HNS Newsletter
Issue 413 - 07.04.2008
http://www.net-security.org

================================================================
Free Webcast: Proactive Vulnerability Management
http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194
================================================================
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk
Management, Forrester Research, Inc.

In this talk, Dr. Chenxi Wang, Principal Analyst for Security and
Risk Management at Forrester Research, will cover the key aspects
of proactive vulnerability management and more importantly, the steps
via which you can follow to achieve proactive vulnerability management.

More specifically:

* Continuing assessment of network and devices
* Integration with your IT risk management systems
* Effective analysis of assessment results
* Implementation of proactive remediation

http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194
=========================================================
Table of contents:

1) Security news
2) Advisories
3) Articles
4) Software
5) Conferences
6) Security World
7) Virus News


[ Security news ]


----------------------------------------------------------------

TRUSTE "VERIFIED BY HAXORS"
A vulnerability in the TRUSTe seal verification service was
demonstrated last week, showing how the service could have been
exploited to make it look as though an unauthorised site had a valid
TRUSTe seal.
http://www.net-security.org/news.php?id=15832


THE CURIOUS CASE OF DMITRY GOLUBOV
Dmitry Ivanovich Golubov is a Ukrainian politician once considered by
U.S. law enforcement to be a top cybercrime boss.
http://www.net-security.org/news.php?id=15833


WEB APPLICATION MONITORING DATA MODEL
A data model is the foundation of web application monitoring and,
thus, key to successful utilization of web application firewalls.
http://www.net-security.org/news.php?id=15834


ADDING A REMOVABLE ANTENNA TO YOUR WRTSL54GS
Over the past few months I've been contemplating a few projects for
some WRTSL54GS routers with OpenWrt, however I really need these to
have a high gain antenna on the WRTSL54GS.
http://www.net-security.org/news.php?id=15835


DATA LOSS PREVENTION: WHERE DO WE GO FROM HERE?
The debate continues over where Data Loss Prevention (DLP) should be
deployed: on the network or the endpoint? What about stored data? And
does it matter whether DLP is deployed as a standalone solution or as
a feature in a broader product portfolio? To address those questions,
organizations must first understand what DLP is, why it is important,
and how it works.
http://www.net-security.org/news.php?id=15836


GOOGLE HAS LOTS TO DO WITH INTELLIGENCE
When the nation's intelligence agencies wanted a computer network to
better share information about everything from al Qaeda to North
Korea, they turned to a big name in the technology industry to supply
some of the equipment: Google.
http://www.net-security.org/news.php?id=15837


SMARTPHONES: POCKETABLE ENDPOINTS OR NETWORK BACKDOOR?
In today's corporate environment, very few people are without some
kind of cell phone.
http://www.net-security.org/news.php?id=15838


A SECOND-ORDER OF XSS
Several people have approached me for more information about the
spate of search engine iFrame injection attacks that have been
occurring for the last few weeks.
http://www.net-security.org/news.php?id=15839


NXP RFID ENCRYPTION CRACKED
The Chaos Computer Club (Hamburg, Germany) has cracked the encryption
scheme of NXPs popular Mifare Classic RFID chip.
http://www.net-security.org/news.php?id=15840


INTERVIEW WITH CHRIS SANDERS, AUTHOR OF "PRACTICAL PACKET ANALYSIS"
Chris Sanders is a Senior Support Engineer for KeeFORCE, a technology
consulting firm. Chris writes and speaks on various topics including
packet analysis, network security, Microsoft technologies, and
general network administration.
http://www.net-security.org/news.php?id=15841


OUTSOURCED PASSPORTS RISK NATIONAL SECURITY
The United States has outsourced the manufacturing of its electronic
passports to overseas companies raising concerns that cost savings
are being put ahead of national security.
http://www.net-security.org/news.php?id=15842


WHITEPAPER - NEXT GENERATION SOLUTIONS FOR SPAM
Learn about the rapid evolution of spam and techniques to fight back.
http://www.net-security.org/news.php?id=15843


THE DIFFERENCE BETWEEN FEELING AND REALITY IN SECURITY
Security is both a feeling and a reality, and they're different. You
can feel secure even though you're not, and you can be secure even
though you don't feel it.
http://www.net-security.org/news.php?id=15844


VIDEO: HACKING SECOND LIFE
Beyond being an online game Second Life is a growing marketplace for
big companies where lot of money is made. Living and acting in a
virtual world gives the people the opportunity to do things they
would never do in real life. Therefore it is not surprising that
Second Life has increasingly attracted real world hackers.
http://www.net-security.org/news.php?id=15845


PLANNING SKILLS MAKE ENGINEERS GOOD FIELD OPERATIVES
Engineers' personality traits make them excellent "field operatives"
according to an international security expert.
http://www.net-security.org/news.php?id=15846


HACKERS GIVE LINUX AN EASY RIDE
Operating system ignored in hacking contest says sponsor.
http://www.net-security.org/news.php?id=15847

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Debian Security Advisory - mapserver (DSA-1539-1 )
http://www.net-security.org/advisory.php?id=8741


Debian Security Advisory - alsaplayer (DSA-1538-1)
http://www.net-security.org/advisory.php?id=8740


Slackware Security Advisory - openssh (SSA:2008-095-01)
http://www.net-security.org/advisory.php?id=8739


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2008:008)
http://www.net-security.org/advisory.php?id=8738


SUSE Security Announcement - apache2,apache (SUSE-SA:2008:021)
http://www.net-security.org/advisory.php?id=8737


SUSE Security Announcement - cups (SUSE-SA:2008:020)
http://www.net-security.org/advisory.php?id=8736


SUSE Security Announcement - MozillaFirefox (SUSE-SA:2008:019)
http://www.net-security.org/advisory.php?id=8735


US-CERT Technical Cyber Security Alert - Apple Updates for Multiple
Vulnerabilities (TA08-094A)
http://www.net-security.org/advisory.php?id=8734


Cisco Security Advisory - Cisco Unified Communications Disaster
Recovery Framework Command Execution Vulnerability
(cisco-sa-20080403-drf)
http://www.net-security.org/advisory.php?id=8733


Slackware Security Advisory - cups (SSA:2008-094-01)
http://www.net-security.org/advisory.php?id=8732


Apple Security Update - QuickTime 7.4.5 (APPLE-SA-2008-04-0)
http://www.net-security.org/advisory.php?id=8731


Ubuntu Security Notice - cupsys vulnerabilities (USN-598-1)
http://www.net-security.org/advisory.php?id=8730


Ubuntu Security Notice - mysql-dfsg-5.0 regression (USN-588-2)
http://www.net-security.org/advisory.php?id=8729


Debian Security Advisory - xpdf (DSA-1537-)
http://www.net-security.org/advisory.php?id=8728


Gentoo Linux Security Advisory - zip2: Denial of Service (GLSA
200804-02)
http://www.net-security.org/advisory.php?id=8727


Mandriva Linux Security Update Advisory - cups (MDVSA-2008:081)
http://www.net-security.org/advisory.php?id=8726


SUSE Security Announcement - Sun Java (SUSE-SA:2008:018)
http://www.net-security.org/advisory.php?id=8725


Ubuntu Security Notice - openssh vulnerability (USN-597-1)
http://www.net-security.org/advisory.php?id=8724


Gentoo Linux Security Advisory - CUPS: Multiple vulnerabilities (GLSA
200804-01)
http://www.net-security.org/advisory.php?id=8723


Turbolinux Security Announcement - Multiple vulnerabilities exist in
firefox
http://www.net-security.org/advisory.php?id=8722


Slackware Security Advisory - xine-lib (SSA:2008-092-01)
http://www.net-security.org/advisory.php?id=8721


Debian Security Advisory - exiftags (DSA-1533-2)
http://www.net-security.org/advisory.php?id=8720


Debian Security Advisory - xine-lib (DSA-1536-1  )
http://www.net-security.org/advisory.php?id=8719


Debian Security Advisory -  iceweasel (DSA-1535-1)
http://www.net-security.org/advisory.php?id=8718


Slackware Security Advisory - xine-lib (SSA:2008-089-01)
http://www.net-security.org/advisory.php?id=8717


Slackware Security Advisory - seamonkey (SSA:2008-089-01)
http://www.net-security.org/advisory.php?id=8716


Slackware Security Advisory - mozilla-firefox (SSA:2008-089-01)
http://www.net-security.org/advisory.php?id=8715


Debian Security Advisory - policyd-weight (DSA-1531-2)
http://www.net-security.org/advisory.php?id=8714


Mandriva Linux Security Update Advisory - mozilla-firefox
(MDVSA-2008:080)
http://www.net-security.org/advisory.php?id=8713


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2008:007)
http://www.net-security.org/advisory.php?id=8712


Debian Security Advisory - iceape (DSA-1534-1 )
http://www.net-security.org/advisory.php?id=8711

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

HACKING SECOND LIFE
At Black Hat in Amsterdam we caught up with Michael Thumann, CSO of
ERNW. In this video he discusses Second Life hacking. Beyond being an
online game Second Life is a growing marketplace for big companies
where lot of money is made. Living and acting in a virtual world
gives the people the opportunity to do things they would never do in
real life. Therefore it is not surprising that Second Life has
increasingly attracted real world hackers.
http://www.net-security.org/article.php?id=1125


INTERVIEW WITH CHRIS SANDERS, AUTHOR OF "PRACTICAL PACKET ANALYSIS"
Chris Sanders is a Senior Support Engineer for KeeFORCE, a technology
consulting firm. Chris writes and speaks on various topics including
packet analysis, network security, Microsoft technologies, and
general network administration.
http://www.net-security.org/article.php?id=1124


DATA LOSS PREVENTION: WHERE DO WE GO FROM HERE?
DLP is fast becoming one of the most overused yet misunderstood
acronyms in an industry known for its cryptic abbreviations. The
popular label for data loss prevention is appearing on a puzzling
variety of security products, adding to the confusion and hype.

Meanwhile, the debate continues over where DLP should be deployed: on
the network or the endpoint? What about stored data? And does it
matter whether DLP is deployed as a standalone solution or as a
feature in a broader product portfolio? To address those questions,
organizations must first understand what DLP is, why it is important,
and how it works.
http://www.net-security.org/article.php?id=1123

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

AD-AWARE 2007 FREE 7.0.2.7 (Windows)
Ad-aware is a free multi spyware removal utility.
http://www.net-security.org/software.php?id=135


LAVASOFT PERSONAL FIREWALL 3.0 (Windows)
This firewall product comes with simple configuration, "tick in the
box" options and powerful, easy to use controls.
http://www.net-security.org/software.php?id=637


MAILSCANNER 4.68.8-1 (Linux)
MailScanner is a virus scanner for e-mail designed for use on e-mail
gateways.
http://www.net-security.org/software.php?id=144


PHPKRM 1.5.1 (Linux)
PHPkrm is a Web-based GNUPG keyring manager.
http://www.net-security.org/software.php?id=347


PRELUDE MANAGER 0.9.12 (Linux)
Prelude Manager is the main program of the Prelude Hybrid IDS suite.
http://www.net-security.org/software.php?id=264


STRONGSWAN 4.2.0 (Linux)
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4
and 2.6 kernels
http://www.net-security.org/software.php?id=643


----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

RSA Conference 2008
Organized by RSA Security - 7 April-11 April 2008
http://www.net-security.org/conference.php?id=243


HITBSecConf2008
Organized by Hack in the Box - 14 April-17 April 2008
http://www.net-security.org/conference.php?id=246


TRISC 2008
Organized by Texas Chapters of ISSA, ISACA, ASIS International and
Infragard - 21 April-23 April 2008
http://www.net-security.org/conference.php?id=249


Infosecurity 2008
Organized by Reed Exhibitions - 22 April-24 April 2008
http://www.net-security.org/conference.php?id=245


OWASP AppSec Europe 2008 Belgium
Organized by OWASP - 20 May-23 May 2008
http://www.net-security.org/conference.php?id=248


Hacker Halted USA 2008
Organized by EC-Council - 28 May-4 June 2008
http://www.net-security.org/conference.php?id=244


Second International Symposium on Human Aspects of Information
Security & Assurance
Organized by  Information Security & Network Research Group,
University of Plymouth - 8 July-10 July 2008
http://www.net-security.org/conference.php?id=238

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Social networkers urged to obey seven security statements
http://www.net-security.org/secworld.php?id=5970


Anonymous proxies are allowing surfers to stray
http://www.net-security.org/secworld.php?id=5969


Protegrity adds support for VSAM file encryption on the mainframe
http://www.net-security.org/secworld.php?id=5968


A shift to information-centric security
http://www.net-security.org/secworld.php?id=5967


Over 100 vulnerabilities in VoIP systems uncovered
http://www.net-security.org/secworld.php?id=5966


Tax season identity theft scams
http://www.net-security.org/secworld.php?id=5964


Sony enhances lineup of security cameras
http://www.net-security.org/secworld.php?id=5963


New life for CyberPatrol parental control software
http://www.net-security.org/secworld.php?id=5965


Latest intelligence report on spam, malware and phishing
http://www.net-security.org/secworld.php?id=5962


State of Internet security: protecting business email
http://www.net-security.org/secworld.php?id=5961


Firewall bundled with anti malware tool for Windows Mobile
http://www.net-security.org/secworld.php?id=5960


Spam volume continues to skyrocket
http://www.net-security.org/secworld.php?id=5959


Forensic watermarking of encrypted content
http://www.net-security.org/secworld.php?id=5957


SecureVTS - a new Virtual TapeServer disk encryption solution
http://www.net-security.org/secworld.php?id=5958


New functions added to Mantra 5.9 database auditing solution
http://www.net-security.org/secworld.php?id=5956


New product branding at Secure Computing
http://www.net-security.org/secworld.php?id=5955


Consumers are unaware of true online fraud liability
http://www.net-security.org/secworld.php?id=5954


The Playstation Network may have been compromised
http://www.net-security.org/secworld.php?id=5953


Telework IT support expands but is offset by security concerns
http://www.net-security.org/secworld.php?id=5952


IRS tax filing data protection guidelines
http://www.net-security.org/secworld.php?id=5951


Global S.P.A.M. experiment
http://www.net-security.org/secworld.php?id=5950


PGP brings enterprise data protection to smartphone users
http://www.net-security.org/secworld.php?id=5949


TriCipher secures access to social networks
http://www.net-security.org/secworld.php?id=5948

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

New Trojan claims to offer erotic pictures of Scarlett Johansson
http://www.net-security.org/virus_news.php?id=932


Top malware report for March 2008
http://www.net-security.org/virus_news.php?id=931


Latest spam and viruses figures around the globe
http://www.net-security.org/virus_news.php?id=930


Storm worm April Fool's Day edition
http://www.net-security.org/virus_news.php?id=929

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available
http://www.net-security.org/newsletter_archive.php