HNS Newsletter
Issue 430 - 04.08.2008
http://www.net-security.org

==================================================================
QualysGuard - On Demand Vulnerability Management Free Trial
==================================================================
The easiest way to manage vulnerabilities and achieve compliance.
The QualysGuard 14-Day Free Trial gives you:
- Thousand of vulnerability checks, verified fixes and reports
- Free technical workshops, online training and technical support.

Click here to start your trial:

http://www.net-security.org/v/qualys
=================================================================


Table of contents:

1) Security news
2) Advisories
3) Articles
4) Software
5) Conferences
6) Security World
7) Virus News


[ Security news ]


----------------------------------------------------------------

Q&A: SSL VPN SECURITY
Max Huang is the founder and Executive Vice President of O2Micro and
President for O2Security, a subsidiary company of O2Micro. In this
interview he discusses the importance of SSL VPNs in the overall
security architecture, the difference between IPSec and SSL VPNs as
well as the future of SSL VPNs.
http://www.net-security.org/news.php?id=16028


CYBER THREATS ACCELERATE AND BROWSER VULNERABILITIES PROLIFERATE
IBM released results from its X-Force 2008 Midyear Trend Statistics
report that indicates cyber-criminals are adopting new automation
techniques and strategies that allow them to exploit vulnerabilities
much faster than ever before. The new tools are being implemented on
the Internet by organized criminal elements, and at the same time
public exploit code published by researchers are putting more
systems, databases and ultimately, people at risk of compromise.
http://www.net-security.org/news.php?id=16029


TRADITIONAL VS. NON-TRADITIONAL DATABASE AUDITING
Traditional native audit tools and methods are useful for diagnosing
problems at a given point in time, but they typically do not scale
across the enterprise. The auditing holes that are left in their wake
leave us blind to critical activities being performed within the
systems that contain our most coveted trade secrets, customer lists,
intellectual property, and more.
http://www.net-security.org/news.php?id=16030


SKYPE WON'T SAY IF IT DECRYPTS VOIP CALLS
Company may keep keys so authorities can decrypt encrypted VoIP phone
calls.
http://www.net-security.org/news.php?id=16031


DESPITE MANDATE, ONLY 30% OF GOVERNMENT DEVICES ARE ENCRYPTED
A Government Accountability (GAO) report on the status of government
agency efforts to encrypt and protect sensitive information
identified commercially available technology, reviewed laws and
policies on sensitive information, and examined 24 federal agencies.
The report recommends that Office of Management and Budget (OMB)
policies be clarified and that selected agencies strengthen their
efforts.
http://www.net-security.org/news.php?id=16032


THOUSANDS OF UK PASSPORTS STOLEN
Anyone in search of a new identity in the coming years might find it
easiest to opt for becoming British.
http://www.net-security.org/news.php?id=16033


GOOGLE ACCUSED ON PRIVACY VIEWS 
Google has been accused of "hypocrisy" over its stance on personal
privacy.
http://www.net-security.org/news.php?id=16034


TRAVELERS' LAPTOPS MAY BE DETAINED AT BORDER
Federal agents may take a traveler's laptop or other electronic
device to an off-site location for an unspecified period of time
without any suspicion of wrongdoing, as part of border search
policies the Department of Homeland Security recently disclosed.
http://www.net-security.org/news.php?id=16035


89% OF SECURITY INCIDENTS WENT UNREPORTED IN 2007
RSA Conference released the results of its recent survey of security
professionals regarding the critical industry and infrastructure
issues they currently face. The survey identified four specific types
of security threats as major pain-points for the industry in the
coming year.
http://www.net-security.org/news.php?id=16036

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Apple Security Update - Security Update 2008-005
(APPLE-SA-2008-07-31)
http://www.net-security.org/advisory.php?id=9155


Mandriva Linux Security Update Advisory - silc-toolkit
(MDVSA-2008:158)
http://www.net-security.org/advisory.php?id=9154


Debian Security Advisory - libxslt (DSA-1624-1)
http://www.net-security.org/advisory.php?id=9153


Gentoo Linux Security Advisory - Pan: User-assisted execution of
arbitrary code (GLSA 200807-15)
http://www.net-security.org/advisory.php?id=9152


Gentoo Linux Security Advisory - Linux Audit: Buffer overflow (GLSA
200807-14)
http://www.net-security.org/advisory.php?id=9151


Gentoo Linux Security Advisory - VLC: Multiple vulnerabilities (GLSA
200807-13)
http://www.net-security.org/advisory.php?id=9150


Debian Security Advisory - dnsmasq (DSA-1623-1)
http://www.net-security.org/advisory.php?id=9149


Gentoo Linux Security Advisory - Python: Multiple vulnerabilities
(GLSA 200807-16)
http://www.net-security.org/advisory.php?id=9148


Debian Security Advisory - newsx (DSA-1622-1 )
http://www.net-security.org/advisory.php?id=9147


Mandriva Linux Security Update Advisory - licq (MDVSA-2008:159)
http://www.net-security.org/advisory.php?id=9146


Mandriva Linux Security Update Advisory - silc-toolkit
(MDVSA-2008:158)
http://www.net-security.org/advisory.php?id=9145


Mandriva Linux Security Update Advisory - ffmpeg vulnerability
(MDVSA-2008:157)
http://www.net-security.org/advisory.php?id=9144


Cisco Security Advisory - Multiple Cisco Products Vulnerable to DNS
Cache Poisoning Attacks Cache Poisoning Attacks
(cisco-sa-20080708-dns)
http://www.net-security.org/advisory.php?id=9143


SUSE Security Announcement - kernel (USE-SA:2008:038)
http://www.net-security.org/advisory.php?id=9142


Mandriva Linux Security Update Advisory - libpng (MDVSA-2008:156)
http://www.net-security.org/advisory.php?id=9141


Ubuntu Security Notice - firefox-3.0, xulrunner-1.9 vulnerabilities
(USN-626-1)
http://www.net-security.org/advisory.php?id=9140


Ubuntu Security Notice - poppler vulnerability (USN-631-1)
http://www.net-security.org/advisory.php?id=9139


Ubuntu Security Notice - ffmpeg vulnerability ( USN-630-1 )
http://www.net-security.org/advisory.php?id=9138


Slackware Security Advisory - fetchmail (SSA:2008-210-01)
http://www.net-security.org/advisory.php?id=9137


Slackware Security Advisory - libxslt (SSA:2008-210-03)
http://www.net-security.org/advisory.php?id=9136


Slackware Security Advisory - httpd (SSA:2008-210-02)
http://www.net-security.org/advisory.php?id=9135


Slackware Security Advisory - links (SSA:2008-210-04)
http://www.net-security.org/advisory.php?id=9134


Slackware Security Advisory - mozilla-thunderbird (SSA:2008-210-05)
http://www.net-security.org/advisory.php?id=9133


Slackware Security Advisory - mtr (SSA:2008-210-06)
http://www.net-security.org/advisory.php?id=9132


Slackware Security Advisory - net-snmp (SSA:2008-210-07)
http://www.net-security.org/advisory.php?id=9131


Slackware Security Advisory - openssl (SSA:2008-210-08)
http://www.net-security.org/advisory.php?id=9130


Slackware Security Advisory - pcre (SSA:2008-210-09)
http://www.net-security.org/advisory.php?id=9129


Slackware Security Advisory - vim (SSA:2008-210-10)
http://www.net-security.org/advisory.php?id=9128


Ubuntu Security Notice - mozilla-thunderbird, thunderbird
vulnerabilities (USN-629-1)
http://www.net-security.org/advisory.php?id=9127


Turbolinux Security Announcement - Multiple vulnerabilities in
thunderbird (24/Jul/2008)
http://www.net-security.org/advisory.php?id=9126


Debian Security Advisory - clamav (DSA-1616-1)
http://www.net-security.org/advisory.php?id=9125


Slackware Security Advisory - dnsmas (SSA:2008-205-0)
http://www.net-security.org/advisory.php?id=9124


Mandriva Linux Security Update Advisory - xemacs (MDVSA-2008:154)
http://www.net-security.org/advisory.php?id=9123


Debian Security Advisory - icedove (DSA-1621-1)
http://www.net-security.org/advisory.php?id=9122


Mandriva Linux Security Update Advisory - mozilla-thunderbird
(MDVSA-2008:155-1)
http://www.net-security.org/advisory.php?id=9121


Debian Security Advisory - python2.5 (DSA-1620-1)
http://www.net-security.org/advisory.php?id=9120


Debian Security Advisory - python-dns (DSA-1619-1  )
http://www.net-security.org/advisory.php?id=9119


Debian Security Advisory - ruby1.9 (DSA-1618-1  )
http://www.net-security.org/advisory.php?id=9118


Debian Security Advisory - clamav (DSA-1616-2  )
http://www.net-security.org/advisory.php?id=9117


Mandriva Linux Security Update Advisory - mozilla-thunderbird
(MDVSA-2008:155)
http://www.net-security.org/advisory.php?id=9116

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

TRADITIONAL VS. NON-TRADITIONAL DATABASE AUDITING
Traditional native audit tools and methods are useful for diagnosing
problems at a given point in time, but they typically do not scale
across the enterprise. The auditing holes that are left in their wake
leave us blind to critical activities being performed within the
systems that contain our most coveted trade secrets, customer lists,
intellectual property, and more. 
http://www.net-security.org/article.php?id=1161


Q&A: SSL VPN SECURITY
Max Huang is the founder and Executive Vice President of O2Micro and
President for O2Security, a subsidiary company of O2Micro. In this
interview he discusses the importance of SSL VPNs in the overall
security architecture, the difference between IPSec and SSL VPNs as
well as the future of SSL VPNs.
http://www.net-security.org/article.php?id=1160

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

BESTCRYPT 8.05.3 (Windows)
BestCrypt data encryption systems bring military strength encryption
to the ordinary computer user without the complexities normally
associated with strong data encryption.
http://www.net-security.org/software.php?id=173


CAIN & ABEL 4.9.19 (Windows)
Cain & Abel is a password recovery tool for Microsoft operating
systems.
http://www.net-security.org/software.php?id=110


FIREHOL 1.273 (Linux)
FireHOL is a Linux iptables firewall generator.
http://www.net-security.org/software.php?id=307


IPCOP 1.4.21 (Linux)
IPCop Firewall is a Linux firewall distribution geared towards home
and SOHO (Small Office/Home Office) users.
http://www.net-security.org/software.php?id=147


NMAP 4.68 (Linux)
Nmap ("Network Mapper") is an open source utility for network
exploration or security auditing.
http://www.net-security.org/software.php?id=1


OUTPOST SECURITY SUITE PRO 2008 6.5.2358.316.0607 (Windows)
A combination of  antivirus, antispyware, firewall and antispam.
http://www.net-security.org/software.php?id=278


PASSWORD MANAGER XP 2.3.439 (Windows)
Password Manager XP is a program that will help you systematize
secret information.
http://www.net-security.org/software.php?id=70


SHOREWALL 4.0.13 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


SPYTECH SPYAGENT 6.30 (Windows)
Spytech SpyAgent is a solution used for computer monitoring and
surveillance needs. 
http://www.net-security.org/software.php?id=694


SPYWARE TERMINATOR 2.3.0.481 (Windows)
Free Spyware Terminator provides effective real-time detection and
removal of spyware and incoming threats.
http://www.net-security.org/software.php?id=681


STRONGSWAN 4.2.5 (Linux)
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4
and 2.6 kernels
http://www.net-security.org/software.php?id=643


WINSCP 4.1.6 (Windows)
WinSCP is an open source SSH file transfer protocol and secure copy
client for Windows using SSH.
http://www.net-security.org/software.php?id=6

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Black Hat USA 2008 Briefings & Training
Organized by Black Hat - 2 August-7 August 2008
http://www.net-security.org/conference.php?id=262


Breakaway 2008
Organized by CompTIA - 5 August-7 August 2008
http://www.net-security.org/conference.php?id=261


Forrester Research Security Forum 2008
Organized by Forrester - 4 September-5 September 2008
http://www.net-security.org/conference.php?id=264


NETWAYS Nagios Conference 2008
Organized by Netways - 11 September-12 September 2008
http://www.net-security.org/conference.php?id=263


IT Security World 2008 Conference & Expo
Organized by MIS Training Institute - 13 September-18 September 2008
http://www.net-security.org/conference.php?id=258


VB2008
Organized by Virus Bulletin - 1 October-3 October 2008
http://www.net-security.org/conference.php?id=256


I Digital Security Forum
Organized by FSD - 7 November-8 November 2008
http://www.net-security.org/conference.php?id=255


RUXCON 2008
Organized by RUXCON - 29 November-30 November 2008
http://www.net-security.org/conference.php?id=265


The Fourth International Conference on Availability, Reliability and
Security (ARES 2009)
Organized by Vienna University of Technology / Secure Business
Austria - 16 March-19 March 2009
http://www.net-security.org/conference.php?id=260

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Apple update patches DNS vulnerability
http://www.net-security.org/secworld.php?id=6381


89% of security incidents went unreported in 2007
http://www.net-security.org/secworld.php?id=6380


Facilities Physical Security Measures Guideline draft
http://www.net-security.org/secworld.php?id=6379


McAfee to acquire data loss prevention expert Reconnex
http://www.net-security.org/secworld.php?id=6378


Pre-release copies of Fyodor's upcoming book "Nmap Network Scanning"
http://www.net-security.org/secworld.php?id=6377


Findings of the E-threats landscape report
http://www.net-security.org/secworld.php?id=6376


Emergency workarounds for Oracle's zero-day vulnerability
http://www.net-security.org/secworld.php?id=6375


SCADA security incidents will become more prevalent
http://www.net-security.org/secworld.php?id=6374


Forensics on the fly with ArcSight Logger 
http://www.net-security.org/secworld.php?id=6373


PhishLock pro-active anti-phishing solution
http://www.net-security.org/secworld.php?id=6372


DeepNines wins patent lawsuit against McAfee
http://www.net-security.org/secworld.php?id=6371


Denial of service vulnerability in Firefox 3
http://www.net-security.org/secworld.php?id=6370


As credit crunch continues, biometrics bucks the trend
http://www.net-security.org/secworld.php?id=6369


"NASA hacker" loses extradition appeal in House of Lords
http://www.net-security.org/secworld.php?id=6368


First automated DNSSEC signing application
http://www.net-security.org/secworld.php?id=6367


Security for road warriors using Windows
http://www.net-security.org/secworld.php?id=6366


Despite mandate, only 30% of government devices are encrypted
http://www.net-security.org/secworld.php?id=6365


StealthWatch System 5.8 for increased network visibility
http://www.net-security.org/secworld.php?id=6364


Cyber threats accelerate and browser vulnerabilities proliferate
http://www.net-security.org/secworld.php?id=6363


First database security solution for virtual environments
http://www.net-security.org/secworld.php?id=6362


Motorola to acquire AirDefense
http://www.net-security.org/secworld.php?id=6361


Enhanced enterprise-class data backup and recovery tools
http://www.net-security.org/secworld.php?id=6360


New modular 3-phase UPS systems
http://www.net-security.org/secworld.php?id=6359


Upcoming Black Hat USA 2008 session: Jinx - Malware 2.0
http://www.net-security.org/secworld.php?id=6358


The changing role of information security in the enterpirse
http://www.net-security.org/secworld.php?id=6357


New approach to defending against WLAN parking lot attacks
http://www.net-security.org/secworld.php?id=6356


Sophos to launch EUR 217 million offer for Utimaco
http://www.net-security.org/secworld.php?id=6355

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

New worm attacking MySpace and Facebook 
http://www.net-security.org/virus_news.php?id=968


Fake JetBlue eTickets come with malware
http://www.net-security.org/virus_news.php?id=967


US is the most prolific source of spam and viruses
http://www.net-security.org/virus_news.php?id=966


FBI vs Facebook
http://www.net-security.org/virus_news.php?id=965

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php