HNS Newsletter
Issue 431 - 11.08.2008
http://www.net-security.org

==================================================================
QualysGuard - On Demand Vulnerability Management Free Trial
==================================================================
The easiest way to manage vulnerabilities and achieve compliance.
The QualysGuard 14-Day Free Trial gives you:
- Thousand of vulnerability checks, verified fixes and reports
- Free technical workshops, online training and technical support.

Click here to start your trial:

http://www.net-security.org/v/qualys
=========================================================

Table of contents:

1) Security news
2) Advisories
3) Articles
4) Software
5) Conferences
6) Security World
7) Virus News


[ Security news ]


----------------------------------------------------------------

DUTCH POLICE ARREST 19-YEAR-OLD ACCUSED OF BOT HERDING
Dutch Police have arrested two brothers suspected of running a botnet
containing up to 100,000 computers.
http://www.net-security.org/news.php?id=16037


VIRTUAL SERVERS NOT ALWAYS SAFE
Some IT administrators are placing systems with multiple connections
in the DMZ.
http://www.net-security.org/news.php?id=16038


MOZILLA SSL POLICY BAD FOR THE WEB
Mozilla Firefox 3 limits usable encrypted (SSL) web sites to those
who are willing to pay money to one of their approved digital
certificate vendors.
http://www.net-security.org/news.php?id=16040


CYBERCRIME AND POLITICS
As citizens of the United States prepare to cast their votes in the
upcoming presidential election, the time is right to consider what
implications, if any, Internet-borne threats may have on this
process. With political candidates increasingly relying on the web to
communicate their positions, assemble supporters and respond to
critics ⓠInternet-based risks are a serious concern as they can be
used to disseminate misinformation, defraud candidates and the public
and invade privacy.
http://www.net-security.org/news.php?id=16039


SOCIAL ENGINEERING ON TWITTER
This week itâ™s Twitterâ™s turn to host an attack - one that is
targeting both Twitter users and the Internet community at large. In
this case it's a malicious Twitter profile twitter.com/[skip]/ with a
name that is Portuguese for â˜pretty rabbit♠which has a photo
advertising a video with girls posted.
http://www.net-security.org/news.php?id=16041


Q&A: E-MAIL SPAM AND SOFTWARE AS A SERVICE (SAAS) SOLUTIONS
David Vella is the Director of Product Management at GFI with
experience in quality assurance, network administration and software
development. In this Q&A he provides insight into e-mail spam and
Software as a Service (SaaS) solutions.
http://www.net-security.org/news.php?id=16042


SPF/DKIM USE ON THE DECLINE AMONG FORTUNE 500S
For those not familiar with Sender Policy Framework (SPF) or Domain
Keys Identified Mail (DKIM), these are two forgery countermeasures
that can be used by anyone looking to protect the integrity of their
outgoing electronic correspondence (email). SPF and DKIM provide a
response to recipient email servers interested in knowing whether a
particular sender was authorized to send email representing the
companyâ™s domain.
http://www.net-security.org/news.php?id=16043


â˜FAKEPROOF♠E-PASSPORT IS CLONED IN MINUTES
New microchipped passports designed to be foolproof against identity
theft can be cloned and manipulated in minutes and accepted as
genuine by the computer software recommended for use at international
airports.
http://www.net-security.org/news.php?id=16044


HOW DOES THE CIA KEEP ITS IT STAFF HONEST?
Be prepared to go through a lot of scrutiny if you want to work in
the Central Intelligence Agency's IT department, says CIO Al
Tarasiuk. And it doesn't stop after you get your top secret
clearance.
http://www.net-security.org/news.php?id=16045


REPORTERS BOOTED FROM BLACK HAT FOR HACKING
Three French reporters attending the Black Hat computer security
conference have been banned for life for sniffing the press room
network.
http://www.net-security.org/news.php?id=16046


COMPANIES HAVE A FALSE SENSE OF CONFIDENCE IN THEIR BACKUP SOLUTIONS
The latest results from the Databarracks annual Backup and Recovery
survey indicate that overall, 91% of companies claim to be confident
in their backup solution. Upon further investigation, 74% of those
who do not use encryption or replication and do not take backups
offsite are confident despite skipping these steps.
http://www.net-security.org/news.php?id=16047


U.S. WARNS OF CHINESE CYBER-SPIES
U.S. intelligence officials issued a strong warning Thursday that
Americans traveling overseas, particularly visitors to the Olympics
in China, face a serious risk of having sensitive information stolen.
http://www.net-security.org/news.php?id=16048


FINGERPRINT TEST TELLS WHAT A PERSON HAS TOUCHED 
With a new analytical technique, a fingerprint can now reveal much
more than the identity of a person. It can now also identify what the
person has been touching: drugs, explosives or poisons, for example.
http://www.net-security.org/news.php?id=16049

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Gentoo Linux Security Advisory - OpenLDAP: Denial of Service
vulnerability (GLSA 200808-09)
http://www.net-security.org/advisory.php?id=9180


Gentoo Linux Security Advisory - stunnel: Security bypass (GLSA
200808-08)
http://www.net-security.org/advisory.php?id=9179


Gentoo Linux Security Advisory - ClamAV: Multiple Denials of Service
(GLSA 200808-07)
http://www.net-security.org/advisory.php?id=9178


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2008:016)
http://www.net-security.org/advisory.php?id=9177


Mandriva Linux Security Update Advisory - initscripts (MDVA-2008:116)
http://www.net-security.org/advisory.php?id=9176


Mandriva Linux Security Update Advisory - python (MDVSA-2008:164)
http://www.net-security.org/advisory.php?id=9175


Mandriva Linux Security Update Advisory - python (MDVSA-2008:163)
http://www.net-security.org/advisory.php?id=9174


Mandriva Linux Security Update Advisory - qemu (MDVSA-2008:162)
http://www.net-security.org/advisory.php?id=9173


Mandriva Linux Security Update Advisory - rxvt (MDVSA-2008:161)
http://www.net-security.org/advisory.php?id=9172


Gentoo Linux Security Advisory - libxslt: Execution of arbitrary code
(GLSA 200808-06)
http://www.net-security.org/advisory.php?id=9171


Gentoo Linux Security Advisory - ISC DHCP: Denial of Service (GLSA
200808-05)
http://www.net-security.org/advisory.php?id=9170


Gentoo Linux Security Advisory - Wireshark: Denial of Service ( GLSA
200808-04)
http://www.net-security.org/advisory.php?id=9169


Gentoo Linux Security Advisory - Mozilla products: Multiple
vulnerabilities (GLSA 200808-03)
http://www.net-security.org/advisory.php?id=9168


Gentoo Linux Security Advisory - Net-SNMP: Multiple vulnerabilities
(GLSA 200808-02)
http://www.net-security.org/advisory.php?id=9167


Gentoo Linux Security Advisory - xine-lib: User-assisted execution of
arbitrary code (GLSA 200808-01)
http://www.net-security.org/advisory.php?id=9166


Slackware Security Advisory - pan (SSA:2008-217-02)
http://www.net-security.org/advisory.php?id=9165


Slackware Security Advisory - python (SSA:2008-217-01)
http://www.net-security.org/advisory.php?id=9164


Ubuntu Security Notice - devhelp, epiphany-browser, midbrowser, yelp
update (USN-626-2)
http://www.net-security.org/advisory.php?id=9163


Mandriva Linux Security Update Advisory - libxslt (MDVSA-2008:160)
http://www.net-security.org/advisory.php?id=9162


Ubuntu Security Notice - openldap2.2, openldap2.3 vulnerability
(USN-634-1)
http://www.net-security.org/advisory.php?id=9161


Ubuntu Security Notice - libxslt vulnerabilities (USN-633-1)
http://www.net-security.org/advisory.php?id=9160


Ubuntu Security Notice - python2.4, python2.5 vulnerabilities
(USN-632-1)
http://www.net-security.org/advisory.php?id=9159


SUSE Security Announcement - net-snmp (SUSE-SA:2008:039)
http://www.net-security.org/advisory.php?id=9158


Debian Security Advisory - httrack (DSA-1626-1 )
http://www.net-security.org/advisory.php?id=9157


Debian Security Advisory - cupsys (DSA-1625-1 )
http://www.net-security.org/advisory.php?id=9156

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

Q&A: E-MAIL SPAM AND SOFTWARE AS A SERVICE (SAAS) SOLUTIONS
David Vella is the Director of Product Management at GFI with
experience in quality assurance, network administration and software
development. In this Q&A he provides insight into e-mail spam and
Software as a Service (SaaS) solutions.
http://www.net-security.org/article.php?id=1163


CYBERCRIME AND POLITICS
As citizens of the United States prepare to cast their votes in the
upcoming presidential election, the time is right to consider what
implications, if any, Internet-borne threats may have on this
process. With political candidates increasingly relying on the web to
communicate their positions, assemble supporters and respond to
critics ⓠInternet-based risks are a serious concern as they can be
used to disseminate misinformation, defraud candidates and the public
and invade privacy.
http://www.net-security.org/article.php?id=1162

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

BESTCRYPT 8.05.4 (Windows)
BestCrypt data encryption systems bring military strength encryption
to the ordinary computer user without the complexities normally
associated with strong data encryption.
http://www.net-security.org/software.php?id=173


CRYPTOEXPERT 2008 PROFESSIONAL 7.6.4 (Windows)
CryptoExpert creates encrypted virtual disks and these disks are
visible as usual disks with drive letters.
http://www.net-security.org/software.php?id=305


DATA GUARDIAN 1.4.6 (Windows)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more. 
http://www.net-security.org/software.php?id=663


DATA GUARDIAN 1.4.6 (Mac OS X)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more.
http://www.net-security.org/software.php?id=662


DRIVE ENCRYPTION  3.510 (Windows)
DriveEncryption helps you encrypt the disk drives which are using FAT
or NTFS File Systems.
http://www.net-security.org/software.php?id=725


PASSWORD MANAGER XP 2.3.440 (Windows)
Password Manager XP is a program that will help you systematize
secret information.
http://www.net-security.org/software.php?id=70


PHRASE PASSWORD GENERATOR 1.4 (Windows)
Phrase password generator utility will help you generate your phrase
and convert it to unique and secure password. 
http://www.net-security.org/software.php?id=717


SAMHAIN 2.4.5 (Linux)
Samhain is an open source file integrity and host-based intrusion
detection system.
http://www.net-security.org/software.php?id=125


SPYWARE TERMINATOR 2.3.0.487 (Windows)
Free Spyware Terminator provides effective real-time detection and
removal of spyware and incoming threats.
http://www.net-security.org/software.php?id=681


TOR, PRIVOXY AND VIDALIA BUNDLE 0.2.0.30 (Windows)
An anonymous Internet communication system.
http://www.net-security.org/software.php?id=253


VISUALROUTE 2008 12.0h (Windows)
VisualRoute delivers the functionality of key Internet "ping,"
"whois," and "traceroute" tools, in a high-speed visually integrated
package.
http://www.net-security.org/software.php?id=2

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Forrester Research Security Forum 2008
Organized by Forrester - 4 September-5 September 2008
http://www.net-security.org/conference.php?id=264


NETWAYS Nagios Conference 2008
Organized by Netways - 11 September-12 September 2008
http://www.net-security.org/conference.php?id=263


IT Security World 2008 Conference & Expo
Organized by MIS Training Institute - 13 September-18 September 2008
http://www.net-security.org/conference.php?id=258


VB2008
Organized by Virus Bulletin - 1 October-3 October 2008
http://www.net-security.org/conference.php?id=256


I Digital Security Forum
Organized by FSD - 7 November-8 November 2008
http://www.net-security.org/conference.php?id=255


RUXCON 2008
Organized by RUXCON - 29 November-30 November 2008
http://www.net-security.org/conference.php?id=265


The Fourth International Conference on Availability, Reliability and
Security (ARES 2009)
Organized by Vienna University of Technology / Secure Business
Austria - 16 March-19 March 2009
http://www.net-security.org/conference.php?id=260

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Companies have a false sense of confidence in their backup solutions
http://www.net-security.org/secworld.php?id=6406


Spam stats for July: origins, categories and percentage
http://www.net-security.org/secworld.php?id=6405


SPF/DKIM use on the decline among Fortune 500s
http://www.net-security.org/secworld.php?id=6404


Application whitelisting solution for Point-of-Sale
http://www.net-security.org/secworld.php?id=6403


Secure video and audio for enhanced protection
http://www.net-security.org/secworld.php?id=6402


Back to school tips to protect your identity 
http://www.net-security.org/secworld.php?id=6401


Laptop with Trusted Traveler Identities was never stolen
http://www.net-security.org/secworld.php?id=6400


Phishing email targets Microsoft POP3 user data 
http://www.net-security.org/secworld.php?id=6399


Spammers♠bullseye: Obama, McCain and the Olympic Games 
http://www.net-security.org/secworld.php?id=6398


July web security, spam, viruses and phishing highlights
http://www.net-security.org/secworld.php?id=6397


Updated Linux based system lock-down and security management solution
http://www.net-security.org/secworld.php?id=6396


Citrix Ready biometrics
http://www.net-security.org/secworld.php?id=6395


A new approach to wireless hacking - warcarting
http://www.net-security.org/secworld.php?id=6394


Four years jail for a voyeur webcam hacker
http://www.net-security.org/secworld.php?id=6393


New from Kaspersky: Internet Security and Anti-Virus 2009 versions
http://www.net-security.org/secworld.php?id=6389


July 2008 malware and spam geographical and vertical trends
http://www.net-security.org/secworld.php?id=6392


Strong demand for fingerprint-enabled Symbian phones
http://www.net-security.org/secworld.php?id=6391


Software techniques to prevent cold boot attacks on encryption keys
http://www.net-security.org/secworld.php?id=6390


Consumer Reports rates security suites
http://www.net-security.org/secworld.php?id=6388


U.S. consumers lost nearly $8.5 billion to online threats
http://www.net-security.org/secworld.php?id=6387


Standards-based access control solution
http://www.net-security.org/secworld.php?id=6386


Automate the exchange of product design data in the enterprise
http://www.net-security.org/secworld.php?id=6385


Automated backup/synchronization software
http://www.net-security.org/secworld.php?id=6384


Safeguard inventory and sensitive assets
http://www.net-security.org/secworld.php?id=6383


Signature-less real time protection against malware
http://www.net-security.org/secworld.php?id=6382

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Malware week in review: social networking and hot chick video worms
http://www.net-security.org/virus_news.php?id=973


CNN news spam with fake Flash update malware
http://www.net-security.org/virus_news.php?id=972


New facebook malware attack uses false video in wall posts
http://www.net-security.org/virus_news.php?id=971


Password stealing trojan on the loose
http://www.net-security.org/virus_news.php?id=970


Detailed malware report for July 2008
http://www.net-security.org/virus_news.php?id=969

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php