HNS Newsletter
Issue 432 - 18.08.2008
http://www.net-security.org

==================================================================
QualysGuard - On Demand Vulnerability Management Free Trial
==================================================================
The easiest way to manage vulnerabilities and achieve compliance.
The QualysGuard 14-Day Free Trial gives you:
- Thousand of vulnerability checks, verified fixes and reports
- Free technical workshops, online training and technical support.

Click here to start your trial:

http://www.net-security.org/v/qualys
=========================================================

Table of contents:

1) Security news
2) Advisories
3) Articles
4) Software
5) Conferences
6) Security World
7) Virus News


[ Security news ]


----------------------------------------------------------------

A LOOK INSIDE THE DEFCON NETWORK OPERATIONS CENTER
Over 9,000 hackers, freaks, feds and geeks are gathered in Las Vegas
for Defcon, the world's largest computer security convention. The
temporary wireless network that serves the Defcon attendees is the
most hostile on the planet.
http://www.net-security.org/news.php?id=16050


THE DEFCON 16 MYSTERY CHALLENGE
Hackers like nothing more than solving complex problems. One of the
most difficult contests at DefCon, is known as the Mystery Challenge.
http://www.net-security.org/news.php?id=16051


SURF JACKING: HTTPS WILL NOT SAVE YOU
In this paper we will describe a security issue that affects major
web sites and their customers. Attackers exploiting this
vulnerability are able to hijack an HTTP session even when the victim
and the attackerâ™s connection is encrypted using SSL or TLS.
http://www.net-security.org/news.php?id=16052


WHITEPAPER - BACKUP AND RECOVERY BEST PRACTICES FOR MICROSOFT SQL
SERVER 2005
To help you choose from among the available configuration options and
backup and recovery procedures, HP has conducted extensive laboratory
tests to determine best practices.
http://www.net-security.org/news.php?id=16053


LET YOUR THEME SONG BE YOUR PASSWORD
Cliche demands that every romantic couple has its own song. A new
proposal from security researchers could see that same song be the
couple's password too.
http://www.net-security.org/news.php?id=16054


BLENDED THREATS INCREASE AS MALICIOUS CONTENT GROWS MORE ENTERPRISING
Secure Computing published the companyâ™s Q2 Internet Threat Report
containing data and analysis from the Secure Computing research team.
Among other findings, the report shows that while spam volume and new
zombies have decreased in the past quarter, enterprises and home
users are increasingly being attacked through malicious Web content
and blended security attacks.
http://www.net-security.org/news.php?id=16055


Q&A: VIEWS ON PRIVACY AND IDENTITY THEFT
Jonathan Moneymaker is VP of Operations at Anonymizer. In this
interview he tackles headaches related to privacy and identity theft.
http://www.net-security.org/news.php?id=16056


USING FREE SOFTWARE FOR HTTP LOAD TESTING
A good way to see how your Web applications and server will behave
under high load is by testing them with a simulated load. We tested
several free software tools that do such testing to see which work
best for what kinds of sites.
http://www.net-security.org/news.php?id=16057


MOZILLA: SECURITY A SIGNIFICANT FOCUS
Mozilla is moving forward on a number of initiatives to ensure that
Internet security improves. Among the efforts is a new approach for
determining and measuring security metrics.
http://www.net-security.org/news.php?id=16058


WEB FIRMS ACKNOWLEDGE TRACKING BEHAVIOR WITHOUT CONSENT
In response to a bipartisan House inquiry, Google says it uses
technology to more precisely follow Web surfing across affiliated
sites.
http://www.net-security.org/news.php?id=16059


AIR FORCE SUSPENDS CYBER COMMAND PROGRAM
The Air Force on Monday suspended all efforts related to development
of a program to become the dominant service in cyberspace, according
to knowledgeable sources.
http://www.net-security.org/news.php?id=16061


HOW B2B GATEWAYS AFFECT CORPORATE INFORMATION SECURITY
B2B gateways were introduced in 2003, marking the first time IT
professionals could deploy best-of-breed managed file transfer tools
without sacrificing their larger investment in enterprise business
applications. Today, that value proposition has an added advantage:
gateways have become building blocks for a secure information
strategy.
http://www.net-security.org/news.php?id=16060


REPORT REVEALS WHICH PIRACY GROUPS POSE SIGNIFICANT THREAT
V.i. Labs issued a report revealing that piracy groups are fully
exploiting security gaps in the common licensing mechanisms used in
electronic design automation (EDA), computer-aided design (CAD), and
product lifecycle management (PLM) software to produce counterfeit
versions of these high-priced applications.
http://www.net-security.org/news.php?id=16062


PRIVACY WORRY OVER LOCATION DATA
Privacy advocates are warning of the dangers of rushing headlong into
using location based services.
http://www.net-security.org/news.php?id=16063


VIDEO - DTRACE: THE REVERSE ENGINEER'S UNEXPECTED SWISS ARMY KNIFE
David Weston is a security engineer at Science Applications
International Corporation. In this video, made at Black Hat Europe,
David illustrates his research related to DTrace. Created by SUN and
originally intended for performance monitoring, DTrace is one of the
most exciting additions to OS X Leopard and is being ported to Linux
and BSD. It offers an unprecedented view of both user and kernel
space, which has many interesting implications for security
researchers.
http://www.net-security.org/news.php?id=16064

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Gentoo Linux Security Advisory - Postfix: Local privilege escalation
vulnerability (GLSA 200808-12)
http://www.net-security.org/advisory.php?id=9193


Cisco Security Advisory - Vulnerability in Cisco WebEx Meeting
Manager ActiveX Control (cisco-sa-20080814-webex)
http://www.net-security.org/advisory.php?id=9192


SUSE Security Announcement -  openwsman (SUSE-SA:2008:041)
http://www.net-security.org/advisory.php?id=9191


SUSE Security Announcement - postfix (SUSE-SA:2008:040)
http://www.net-security.org/advisory.php?id=9190


Mandriva Linux Security Update Advisory - cups (MDVSA-2008:170)
http://www.net-security.org/advisory.php?id=9189


Mandriva Linux Security Update Advisory - hplip (MDVSA-2008:169)
http://www.net-security.org/advisory.php?id=9188


Mandriva Linux Security Update Advisory - stunnel (MDVSA-2008:168)
http://www.net-security.org/advisory.php?id=9187


Mandriva Linux Security Update Advisory - kernel (MDVSA-2008:167)
http://www.net-security.org/advisory.php?id=9186


US-CERT Technical Cyber Security Alert - Microsoft Updates for
Multiple Vulnerabilities (TA08-225A)
http://www.net-security.org/advisory.php?id=9185


Mandriva Linux Security Update Advisory - perl vulnerability
(MDVSA-2008:165)
http://www.net-security.org/advisory.php?id=9184


Gentoo Linux Security Advisory - UUDeview: Insecure temporary file
creation (GLSA 200808-11)
http://www.net-security.org/advisory.php?id=9183


Debian Security Advisory - pdns-recursor (DSA-1628-1)
http://www.net-security.org/advisory.php?id=9182


Gentoo Linux Security Advisory - Adobe Reader: User-assisted
execution of arbitrary code (GLSA 200808-10)
http://www.net-security.org/advisory.php?id=9181

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

DTRACE: THE REVERSE ENGINEER'S UNEXPECTED SWISS ARMY KNIFE
David Weston is a security engineer at Science Applications
International Corporation. In this video, made at Black Hat Europe,
David illustrates his research related to DTrace. Created by SUN and
originally intended for performance monitoring, DTrace is one of the
most exciting additions to OS X Leopard and is being ported to Linux
and BSD.
http://www.net-security.org/article.php?id=1167


HOW B2B GATEWAYS AFFECT CORPORATE INFORMATION SECURITY
B2B gateways were introduced in 2003, marking the first time IT
professionals could deploy best-of-breed managed file transfer tools
without sacrificing their larger investment in enterprise business
applications. Today, that value proposition has an added advantage:
gateways have become building blocks for a secure information
strategy.
http://www.net-security.org/article.php?id=1166


Q&A: VIEWS ON PRIVACY AND IDENTITY THEFT
Jonathan Moneymaker is VP of Operations at Anonymizer. In this
interview he tackles headaches related to privacy and identity theft.
http://www.net-security.org/article.php?id=1165


SURF JACKING: HTTPS WILL NOT SAVE YOU
In this paper we will describe a security issue that affects major
web sites and their customers. Attackers exploiting this
vulnerability are able to hijack an HTTP session even when the victim
and the attackerâ™s connection is encrypted using SSL or TLS.
http://www.net-security.org/article.php?id=1164

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

AVG ANTI-VIRUS FREE EDITION 8.138.1332 (Windows)
AVG Anti-Virus Free Edition is an anti-virus scanner that offers
Resident Protection, e-mail Scanner, On-Demand Scanner, and Virus
Vault for safe handling of infected files and automatic updates. 
http://www.net-security.org/software.php?id=709


DATA GUARDIAN 1.4.9 (Windows)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more. 
http://www.net-security.org/software.php?id=663


DATA GUARDIAN 1.4.9 (Mac OS X)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more.
http://www.net-security.org/software.php?id=662


DRIVE ENCRYPTION  3.511 (Windows)
DriveEncryption helps you encrypt the disk drives which are using FAT
or NTFS File Systems.
http://www.net-security.org/software.php?id=725


PASSWORD MANAGER XP 2.3.441 (Windows)
Password Manager XP is a program that will help you systematize
secret information.
http://www.net-security.org/software.php?id=70


SPYBOT - SEARCH & DESTROY 1.6 (Windows)
Spybot - Search & Destroy can detect and remove spyware of different
kinds from your computer.
http://www.net-security.org/software.php?id=556

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Forrester Research Security Forum 2008
Organized by Forrester - 4 September-5 September 2008
http://www.net-security.org/conference.php?id=264


NETWAYS Nagios Conference 2008
Organized by Netways - 11 September-12 September 2008
http://www.net-security.org/conference.php?id=263


IT Security World 2008 Conference & Expo
Organized by MIS Training Institute - 13 September-18 September 2008
http://www.net-security.org/conference.php?id=258


VB2008
Organized by Virus Bulletin - 1 October-3 October 2008
http://www.net-security.org/conference.php?id=256


I Digital Security Forum
Organized by FSD - 7 November-8 November 2008
http://www.net-security.org/conference.php?id=255


RUXCON 2008
Organized by RUXCON - 29 November-30 November 2008
http://www.net-security.org/conference.php?id=265


The Fourth International Conference on Availability, Reliability and
Security (ARES 2009)
Organized by Vienna University of Technology / Secure Business
Austria - 16 March-19 March 2009
http://www.net-security.org/conference.php?id=260

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

McAfee completes acquisition of Reconnex
http://www.net-security.org/secworld.php?id=6425


Microsoft releases .NET Framework 3.5 SP1
http://www.net-security.org/secworld.php?id=6424


Howard Schmidt becomes the first president of the Information
Security Forum
http://www.net-security.org/secworld.php?id=6423


Secure file transfers for IBM z/OS mainframes
http://www.net-security.org/secworld.php?id=6422


Dutch police dismantles Shadow botnet
http://www.net-security.org/secworld.php?id=6421


New generation of mobile biometric ID device
http://www.net-security.org/secworld.php?id=6420


Report reveals which piracy groups pose significant threat
http://www.net-security.org/secworld.php?id=6419


All optical 100 Gbps cross connect for test lab automation
http://www.net-security.org/secworld.php?id=6418


Phone-based service fights threats to corporate networks
http://www.net-security.org/secworld.php?id=6417


Microsoft releases 11 security bulletins
http://www.net-security.org/secworld.php?id=6416


Lockheed Martin develops early warning for maritime security
http://www.net-security.org/secworld.php?id=6415


The impact of identity theft in California
http://www.net-security.org/secworld.php?id=6414


Mobile phone with fingerprint biometrics
http://www.net-security.org/secworld.php?id=6413


Wireless and wired devices in hazardous environments
http://www.net-security.org/secworld.php?id=6412


High-end cameras for professional security and surveillance
http://www.net-security.org/secworld.php?id=6411


Blended threats increase as malicious content grows more enterprising
http://www.net-security.org/secworld.php?id=6410


New book: "No Root for You"
http://www.net-security.org/secworld.php?id=6409


Video: Surf Jacking Gmail demonstration
http://www.net-security.org/secworld.php?id=6408


Configuration auditing packages for retail and PCI
http://www.net-security.org/secworld.php?id=6407

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Fake MSNBC news used in the latest spam and malware combo campaign
http://www.net-security.org/virus_news.php?id=975


Ten million zombies distribute spam and malware daily
http://www.net-security.org/virus_news.php?id=974

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php