============================================ Find and fix network vulnerabilities with QualysGuard. Register for a 14-day free trial to access all features that make it the most accurate and comprehensive vulnerability management and compliance solution. http://www.net-security.org/qualysguard ============================================ HNS Newsletter Issue 451 - 29.12.2008 http://www.net-security.org Table of contents: 1) Security news 2) Advisories 3) Articles 4) Conferences 5) Security World 6) Virus News [ Security news ] ---------------------------------------------------------------- PRACTICAL TIPS FOR CARD FRAUD PREVENTION This post contains practical things, some a bit over the top, that cardholders can do to decrease the risk of falling victim to card fraud. http://www.net-security.org/news.php?id=16247 WHITEPAPER - SECURITY: THE WIRELESS REVOLUTION IS HERE Learn to address security risks in wireless handheld computing systems with a solution that provides end-to-end security. http://www.net-security.org/news.php?id=16248 LEARNING COURSE - INFORMATION SECURITY MANAGEMENT Your information assets have never been more crucial, more valuable, or more at risk. This is why information security is becoming a crucial business priority in many organisations. http://www.net-security.org/news.php?id=16249 5 BEST LINUX/BSD FIREWALL TOOLS Here's an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance. http://www.net-security.org/news.php?id=16250 THE RISE AND RISE OF ROGUE SECURITY SOFTWARE Rogue security software is an application that appears to be beneficial from a security perspective but provides little or no security, generates erroneous alerts, or attempts to lure users into participating in fraudulent transactions. http://www.net-security.org/news.php?id=16251 ZERO-DAY WEB MALWARE BLOCKS SURPASS YEARLY AVERAGE In its latest report, ScanSafe noted that backdoors and data theft Trojans increased from 13% of all Web malware blocks in October, to 30% of all blocks in November. Backdoors and data theft Trojans allow attackers to target exactly what type of information is stolen. http://www.net-security.org/news.php?id=16252 SECURITY TRENDS OF 2008 AND PREDICTIONS FOR 2009 As a new year approaches we must prepare for new Internet security threats. Every year, new and innovative ways of attacking computer users emerge and continue to increase in volume and severity. To know where we are going it is helpful to look at where we have been. Finding trends in Internet security has become a valuable, if not necessary, action for companies developing software to protect computer users. http://www.net-security.org/news.php?id=16253 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- Turbolinux Security Announcement - firefox -> Multiple vulnerabilities exist in firefox (25/Dec/2008) http://www.net-security.org/advisory.php?id=9571 Turbolinux Security Announcement - flash-player -> A critical vulnerability (24/Dec/2008) http://www.net-security.org/advisory.php?id=9570 Ubuntu Security Notice - libarchive-tar-perl, perl vulnerabilities (USN-700-1) http://www.net-security.org/advisory.php?id=9569 Gentoo Linux Security Advisory - VLC: Multiple vulnerabilities (GLSA 200812-24) http://www.net-security.org/advisory.php?id=9568 Gentoo Linux Security Advisory - Imlib2: User-assisted execution of arbitrary code (GLSA 200812-23) http://www.net-security.org/advisory.php?id=9567 Gentoo Linux Security Advisory - Ampache: Insecure temporary file usage (GLSA 200812-22) http://www.net-security.org/advisory.php?id=9566 Gentoo Linux Security Advisory - ClamAV: Multiple vulnerabilities (GLSA 200812-21) http://www.net-security.org/advisory.php?id=9565 Ubuntu Security Notice - openoffice.org-l10n update (USN-677-2) http://www.net-security.org/advisory.php?id=9564 Ubuntu Security Notice - nagios2 vulnerabilities (USN-698-3 ) http://www.net-security.org/advisory.php?id=9563 FreeBSD Security Advisory - Cross-site request forgery in ftpd(8) (FreeBSD-SA-08:12.ftpd) http://www.net-security.org/advisory.php?id=9562 Debian Security Advisory - courier-authlib (DSA-1688-2) http://www.net-security.org/advisory.php?id=9561 Ubuntu Security Notice - nagios vulnerability (USN-698-1) http://www.net-security.org/advisory.php?id=9560 Ubuntu Security Notice - blender vulnerabilities (USN-699-1) http://www.net-security.org/advisory.php?id=9559 Ubuntu Security Notice - imlib2 vulnerability (USN-697-1 ) http://www.net-security.org/advisory.php?id=9558 Debian Security Advisory - moodle (DSA-1691-1) http://www.net-security.org/advisory.php?id=9557 Debian Security Advisory - avahi vulnerabilities (DSA-1690-1) http://www.net-security.org/advisory.php?id=9556 Gentoo Linux Security Advisory - phpCollab: Multiple vulnerabilities (GLSA 200812-20) http://www.net-security.org/advisory.php?id=9555 Debian Security Advisory - proftpd-dfsg (DSA 1689-1) http://www.net-security.org/advisory.php?id=9554 Debian Security Advisory - perl (DSA-1678-2) http://www.net-security.org/advisory.php?id=9553 Debian Security Advisory - courier-authlib (DSA-1688) http://www.net-security.org/advisory.php?id=9552 SUSE Security Announcement - flash-player (SUSE-SA:2008:059) http://www.net-security.org/advisory.php?id=9551 Gentoo Linux Security Advisory - PowerDNS: Multiple vulnerabilities (GLSA 200812-19) http://www.net-security.org/advisory.php?id=9550 ---------------------------------------------------------------- [ Articles ] All articles are located at: http://www.net-security.org/articles_main.php Articles can be contributed to articles@net-security.org ---------------------------------------------------------------- SECURITY TRENDS OF 2008 AND PREDICTIONS FOR 2009 As a new year approaches we must prepare for new Internet security threats. Every year, new and innovative ways of attacking computer users emerge and continue to increase in volume and severity. To know where we are going it is helpful to look at where we have been. Finding trends in Internet security has become a valuable, if not necessary, action for companies developing software to protect computer users. http://www.net-security.org/article.php?id=1194 THE RISE AND RISE OF ROGUE SECURITY SOFTWARE Rogue security software is an application that appears to be beneficial from a security perspective but provides little or no security, generates erroneous alerts, or attempts to lure users into participating in fraudulent transactions. Some products defined as "rogue" simply fail to provide the reliable protection that a consumer paid for. Others are far more sinister, masquerading as legitimate security software, and using deceptive tactics to con users into buying the product. http://www.net-security.org/article.php?id=1193 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://net-security.org/conferences.php ---------------------------------------------------------------- 25th Chaos Communication Congress (25C3) Organized by CCC - 27 December-30 December 2008 http://www.net-security.org/conference.php?id=285 ShmooCon 2009 Organized by ShmooCon - 6 February-8 February 2009 http://www.net-security.org/conference.php?id=286 Southern California Linux Expo (SCALE 7x) Organized by SCALE - 20 February-22 February 2009 http://www.net-security.org/conference.php?id=283 InfoSec World 2009 Conference & Expo Organized by MIS Training Institute - 7 March-13 March 2009 http://www.net-security.org/conference.php?id=282 The Fourth International Conference on Availability, Reliability and Security (ARES 2009) Organized by Vienna University of Technology / Secure Business Austria - 16 March-19 March 2009 http://www.net-security.org/conference.php?id=260 2009 European Workshop on System Security (EuroSec) Organized by EuroSec - 31 March-31 March 2009 http://www.net-security.org/conference.php?id=281 RSA Conference 2009 Organized by RSA Conference - 20 April-24 April 2009 http://www.net-security.org/conference.php?id=280 21st Annual FIRST Conference Organized by FIRST - 28 June-3 July 2009 http://www.net-security.org/conference.php?id=284 The 9th Privacy Enhancing Technologies Symposium (PETS 2009) Organized by PET - 5 August-7 August 2009 http://www.net-security.org/conference.php?id=275 ---------------------------------------------------------------- [ Security World ] All security world articles are located at: http://www.net-security.org/secworld_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- ESET launches Remote Administrator 3.0 http://www.net-security.org/secworld.php?id=6884 Vulnerability in SQL Server could allow remote code execution http://www.net-security.org/secworld.php?id=6883 Check Point to acquire Nokia’s security appliance business http://www.net-security.org/secworld.php?id=6882 Linux-Based virtual desktop from IBM and co. http://www.net-security.org/secworld.php?id=6880 Low power unmanaged switches from Allied Telesis http://www.net-security.org/secworld.php?id=6879 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Rogue antivirus applications related to Continental Flight 1404 and other current news http://www.net-security.org/virus_news.php?id=1018 Zero-day Web malware blocks surpass yearly average http://www.net-security.org/virus_news.php?id=1017 New password-stealing application disguised as a Firefox plugin http://www.net-security.org/virus_news.php?id=1016 ---------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php