HNS Newsletter
Issue 408 - 03.03.2008
http://www.net-security.org

================================================================
Free Webcast: Proactive Vulnerability Management
http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194
================================================================
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk
Management, Forrester Research, Inc.

In this talk, Dr. Chenxi Wang, Principal Analyst for Security and
Risk Management at Forrester Research, will cover the key aspects
of proactive vulnerability management and more importantly, the steps
via which you can follow to achieve proactive vulnerability management.

More specifically:

* Continuing assessment of network and devices
* Integration with your IT risk management systems
* Effective analysis of assessment results
* Implementation of proactive remediation

http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194
=========================================================

Table of contents:

1) Security news
2) Advisories
3) Articles
4) Reviews
5) Software
6) Conferences
7) Security World
8) Virus News


[ Security news ]


----------------------------------------------------------------

SECURING MOVING TARGETS
What’s the best approach to protecting the business data on mobile
computing devices? This article covers the three essentials that help
you load and lock.
http://www.net-security.org/news.php?id=15774


BOOK REVIEW - APACHE COOKBOOK (2ND EDITION)
The Apache web server is to many the best web server solution out
there. Currently available in three versions (1.3, 2.0 and 2.2),
Apache has an enormous install base around the globe. There are quite
a lot of quality books detailing all the Apache aspects and "Apache
Cookbook" is a unique publication with its own twist. It doesn't go
into all Apache specifics, but, better yet, it covers a set of
problems and solutions Apache administrators can come across.
http://www.net-security.org/news.php?id=15775


WORKER SNOOPING ON CUSTOMER DATA COMMON
A landlord snooped on tenants to find out information about their
finances.
http://www.net-security.org/news.php?id=15776


USING SIPROXD TO ALLOW VOIP THROUGH A FIREWALL
Siproxd is a SIP proxy server that can help you with network
connectivity issues for SIP clients behind firewalls.
http://www.net-security.org/news.php?id=15777


EXTENDED VALIDATION CERTIFICATES AND XSS CONSIDERED HARMFUL
A cross-site scripting vulnerability on the popular SourceForge.net
website shows how Extended Validation SSL certificates could be
exploited by fraudsters.
http://www.net-security.org/news.php?id=15778


MANAGE YOUR ONLINE REPUTATION
A rash of social media sites have arisen that give you more tools to
help you manage your online reputation and become more findable.
Let's take a look.
http://www.net-security.org/news.php?id=15779


SYSTEMS ADMINISTRATION TOOLKIT: LOG FILE BASICS
This article looks at the fundamental information recorded within the
different log files, their location, and how that information can be
used to your benefit to work out what is going on within your system.
http://www.net-security.org/news.php?id=15780


AIR FORCE BLOCKS ACCESS TO MANY BLOGS
The Air Force is tightening restrictions on which blogs its troops
can read, cutting off access to just about any independent site with
the word "blog" in its web address.
http://www.net-security.org/news.php?id=15781


SSL CONFIGURATION FOR IBM TIVOLI DIRECTORY SERVER 6.0
Gain an overview of SSL configuration for IBM Tivoli Directory Server
(ITDS) 6.0 on the AIX 5L operating system. Learn about command line
configuration steps for SSL key database creation, certificate
creation, certificate extraction, SSL authentication mechanisms,
troubleshooting for SSL issues, and steps to perform LDAP
client-server communication.
http://www.net-security.org/news.php?id=15782


TRAWL FOR PACKETS WITH WIRESHARK
If you want to keep your network secure then you need to know what
traffic is passing through it.
http://www.net-security.org/news.php?id=15783


WHITEPAPER - OPEN SOURCE SECURITY MYTHS DISPELLED
Dispel the five major myths surrounding Open Source Security and gain
the tools necessary to make a truly informed decision for your IT
organization.
http://www.net-security.org/news.php?id=15784


THE NO-TECH HACKER
Hackers have a lot of fancy names for the technical exploits they use
to gain access to a company's networks: cross-site scripting, buffer
overflows or the particularly evil-sounding SQL injection, to name a
few. But Johnny Long prefers a simpler entry point for data theft:
the emergency exit door.
http://www.net-security.org/news.php?id=15785


CREATE YOUR OWN CROSS-PLATFORM BACKUP SERVER
Backing up your data on a regular basis is important, and turning a
spare computer into a backup server is often the best way to make
sure it gets done.
http://www.net-security.org/news.php?id=15786


HOW TO HACK INTO A BOEING 787
Last month, technology news sites and blogs breathlessly reported on
a Federal Aviation Administration document suggesting that Boeing's
new 787 Dreamliner passenger jet may be vulnerable to computer
hackers.
http://www.net-security.org/news.php?id=15787


TOP 10 VULNERABILITIES IN WEB APPLICATIONS (Q4 2007)
The Cenzic Application Security Trends Report emphasizes the Top 10
Web application vulnerabilities from published reports in Q4 2007,
illustrating tends among thousands of corporations, financial
institutions and government agencies.
http://www.net-security.org/news.php?id=15788

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Slackware Security Advisory - espgs/ghostscript  (SSA:2008-062-01)
http://www.net-security.org/advisory.php?id=8567


Slackware Security Advisory - mozilla-thunderbird (SSA:2008-061-01)
http://www.net-security.org/advisory.php?id=8566


Mandriva Linux Security Update Advisory - gnumeric (MDVSA-2008:056)
http://www.net-security.org/advisory.php?id=8565


Ubuntu Security Notice - mozilla-thunderbird, thunderbird
vulnerabilities (USN-582-)
http://www.net-security.org/advisory.php?id=8564


SUSE Security Announcement - opera (SUSE-SA:2008:011)
http://www.net-security.org/advisory.php?id=8563


Mandriva Linux Security Update Advisory - ghostscript
(MDVSA-2008:055)
http://www.net-security.org/advisory.php?id=8562


Mandriva Linux Security Update Advisory - dbus (MDVSA-2008:054)
http://www.net-security.org/advisory.php?id=8561


SUSE Security Announcement - ghostscript (SUSE-SA:2008:010)
http://www.net-security.org/advisory.php?id=8560


Mandriva Linux Security Update Advisory - pcre (MDVSA-2008:053)
http://www.net-security.org/advisory.php?id=8559


Mandriva Linux Security Update Advisory - cacti (MDVSA-2008:052)
http://www.net-security.org/advisory.php?id=8558


Debian Security Advisory - gs-esp / gs-gpl (DSA-1510-1   )
http://www.net-security.org/advisory.php?id=8557


Gentoo Linux Security Advisory - Asterisk: Multiple vulnerabilities
(GLSA 200802-11)
http://www.net-security.org/advisory.php?id=8556


Gentoo Linux Security Advisory - xine-lib: User-assisted execution of
arbitrary code (GLSA 200802-12)
http://www.net-security.org/advisory.php?id=8555


Mandriva Linux Security Update Advisory - cups (MDVSA-2008:051)
http://www.net-security.org/advisory.php?id=8554


Mandriva Linux Security Update Advisory - cups (MDVSA-2008:050)
http://www.net-security.org/advisory.php?id=8553


Debian Security Advisory - koffice (DSA-1509-1)
http://www.net-security.org/advisory.php?id=8552


Debian Security Advisory - diatheke (DSA-1508-1)
http://www.net-security.org/advisory.php?id=8551


Mandriva Linux Security Update Advisory - nss_ldap (MDVSA-2008:049)
http://www.net-security.org/advisory.php?id=8550


Debian Security Advisory - turba2 ( DSA-1507-1)
http://www.net-security.org/advisory.php?id=8549


Debian Security Advisory - iceape (DSA-1506-1)
http://www.net-security.org/advisory.php?id=8548


Gentoo Linux Security Advisory - Python: PCRE Integer overflow (GLSA
200802-10)
http://www.net-security.org/advisory.php?id=8547


Mandriva Linux Security Update Advisory - mozilla-firefox
(MDVSA-2008:048)
http://www.net-security.org/advisory.php?id=8546


Debian Security Advisory -  alsa-driver (DSA-1505)
http://www.net-security.org/advisory.php?id=8545

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

SECURING MOVING TARGETS
What’s the best approach to protecting the business data on mobile
computing devices? This article covers the three essentials that help
you load and lock.
http://www.net-security.org/article.php?id=1115

----------------------------------------------------------------




[ Reviews ]


All reviews are located at:
http://www.net-security.org/reviews.php


----------------------------------------------------------------

APACHE COOKBOOK (2ND EDITION)
http://www.net-security.org/review.php?id=181

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

SIMPLEAUTHORITY 2.2 (Windows)
SimpleAuthority is a free Certification Authority (CA). It generates
keys and certificates that provide cryptographic digital identities
for a community of people and/or computer servers.
http://www.net-security.org/software.php?id=679


SIMPLEAUTHORITY 2.2 (Mac OS X)
SimpleAuthority is a free Certification Authority (CA).
http://www.net-security.org/software.php?id=680


WINSCP 4.0.7 (Windows)
WinSCP is an open source SSH file transfer protocol and secure copy
client for Windows using SSH.
http://www.net-security.org/software.php?id=6

----------------------------------------------------------------



[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

ARES 2008
Organized by DEXA Society - 4 March-7 March 2008
http://www.net-security.org/conference.php?id=236


InfoSec World Conference & Expo 2008
Organized by MISTI - 10 March-12 March 2008
http://www.net-security.org/conference.php?id=247


Black Hat Europe 2008
Organized by Black Hat - 25 March-28 March 2008
http://www.net-security.org/conference.php?id=240


RSA Conference 2008
Organized by RSA Security - 7 April-11 April 2008
http://www.net-security.org/conference.php?id=243


HITBSecConf2008
Organized by Hack in the Box - 14 April-17 April 2008
http://www.net-security.org/conference.php?id=246


Infosecurity 2008
Organized by Reed Exhibitions - 22 April-24 April 2008
http://www.net-security.org/conference.php?id=245


OWASP AppSec Europe 2008 Belgium
Organized by OWASP - 20 May-23 May 2008
http://www.net-security.org/conference.php?id=248


Hacker Halted USA 2008
Organized by EC-Council - 28 May-4 June 2008
http://www.net-security.org/conference.php?id=244


Second International Symposium on Human Aspects of Information
Security & Assurance
Organized by  Information Security & Network Research Group,
University of Plymouth - 8 July-10 July 2008
http://www.net-security.org/conference.php?id=238

----------------------------------------------------------------


================================================================
Free Webcast: Proactive Vulnerability Management
http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194
================================================================
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk
Management, Forrester Research, Inc.

In this talk, Dr. Chenxi Wang, Principal Analyst for Security and
Risk Management at Forrester Research, will cover the key aspects
of proactive vulnerability management and more importantly, the steps
via which you can follow to achieve proactive vulnerability management.

More specifically:

* Continuing assessment of network and devices
* Integration with your IT risk management systems
* Effective analysis of assessment results
* Implementation of proactive remediation

http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194
=========================================================

[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Microsoft Internet Explorer least vulnerable browser in Q4
http://www.net-security.org/secworld.php?id=5866


Top 10 vulnerabilities in Web Applications in Q4 2007
http://www.net-security.org/secworld.php?id=5865


Windows Server 2008 certification for Kaspersky Anti-Virus 6.0
http://www.net-security.org/secworld.php?id=5864


Windows Server 2008 certification for GFI EventsManager 8
http://www.net-security.org/secworld.php?id=5863


Consumer attitudes toward internet security across Europe and North
America
http://www.net-security.org/secworld.php?id=5861


Hardware security modules for Windows Server 2008
http://www.net-security.org/secworld.php?id=5860


Foundstone services to focus on virtualization security
http://www.net-security.org/secworld.php?id=5858


New AVG Internet Security 8.0
http://www.net-security.org/secworld.php?id=5857


Trend Micro acquires Identum for identity-based email encryption
http://www.net-security.org/secworld.php?id=5856


EnCase to further address Government cyber security challenges
http://www.net-security.org/secworld.php?id=5855


Advanced EFS Data Recovery breaks Vista and Windows Server 2008
encryption
http://www.net-security.org/secworld.php?id=5854


Increasing threats and missing skills
http://www.net-security.org/secworld.php?id=5853


New book: "Economics and Strategies of Data Security"
http://www.net-security.org/secworld.php?id=5852


Critical vulnerability in VMware’s desktop virtualization software
http://www.net-security.org/secworld.php?id=5851


Expanded OESISOK certification includes antivirus, antispyware and
patch management
http://www.net-security.org/secworld.php?id=5850


Safeguarding customer data - Go Daddy follows new ICANN regulations
http://www.net-security.org/secworld.php?id=5849


Study reveals the true cost of a data breach in the UK
http://www.net-security.org/secworld.php?id=5848


AuthenTec introduces world’s most secure fingerprint sensor
http://www.net-security.org/secworld.php?id=5847


Customized security for virtual machines
http://www.net-security.org/secworld.php?id=5846


CipherEngine, a new encryption enforcement point
http://www.net-security.org/secworld.php?id=5845


$100,000 Information Security Scholarship awards
http://www.net-security.org/secworld.php?id=5844


New from Symantec: Backup Exec System Recovery 8
http://www.net-security.org/secworld.php?id=5843


16 Gbps firewalling performance record confirmed
http://www.net-security.org/secworld.php?id=5842


Updates to the MIMEsweeper Web Appliance 
http://www.net-security.org/secworld.php?id=5841

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Cybercriminals develop tools to test malware before distribution
http://www.net-security.org/virus_news.php?id=922

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php