💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HNS › issue030.… captured on 2021-12-03 at 14:04:38.
-=-=-=-=-=-=-
Net-Sec newsletter
Issue 30 - 18.09.2000
http://net-security.org
Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week.
Visit Help Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security books
6) Security software
7) Defaced archives
============================================================
Sponsored by VeriSign - The Internet Trust Company
============================================================
Do you use the Internet to deliver the software you develop?
Get VeriSign's FREE Guide to learn how you can digitally "shrink-wrap" your code
to protect it against tampering, and how to sign your ActiveX controls, .cab files,
jar files, HTML content, VB code, or Microsoft Office 2000 .doc files with a
VeriSign Software Developer Digital ID.
Go to:
http://www.verisign.com/cgi-bin/go.cgi?a=n037010570200000
============================================================
General security news
---------------------
----------------------------------------------------------------------------
WORLD OF SPIES GETS PORTAL
While the secrets of the Russian secret services aren�t likely to be made available
to the general public anytime soon, a curious person can now turn to a new
Internet portal, www.agentura.ru, to make basic inroads into the murky world
of spies. "We�re counting on the big existing interest in this topic and we want
to fill in the information vacuum," said Andrei Soldatov, a political journalist with
the influential Izvestia daily, who together with his father - Alexei Soldatov,
president of the Relcom Internet provider - started the portal.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.themoscowtimes.com/stories/2000/09/14/010.html
MORE ON CARNIVORE
Several prominent universities have rejected the U.S. Justice Department's
appeal to universities to test an electronic eavesdropping device known as
Carnivore. Researchers from four universities have complained that the
department has too much control over the review, and their public comments
have prompted a fifth university to ignore the department's request.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://chronicle.com/free/2000/09/2000091501t.htm
720 WEB SITES DEFACED
Some of the sites remain defaced early Monday morning, with an anti-racism
message left by the hacker, who calls him or herself "piffy." Piffy belongs to a
group known as the RootShellHackers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/pubNews/00/155311.html
INTRODUCTION TO ENCRYPTION
Joshua Ryder did a good job with this introductive article. It goes from the
very basics of explaining what encryption is ("Encryption is the process of
converting data from one form into ciphertext"), and goes along with some
basic examples of how encryption works.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/cover/coverstory20000918.html
A FEW RECIPES FOR EASIER FIREWALLS
"Every day, we hear of damage caused by viruses, of new exploits through
which crackers compromise systems. For those of us in the information technology
restaurant business, these are challenging times. We must be ever vigilant. A
good firewall, then, is an excellent beginning. But how to do it simply is the question..."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www2.linuxjournal.com/lj-issues/issue78/4218.html
QAZ.TROJAN
This new backdoor Trojan allows attackers to access and control an infected
system. TROJ_QAZ was initially distributed as "Notepad.exe" but might also
appear with different filenames. Once an infected file is executed, TROJ_QAZ
modifies the Windows registry so that it becomes active every time Windows
is started. TROJ_QAZ also renames the original "notepad.exe" file to
"note.com" and then copies itself as "notepad.exe" to the Windows folder.
This way, the Trojan is also launched every time a user runs Notepad.
TROJ_QAZ also attempts to spread itself to other shared drives on local
networks.
Link: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_QAZ.A
MASSIVE DDOS?
Attackers are using the rcp.statd and wu-ftpd vulnerabilities to ready
another distributed Denial of Service attack. MSNBC is reporting there are
at least 560 computers infected.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://slashdot.org/articles/00/09/16/215225.shtml
SMARTCARDS BENEFIT FROM BIOMETRICS
Fingerprint authentication specialist Veridicom has announced a new combined
smartcard reader and fingerprint scanner that is designed to improve smartcard
authentication systems by replacing passwords with biometric security. Analyst
firm Gartner Group recently reported that each year firms spend $350 per user
managing password issues.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/37/ns-17927.html
AUTHOR OF CIH VIRUS ARRESTED IN TAIWAN
The virus writer who created the infamous Chernobyl virus has been
detained by authorities in Taiwan and could face up to 3 years in jail.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/36/ns-17921.html
AN INTERVIEW WITH PIMPSHIZ
"I met pimpshiz in the time span that Observers has been up, sometime in
the last two years, when the news reports broke about "pimpshiz" having
been responsible for the widespread defacement of websites in a protest over
the potential closing of Napster. I wondered if it was the same individual we
here at observers knew, and to my shock it was."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.observers.net/pimpshiz.html
EXPLOITATION OF RCP.STATD AND WU-FTPD VULNERABILITIES
Sites involved in related incidents are reporting finding hosts compromised
through one of these two vulnerabilities. In several cases, hundreds of
compromised hosts have been involved in single incidents. Intruders appear to
be using automated tools to probe for and exploit vulnerable hosts on a
widespread scale. A large majority of the compromised hosts involved in this
activity have been running various versions of Red Hat Linux. Insecure default
configurations in some versions, especially with respect to the vulnerable
rpc.statd service often being enabled during automated installation and upgrade
processes, have contributed to the widespread success of these attacks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cert.org/incident_notes/IN-2000-10.html
PGP "UNHASHED SUBPACKET" PROBLEM - SERIOUS?
"I've been studying the UNIX source code for PGP 6.5.1i, and it seems to me
that the "unauthorized ADK" bug could be just one manifestation of what may
in fact be a far more serious problem.As best I can tell, PGP's that implement
the new (version-4) data format do not appear to care whether ANY signature
subpacket is in the hashed section of the signature or not. If I'm right, the
signature hashing mechanism can be bypassed completely, and ANY info in
ANY version-4 signature (not just ARR/ADK info) can be easily forged by a
malicious attacker."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/pgp-badbug2.htm
SECURITY SCANNERS
"There are various tools available for Linux system scanning and intrusion
detection. I will explain some of the very famous tools available. I have
divided the scanners into three categories: Host Scanners, Network Scanners,
and Intrusion Scanners."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://linuxsecurity.com/feature_stories/feature_story-66.html
LINUX COMMUNITY SNUBS SDMI HACKER CHALLENGE
The Linux Journal is sponsoring a boycott of the Secure Digital Music Initiative
hacking challenge, which promises to pay $10,000 to any hacker who strips
out the watermark from a digital song. Some Linux lovers say the record industry
is using the hackers as a "free consulting" service to help it crack down on
legal uses of music in the future, in an attempt to exert unprecedented control
over when and where people play songs.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/36/ns-17904.html
REPORTS RAISE QUESTIONS OVER WEB SECURITY
Fresh doubt has been cast on the security of using the Internet for commercial
purposes after several high-profile Web sites were targeted by attackers. Two
separate reports say that while consumers may prefer to use e-mail rather than
the telephone, inefficient and insecure systems mean they often have to resort
to the telephone anyway.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/09/14/britain.websecurity/index.html
MICHIGAN "ANTI-HACKER" LAW'S FIRST FELONY CHARGES
Attorney General Jennifer Granholm today announced that she has filed felony
criminal charges against two Michigan men each accused of unlawfully entering
a third-party computer system. The charges are the first under a Michigan
law which makes the unauthorized alteration, damage or use of a computer
system a felony.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ag.state.mi.us/AGWebSite/press_release/pr10189.htm
HACKER SUED BY AN ANTITERRORIST JUDGE
Vincent Plousey aka Larsen, who's been arrested by the DST (french counter�
intelligence agency), is accused of having disclosed national defence secrets by an antiterrorist judge. The trouble is that the informations he revealed on the Net are freely available in bookshops...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/larsen091200.htm
NEW TECHNOLOGY TRACKS, KILLS DOS ATTACKS AT ISP LEVEL
With the DoS attacks on the rise, four University of Washington computer
networking experts formed a company, called Asta Networks, aimed at protecting
websites from assaults. Stefan Savage, a Ph.D. candidate whose research is
at the center of Asta's technology, said he and his computer science advisors
decided they could have a greater impact on the industry by forming a company
rather than by writing papers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.planetit.com/techcenters/docs/security/news/PIT20000914S0028
ONLINE FRAUDSTERS FLEECE UK ETAILERS
Online crime pays, according to a report published today by Experian. The global
information solutions group claims nine out of ten efraudsters aren't caught and
are simply getting away with it. The survey reveals that when it comes to
checking the authenticity of credit card transactions, many of Britain's etailers
are lax. The survey of 800 British etailers found that many online authentication
systems were wanting and most relied on manual systems to check credit card
details.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/13251.html
COME MEET THE SUSE LINUX SECURITY TEAM
Meet the guys who repair and document security flaws for SuSE in this brief
article. Further down the same page you'll find security reports, updates and
resources.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.lwn.net/2000/0914/security.php3
E-SIGNATURE ACT
Some deals are still done with a signature on the dotted line, even with the
advent of the Net. San Francisco-based LeaseExchange can process a rental
request in less than a minute, but it can take days to execute leases � that
is, getting everyone to sign the paperwork. CEO Aaron Ross admits it's "a very
inefficient process right now." He's eager to see whether authentication
technologies will speed things up without harming customer relationships.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/09/12/esigs.drive.demand.idg/index.html
EVE.COM SECURITY BREACH
San Francisco Bay Area software developer Jonathan Khoo, discovered a
breach in Eve.com, that allowed customers to view other people's orders
by simply changing a number in the URL. After that, Eve.com shut down
their servers, and now they are back online again.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1007-200-2770505.html
SEVERAL TAIWANESE SITES PENETRATED
Several Taiwanese electronic newspapers and Web newsletters published
by IT companies were broken into Tuesday by a hacker presumed to be
based in China.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://asia.internet.com/2000/9/1303-taiwan.html
HARRIS INTERACTIVE DROPS ITS LAWSUIT
Major polling firm Harris Interactive has dropped its lawsuit against Microsoft
Corp., Qwest Communications International Inc., America Online Inc. and
other ISPs it accused of unfairly blocking its e-mail. Along with the ISPs,
Harris also sued the Mail Abuse Prevention System, which put Harris on
its "black hole" list of spammers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com
VISA SEEKS NET SECURITY WITH "SMART CARD"
In a bid to provide tighter security for e-commerce and other transactions,
Visa U.S.A. rolled out its new digital-based "smart card" on Tuesday. The
smart card will store customer identification and account information within
a microprocessor chip, and only smart card readers will be able to access
the secured data.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ecommercetimes.com/news/articles2000/000913-4.shtml
----------------------------------------------------------------------------
============================================================
Sponsored by Dialego - Online Market Research
============================================================
We conduct the first world-wide online survey for IT-security specialists.
Please click http://www.dialego.de/1033_it/_e/sman.php3?co=e , fill in the
online questionnaire and you may be one of the lucky people to win prizes in
the amount of altogether � [EURO] 1500:
1st prize: Casio Digital Camera
2nd prize: 3Com Palm Personal Digital Assistant
3rd prize: Tandem parachute jump
plus 50 personal firewalls as individual protection for your computer plus
50 programs for boot protection and hard disk encryption
============================================================
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
WEBSPHERE APPLICATION SERVER PLUGIN ISSUE
WebSphere uses the HTTP Host: header to decide which WAS Virtual Host will
service a particular request. If you send huge amounts of data in the Host:
request header. Depending on how many bytes were in the Host: header, you
could cause the web server process to fault on either signal 11 (SIGSEGV) or
signal 10 (SIGBUS).
Link: http://www.net-security.org/text/bugs/969275035,75755,.shtml
INTERNET SHOPPER'S MAIL SERVER OPEN RELAY BUG
Internet Shopper Ltd's Mail Server can be made to accept and handle mail for
non-local sites. The version involved is Internet Shopper Ltd's Mail Server v3.02.13
Exploit: The use of the semi-colon in the "mail from" command will allow mail to
be sent to machine that aren't local.
Link: http://www.net-security.org/text/bugs/969274960,45311,.shtml
MDAEMON WEB SERVICES HEAP OVERFLOW DoS
The Mdaemon Worldclient on TCP port 3000 and the Mdaemon Webconfig on
TCP port 3001 both contain the same vulnerability. If a certain request is sent
to the web service, it results in a heap overflow, crashing the service with a
Dr. Watson access violation. This appears to be a general problem in the way
that Mdaemon handles these kinds of URLs, so if other Mdaemon web services
are used, those are probably vulnerable as well. The reason that the before
mentioned services were tested is that they are enabled in a default installation.
Link: http://www.net-security.org/text/bugs/969274876,97962,.shtml
VULNERABILITY IN CAMSHOT SERVER
CamShot is a web server that serves up web pages containing time stamped
images captured from a video camera. This product contains a remotely
exploitable security vulnerability that allows a remote attacker to gain elevated
privileges on the remote system.
Link: http://www.net-security.org/text/bugs/969156843,52782,.shtml
MICROSOFT'S NTML PATCH RE-RELEASED
Microsoft has released a patch that eliminates a security vulnerability in the
telnet client that ships with Microsoft(r) Windows 2000. The vulnerability could,
under certain circumstances, allow a malicious user to obtain cryptographically
protected logon credentials from another user.
Link: http://www.net-security.org/text/bugs/969156774,38080,.shtml
SAMBAR SERVER SEARCH CGI VULNERABILITY
The vulnerability occurs in the search.dll Sambar ISAPI Search shipped with this
product. This dynamic link loader does not check on the 'query' parameter that
is parsed to the server, therefore by constructing a malformed URL we are able
to view the contents of the server, all folders, and files.
Link: http://www.net-security.org/text/bugs/969156650,43479,.shtml
RED HAT LINUX - FORMAT STRING EXPLOIT IN SCREEN
Screen allows the user to overload the visual bell with a text message that can
be set by the user. This text message is handled as a format string, instead of
as a pure string, so maliciously written format strings are allowed to overwrite
the stack. Since screen in Red Hat Linux 5.2 and earlier releases was setuid
root, this security hole could be exploited to gain a root shell.
Link: http://www.net-security.org/text/bugs/968981154,31859,.shtml
SLACKWARE LINUX - XCHAT INPUT VALIDATION BUG FIXED
An input validation bug was found to affect Slackware Linux 7.0, 7.1, and
-current. The problem is described in detail here:
http://www.securityfocus.com/bid/1601
Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the
xchat.tgz package available in the Slackware -current branch.
Link: http://www.net-security.org/text/bugs/968981067,67750,.shtml
LINUX MANDRAKE - MOD_PHP3 UPDATE
A problem exists with PHP3 and PHP4 scripts regarding RFC 1867-based file
uploads. PHP saves uploaded files in a temporary directory on the server, using
a temporary name that is referenced as the variable $FOO where "FOO" is the
name of the file input tag in the submitted form. Many PHP scripts process $FOO
without taking measures to ensure that it is in fact a file that resides in the
temporary directory. Because of this, it is possible for a remote attacker to
supply an arbitrary file name as the value for $FOO by submitting a standard
form input tag by that name, and thus cause the PHP script to process arbitrary
files. The vulnerability exists in various scripts, and not necessarily with PHP
itself, as the script determines what actions to perform on the uploaded file.
Link: http://www.net-security.org/text/bugs/968980963,39268,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
CHEK POINT ANNOUNCES SECURE VIRTUAL NETWORK - [13.09.2000]
Check Point Software Technologies, the worldwide leader in securing the Internet,
announced Secure Virtual Network (SVN) Solution Pack for Startups, bringing
enterprise-class security to new Internet businesses. SVN Solution Pack for
Startups is an affordable, integrated security solution that provides startup
companies with the manageability, reliability, and scalability they need to secure
their growing eBusinesses today and into the future.
Press release:
< http://www.net-security.org/text/press/968677302,82000,.shtml >
----------------------------------------------------------------------------
ACCORD NETWORKS ANNOUNCES VIDEO FIREWALL GATEWAY - [13.09.2000]
Accord Networks, the leading manufacturer of a family of IP, ATM, and ISDN
visual and voice communications solutions including network switches,
conference bridges, gateways and management systems, announced the
Accord(R) V2GC-20 Firewall Gateway, the latest member of the Accord
V2IPERA family of advanced IP video and voice products and services.
Press release:
< http://www.net-security.org/text/press/968677453,73167,.shtml >
----------------------------------------------------------------------------
AXENT'S RAPTOR FIREWALL "STILL FIRED UP" - [13.09.2000]
AXENT Technologies, Inc., one of the world's leading Internet security solution
providers for e-business, that recently entered into a definitive agreement with
Symantec Corporation to be acquired, announced today that its market-leading
perimeter security solution, Raptor Firewall, was praised as "still fired up" in a
recent InternetWeek magazine review for its proxy-based security, improved
management console and integrated virtual private network (VPN) solution.
The reviewer commended Raptor Firewall for its interoperability and flexibility,
noting that the firewall is one of the "best application filtering firewalls on
the market."
Press release:
< http://www.net-security.org/text/press/968677494,15578,.shtml >
----------------------------------------------------------------------------
SMARTCARD READER & FINGERPRINT SENSOR INTEGRATION - [13.09.2000]
Veridicom, Inc., the leader in fingerprint-based e-business authentication devices
and services, unveiled a PC peripheral to combine a smartcard reader with a
highly accurate Veridicom fingerprint sensor into a single device no larger than a
computer mouse. The compact Veridicom 5thSense Combo peripheral makes it
convenient to use multi-factor authentication with a smartcard by replacing
passwords and Personal Identification Numbers with simple "just-press-here"
fingerprint authentication.
Press release:
< http://www.net-security.org/text/press/968677552,80833,.shtml >
----------------------------------------------------------------------------
WANT TO BUY ENCRYPTION.COM? - [13.09.2000]
DomainMinds.com, LLC, a California-based domain name brokerage, announced
that it is handling the auction of the highly coveted encryption.com domain
name. "We are very excited to have the opportunity to offer this domain for
sale," said DomainMinds.com, LLC president and CEO Blair Cummins. "With
growing concern over Internet privacy and security, the encryption industry is
showing rapid growth. The company that acquires the encryption.com domain
will gain a strong advantage in what looks to be a highly competitive market.
This truly is a powerful brand asset."
Press release:
< http://www.net-security.org/text/press/968803014,51043,.shtml >
----------------------------------------------------------------------------
ALLADIN LAUNCHES ESAFE GATEWAY 3.0 - [13.09.2000]
Aladdin Knowledge Systems, a global leader in the field of Internet content and
software security, launched eSafe Gateway 3.0, the first and only all-in-one
proactive content security solution that protects corporate networks and users
from known and unknown attacks, before they get to users' personal computers.
Using new patent-pending NitroInspection technology, eSafe Gateway 3.0 allows
for an uninterrupted flow of secure Internet content without the sacrifice in
performance that occurs with competitive solutions.
Press release:
< http://www.net-security.org/text/press/968803081,53343,.shtml >
----------------------------------------------------------------------------
NEW CLASSES FOR HACKING AND SECURING WINDOWS - [13.09.2000]
Foundstone Inc., the premier computer security training and consulting company,
announced a new series of computer security classes, Ultimate NT/2000 Security:
Hands On. The classes will teach how to combat security threats to Windows NT
and Windows 2000 systems. The first class will be held in New York City on
October 10th, with an additional class scheduled for New York in December.
Participants will learn security techniques from a hacker's perspective, assessing
architectural vulnerabilities and deploying countermeasures. Topics covered will
include "Password Cracking," "Buffer Overflow Attacks," "Gaining Command-Line
Access," and "Registry Manipulation."
Press release:
< http://www.net-security.org/text/press/968803183,88077,.shtml >
----------------------------------------------------------------------------
SYBARI ENTERS BUSINESS SOLUTIONS FOR EXCHANGE - [13.09.2000]
Sybari Software, Inc., the premier antivirus and security specialist for groupware
solutions today announced their acceptance into Compaq's Business Solutions
for Exchange Program. Entry into Compaq's alliance of leading technology
company's is yet another aggressive move by Sybari to further extend their
reach to the Microsoft Exchange community with their award-winning antivirus
and security solution, Antigen.
Press release:
< http://www.net-security.org/text/press/968803443,21714,.shtml >
----------------------------------------------------------------------------
NETGUARD FIREWALL FOR JUST $9,95 - [13.09.2000]
Businesses and corporations operating on Windows NT can now protect
themselves from hackers, computer hijackers and internal bandwidth hogs
thanks to a free firewall from NetGuard, Inc., a leading provider of enterprise
class network security, privacy and management solutions.
Press release:
< http://www.net-security.org/text/press/968803558,24065,.shtml >
----------------------------------------------------------------------------
CYLINK�S PRIVATEWIRE SECURES FINANCIAL TRANSACTIONS - [14.09.2000]
Cylink Corporation, a leading provider of secure e-business solutions, announced
that Ball State Federal Credit Union has reached the 1,000-member milestone in
sign-ups for secure access to financial information over the Internet using Cylink
PrivateWire authentication and encryption technology.
Press release:
< http://www.net-security.org/text/press/968887674,50364,.shtml >
----------------------------------------------------------------------------
TREND MICRO PROTECTS SYDNEY GAMES ORGANISERS - [14.09.2000]
Trend Micro Inc. announced that it has doubled its response team ahead of the
Olympic Games' opening this Friday, in readiness to support such customers as
the Sydney Organising Committee of the Olympic Games, Stadium Australia, the
Sydney Opera House, New South Wales Police, Sydney Airport and Telstra during
the hectic games period. In addition, Trend Micro has teamed up with Telstra to
provide remotely-managed antivirus services to Stadium Australia, making it the
first site in Australia to receive 24x7 "live" antivirus monitoring for the duration
of the games.
Press release:
< http://www.net-security.org/text/press/968887867,97472,.shtml >
----------------------------------------------------------------------------
SECUDE TO INTRODUCE IDENTRUS SECURITY SOLUTIONS - [14.09.2000]
German software supplier SECUDE GmbH is one of the first companies to offer
security solutions complying with the Identrus standards for a global public key
infrastructure, a critical step in enabling secure electronic financial transactions
to take place over the Internet. Identrus is an initiative of leading international
banks to establish binding standards for secure online transactions. Identrus
standards ensure that the mutual electronic authentication of transactions
creates an acknowledged reliability between banks and their business partners.
Press release:
< http://www.net-security.org/text/press/968888022,35898,.shtml >
----------------------------------------------------------------------------
PSA SECURITY NETWORKS RECOMMENDS MOTOROLA FLEXPASS - [14.09.2000]
ASIS Motorola announced that PSA Security Network, a large international
electronic security systems company, now recommends Motorola FlexPass RFID
security products for all new installations of proximity security and access
control systems. "We see Motorola putting the kind of energy into customer
service that produces and sustains real results, and we like that," says Jim
Hawver, vice-president of sales and marketing at PSA Security Network.
Press release:
< http://www.net-security.org/text/press/968888158,76071,.shtml >
----------------------------------------------------------------------------
HIGH-LEVEL SECURITY SOLUTIONS FOR RACKSPACE - [14.09.2000]
Rackspace Managed Hosting, a leading provider of managed Internet hosting
services, announced the launch of its new security offerings and managed
security services, which provide Rackspace customers with a wide range of
high-level security solutions. Round-the-clock support staff will be available
both at Rackspace and through a partnership with ManagedFirewall.com to
resolve security issues on demand.
Press release:
< http://www.net-security.org/text/press/968896285,6915,.shtml >
----------------------------------------------------------------------------
CYLINK NETHAWK VPN "BEST BUY" IN SC MAGAZINE - [15.09.2000]
E-business security solutions provider Cylink Corporation announced that its
NetHawk VPN, a high-performance virtual private network appliance for
establishing secure Internet communications, has been named �Best Buy� in
the September issue of SC Magazine. The information security magazine�s
product review lauded NetHawk for �its exceptional speed and reliability� and
the VPN�s PrivaCy Manager, a policy-based management application. �Once the
device manager is installed, it is extremely scaleable; you simply plug in new
boxes as and when you need them, which is perfect for any growing business,�
the review said.
Press release:
< http://www.net-security.org/text/press/969017587,37286,.shtml >
----------------------------------------------------------------------------
Featured articles
-----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
Listed below are some of the recently added articles.
----------------------------------------------------------------------------
ISSUES: THE SECURITY OF ELECTRONIC BANKING, LEGACY OF THE C0W by Thejian
The article starts with the Dutch television show that exposed the Dutch banking
organisation ABN AMRO's HomeNet program as being insecure. Computer science
students had found a way to trick this electronic banking system into redirecting
a user's bank transfers to a different account. As could have been expected, press
and consumer organisations fell en masse for the possibilities the idea of"hackers"
snooping around in your bank account presented. And it doesn't stop there...
Article:
< http://www.net-security.org/text/articles/thejian/legacy.shtml >
----------------------------------------------------------------------------
VIRUS SCANNER INADEQUACIES WITH NTFS by Chris Brenton
While the existence of data streams within the NT file system (NTFS) has been
known for many years (Microsoft has released quite a bit of info on alternate
streams), virus vendors have not taken steps to adequately check this area of
the file system. This deficiency can be leveraged in order to hide malicious code
or even cause the virus scanner itself to destroy critical system files.
Paper:
< http://www.net-security.org/text/articles/viruses/ntfs.shtml >
----------------------------------------------------------------------------
A DIFFERENT LANGUAGE ACROSS THE BORDER by Hyper Viper
In this article Hyper Viper explains how bi-lingual servers speaking different
protocols to different networks can add security to your Internet exposed nodes.
Article:
< http://www.net-security.org/text/articles/language.shtml >
----------------------------------------------------------------------------
BUILDING A BASTION HOST USING HP-UX 11 by Kevin Steves
A bastion host is a computer system that is exposed to attack, and may be a
critical component in a network security system. Special attention must be paid
to these highly fortified hosts, both during initial construction and ongoing
operation. This paper presents a methodology for building a bastion host using
HP-UX 11. While the principles and procedures can be applied to other HP-UX
versions as well as other Unix variants, the focus is on HP-UX 11.
Paper:
< http://www.net-security.org/text/articles/index-download.shtml#HP-UX >
----------------------------------------------------------------------------
NETWORK INTRUSION DETECTION OF THIRD PARTY EFFECTS by Richard Bejtlich
The main goal of this paper is to familiarize the reader with reactions and
responses from innocent victims, who may be subject to reconnaissance or
denial of service. If a perpetrator spoofs your address space you may see
unsolicited traffic from an innocent second party.
Paper:
< http://www.net-security.org/text/articles/index-download.shtml#NID >
----------------------------------------------------------------------------
PROPHYLAXIS OF COMPUTER INFECTION by Kaspersky Lab
One of the major methods of fighting computer viruses, like in medical science,
is timely prophylaxis or preventive measures. Computer preventive measures
suggest following a small set of rules, allowing to lower considerably the
possibility of virus infection and data loss. To define the main rules of computer
hygiene, it is necessary to find out the main ways of virus intrusion into
computer and computer network.
Article:
< http://www.net-security.org/text/articles/viruses/infection.shtml >
----------------------------------------------------------------------------
FORMAT STRING ATTACKS by Tim Newsham
The cause and implications of format string vulnerabilities are discussed.
Practical examples are given to illustrate the principles presented.
Article:
< http://www.net-security.org/text/articles/string.shtml >
----------------------------------------------------------------------------
KASPERSKY LAB REFUTES ACCUSATIONS ABOUT THE SPREADING OF "VIRUS HYSTERIA"
Given the latest events, Kaspersky Lab would like to once again confirm its
position regarding the danger present in the NTFS alternate data streams.
Furthermore, we state that by continuing to ignore the problem and not taking
similar steps-steps that Kaspersky Lab has already taken and continues to
take-to bring their anti-virus product up to contemporary standards, the
aforementioned competitor anti-virus companies are neglecting their users'
anti-virus security.
Article:
< http://www.net-security.org/text/articles/viruses/hysteria.shtml >
----------------------------------------------------------------------------
COMPUTER SECURITY WEAKNESSES PERSIST AT THE VETERANS HEALTH ADMINISTRATION
In September 1998, the General Accounting Office reported that computer
security weaknesses placed critical VA operations, including health care delivery,
at risk of misuse and disruption. Since then, VA's New Mexico and North Texas
health care systems have corrected most of the specific computer security
weaknesses that were identified in 1998. However, serious computer security
problems persist throughout VHA and the department.
Paper:
< http://www.net-security.org/text/articles/index-download.shtml#CSW >
----------------------------------------------------------------------------
QUANTUM CRYPTOGRAPHY by Caboom
This tutorial will give you a basic idea about quantum cryptography.
Paper:
< http://www.net-security.org/text/articles/index-download.shtml#Quantum >
----------------------------------------------------------------------------
MAIL ABUSE PREVENTION ORGANIZATION STANDS UP TO GIANT HARRIS INTERACTIVE
Mail Abuse Prevention System, the Redwood City based anti-spam organization,
says that it will vigorously defend the law suit filed by online market research
giant Harris Interactive Inc. Harris has sued Microsoft, and AOL, naming MAPS as
a co-defendant, in an effort to force Microsoft and AOL to accept unsolicited
bulk commercial email, also known as "spam", from Harris. MAPS maintains several
databases which companies such as Microsoft's Hotmail use to help them manage
the Internet email traffic which crosses their networks. We have a copy of the complaint.
Complaint:
< http://www.net-security.org/text/articles/index-download.shtml#MAPS >
----------------------------------------------------------------------------
Featured books
----------------
The HNS bookstore is located at:
http://net-security.org/various/bookstore
Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org
----------------------------------------------------------------------------
TOP SECRET INTRANET: HOW U.S. INTELLIGENCE BUILT INTELINK
THE WORLD'S LARGEST, MOST SECURE NETWORK
Using the example of "Intelink", the classified worldwide Intranet for the
intelligence community, this book is one of the first on current intelligence
operations written by an "insider". The CD-ROM includes sample Intelink
software demos relating to collaboration tools, security products, and
other applications.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0130808989/netsecurity >
----------------------------------------------------------------------------
BLACK BELT WEB PROGRAMMING METHODS; SERVERS, SECURITY, DATABASES AND SITES
Use this book to build a robust infrastructure for powerful Web sites. Master
programmers who write for Web Techniques, Dr. Dobb's Journal, Interactivity,
Data Base Management Systems, Network, and Software Development have
joined forces to tackle the latest round of web programming puzzles for you.
Learn airtight security procedures and hypertext transaction designs. Build
databases that are easy to use. Whether you need to create distributed
objects or automate Web site maintenance, these seasoned programmers
explain how to do it right, and they give you the code to do the job. The
companion code disk includes detailed, reusable code for each of the
applications presented. Programming languages include C/C++ and Java.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0879304979/netsecurity >
----------------------------------------------------------------------------
ENCYCLOPEDIA OF DISASTER RECOVERY, SECURITY & RISK MANAGEMENT
The Encyclopedia of Disaster Recovery, Risk Management & Security is a 300+
page spiral bound manual, which provides over 2,000 pieces of research on the
subjects of disaster recovery, risk management and security. The Encyclopedia
is a comprehensive reference guide organized by easy to follow icons allowing
quick navigation to areas of specific interest. The Encyclopedia draws on Mr.
Schreiders 20+ years of experience in an A to Z presentation of industry
research, risk management guidelines, recovery planning tips and techniques,
security safeguards, and terminology. Disaster Recovery Planners, Risk
Managers, and Security Administrators will all equally benefit from this
invaluable storehouse of knowledge.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0966272900/netsecurity >
----------------------------------------------------------------------------
BUILDING LINUX CLUSTERS
This book discusses complex modeling, virtual world creation, and image
generation; shows readers how to choose hardware; and explains cluster
topologies. As the author notes, Linux clusters regularly make the list of the
world's top 500 supercomputers. Not bad for a free system. Of course, running
your own cluster isn't trivial, but the book shows how straightforward it can be
for basic clusters, and how far clusters can be extended. The book covers the
all-important intermachine-communications issues in exhaustive depth. Setting
up the hardware can be relatively straightforward as is the software installation.
The tutorial uses Red Hat's 6 Linux distribution--it's supplied with the book--and
adds all the clustering software and tools.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1565926250/netsecurity >
----------------------------------------------------------------------------
CORBA SECURITY: AN INTRODUCTION TO SAFE COMPUTING WITH OBJECTS
The CORBA security specification adopted by the Object Management Group
(OMG) represents a major step forward in making object technology suitable
for business application development. The specification document, however, is
long, detailed, and complex; it is a time-consuming task for software developers
to make their way through it, and it is inaccessible to CIOs and other technical
managers who need to understand object security and its impact on their
organizations.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0201325659/netsecurity >
----------------------------------------------------------------------------
Security Software
-------------------
All programs are located at:
http://net-security.org/various/software
----------------------------------------------------------------------------
FIRE-WALLER (LINUX)
Fire-Waller reads your syslog against packet filter rows and creates HTML
output of the found rows. All addresses in logfiles are checked against a
nameserver and protocols/services are converted from numeric values to text.
Link:
< http://net-security.org/various/software/968030527,29733,.shtml >
----------------------------------------------------------------------------
NETWORK SECURITY ANALYSIS TOOL (LINUX)
NSAT is a fast, stable bulk security scanner designed to audit remote network
services and check for versions, security problems, gather information about the
servers and the machine, and much more. Unlike many other auditing tools, it can
collect information about services independently of vulnerabilities, which makes it
less dependent on frequent updates as new vulnerabilities are found.
Link:
< http://net-security.org/various/software/968030615,24271,.shtml >
----------------------------------------------------------------------------
WINDOWS 2000 IIS 5.0 HOTFIX CHECKING TOOL
The HFCheck tool allows IIS5.0 administrators to ensure that their servers are
up to date on all security patches. The tool can be run continuously or periodically,
against the local machine or a remote one, using either a database on the MS web
site or a locally-hosted copy. When the tool finds a patch that hasn't been installed,
it can display or dialogue or write a warning to the event log.
Link:
< http://net-security.org/various/software/968181513,8218,.shtml >
----------------------------------------------------------------------------
WINZAPPER FOR WINDOWS NT 4.0 AND WIN 2K
WinZapper can only be used from an Administrators account, thus this has
nothing to do with any new security vulnerabilities in Windows NT / 2000. After
an attacker has gained Administrators access to your system, you simply cannot
trust your security log! And as always, remember that attacker having that kind
of access can do anything to your system!
Link:
< http://net-security.org/various/software/968284983,30844,.shtml >
----------------------------------------------------------------------------
SCANSSH (LINUX)
Scanssh scans a list of addresses and networks for running SSH servers and
their version numbers. scanssh supports random selection of IP addresses from
large network ranges and is useful for gathering statistics on the deployment of
SSH servers in a company or the Internet as whole.
Link:
< http://net-security.org/various/software/968334220,65880,.shtml >
----------------------------------------------------------------------------
ANTIVIRUS FOR PALM OS BETA
Symantec AntiVirus for Palm OS is a Palm application that scans for and detects
viruses in all Palm OS-compatible devices. Symantec AntiVirus for Palm OS
ensures security for your data by running on-demand scans that detect and
remove viruses directly on your handheld device, protecting data even between
synchronizations.
Mac users:
< http://net-security.org/various/software/968461705,78724,.shtml >
PC users:
< http://net-security.org/various/software/968461805,3997,.shtml >
----------------------------------------------------------------------------
VSE MY PRIVACY 1.2.1 (MAC)
VSE My Privacy is data security software that allows you to store and organize
your confidential data in a safe place. It uses a military-strength, 448-bit
encryption algorithm designed to be uncrackable. The application is designed to
store bank account information, credit card numbers, Web site passwords,
telephone numbers, private addresses, email account passwords, PINs, keys for
unlocking software, membership numbers, and other confidential data in a simple
and easy-to-use database.
Link:
< http://net-security.org/various/software/968461997,17766,.shtml >
----------------------------------------------------------------------------
Defaced archives
------------------------
[10.09.2000] - Ohio State Department of Commerce
Original: http://www.com.state.oh.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/10/www.com.state.oh.us/
[10.09.2000] - Government of Guam
Original: http://www.admin.gov.gu/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/10/www.admin.gov.gu/
[10.09.2000] - LegoLand Windsor
Original: http://www.legoland.co.uk/
Defaced: http://www.net-security.org/misc/sites/www.legoland.co.uk/
[10.09.2000] - Soccer Central USA
Original: http://www.soccercentralusa.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/10/www.soccercentralusa..com/
[10.09.2000] - North Carolina State Department of Commerce
Original: http://www.commerce.state.nc.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/10/www.commerce.state.nc.us/
[11.09.2000] - MIT Department of Chemical Engineering
Original: http://montoresa.mit.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/montoresa.mit.edu/
[11.09.2000] - Ryan D Williams MIT Web site
Original: http://rdw.mit.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/rdw.mit.edu/
[11.09.2000] - First Domain Name Company
Original: http://www.firstdomainnamecompany.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/www.firstdomainnamecompany.com/
[11.09.2000] - World Peace Collection
Original: http://www.worldpeacecollection.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/www.worldpeacecollection.com/
[11.09.2000] - Elite Crew
Original: http://www.elitecrew.nu/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/www.elitecrew.nu/
[12.09.2000] - GhostMail
Original: http://www.ghostmail.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/12/www.ghostmail.com/
[12.09.2000] - New American Leasing & Financing
Original: http://www.newamericanleasing.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/12/www.newamericanleasing.com/
[12.09.2000] - r00tabega
Original: http://www.r00tabega.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/12/www.r00tabega.org/
[12.09.2000] - #2 Organization of the Petroleum Exporting Countries
Original: http://www.opec.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/12/www.opec.org/
[13.09.2000] - Pennsylvania State Government
Original: http://www.dgs.state.pa.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/13/www.dgs.state.pa.us/
[13.09.2000] - Incra/Instituto Nacional de Colon e Ref. Acgraria
Original: http://www.nead.gov.br/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/13/www.nead.gov.br/
[14.09.2000] - Citizen's Scholarship Foundation
Original: http://www.csfa.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/14/www.csfa.org/
[15.09.2000] - Spamlaws.com
Original: http://www.spamlaws.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/15/www.spamlaws.com/
[15.09.2000] - National Highway Traffic Safety Administration
Original: http://www.nhtsa.dot.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/15/www.nhtsa.dot.gov/
[16.09.2000] - American Osteopathic Association
Original: http://www.aoa-net.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/16/www.aoa-net.org/
[16.09.2000] - Technosoft HK Ltd
Original: http://www.technosofthk.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/16/www.technosofthk.com/
[17.09.2000] - Internet Shinmun Co.,Ltd.
Original: http://www.2000korea.co.kr/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/17/www.2000korea.co.kr/
----------------------------------------------------------------------------
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org