============================================
Find and fix network vulnerabilities with QualysGuard.

Register for a 14-day free trial to access all features that
make it the most accurate and comprehensive vulnerability
management and compliance solution.

http://www.net-security.org/qualysguard
============================================

HNS Newsletter
Issue 449 - 15.12.2008
http://www.net-security.org

Table of contents:

Table of contents:

1) Security news
2) Advisories
3) Articles
4) Software
5) Conferences
6) Security World
7) Virus News


[ Security news ]


----------------------------------------------------------------

THE NSA’S NEW DATA-MINING FACILITY
Surrounded by barbwire fencing, the anonymous yet massive building on
West Military Drive near San Antonio’s Loop 410 freeway looms
mysteriously with no identifying signs of any kind.
http://www.net-security.org/news.php?id=16226


LAPTOP SEARCHES AT BORDER MIGHT GET RESTRICTED
An engineer for Cisco, travels overseas several times a year for
work, so he is accustomed to opening his bags for border inspections
upon returning to the U.S. But in recent years, these inspections
have gone much deeper than his luggage.
http://www.net-security.org/news.php?id=16227


PROTECTING CORPORATE BRANDS
A company’s brand identity is one, if not the, most valuable asset
that all organizations - from health care providers to financial
institutions - seek to protect, but the ease of accessing information
on the Web has created a false sense of security that can be exploited
by business competitors using new and powerful tools at their
disposal.
http://www.net-security.org/news.php?id=16228


MEGA-D BOTNET RETURNS AFTER MCCOLO SHUTDOWN
One of three major botnets shut down as a result of the closure of
major spam hosting provider, McColo, has been re-established and is
back spamming in large volumes.
http://www.net-security.org/news.php?id=16229


THE FINER DETAILS OF SSH
Encryption is playing a larger role as people finally understand that
data is not secure by design.
http://www.net-security.org/news.php?id=16230


VOIP FACT SHEET
Learn about a VoIP service in order to create a simplified
communications structure that combines voice, data and messaging over
a single IP connection.
http://www.net-security.org/news.php?id=16231


THE RAPID INCREASE OF CRIMEWARE
The crimeware scourge is menacing the Web at levels never before
detected by the APWG, with crimeware-spreading websites nearly
tripling in number in the 12 months before the end of Q2/2008 - and
the number of recorded crimeware variants shattering all previous
records.
http://www.net-security.org/news.php?id=16232


MYSPACE OUTLINES OPEN STRATEGY WITH "MYSPACE OPEN PLATFORM" FRAMEWORK
MySpace introduced the "MySpace Open Platform", a suite of products
including the MySpace Application Platform, "MySpaceID" and Post-To
MySpace. Ushering in the new structure, MySpace announced an
additional roster of global partners for MySpaceID - Vodafone and
Netvibes, all of which are currently developing MySpaceID
implementations.
http://www.net-security.org/news.php?id=16234


SCIENTISTS STORE AND RETRIEVE DATA INSIDE AN ATOM
Another step towards quantum computing – the Holy Grail of data
processing and storage – was achieved when an international team of
scientists that included researchers with the U.S. Department of
Energy’s Lawrence Berkeley National Laboratory (Berkeley Lab) were
able to successfully store and retrieve information using the nucleus
of an atom.
http://www.net-security.org/news.php?id=16233


WHAT TO DO ABOUT SOCIAL NETWORKING IN YOUR COMPANY
The growing popularity of social networking sites such as Facebook,
Bebo and MySpace is slowly developing into a massive headache for IT
administrators as employees spend time updating their profiles and
adding new friends during office hours.
http://www.net-security.org/news.php?id=16235


WIRE TRANSFER SERVICES ARE AT HIGH RISK OF CYBERCRIME
Panda Security announced the findings from its multi-year security
assessment of business services for U.S. immigrants. These
multiservice businesses, primarily used by U.S. immigrants to send
money back to their home countries, also known as remittances, were
analyzed and were found to be severely lacking in security measures
and at extremely high risk for cybercriminal activity such as illegal
interception of money wire transfers, as well as credit card and
identity fraud.
http://www.net-security.org/news.php?id=16236


BUDGETING FOR WEB APPLICATION SECURITY
The challenge that many security professionals face is justifying the
line item expense for upper management. Upper management often asks,
“How much do we need to spend?” well before “What do we need to spend
it on?”
http://www.net-security.org/news.php?id=16237

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Gentoo Linux Security Advisory - OpenOffice.org: Multiple
vulnerabilities (GLSA 200812-13)
http://www.net-security.org/advisory.php?id=9524


Gentoo Linux Security Advisory - Honeyd: Insecure temporary file
creation (GLSA 200812-12)
http://www.net-security.org/advisory.php?id=9523


Debian Security Advisory - New uw-imap packages fix multiple
vulnerabilities (DSA-1685-1)
http://www.net-security.org/advisory.php?id=9522


Gentoo Linux Security Advisory - CUPS: Multiple vulnerabilities (GLSA
200812-11)
http://www.net-security.org/advisory.php?id=9521


Gentoo Linux Security Advisory - Archive::Tar: Directory traversal
vulnerability (GLSA 200812-10)
http://www.net-security.org/advisory.php?id=9520


Gentoo Linux Security Advisory - OpenSC: Insufficient protection of
smart card PIN (GLSA 200812-09)
http://www.net-security.org/advisory.php?id=9519


Debian Security Advisory - New lcms packages fix multiple
vulnerabilities (DSA-1684)
http://www.net-security.org/advisory.php?id=9518


Ubuntu Security Notice - GnuTLS regression (USN-678-2)
http://www.net-security.org/advisory.php?id=9517


Ubuntu Security Notice - Vinagre vulnerability (USN-689-1)
http://www.net-security.org/advisory.php?id=9516


US-CERT Technical Cyber Security Alert - Microsoft Updates for
Multiple Vulnerabilities (TA08-344A)
http://www.net-security.org/advisory.php?id=9515


Ubuntu Security Notice - Compiz vulnerability (USN-688-1)
http://www.net-security.org/advisory.php?id=9514


Debian Security Advisory - New streamripper packages fix potential
code execution (DSA-1683-1)
http://www.net-security.org/advisory.php?id=9513


Debian Security Advisory - New squirrelmail packages fix cross site
scripting (DSA-168201)
http://www.net-security.org/advisory.php?id=9512


US-CERT Technical Cyber Security Alert - Sun Java Updates for
Multiple Vulnerabilities (TA08-340A)
http://www.net-security.org/advisory.php?id=9511


Gentoo Linux Security Advisory - Mgetty: Insecure temporary file
usage (GLSA 200812-08)
http://www.net-security.org/advisory.php?id=9510

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

WHAT TO DO ABOUT SOCIAL NETWORKING IN YOUR COMPANY
The growing popularity of social networking sites such as Facebook,
Bebo and MySpace is slowly developing into a massive headache for IT
administrators as employees spend time updating their profiles and
adding new friends during office hours.
http://www.net-security.org/article.php?id=1192


PROTECTING CORPORATE BRANDS: ONE KEYSTROKE AT A TIME
A company’s brand identity is one, if not the, most valuable asset
that all organizations – from health care providers to financial
institutions – seek to protect, but the ease of accessing information
on the Web has created a false sense of security that can be exploited
by business competitors using new and powerful tools at their
disposal.
http://www.net-security.org/article.php?id=1191

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

BOTAN 1.8 (Linux)
Botan aims to be a portable, easy to use, and efficient C++ crypto
library.
http://www.net-security.org/software.php?id=94


COMMVIEW 6.1 (Windows)
CommView is a program for monitoring Internet and LAN activity
capable of capturing and analyzing network packets.
http://www.net-security.org/software.php?id=283


FIREWALL BUILDER 3.0.3 (Linux)
Firewall Builder consists of an object-oriented GUI and a set of
policy compilers for various firewall platforms.
http://www.net-security.org/software.php?id=230


GNUPG 2.0.10 RC1 (Linux)
GnuPG stands for GNU Privacy Guard and is GNU's tool for secure
communication and data storage.
http://www.net-security.org/software.php?id=295


NAGIOS 3.0.6 (Linux)
Nagios is a host and service monitor designed to inform you of
network problems before your clients, end-users or managers do.
http://www.net-security.org/software.php?id=279


NEBULA INTRUSION SIGNATURE GENERATOR 0.2.3 (Linux)
Nebula is a data analysis tool that automatically generates intrusion
signatures from attack traces.
http://www.net-security.org/software.php?id=251


NUFW 2.2.20 (Linux)
NuFW is an "authenticating gateway". This means it requires
authentication for any connections to be forwarded through the
gateway.
http://www.net-security.org/software.php?id=526


SAMHAIN 2.5.1 (Linux)
Samhain is an open source file integrity and host-based intrusion
detection system.
http://www.net-security.org/software.php?id=125


SHOREWALL 4.2.2.1 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


SNORT ALERT MONITOR 0.4.2 (Linux)
SAM is a real-time Snort alert monitor.
http://www.net-security.org/software.php?id=248


WINSCP 4.1.8 (Windows)
WinSCP is an open source SSH file transfer protocol and secure copy
client for Windows using SSH.
http://www.net-security.org/software.php?id=6

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Southern California Linux Expo (SCALE 7x)
Organized by SCALE - 20 February-22 February 2009
http://www.net-security.org/conference.php?id=283


InfoSec World 2009 Conference & Expo
Organized by MIS Training Institute - 7 March-13 March 2009
http://www.net-security.org/conference.php?id=282


The Fourth International Conference on Availability, Reliability and
Security (ARES 2009)
Organized by Vienna University of Technology / Secure Business
Austria - 16 March-19 March 2009
http://www.net-security.org/conference.php?id=260


2009 European Workshop on System Security (EuroSec)
Organized by EuroSec - 31 March-31 March 2009
http://www.net-security.org/conference.php?id=281


RSA Conference 2009
Organized by RSA Conference - 20 April-24 April 2009
http://www.net-security.org/conference.php?id=280


21st Annual FIRST Conference
Organized by FIRST - 28 June-3 July 2009
http://www.net-security.org/conference.php?id=284


The 9th Privacy Enhancing Technologies Symposium (PETS 2009) 
Organized by PET - 5 August-7 August 2009
http://www.net-security.org/conference.php?id=275

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Video: End of year security wrap-up 2008
http://www.net-security.org/secworld.php?id=6846


Apache MINA version 2.0.0-M4 comes with improvements and features
http://www.net-security.org/secworld.php?id=6847


Top 9 IT security threats for 2009
http://www.net-security.org/secworld.php?id=6845


Your antivirus can be a door for hackers
http://www.net-security.org/secworld.php?id=6844


Addonics announces network attached storage adapter
http://www.net-security.org/secworld.php?id=6843


Wire transfer services are at high risk of cybercrime
http://www.net-security.org/secworld.php?id=6842


MozyPro online backup for Mac-powered businesses
http://www.net-security.org/secworld.php?id=6841


10Gb aggregator switch with bypass capabilities from Interface
Masters
http://www.net-security.org/secworld.php?id=6840


Slackware 12.2 comes with enhancements
http://www.net-security.org/secworld.php?id=6839


Advanced multi-factor authentication from IdentiPHI
http://www.net-security.org/secworld.php?id=6838


The top 10 2008 holiday Web threats
http://www.net-security.org/secworld.php?id=6836


VIA releases the ARTiGO A2000 barebone storage server
http://www.net-security.org/secworld.php?id=6835


Google releases the Browser Security Handbook
http://www.net-security.org/secworld.php?id=6837


New Word vulnerability if exploited could allow full system access
and control
http://www.net-security.org/secworld.php?id=6834


Survey reveals link between privileged users and breaches
http://www.net-security.org/secworld.php?id=6833


European mobile operators aren’t protecting users against spam
http://www.net-security.org/secworld.php?id=6832


Consumers trust biometrics for data protection
http://www.net-security.org/secworld.php?id=6830


New AirMagnet Survey features help optimize Voice-Over-WLAN
http://www.net-security.org/secworld.php?id=6829


Enterprise-wide approach improves financial crime fighting
performance
http://www.net-security.org/secworld.php?id=6828


2009 IT security forecast
http://www.net-security.org/secworld.php?id=6827


Enhanced line of Sun Fire x64 servers and Sun Blade systems
http://www.net-security.org/secworld.php?id=6826


Targets for malicious attacks in 2009
http://www.net-security.org/secworld.php?id=6825


Minimize your data loss even if .MDB databases are corrupt
http://www.net-security.org/secworld.php?id=6824


Organizations struggle with push to encrypt personal data
http://www.net-security.org/secworld.php?id=6823


Lack of education leads to rising tide of web, email and social
networking attacks
http://www.net-security.org/secworld.php?id=6822


New book: "Programming ASP.NET 3.5"
http://www.net-security.org/secworld.php?id=6821


The rapid increase of crimeware
http://www.net-security.org/secworld.php?id=6820


Apache and MYSQL to be secured with anti-tamper solution
http://www.net-security.org/secworld.php?id=6819


MySpace outlines open strategy with "MySpace Open Platform" framework
http://www.net-security.org/secworld.php?id=6818


Mega-D botnet returns after McColo shutdown
http://www.net-security.org/secworld.php?id=6817


Secure iPhone management from Trust Digital
http://www.net-security.org/secworld.php?id=6816


Database security, risk and compliance gaps on the rise
http://www.net-security.org/secworld.php?id=6815


MySQL 5.1 features enterprise-class enhancements
http://www.net-security.org/secworld.php?id=6814


Security and manageability for new full disk encryption hard drives
http://www.net-security.org/secworld.php?id=6813


Thin Backup Option for Exchange databases
http://www.net-security.org/secworld.php?id=6812


Protect data on high service quality Ethernet circuits with Ethernet
Encryptor 10G
http://www.net-security.org/secworld.php?id=6811


Malware immune secure flash drives from Kanguru
http://www.net-security.org/secworld.php?id=6810

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

The BankerFox banker Trojan, the Azero.B virus and the P2PShared.U
worm
http://www.net-security.org/virus_news.php?id=1011


The P2PShared.U worm is using new tricks to infect users’ computers
http://www.net-security.org/virus_news.php?id=1010


Cybercriminals use Flash ads for distributing malicious code
http://www.net-security.org/virus_news.php?id=1009


Sophos report shames US for deluge of Internet attacks in 2008
http://www.net-security.org/virus_news.php?id=1008


Nasty malicious code written for financial profit
http://www.net-security.org/virus_news.php?id=1007

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php