787


Mac OS X ping Local Overflow
http://www.net-security.org/vulnerability.php?id=18786


Mac OS X Mail.app Remote Image Loading Preference Bypass
http://www.net-security.org/vulnerability.php?id=18785


Mac OS X loginwindow Fast User Switching Arbitrary Account Access
http://www.net-security.org/vulnerability.php?id=18784


Mac OS X HItoolbox VoiceOver Services Arbitrary Input Field
 Disclosure
http://www.net-security.org/vulnerability.php?id=18783


Mac OS X Directory Services slpd Symlink Privilege Escalation
http://www.net-security.org/vulnerability.php?id=18782


Mac OS X Directory Services dsidentity Arbitrary Account Manipulation
http://www.net-security.org/vulnerability.php?id=18781


Mac OS X Directory Services Authentication Remote Overflow
http://www.net-security.org/vulnerability.php?id=18778


CUPS on Mac OS X Partial IPP Request Connection Termination DoS
http://www.net-security.org/vulnerability.php?id=18796


Legato NetWorker AUTH_UNIX Authentication Bypass
http://www.net-security.org/vulnerability.php?id=18800


Legato NetWorker lgtomapper Unauthorized RPC Service Unregister DoS
http://www.net-security.org/vulnerability.php?id=18802


CUPS on Mac OS X Print Job Saturation DoS
http://www.net-security.org/vulnerability.php?id=18797


Mac OS X CoreFoundation Framework Gregorian Date Processing
Algorithmic Complexity DoS
http://www.net-security.org/vulnerability.php?id=18779


Mac OS X Server CoreFoundation Framework Command Line Overflow
http://www.net-security.org/vulnerability.php?id=18780


Mac OS X Bluetooth Authentication Incorrect System Profiler Entry
http://www.net-security.org/vulnerability.php?id=18777


Mac OS X AppKit Error Condition Local Account Creation
http://www.net-security.org/vulnerability.php?id=18776


Mac OS X AppKit Word Document Overflow
http://www.net-security.org/vulnerability.php?id=18775


Mac OS X AppKit Rich Text File Processing Overflow
http://www.net-security.org/vulnerability.php?id=18774


Dada Mail Archived Messages Arbitrary Script Insertion
http://www.net-security.org/vulnerability.php?id=18772


HP Ignite-UX TFTP Service Remote File Manipulation
http://www.net-security.org/vulnerability.php?id=18750


HP Ignite-UX TFTP Service make_recovery Remote passwd File Disclosure
http://www.net-security.org/vulnerability.php?id=18749


CPAINT Ajax Toolkit Multiple Function XSS
http://www.net-security.org/vulnerability.php?id=18748


CPAINT Ajax Toolkit ExecuteGlobal/GetRef checkBlacklist Function
Bypass
http://www.net-security.org/vulnerability.php?id=18747


My Image Gallery (Mig) index.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=18741


My Image Gallery (Mig) index.php Crafted image Variable Path
Disclosure
http://www.net-security.org/vulnerability.php?id=18742


ezUpload index.php path Variable Remote File Inclusion
http://www.net-security.org/vulnerability.php?id=18763


ezUpload initialize.php path Variable Remote File Inclusion
http://www.net-security.org/vulnerability.php?id=18764


ezUpload customize.php path Variable Remote File Inclusion
http://www.net-security.org/vulnerability.php?id=18765


ezUpload form.php path Variable Remote File Inclusion
http://www.net-security.org/vulnerability.php?id=18766


Dokeos scormdocument.php delete Variable Traversal Arbitrary
Directory Deletion
http://www.net-security.org/vulnerability.php?id=18737


Dokeos document.php Traversal Arbitrary File Manipulation
http://www.net-security.org/vulnerability.php?id=18738


Dokeos showinframes.php file Variable Traversal File Existance
Enumeration
http://www.net-security.org/vulnerability.php?id=18739


MindAlign Unspecified User Enumeration Issue
http://www.net-security.org/vulnerability.php?id=18754


MindAlign Unspecified XSS
http://www.net-security.org/vulnerability.php?id=18755


MindAlign Unspecified Encryption Weakness
http://www.net-security.org/vulnerability.php?id=18757


Tivoli SecureWay WebSEAL XSS Attempt Logging Failure
http://www.net-security.org/vulnerability.php?id=18724

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Ubuntu Security Notice - php4 vulnerabilities (USN-171-1)
http://www.net-security.org/advisory.php?id=5177


Debian Security Advisory - mozilla-firefox (DSA 779-1)
http://www.net-security.org/advisory.php?id=5176


Ubuntu Security Notice - gnupg vulnerability (USN-170-1)
http://www.net-security.org/advisory.php?id=5175


Debian Security Advisory - mantis (DSA 778-1)
http://www.net-security.org/advisory.php?id=5174


SUSE Security Announcement - SUSE-SR:2005:019 (SUSE-SR:2005:019)
http://www.net-security.org/advisory.php?id=5173


Ubuntu Security Notice - linux-source-2.6.8.1, linux-source-2.6.10
vulnerabilities (USN-169-1)
http://www.net-security.org/advisory.php?id=5172


Cisco Security Advisory - ZOTOB and WORM_RBOT.CBQ Mitigation
Recommendations
http://www.net-security.org/advisory.php?id=5171


Mandriva Linux Security Update Advisory - wxPythonGTK
(MDKSA-2005:144)
http://www.net-security.org/advisory.php?id=5170


SCO Security Advisory - UnixWare 7.1.4 UnixWare 7.1.3 : cpio race
condition and directory traversal issues fixed. (SCOSA-2005.32)
http://www.net-security.org/advisory.php?id=5169


Turbolinux Security Announcement - zlib, fetchmail (18/Aug/2005)
http://www.net-security.org/advisory.php?id=5168


Mandriva Linux Security Update Advisory - libtiff (MDKSA-2005:142)
http://www.net-security.org/advisory.php?id=5167


Mandriva Linux Security Update Advisory - kdegraphics
(MDKSA-2005:143)
http://www.net-security.org/advisory.php?id=5166


Mandriva Linux Security Update Advisory - evolution (MDKSA-2005:141)
http://www.net-security.org/advisory.php?id=5165


US-CERT Technical Cyber Security Alert - 
Apple Mac Products are Affected by Multiple Vulnerabilities
(TA05-229A)
http://www.net-security.org/advisory.php?id=5164


Novell Security Advisory - GroupWise Password Caching
(NOVL-2005-10098073)
http://www.net-security.org/advisory.php?id=5163


Cisco Security Advisory - Cisco Clean Access Unauthenticated API
Access
http://www.net-security.org/advisory.php?id=5162


Conectiva Linux Security Announcement - kernel (CLA-2005:999)
http://www.net-security.org/advisory.php?id=5161


Debian Security Advisory - mozilla (DSA 777-1)
http://www.net-security.org/advisory.php?id=5160


Debian Security Advisory - clamav (DSA 776-1)
http://www.net-security.org/advisory.php?id=5159


SUSE Security Announcement - apache,apache2 (SUSE-SA:2005:046)
http://www.net-security.org/advisory.php?id=5158


Mandriva Linux Security Update Advisory - proftpd (MDKSA-2005:140)
http://www.net-security.org/advisory.php?id=5157


Debian Security Advisory - heartbeat (DSA 761-2)
http://www.net-security.org/advisory.php?id=5156


Debian Security Advisory - mozilla (DSA 775-1)
http://www.net-security.org/advisory.php?id=5155

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

FLEXIBLE, SAFE AND SECURE?
This article looks beyond the hype of mobile working to consider some
of the practical issues of an organisation implementing an ICT
strategy that ensures data security wherever employees connect to
corporate systems.
http://www.net-security.org/article.php?id=812

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

ACUNETIX WEB VULNERABILITY SCANNER 2.0 (Windows)
This tool can automatically audit the security of your website and
web applications.
http://www.net-security.org/software.php?id=633


DANSGUARDIAN 2.8.0.6 (Linux)
DansGuardian is a web content filter. It filters the actual content
of pages based on many methods including phrase matching, PICS
filtering and URL filtering.
http://www.net-security.org/software.php?id=233


DIGITAL INVISIBLE INK TOOLKIT 1.0 (Windows)
Digital Invisible Ink Toolkit is a simple Java-based steganography
tool.
http://www.net-security.org/software.php?id=312


DISTRIBUTED ACCESS CONTROL SYSTEM 1.4.5 (Linux)
DACS is an open source identity management and access control system
for web services.
http://www.net-security.org/software.php?id=346


HONEYNET SECURITY CONSOLE 2.5 (Windows)
Honeynet Security Console is an analysis tool to view events on your
personal network or honeynet.
http://www.net-security.org/software.php?id=587


KISMET 2005-08-R1 (Linux)
Kismet is a 802.11b wireless network sniffer.
http://www.net-security.org/software.php?id=218


PRELUDE MANAGER 0.9.0 RC8 (Linux)
Prelude Manager is the main program of the Prelude Hybrid IDS suite.
http://www.net-security.org/software.php?id=264


SHOREWALL 2.4.3 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


SPAM BLOCKER 2.1.02 (Windows)
Spam Blocker is an application for filtering incoming correspondence.
http://www.net-security.org/software.php?id=635


SYSMASK 1.02 (Linux)
Sysmask is a powerful and flexible security enhancement package for
Linux systems.
http://www.net-security.org/software.php?id=352


VISUALROUTE 2005 9.3g (Windows)
VisualRoute delivers the functionality of key Internet "ping,"
"whois," and "traceroute" tools, in a high-speed visually integrated
package.
http://www.net-security.org/software.php?id=2


WINSCP 3.7.6 (Windows)
WinSCP is an open source SSH file transfer protocol and secure copy
client for Windows using SSH.
http://www.net-security.org/software.php?id=6

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

8th Information Security Conference(ISC'05)
Organized by Institute for Infocomm Research - 21 September-23
September 2005
http://www.net-security.org/conference.php?id=123


The 4th International Workshop for Applied PKI (IWAP'05)
Organized by Institute for Infocomm Research - 21 September-23
September 2005
http://www.net-security.org/conference.php?id=124


IT Security World 2005 Conference & Expo
Organized by MISTI - 26 September-1 October 2005
http://www.net-security.org/conference.php?id=143


HealthSec 2005 Conference & Expo
Organized by MISTI - 28 September-30 September 2005
http://www.net-security.org/conference.php?id=141


RUXCON 2005
Organized by RUXCON - 1 October-2 October 2005
http://www.net-security.org/conference.php?id=144


RSA Conference Europe 2005
Organized by RSA Conference - 17 October-19 October 2005
http://www.net-security.org/conference.php?id=133


CNIS 2005: IASTED International Conference on Communication, Network
and Information Security
Organized by IASTED - 14 November-16 November 2005
http://www.net-security.org/conference.php?id=137


Asiacrypt 2005
Organized by International Association for Cryptologic Research - 1
December-4 December 2005
http://www.net-security.org/conference.php?id=125


3rd International IEEE Security in Storage Workshop
Organized by  IEEE Computer Society - 13 December-13 December 2005
http://www.net-security.org/conference.php?id=140


RSA Conference 2006
Organized by RSA Security - 13 February-17 February 2006
http://www.net-security.org/conference.php?id=142

----------------------------------------------------------------




[ Security World ]


All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Argosy TelCrest are proud to announce the latest release of their
Enterprise Password Safe is now available for evaluation and purchase
http://www.net-security.org/press.php?id=3388


NFR Security Provides its Sentivist Customers with Preemptive
Protection against the Fast-Spreading Zotob Worm
http://www.net-security.org/press.php?id=3387


Microsoft joins industry leaders in offering enhanced online identity
assurance verification tools on its IE platform
http://www.net-security.org/press.php?id=3386


Two New Phishing Methods Are Automatically Detected by CallingID
http://www.net-security.org/press.php?id=3385


Lucid Security's ipANGEL Protects Customers From Zotob Worm
http://www.net-security.org/press.php?id=3384


Major Botwar Increases in Scale and Force
http://www.net-security.org/press.php?id=3383


New Standard in Ethical Hacking - University and Industry Partnership
Creates New Qualification
http://www.net-security.org/press.php?id=3382


Trustix Enterprise Firewall for Free
http://www.net-security.org/press.php?id=3381


Senforce Expands Endpoint Security Suite’s Anti-Spyware Enforcement
http://www.net-security.org/press.php?id=3380


Virtual admin office by Zertificon Solutions now with active
encryption
http://www.net-security.org/press.php?id=3379


New Aladdin and PGP Partnership Strengthens Protection of Corporate
Proprietary Information on Lost or Stolen Laptops
http://www.net-security.org/press.php?id=3378


Funk Software Announces Steel-Belted Radius/SIM Server v1.3
http://www.net-security.org/press.php?id=3377


Hackers Set To Hit Malaysia Again
http://www.net-security.org/press.php?id=3376


F-Secure's Chief Research Officer To Deliver Keynote At
Hitbsecconf2005 – Malaysia
http://www.net-security.org/press.php?id=3375

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly Report on Viruses and Intruders - Mitglieder.EK, Zotob.A,
Zotob.B, Zotob.D, IRCBot.KC and IRCBot.KD
http://www.net-security.org/virus_news.php?id=572


The Zotob and IRCBot worms are perpetrating a large scale combined
attack
http://www.net-security.org/virus_news.php?id=571


MyTob Author Battles it Out With Peers in New Bot War
http://www.net-security.org/virus_news.php?id=570


Panda reports on the new Zotob.A that exploits the vulnerability in
Plug and Play
http://www.net-security.org/virus_news.php?id=569

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php