HNS Newsletter Issue 416 - 28.04.2008 http://www.net-security.org ================================================================ Free Webcast: Proactive Vulnerability Management http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194 ================================================================ Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. In this talk, Dr. Chenxi Wang, Principal Analyst for Security and Risk Management at Forrester Research, will cover the key aspects of proactive vulnerability management and more importantly, the steps via which you can follow to achieve proactive vulnerability management. More specifically: * Continuing assessment of network and devices * Integration with your IT risk management systems * Effective analysis of assessment results * Implementation of proactive remediation http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194 ========================================================= Table of contents: 1) Security news 2) Advisories 3) Articles 4) Software 5) Conferences 6) Security World 7) Virus News [ Security news ] ---------------------------------------------------------------- HOW TO MAKE SOMETHING FROM NOTHING Application-Specific Attacks: Leveraging the ActionScript Virtual Machine" may not vie with "Fear and Loathing in Las Vegas" for greatest title in publishing history, but its impact on the way malicious hackers and criminals find their way into our computers may well be as great as Hunter S Thompson's on the practice of journalism. http://www.net-security.org/news.php?id=15871 USE SSH TO CREATE SECURE TUNNELS FOR SFTP, VNC, SVN AND FIREFOX TRAFFIC This guide will show you how to access a computer located on your home network from outside of your local area network. http://www.net-security.org/news.php?id=15872 PROTECT YOUR IDENTITY Personal data safety is big business lately. There are a variety of ways to protect your identity or keep your personal information from the prying eyes of dishonest people, but Eric Wolbrom has what he believes is a unique service. http://www.net-security.org/news.php?id=15873 CREATE ENCRYPTED VOLUMES WITH CRYPTMOUNT AND LINUX Cryptmount is a friendly front-end to a batch of Linux utilities used to create encrypted volumes, such as device mapper, dm-crypt, and the kernel's loopback device. http://www.net-security.org/news.php?id=15874 (IN)SECURE MAGAZINE ISSUE 16 HAS BEEN RELEASED (IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about Windows log forensics, using packet analysis for network troubleshooting, the effectiveness of industry certifications, US political elections and cybercrime, reports from RSA Conference 2008 and Black Hat 2008 Europe, and much more. Download your FREE copy today! http://www.net-security.org/news.php?id=15875 BACULA: BACKUPS THAT DON'T SUCK Good systems administrators know that implementing a robust backup procedure is one of their most important duties. http://www.net-security.org/news.php?id=15876 THIEVES SET UP DATA SUPERMARKETS Web criminals are stepping back from infecting computers themselves and creating "one-stop shops" which offer gigabytes of data for a fixed price. http://www.net-security.org/news.php?id=15877 PROTECTING DIRECTORY TREES WITH GPGDIR gpgdir uses GNU Privacy Guard (GnuPG) to encrypt and decrypt files or a directory tree. http://www.net-security.org/news.php?id=15878 VIDEO: THE FUNDAMENTALS OF PHYSICAL SECURITY Deviant Ollam works as a network engineer and security consultant but his strongest love has always been teaching. He has given lockpick demonstrations at ShmooCon, DefCon, HOPE, HackCon, HackInTheBox, and the West Point Military Academy. In this video, made at Black Hat Europe, he discusses the importance of physical security and illustrates that with a real-world example. http://www.net-security.org/news.php?id=15879 SECURITY GAPS OPEN WHEN ISPS HIRE THIRD PARTIES When Internet providers hire third-party companies to serve up advertisements on unused Web pages, that creative attempt to make money can open major security vulnerabilities they can't control, a researcher has found. http://www.net-security.org/news.php?id=15880 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- SUSE Security Announcement - SUSE Security Summary Report (SUSE-SR:2008:010) http://www.net-security.org/advisory.php?id=8823 Debian Security Advisory - perl (DSA-1556-1) http://www.net-security.org/advisory.php?id=8822 Mandriva Linux Security Update Advisory - wireshark: Denial of Service (MDVSA-2008:091) http://www.net-security.org/advisory.php?id=8821 Debian Security Advisory - xulrunner (DSA-1558-1) http://www.net-security.org/advisory.php?id=8820 Debian Security Advisory - iceape (DSA-1534-2 ) http://www.net-security.org/advisory.php?id=8819 Debian Security Advisory - phpmyadmin (DSA-1557-1) http://www.net-security.org/advisory.php?id=8818 Debian Security Advisory - perl (DSA-1556-1) http://www.net-security.org/advisory.php?id=8817 Gentoo Linux Security Advisory - JRockit: Multiple vulnerabilities (GLSA 200804-28) http://www.net-security.org/advisory.php?id=8816 Gentoo Linux Security Advisory - SILC: Multiple vulnerabilities (GLSA 200804-27) http://www.net-security.org/advisory.php?id=8815 SUSE Security Announcement - clamav (SUSE-SA:2008:024) http://www.net-security.org/advisory.php?id=8814 Turbolinux Security Announcement - Multiple vulnerabilities exist in flash-player (24/Apr/2008) http://www.net-security.org/advisory.php?id=8813 EnGarde Secure Linux Advisory - iceweasel (DSA-1555-1) http://www.net-security.org/advisory.php?id=8812 Gentoo Linux Security Advisory - Openfire: Denial of Service (GLSA 200804-26) http://www.net-security.org/advisory.php?id=8811 Gentoo Linux Security Advisory - VLC: User-assisted execution of arbitrary code (GLSA 200804-25) http://www.net-security.org/advisory.php?id=8810 Debian Security Advisory - roundup (DSA-1554-1) http://www.net-security.org/advisory.php?id=8809 Ubuntu Security Notice - firefox vulnerabilities (USN-602-1) http://www.net-security.org/advisory.php?id=8808 Ubuntu Security Notice - gnumeric vulnerability (USN-604-1) http://www.net-security.org/advisory.php?id=8807 Slackware Security Advisory - xine-lib (SSA:2008-111-01) http://www.net-security.org/advisory.php?id=8806 Debian Security Advisory - ikiwiki (DSA-1553-1) http://www.net-security.org/advisory.php?id=8805 Mandriva Linux Security Update Advisory - OpenOffice.org (MDVSA-2008:090) http://www.net-security.org/advisory.php?id=8804 Debian Security Advisory - mplayer (DSA-1552-1 ) http://www.net-security.org/advisory.php?id=8803 Debian Security Advisory - python2.4 (DSA-1551-1) http://www.net-security.org/advisory.php?id=8802 Gentoo Linux Security Advisory - DBmail: Data disclosure (GLSA 200804-24) http://www.net-security.org/advisory.php?id=8801 Gentoo Linux Security Advisory - DBmail: Data disclosure (GLSA 200804-24) http://www.net-security.org/advisory.php?id=8800 Gentoo Linux Security Advisory - CUPS: Integer overflow vulnerability (GLSA 200804-23) http://www.net-security.org/advisory.php?id=8799 Gentoo Linux Security Advisory - PowerDNS Recursor: DNS Cache Poisonin (GLSA 200804-22) http://www.net-security.org/advisory.php?id=8798 Gentoo Linux Security Advisory - Adobe Flash Player: Multiple vulnerabilities (GLSA 200804-21) http://www.net-security.org/advisory.php?id=8797 SUSE Security Announcement - OpenOffice_org (SUSE-SA:2008:023) http://www.net-security.org/advisory.php?id=8796 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- THE FUNDAMENTALS OF PHYSICAL SECURITY Deviant Ollam works as a network engineer and security consultant but his strongest love has always been teaching. A supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has given lockpick demonstrations at ShmooCon, DefCon, HOPE, HackCon, HackInTheBox, and the West Point Military Academy. In this video, made at Black Hat Europe, he discusses the importance of physical security and illustrates that with a real-world example. http://www.net-security.org/article.php?id=1128 ---------------------------------------------------------------- [ Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 Pocket PC software is located at: http://net-security.org/software_main.php?cat=3 Mac OS X software is located at: http://net-security.org/software_main.php?cat=5 ---------------------------------------------------------------- AD-AWARE 2007 FREE (Windows) Ad-aware is a free multi spyware removal utility. http://www.net-security.org/software.php?id=135 CHKROOTKIT 0.48 (Linux) Chkrootkit is a tool to locally check for signs of a rootkit. http://www.net-security.org/software.php?id=210 PWGEN 2.00 (Windows) PWGen is a password generator capable of creating *cryptographically strong* passwords or passphrases with lengths up to 2048 bits. http://www.net-security.org/software.php?id=435 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://net-security.org/conferences.php ---------------------------------------------------------------- LayerOne 2008 Organized by LayerOne - 17 May-18 May 2008 http://www.net-security.org/conference.php?id=250 OWASP AppSec Europe 2008 Belgium Organized by OWASP - 20 May-23 May 2008 http://www.net-security.org/conference.php?id=248 EUSecWest 2008 Organized by dragostech.com inc. - 21 May-21 May 2008 http://www.net-security.org/conference.php?id=254 Hacker Halted USA 2008 Organized by EC-Council - 28 May-4 June 2008 http://www.net-security.org/conference.php?id=244 Shakacon 2008 Organized by Shakacon - 9 June-13 June 2008 http://www.net-security.org/conference.php?id=252 Recon 2008 Organized by recon - 13 June-15 June 2008 http://www.net-security.org/conference.php?id=253 SyScan 2008 Organized by SyScan - 3 July-4 July 2008 http://www.net-security.org/conference.php?id=251 Second International Symposium on Human Aspects of Information Security & Assurance Organized by Information Security & Network Research Group, University of Plymouth - 8 July-10 July 2008 http://www.net-security.org/conference.php?id=238 ---------------------------------------------------------------- [ Security World ] All security world articles are located at: http://www.net-security.org/secworld_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- Free tool for P2P-related file discovery http://www.net-security.org/secworld.php?id=6065 Majority of users leave their wireless networks exposed http://www.net-security.org/secworld.php?id=6064 Info on Gartner's IT Security Summit 2008 http://www.net-security.org/secworld.php?id=6063 User authentication SDK for e-commerce portals http://www.net-security.org/secworld.php?id=6062 Nigerian scam goes 2.0 - targets LinkedIn and other social networking sites http://www.net-security.org/secworld.php?id=6061 Latest Microsoft Security Intelligence Report http://www.net-security.org/secworld.php?id=6060 World's first security mini-computer inside computer http://www.net-security.org/secworld.php?id=6059 Free SysInspector for free in-depth computer diagnostics http://www.net-security.org/secworld.php?id=6058 New IBM security services for mid-sized businesses http://www.net-security.org/secworld.php?id=6057 Latest spam statistics http://www.net-security.org/secworld.php?id=6056 Hacked sites pose greatest risk to IT security http://www.net-security.org/secworld.php?id=6055 VPN Analyzer helps with understanding and exploring VPN policies http://www.net-security.org/secworld.php?id=6054 Two supplements to the PCI Data Security Standard http://www.net-security.org/secworld.php?id=6053 Free Mac data loss prevention tool kit http://www.net-security.org/secworld.php?id=6052 First security mini-computer inside a computer http://www.net-security.org/secworld.php?id=6051 World's fastest network security suite from McAfee http://www.net-security.org/secworld.php?id=6050 Enterprise encryption trends in the UK http://www.net-security.org/secworld.php?id=6049 Worries over corporate reputation make infosec top priority http://www.net-security.org/secworld.php?id=6048 Safe business collaboration in a Web 2.0 world http://www.net-security.org/secworld.php?id=6047 Subscription based security service for testing outsourced code development http://www.net-security.org/secworld.php?id=6046 AdmitOne Security Unveils AdmitOne Authentication Suite http://www.net-security.org/secworld.php?id=6045 Virtualization security solution with an application-aware firewall http://www.net-security.org/secworld.php?id=6044 New SourceFire 3D System with role-based dashboard and better automation http://www.net-security.org/secworld.php?id=6043 Frank Abagnale designs world's most secure check http://www.net-security.org/secworld.php?id=6042 Rock Phish attack evolution http://www.net-security.org/secworld.php?id=6041 Full disk encryption technology for laptops http://www.net-security.org/secworld.php?id=6040 EMC products earn Common Criteria certification http://www.net-security.org/secworld.php?id=6039 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- A chunk of Olympic themed targeted trojans http://www.net-security.org/virus_news.php?id=935 U.S. now hosts more malware than any other country http://www.net-security.org/virus_news.php?id=934 PrivacyWatcher - a new rogue anti malware tool http://www.net-security.org/virus_news.php?id=933 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php _______________________________________________ Archive: http://www.net-security.org/newsletter_archive.php Unsubscribe: http://helpnetsecurity.com/mailman/listinfo/news_helpnetsecurity.com