HNS Newsletter
Issue 447 - 01.12.2008
http://www.net-security.org

------------------------------------------------
(IN)SECURE Magazine Issue 19 has just been released. 
Download it from: http://www.insecuremag.com

Some of the topics covered in this issue include:

- The future of AV: looking for the good while stopping the bad
- Eight holes in Windows login controls
- Extended validation and online security: EV SSL gets the green 
light
- Web filtering in a Web 2.0 world
- How to build a security strategy to grow your career, success and 
results
- Three undocumented layers of the OSI model and their impact on 
security

------------------------------------------------


Table of contents:

1) Security news
2) Advisories
3) Articles
4) Software
5) Conferences
6) Security World


[ Security news ]


----------------------------------------------------------------

WHITEPAPER - SIMPLIFYING NETWORK SECURITY WITH A SINGLE SOURCE
PROVIDER
Learn the important questions to ask when evaluating a managed
security service provider.
http://www.net-security.org/news.php?id=16208


ANOTHER LAYER OF SECURITY FOR PAYPAL ACCOUNTS
PayPal announced a new way for members to add even more security to
their PayPal accounts using their mobile phones. Customers can now
choose to receive a unique six-digit security code via text message
to their mobile phones prior to logging in to their accounts.
http://www.net-security.org/news.php?id=16209


SAFE COMPUTING DURING THE HOLIDAY SEASON
When consumers go online this time of year, they face the risk of
running up against a range of cyber threats – threats that increase
in number exponentially on a daily basis. This article includes a
list of basic tips for safe computing.
http://www.net-security.org/news.php?id=16210


GMAIL SECURITY AND RECENT PHISHING ACTIVITY
Google has seen some speculation recently about a purported security
vulnerability in Gmail and the theft of several website owners'
domains by unauthorized third parties.
http://www.net-security.org/news.php?id=16211


INFORMATION SECURITY AWARENESS IN FINANCIAL ORGANIZATIONS
The The European Network and Information Security Agency (ENISA)
released a new report on how to counter information security risks
with a change in the financial sector staff awareness.
http://www.net-security.org/news.php?id=16212

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Debian Security Advisory - phpmyadmin (DSA-1675-1)
http://www.net-security.org/advisory.php?id=9484


Debian Security Advisory - jailer (DSA-1674-1)
http://www.net-security.org/advisory.php?id=9483


Debian Security Advisory - wireshark (DSA-1673-1)
http://www.net-security.org/advisory.php?id=9482


Slackware Security Advisory - ruby (SSA:2008-334-01)
http://www.net-security.org/advisory.php?id=9481


Debian Security Advisory - imlib2 (DSA-1672-1)
http://www.net-security.org/advisory.php?id=9480


Slackware Security Advisory - samba (SSA:2008-333-01)
http://www.net-security.org/advisory.php?id=9479


Ubuntu Security Notice - linux, linux-source-2.6.15/22
vulnerabilities (USN-679-1)
http://www.net-security.org/advisory.php?id=9478


Ubuntu Security Notice - samba vulnerability (USN-680-1)
http://www.net-security.org/advisory.php?id=9477


SUSE Security Announcement - MozillaFirefox, MozillaThunderbird,
seamonkey
http://www.net-security.org/advisory.php?id=9476


SUSE Security Announcement - MozillaFirefox, MozillaThunderbird,
seamonkey
http://www.net-security.org/advisory.php?id=9475


Turbolinux Security Announcement - Multiple vulnerabilities in
thunderbird
http://www.net-security.org/advisory.php?id=9474


Ubuntu Security Notice - mozilla-thunderbird, thunderbird
vulnerabilities (USN-668-1)
http://www.net-security.org/advisory.php?id=9473


Ubuntu Security Notice - gnutls12, gnutls13, gnutls26 vulnerability
(USN-678-1)
http://www.net-security.org/advisory.php?id=9472


SUSE Security Announcement - yast2-backup (SUSE-SA:2008:054)
http://www.net-security.org/advisory.php?id=9471


SUSE Security Announcement -  SUSE Security Summary Report
(SUSE-SR:2008:026)
http://www.net-security.org/advisory.php?id=9470


Ubuntu Security Notice - openoffice.org, openoffice.org-amd64
vulnerabilities (USN-675-1)
http://www.net-security.org/advisory.php?id=9469


Debian Security Advisory - iceweasel (DSA-1671-1)
http://www.net-security.org/advisory.php?id=9468


Debian Security Advisory - enscript (DSA-1670-)
http://www.net-security.org/advisory.php?id=9467


FreeBSD Security Advisory - arc4random(9) predictable sequence
vulnerability (FreeBSD-SA-08.11.arc4random )
http://www.net-security.org/advisory.php?id=9466


Ubuntu Security Notice - pidgin vulnerabilities (USN-675-1)
http://www.net-security.org/advisory.php?id=9465


Ubuntu Security Notice - webkit vulnerability (USN-676-1)
http://www.net-security.org/advisory.php?id=9464


Ubuntu Security Notice - hplip vulnerabilities (USN-674-2 )
http://www.net-security.org/advisory.php?id=9463


Ubuntu Security Notice - gaim vulnerability (USN-675-2)
http://www.net-security.org/advisory.php?id=9462


Debian Security Advisory - xulrunner (DSA-1669-1)
http://www.net-security.org/advisory.php?id=9461

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

SAFE COMPUTING DURING THE HOLIDAY SEASON
When consumers go online this time of year, they face the risk of
running up against a range of cyber threats – threats that increase
in number exponentially on a daily basis. This article includes a
list of basic tips for safe computing.
http://www.net-security.org/article.php?id=1190

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

BOTAN 1.7.23 (Linux)
Botan aims to be a portable, easy to use, and efficient C++ crypto
library.
http://www.net-security.org/software.php?id=94


CAIN & ABEL 4.9.24 (Windows)
Cain & Abel is a password recovery tool for Microsoft operating
systems.
http://www.net-security.org/software.php?id=110


DATA GUARDIAN 1.5.8 (Windows)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more. 
http://www.net-security.org/software.php?id=663


DATA GUARDIAN 1.5.8 (Mac OS X)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more.
http://www.net-security.org/software.php?id=662


FIREWALL BUILDER 3.0.2 (Linux)
Firewall Builder consists of an object-oriented GUI and a set of
policy compilers for various firewall platforms.
http://www.net-security.org/software.php?id=230


FWKNOP 1.9.9 (Linux)
fwknop implements an authorization scheme called Single Packet
Authorization that requires only a single encrypted packet to
communicate various pieces of information.
http://www.net-security.org/software.php?id=695


NUFW 2.2.19 (Linux)
NuFW is an "authenticating gateway". This means it requires
authentication for any connections to be forwarded through the
gateway.
http://www.net-security.org/software.php?id=526


SNORT ALERT MONITOR 0.4.1 (Linux)
SAM is a real-time Snort alert monitor.
http://www.net-security.org/software.php?id=248

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

ClubHack2008
Organized by ClubHack2008 - 6 December-7 December 2008
http://www.net-security.org/conference.php?id=279


Southern California Linux Expo (SCALE 7x)
Organized by SCALE - 20 February-22 February 2009
http://www.net-security.org/conference.php?id=283


InfoSec World 2009 Conference & Expo
Organized by MIS Training Institute - 7 March-13 March 2009
http://www.net-security.org/conference.php?id=282


The Fourth International Conference on Availability, Reliability and
Security (ARES 2009)
Organized by Vienna University of Technology / Secure Business
Austria - 16 March-19 March 2009
http://www.net-security.org/conference.php?id=260


2009 European Workshop on System Security (EuroSec)
Organized by EuroSec - 31 March-31 March 2009
http://www.net-security.org/conference.php?id=281


RSA Conference 2009
Organized by RSA Conference - 20 April-24 April 2009
http://www.net-security.org/conference.php?id=280


21st Annual FIRST Conference
Organized by FIRST - 28 June-3 July 2009
http://www.net-security.org/conference.php?id=284


The 9th Privacy Enhancing Technologies Symposium (PETS 2009) 
Organized by PET - 5 August-7 August 2009
http://www.net-security.org/conference.php?id=275

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Malware attacks decline from the US, but increase from China, Russia
and Korea
http://www.net-security.org/secworld.php?id=6783


Adobe Acrobat 9 security is worse than ever
http://www.net-security.org/secworld.php?id=6782


Three plead guilty to bank-fraud conspiracy
http://www.net-security.org/secworld.php?id=6781


Information security awareness in financial organizations
http://www.net-security.org/secworld.php?id=6780


Current economic conditions may increase fraud
http://www.net-security.org/secworld.php?id=6779


Oracle Identity Management products earn Common Criteria Security
Evaluation
http://www.net-security.org/secworld.php?id=6778


Free tool for testing VoIP networks for targeted eavesdropping
vulnerability
http://www.net-security.org/secworld.php?id=6777


New data erasure service from Sun Microsystems
http://www.net-security.org/secworld.php?id=6776


Findings of the latest Global Phishing Survey
http://www.net-security.org/secworld.php?id=6775


Zero-footprint digital signature solution MySignatureBook 1.1
http://www.net-security.org/secworld.php?id=6774


Prevent critical data loss with S3 DataSafe Online Backup
http://www.net-security.org/secworld.php?id=6773


802.11n access point optimized for service providers from BelAir
Networks
http://www.net-security.org/secworld.php?id=6772


Most advanced version of GFI LANguard to date
http://www.net-security.org/secworld.php?id=6771


First antivirus for Google Android phones
http://www.net-security.org/secworld.php?id=6770


Trend Micro expands email encryption solution portfolio
http://www.net-security.org/secworld.php?id=6769


Another layer of security for PayPal accounts
http://www.net-security.org/secworld.php?id=6768


DriveCrypt 5.0 - the digital data safe
http://www.net-security.org/secworld.php?id=6767


CA releases Internet Security Suite Plus 2009
http://www.net-security.org/secworld.php?id=6766

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php