💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HNS › issue063.… captured on 2021-12-03 at 14:04:38.
-=-=-=-=-=-=-
HNS Newsletter Issue 63 - 13.05.2001 http://net-security.org http://security-db.com This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Current subscriber count to this digest: 2368 Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured products 5) Security software 6) Defaced archives ======================================================== Help Net Security T-Shirt available ======================================================== Thanks to our affiliate Jinx Hackwear we are offering you the opportunity to wear a nifty HNS shirt :) The image speaks for itself so follow the link and get yourself one, summer is just around the corner. Get one here: http://207.21.213.175:8000/ss?click&jinx&3af04db0 ======================================================== General security news --------------------- ---------------------------------------------------------------------------- E-COMMERCE FIRMS FACING MORE ONLINE SECURITY RISKS Online security can pose a threat to the IT industry world over. According to the managing director of Safe Acript Atul Saran, the industry suffered losses to the tune of $10 billion during the last two years. Speaking at a seminar - Consilience-2000 - organised by the National Law School of India University here on Sunday, he said the companies could cut down on problems by taking precautionary measures. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/07info13.htm A CRITIQUE OF MEDIA REPORTAGE OF VIRUSES In this article, George Smith takes a critical look at the way the media reports viruses. Specifically, he critiques the shortcomings of the 'crisis' mode used by the media to report virus threats and virus-writing competitions and examines the effects of that school of reportage on the public's reaction to viruses. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/virus/articles/diseased.html HACKERS DENIED ACCESS Access Research, a security firm founded earlier this year, has unveiled its security products to protect corporate data. Access Denied is a strong authentication system, preventing unauthorised users from connecting to company servers. It protects firms from hackers' spoofing, denial of service and Trojan attacks at the IP level, safeguarding Web servers and clients, the company said. The technology scans traffic at the TCP/IP connection level, alongside other security features, such as firewalls, and controls communication channels between Web servers and clients. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/18/ns-22662.html NT SERVICE PACK 7: D.O.A. SP7 is now officially dead. This is unfortunate, since it makes fixing all the security holes present on an NT system more difficult. For day-to-day operations, the lack of service packs won't make a huge difference. In the last few years, Microsoft has only released six service packs for NT (not counting multiple releases of Service Pack 6 that were broken to various degrees). Administrators typically apply Microsoft's hotfixes as they become available; otherwise, it is trivial in most cases for attackers to break into unpatched systems. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/ntspseven20010507.html WORMS COME UNDER ATTACK When the ILoveYou virus swept through corporate networks around the world last May, it took everyone by surprise - especially anti-virus software developers. As the one-year anniversary of the Love Bug's attack passed last week, McAfee Corp., Trend Micro Inc. and other anti-virus vendors were working on new technologies and strategies that they hope will reduce the likelihood of another outbreak of that scale. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2715700,00.html NEO-NAZIS ATTACK LIBRARY'S WEB SITE The State Library of NSW was inundated with calls after an attacker replaced its Web site with images of Hitler and a Nazi swastika across an Australian flag in an unprecedented racially motivated attack. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.smh.com.au/news/0105/07/national/national16.html EXODUS CUSTOMER SECURITY SITE HACKED Internet hosting company Exodus Communications suffered an embarrassing break-in of one of its security-related Web sites Friday night. Hackers left a message bragging that they had access to the company�s network and posted personal information about a company employee on www.security.exodus.net. Exodus, which co-hosts big-name Web sites like Yahoo.com and eBay.com, confirmed the break-in. But company officials say the attackers were only able to access arcane Web server log files for a few Exodus customers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/569965.asp THE NEW SECURITY PRO "The really bad security breaches that would make the hair on the back of your neck stand up are not being reported [in the media]," says David Foote, a managing partner at Foote Partners LLC, a New Canaan, Conn.-based research and consulting firm specializing in the IT workforce. "But companies know about them, and they're scared." As companies place an increased emphasis on security, says Foote, the role of the security professional is changing from a strictly back-office IT support role to one that's strategically tied in with the entire company. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerworld.com/cwi/story/0,1199,NAV47_STO60207,00.html 2600 CLUBS The Washington Post's Ariana Eunjung Cha did an article on 2600 clubs around the states. "Club members still draw the attention of authorities. But the perception that their meetings are solely a place where hackers exchange trade secrets and plot electronic break-ins is exaggerated, or at least outdated". Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.chicagotribune.com/business/printedition/article/0,2669,SAV-0105070210,FF.html HACKERS BREAK INTO INFOSYS� BANKING SITE Hackers reached IT major Infosys, with unidentified miscreants breaking in into the company�s banking division website. According to an Infosys spokesperson, the company�s technical personnel were attempting to rectify the damage and restore the site. "Work is on at present and the site should be up soon," the spokesperson said. The hackers changed the content of the site though it is not clear how and why the break in occurred. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.hindustantimes.com/nonfram/080501/detECO10.asp STREAMER.MICROSOFT.COM HACKED According to Alldas.de, a Web server located within Microsoft's .com domain at streamer.microsoft.com was cracked and defaced in the early hours of Tuesday morning by a computer crackers calling themselves Prime Suspectz. Just last Friday, the same group, which claims to be based in Brazil, vandalised three international Microsoft Web sites, Microsoft UK, Mexico and Saudi Arabia. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/18/ns-22672.html HACKER ATTACKS UTV SITE UTV are investigating how an attacker managed to link the front page of their web site to a commemoration site for hunger-striker Bobby Sands last weekend. According to UTV, the attacker changed a link early Saturday morning, May 5th. The problem was rectified within hours of being spotted. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ireland.com/newspaper/breaking/2001/0508/breaking44.htm IIS ATTACKING WORM OUT THERE CERT issued an advisory on a new piece of self-propagating malicious code. Based on preliminary analysis, the sadmind/IIS worm exploits a vulnerability in Solaris systems and subsequently installs software to attack Microsoft IIS web servers. In addition, it includes a component to propagate itself automatically to other vulnerable Solaris systems. It will add "+ +" to the .rhosts file in the root user's home directory. Finally, it will modify the index.html on the host Solaris system after compromising 2,000 IIS systems. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cert.org/advisories/CA-2001-11.html WHY OPENBSD WILL NEVER BE AS SECURE AS LINUX OpenBSD fans everywhere simultaneously draw their flame guns and set them to "well done". OpenBSD claims to be "secure by default", and has undergone an extensive code audit -- so the question is this: has Kurt been hit in the head with a blunt object, or what? Wait! Before you hit the send button and put me out of my ignorance-induced misery, please read the whole article. Your thoughts will probably be addressed. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010509.html WHITEHAT HACKER MADE FBI PATSY American federal officials used threats and a false promise of leniency to lure computer security researcher and admitted cyber intruder Max Butler into becoming an undercover FBI informant, according to a defense motion filed in the case Tuesday. It was only when Butler balked at covertly recording a friend and colleague, and instead sought advice from an attorney, that the government threw the book at him, the motion charges. "The government as much as promised him he would receive consideration," says defense attorney Jennifer Granick. "At least until he hired an attorney." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/18817.html AUSTRALIAN PARLIAMENT HIT BY VBSWG.X VBSWG.X has hit the Australian parliament's e-mail system opening a selection of pornographic websites on its victims' screens. International research company Trend Micro says the virus was first detected in the US and has spread to more than 50 Australian businesses. At least 2,500 cases of the virus have also been recorded in New Zealand. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ananova.com/news/story/sm_287043.html AN INTRODUCTION TO NESSUS "There are a number of security scanners out there. Most of them are vendor specific, and each boasts a number of vulnerability checks to determine what is secure on your system and what is not. So what if you are a hardcore open source paranoid like myself who wouldn't think to spend a dime on the latest commercial security scanner from CyberSlueths or CrackerCops? Well there is a superior alternative that is regularly updated, free, and open source. It's called Nessus, and it is by far the best scanner available." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/feature_story-86.html BALTIMORE WILL FIRE 10% OF STAFF? Baltimore Technologies Plc, a security software maker that issued two lowered profit forecasts this year, may fire as many as 120 workers or about 10 percent of its staff, the Irish Independent newspaper said, citing analysts. Link: http://news.cnet.com/investor/news/newsitem/0-9900-1028-5868866-0.html VBSWG.X UPDATE A spokesman for the antiviral software company Sophos said that 80 companies have reported being hit by the virus, and several said that they have each sent out up to 100,000 infected e-mails. Another antiviral firm, MessageLabs, reports similar statistics, adding that its data indicates Homepage is spreading faster than the Kournikova virus. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/culture/0,1284,43681,00.html "WAR" IS OVER Chinese 'hackers', engaged in a "cyberwar" with their counterparts in the United States, boasted on Wednesday they had defaced 1,000 U.S. Web sites, but called a truce to the conflict. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,5082576,00.html DUMMY INTERNET FIRM USED TO SNAG RUSSIAN HACKERS Invita Security Corp. looked like a typical Internet company: It had offices, computers, employees, even a secure computer system. The only thing missing was the customers. Far from a failed start-up, the aptly named Invita turned out to be a bogus company set up by the Federal Bureau of Investigation to ensnare a pair of young Russian hackers accused of breaking into U.S. Internet companies' computers, stealing financial and other sensitive data and demanding extortion payments. Authorities say Alexey Ivanov, 21, and Vasily Gorshkov, 25, both of Chelyabinsk, fell for the bait. Arrested and jailed on 20 criminal counts including conspiracy and wire fraud, they are set to go on trial May 29 in federal court in Seattle. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.dallasnews.com/technology/362473_fbihackers_10b.html WINDOWS VS. LINUX - TAKING SECURITY SERIOUSLY Network security cannot be left to chance these days. It is incumbent on businesses, given the throng of Internet connections across the globe, that their systems - no matter what types of operating systems or servers involved, are patched, hardened and secure. Then again, if it is up to individual organisations to protect what they have, perhaps the role of OS vendors is to strengthen the security features they offer. Just which vendor does this better is difficult to establish. While proponents of Linux systems maintain that the many security vulnerabilities and attacks coming to the fore are due to Microsoft's dominance in the market and its inherent vulnerabilities, others believe that Bill Gates' behemoth company is beginning to hold its own in acknowledging and addressing security issues. With fame, however, misfortune can follow. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.westcoast.com/securecomputing/2001_05/special/special.html USING SENDMAIL AND AMAVIS TO HALT VIRUS DISTRIBUTION Unlike days past where viruses were primarily spread through sneaker-net distribution of floppy disks, most modern viruses are spread via e-mail. Advanced scripting languages for the Windows platform coupled with the relative insecurity of certain Windows mail clients have increased the ranks of the virus, worm, and other mal-ware authors. Fortunately, most Unix servers and mail systems can halt the spread of such mal-ware. This tutorial will focus on integrating the AMaViS (0.2.1) anti-virus cleanser with Sendmail 8.9.1b, the default mail server shipped with Solaris 7. However, the setup and configuration procedures are very similar on Linux and xBSD. Link: http://www.sunhelp.org/pages.php?page=article-amavis SECURING LINUX WITH AIDE It is often difficult to assess damage from an intrusion through syslogs and good old-fashioned sysadmin work alone. Host-based intrusion detection systems can assist in these efforts. One such host-based IDS for Unix operating systems is AIDE. AIDE is a valuable, configurable tool that takes a snapshot of a system in its original state in order to track subsequent changes in the system. This article will discuss various aspects of using AIDE on Linux systems, including: configuring and using AIDE, troubleshooting your configuration, reviewing logs and cleaning up rulesets. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/linux/articles/linuxaide.html MAC: RIPE FOR A HACK? "Think Different" has been an Apple rallying cry for the last few years. And recently, many Mac fans have begun to think different(ly) - about computer security. Macs have rarely been the target of hack attacks or viruses, due in part to the fact that many malicious hackers are unfamiliar with the Mac operating system. But Apple's new operating system, OS X, is built around an open-source, Unix-based core - an operating system that many hackers are already very familiar with. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/infostructure/0,1377,43638,00.html INFOSYS TRACKING ATTACKERS India's top software firm Infosys Technologies said Tuesday it has tracked down the origin of computer hackers who targeted its website on Monday. "The attack seems to have been launched from an educational institution. We are trying to reach the administrators of the institution to pinpoint the source," the company said in a statement. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/090501/09info17.htm ICSA LABS TO CERTIFY PC FIREWALLS TruSecure Corp.'s ICSA Labs division has added PC Firewalls to its list of security applications that it certifies. Through the personal firewall certification program, personal firewall vendors will have their software tested, assessed, and validated by ICSA's independent labs. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.informationweek.com/story/IWK20010510S0003 GOVERNMENT AGENCIES DEFLECT "HOMEPAGE" WORM �We haven�t seen anything significant in the United States,� said a spokesman for FedCIRC, the government�s computer intrusion response center. �It has mostly been overseas.� Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.gcn.com/vol1_no1/daily-updates/4221-1.html GATEWAY UK TURNS PERSONAL INFO PUBLIC A security gaffe by Gateway 2000 has resulted in the exposure of sensitive customer information on the PC vendor's web site. Up until late this afternoon searching for 'delivery cost' on Gateway's UK site returned two copies of an Excel spreadsheet containing order details, customer contacts and phone numbers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/18867.html DMZS FOR DUMMIES You've ordered a new firewall, and you want to get it running on your network ASAP. Your first reaction is probably to put every client and server behind it. That's fine for a small company, but a larger company should consider creating a perimeter security network called a demilitarized zone (DMZ) that separates the internal network from the outside world. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/enterprise/stories/main/0,10228,2717224,00.html ASK BUFFY Questions this week cover Logging Root Commands; WINS, NetBIOS problems; Protecting Solaris from IP Spoofing; xinetd and tcp_wrappers; and BCC Email Tracking. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/buffy/buffy20010510.html ANOTHER HOTMAIL SCAM "You're one of 100 hotmail winners!" reads the title from an email apparently sent from from the "Hotmail Staff" and presents the users with a form to indicate sign-in name, password, comments and..a picture. Infact the email was sent by a "max@relay.1c.kiev.ua" and over html code directly links to http://193.125.79.67/, which according to the RIPE whois data base belongs the Tara Shevchenko Kiev University, 01033 Kiev, Ukraine. The only price to win would be your hacked hotmail account. IIS WORM - 8836 IP ADDRESSES ATTACKED On Tuesday, May 8, Attrition staff received email containing a list of 8836 IP addresses that were said to be victims of the "sadmind/IIS Worm". From there, they broke the list down into a few major types of machines/names; ADSL boxes, Cable Modems, DHCP servers, DNS machines, DSL boxes, Mail hosts, personal machines, "regular" servers and "in-addr" addresses. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.attrition.org/security/commentary/worm01.html 2600.COM WASN'T HIJACKED; NSI PROBLEMS 2600.com reported that their domain got hijacked yesterday - "Imagine our surprise when we were told by readers that 2600.com no longer belongs to 2600.com! That's the nightmare that we were greeted with on Friday due to a bizarre foulup with Network Solutions." In a short time they were able to track down the right people at Network Solutions Inc, so the mistake got fixed. Link: http://www.2600.com/news/display.shtml?id=412 Link: http://www.2600.com/news/display.shtml?id=413 STATE DEPARTMENT'S OFFICE OF IIP SITE DEFACED A confidential U.S. State Department Web site (State Department's Office of International Information Programs) was defaced and some internal Internet servers were shut down in a cyberattack launched earlier this week by an unknown assailant, department spokeswoman Victoria DeLong announced. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88_STO60494,00.html PROTOCOL TO SECURE DATA FOR WLANS Industry experts are tipping Kerberos to become the accepted security standard for roaming between access points in the growing wireless local area network (WLAN) market. Concerns about the rival Wireless Equivalent Privacy (WEP) security protocol used in the 802.11b WLAN standard have surfaced recently, putting IT managers off adopting the technology, due to fears about the security of connections and the verification of users as they 'roam' from one access point to another. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/18/ns-22764.html 0WN THIS BOX CHALLENGE Cylant's "0wn this box challenge" is a research effort providing a good challenge to skilled crackers. Dave Wreski and Benjamin Thomas of LinuxSecurity.com interview Cylant Technology, Inc.seeking to find more information regarding the work to create this contest, and the experiences gained from holding it. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/feature_story-87.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- DEBIAN LINUX: CRON LOCAL ROOT EXPLOIT A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access. This has been fixed in version 3.0pl1-57.3 (or 3.0pl1-67 for unstable). No exploits are known to exist, but we recommend that you upgrade your cron packages immediately. Link: http://www.net-security.org/text/bugs/989242718,76559,.shtml IIS 5.0 PROPFIND DoS #2 It is possible to remotely restart all IIS related services using specially crafted request. If this request is repeated continously this seriously affects IIS performance. Link: http://www.net-security.org/text/bugs/989242918,59658,.shtml MP3MYSTIC VULNERABILITY MP3Mystic is a webserver that lets a visitor browse your harddrive only showing MP3 files. It is vulnerable to the dot dot bug. Link: http://www.net-security.org/text/bugs/989345433,40148,.shtml ELECTROCOMM 2.0 VULNERABILITY ElectroComm allows you to connect to a comm port on a computer over a network using any Telnet client. The program can fall victim to a DoS. Link: http://www.net-security.org/text/bugs/989345489,35284,.shtml VIRTUAL DNS VULNERABILITY Virtual DNS (Vdns) allows users with DSL & ADSL type connections to run their own web server with their own domain name. It suffers from a DoS. Link: http://www.net-security.org/text/bugs/989345611,74236,.shtml LINUX MANDRAKE - PINE UPDATE Versions of the Pine email client prior to 4.33 have various temporary file creation problems, as does the pico editor. These issues allow any user with local system access to cause any files owned by any other user, including root, to potentially be overwritten if the conditions were right. Link: http://www.net-security.org/text/bugs/989351502,70657,.shtml TURBOLINUX SECURITY ANNOUNCEMENT: VIXIE-CRON A security hole has been discovered in the package vixie-cron. Please update the packages in your installation as soon as possible. Link: http://www.net-security.org/text/bugs/989408997,40125,.shtml TURBOLINUX SECURITY ANNOUNCEMENT: SQUID A security hole has been discovered in the package squid. Please update this package in your installation as soon as possible. Link: http://www.net-security.org/text/bugs/989409105,89300,.shtml TURBOLINUX SECURITY ANNOUNCEMENT: DHCP A security hole has been discovered in the dhcp packages. Please update the packages in your installation as soon as possible. Link: http://www.net-security.org/text/bugs/989409220,8713,.shtml TURBOLINUX SECURITY ANNOUNCEMENT: XNTP3 A security hole has been discovered in the xntp3 packages. Please update the packages in your installation as soon as possible. Link: http://www.net-security.org/text/bugs/989409271,97178,.shtml WINDOWS 2000 KERBEROS DoS The Kerberos service and kerberos password service contain a flaw that could allow a malicious attacker to cause a Denial of Service on the Kerberos service and thus making all domain authentication impossible. Link: http://www.net-security.org/text/bugs/989436098,15488,.shtml DEBIAN LINUX - SAMBA SECURITY FIX UPDATE Marc Jacobsen from HP discovered that the security fixes from samba 2.0.8 did not fully fix the /tmp symlink attack problem. The samba team released version 2.0.9 to fix that, and those fixes have been added to version 2.0.7-3.3 of the Debian samba packages. Link: http://www.net-security.org/text/bugs/989582948,34149,.shtml RED HAT LINUX: UPDATED NEDIT PACKAGES nedit creates temporary files in an insecure fashion. This version has been patched to use mkstemp(). Link: http://www.net-security.org/text/bugs/989583041,52988,.shtml SQL SERVER 7.0 SERVICE PACK PASSWORD BUG When SQL Server 7.0 Service Packs 1, 2, or 3 are installed on a machine that is configured to perform authentication using Mixed Mode, the password for the SQL Server standard security System Administrator (sa) account is recorded in plaintext in the files %TEMP%\sqlsp.log and %WINNT%\setup.iss. The default permissions on the files would allow any user to read them who could log onto the server interactively. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.microsoft.com/technet/security/bulletin/MS00-035.asp VULNERABILTY IN TYPSOFT FTP SERVER V0.95 An attacker with anonymous access to the ftp server can break out of the ftp root using the dot vulnerability. Link: http://www.net-security.org/text/bugs/989607354,81774,.shtml DENICOMP REXECD/RSHD DENIAL OF SERVICE There exists a problem in the port-handling code of mentioned products which exposes the services provided by these to a DoS attack. Link: http://www.net-security.org/text/bugs/989607535,50259,.shtml DEBIAN LINUX - GFTP REMOTE EXPLOIT The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making a FTP server return special responses that exploit this. Link: http://www.net-security.org/text/bugs/989607865,68250,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- TRAFFIC LIMITING INTRUSION DETECTION SYSTEM (TLIDS) - [07.05.2001] Captus Networks, the world leader in protecting against Denial of Service attacks, announced a major software enhancement to its CaptIO family of network security solutions that greatly simplifies the task of systems administrators for ensuring the security and availability of their Internet networks. Press release: < http://www.net-security.org/text/press/989243503,12040,.shtml > ---------------------------------------------------------------------------- SAFENET PARTNERS WITH TEXAS INSTRUMENTS - [07.05.2001] SafeNet, a leading provider of Internet security technology that is the de facto standard in the VPN industry, announced that it has been chosen to partner with Texas Instruments to provide a new wireless security library for next generation (2.5 and 3G) wireless devices. SafeNet's encryption technology, combined with TI's DSP-based OMAP family of processors, will enable the strongest security for next generation wireless devices including personal digital assistants, cell phones, and pagers. The OMAP architecture is fast becoming a de facto standard for 2.5 and 3G wireless devices. Today, TI's OMAP architecture has been publicly endorsed by Nokia, Ericsson, Sony, Sendo, HTC, Symbian, Microsoft, and Sun Microsystems. Press release: < http://www.net-security.org/text/press/989243541,30009,.shtml > ---------------------------------------------------------------------------- PROACTIVENET 4.0 PROVIDES ROOT CAUSE ANALYSIS - [08.05.2001] ProactiveNet, Inc., a leading provider of performance management solutions for Internet, intranet and extranet applications, today announced ProactiveNet 4.0, the company's flagship management application. The product makes its debut at the Networld + Interop show in Las Vegas this week, in ProactiveNet's booth #1825. Press release: < http://www.net-security.org/text/press/989316924,18917,.shtml > ---------------------------------------------------------------------------- STONEBRIDGE TECHNOLOGIES AND ISS PARTNER - [08.05.2001] Stonebridge Technologies, an award-winning technology consulting firm, announced that the company is extending its infrastructure service offerings through a strategic alliance with Internet Security Systems (ISS), a leading provider of security management solutions for the Internet. Press release: < http://www.net-security.org/text/press/989317193,42924,.shtml > ---------------------------------------------------------------------------- ANTI-VIRUS INFORMATION EXCHANGE NETWORK GROWS - [08.05.2001] The Anti-Virus Information Exchange Network and its associated Early Warning System continue to increase their growth at a fast pace. At the end of April, 2001, with just 6 months of activity, AVIEN already includes antivirus specialists who support more than 2 million end users. Press release: < http://www.net-security.org/text/press/989336150,58744,.shtml > ---------------------------------------------------------------------------- WATCHGUARD: FIREBOX 2500 AND FIREBOX 4500 - [08.05.2001] WatchGuard Technologies, Inc., a leader in Internet security solutions, introduced its next generation of award-winning Firebox Internet security appliances at the NetWorld + Interop Conference in Las Vegas. The Firebox III family, consisting of the Firebox 2500 and Firebox 4500, redefine price/performance by delivering industry-leading performance at prices that are affordable for larger distributed organizations and Internet data centers with the need to secure a large number of VPN connections. Press release: < http://www.net-security.org/text/press/989336211,66652,.shtml > ---------------------------------------------------------------------------- RAINBOW IVEA AWARDED AT N+I - [08.05.2001] Rainbow iVEA, a Rainbow Technologies (Nasdaq: RNBO) company and a leading provider of high-performance security solutions for the Internet and eCommerce, announced that the CryptoSwift 600 eCommerce accelerator captured a Well Connected Award by Network Computing Magazine at the Spring 2001 Networld+ Interop Conference in Las Vegas. The CryptoSwift 600 defeated the nCipher nForce 300 and the Compaq AXL2000 Accelerator PCI Card for "Best SSL Acceleration Solution." Press release: < http://www.net-security.org/text/press/989350887,96012,.shtml > ---------------------------------------------------------------------------- F-SECURE ALERTS USERS ON VBSWG.X WORM - [09.05.2001] F-Secure Corporation, a leading provider of centrally-managed, widely distributed security solutions is alerting computer users worldwide about a new, rapidly spreading e-mail worm named VBSWG.X, also known as Homepage, is an encrypted e-mail worm found in the wild on May 9th, 2001. Press release: < http://www.net-security.org/text/press/989407841,43920,.shtml > ---------------------------------------------------------------------------- VISUALSOFT CRYPT WINS JOLT PRODUCTIVITY AWARD - [09.05.2001] VisualSoft Technologies, a leading Software Products and Solutions development company, today announced that VisualSoft Crypt won Software Development magazine's Jolt Productivity Award in the category of "Libraries, Frameworks and Components". The Jolt Awards were announced by CMP's Software Development magazine on April 11th, 2001 at Software Development West Conference and Exposition at the San Jose Convention Center in San Jose, CA. Press release: < http://www.net-security.org/text/press/989407988,53034,.shtml > ---------------------------------------------------------------------------- INFOEXPRESS WINS NETWORK COMPUTING�S AWARD - [09.05.2001] InfoExpress, a pioneer in enterprise remote access security solutions, announced that its CyberArmor Suite Enterprise Personal Firewall 1.1 has been named a winner of CMP Media LLC�s Network Computing for a 2001 Well-Connected Award in the category of Desktop Firewall. CyberArmor was chosen for its innovative centralized security policy management capability to protect corporate assets from various malicious Internet attacks. CyberArmor also offers the industry�s only environmentally sensitive policy- based solution. It can select the active policy by differentiating between users on the corporate network, when a remote VPN session is active, or when they are surfing the Internet. Press release: < http://www.net-security.org/text/press/989431870,88278,.shtml > ---------------------------------------------------------------------------- MELCAM SURVEILLANCE APPLICATION FOR PC CAMERAS - [10.05.2001] MelCam is easy to operate, keeps real-time tabs on vulnerable assets and increases security levels. Physical areas that are secured with a MelCam system benefit from Melioris' proprietary "Multi-Channel Security" - the ability to monitor and respond to incidents in a multiple number of ways, concurrently. Press release: < http://www.net-security.org/text/press/989494304,54252,.shtml > ---------------------------------------------------------------------------- NEW DEVICELOCK MILLENNIUM EDITION RELEASED - [10.05.2001] SmartLine, Inc. announced the new release of DeviceLock Millennium Edition, a Windows service for restricting access to local devices running Windows 95/98/Me. Preventing the introduction of inappropriate software and data is important when trying to protect and administer a company's computer network. The traditional solution has been a physical lock on the floppy drive. DeviceLock Me eliminates the need for physical locks and has a number of advantages. It is easy to install and administrators can have instant access from the remote computers when necessary. There are no physical keys to store and manage - DeviceLock Me is a software-only solution. Press release: < http://www.net-security.org/text/press/989519175,1325,.shtml > ---------------------------------------------------------------------------- SOPHOS DEFENDS IRISH SCHOOLS THROUGH ICL - [10.05.2001] Sophos, a world leader in corporate anti-virus protection, announced that it is to protect IT systems in all of Northern Ireland's schools from virus attack. Sophos will defend the schools as part of a deal with eBusiness services company, ICL. Under the terms of the deal, all Northern Irish secondary schools will switch from their existing anti-virus protection (provided through CLASS - the Computerisation of Local Administration Systems in Schools) to that provided by Sophos. All of the region's primary school IT systems are already protected by Sophos Anti-Virus. Press release: < http://www.net-security.org/text/press/989519256,16494,.shtml > ---------------------------------------------------------------------------- SURFCONTROL SLAMS THE DOOR ON VBSWG.X - [11.05.2001] SurfControl, the Internet Filtering Company, announced that SurfControl is part of the preventative measures that corporations are putting in place to protect themselves from email born viruses like the recent "homepage" attack. Given that SurfControl's SuperScout Email Filter sits between the email server and the virtual boarder, and works with a corporation's existing anti-virus software, the product can stop viruses at the door before they get to the email server. Press release: < http://www.net-security.org/text/press/989533926,93756,.shtml > ---------------------------------------------------------------------------- CHECKPOINT AND ISS CO-SPONSOR ENET - [11.05.2001] Check Point Software Technologies Ltd. and Internet Security Systems (ISS), two Internet security leaders, today announced that they have been selected for the fourth consecutive year as network security co-sponsors of the Interop Net Event Network (eNet) at NetWorld+Interop in Las Vegas. Check Point and ISS have provided integrated Internet security technology, real-time monitoring and expertise for protecting the complex network. The eNet is an integral part of NetWorld+Interop, held May 7-11, 2001 at the Las Vegas Convention Center. Press release: < http://www.net-security.org/text/press/989533992,80558,.shtml > ---------------------------------------------------------------------------- SURFCONTROL ANNOUNCES GRANT OF US PATENT - [11.05.2001] SurfControl, the Internet Filtering Company, is pleased to announce today that the US Patent Office has granted to SurfControl a patent on its core web filtering technology and processes. The US Patent 6,219,786, granted to SurfControl, Inc., describes the unique system for managing access control to resources of a distributed network, and more particularly to monitoring computer users' access to those resources from within and outside the network. Press release: < http://www.net-security.org/text/press/989534017,22824,.shtml > ---------------------------------------------------------------------------- ZEASOFT RELEASES TASK TERMINATOR - [11.05.2001] ZeaSoft is proud to announce a new release of our free utility, Task Terminator (http://www.zeasoft.com/products/taskterm.htm). Task Terminator is a free utility from ZeaSoft which allows you to terminate any task or window running on your machine, even hidden programs and services which are invisible to the Windows Task Manager (that window that pops up when you hit Ctrl-Alt-Del). Task Terminator has the look and feel of the Windows Task Manager to make it instantly familiar to Windows users. Press release: < http://www.net-security.org/text/press/989583281,21227,.shtml > ---------------------------------------------------------------------------- EEYE DIGITAL SECURITY RELEASES SECUREIIS - [11.05.2001] SecureIIS is the latest in proactive network security tools from eEye Digital Security. SecureIIS protects Microsoft IIS Web servers from known and unknown hacker attacks. SecureIIS wraps around IIS and works within it, verifying and analyzing incoming and outgoing Web server data for any possible security breaches. It prevents these breach attempts from penetrating the server, and alerts the network administrator when such attacks occur. SecureIIS combines the best features of Intrusion Detection Systems and Network Firewalls all into one, and it is custom tailored to your Web server. Press release: < http://www.net-security.org/text/press/989583781,34566,.shtml > ---------------------------------------------------------------------------- LEADING SECURITY COMPANIES COMBINE PRODUCTS - [11.05.2001] At Networld + Interop today, networking, antivirus and Internet security leaders Linksys, TrendMicro Inc., and Zone Labs announced they will combine their products and technologies into one comprehensive, best-of-breed security solution for the small/medium business and home networking market. Linksys EtherFast Cable/DSL Router users will benefit from ironclad protection for their networks consisting of Zone Labs' ZoneAlarm Pro Internet security utility and Trend Micro's PC-cillin antivirus software as part of a complete hardware and software solution. Press release: < http://www.net-security.org/text/press/989583975,40156,.shtml > ---------------------------------------------------------------------------- TRIPWIRE HONORED AS UPSIDE MAGAZINE - [12.05.2001] Tripwire Inc., the leading provider of data and network integrity (DNI) software, announced that it has been selected by UPSIDE Magazine as one of the 2001 Hot 100 private companies. Tripwire was selected by the editors of UPSIDE and an advisory panel comprised of venture capitalists, financial analysts and market researchers. More than 800 companies were nominated for this year's UPSIDE Hot 100 Awards. Each company was judged on the basis of its technological achievements, customer acceptance of products or services, financial performance, industry partnerships, financial backing, and management experience. Press release: < http://www.net-security.org/text/press/989625999,42397,.shtml > ---------------------------------------------------------------------------- MCAFEE USERS UNAFFECTED BY HOMEPAGE WORM - [12.05.2001] McAfee, a division of Network Associates, Inc. and recognized leader in anti virus security solutions, today announced that its gateway anti-virus products and services protected leading businesses from the recently discovered Homepage worm. McAfee's advanced scanning technology detected and cleaned the Homepage worm at Major League Soccer, Loancity.com, Affinity Health System and other leading McAfee corporate businesses. Similar to the AnnaKournikova virus detected earlier this year, McAfee AVERT (Anti-Virus Emergency Response Team) worked closely with customers to provide up-to- date diagnostics and information regarding the virus. Press release: < http://www.net-security.org/text/press/989659179,31194,.shtml > ---------------------------------------------------------------------------- PREPARATIONS FOR RSA CONFERENCE 2001 ASIA - [12.05.2001] As e-commerce continues to gain a strong foothold in Asia, RSA Security Inc., the most trusted name in e-security, announced the program for RSA Conference 2001, Asia, which will be held July 9 - 12, 2001 at the Singapore International Convention and Exhibition Center in Suntec City, Singapore. RSA Security's first annual e-security conference and exposition in the Asia-Pacific region is designed to address the critical e-security and privacy issues facing business, government and the public. RSA Conference 2001, Asia is modeled after the U.S.-based RSA Conference, the world's largest security event, which drew more than 10,000 attendees last April in San Francisco, Calif. Press release: < http://www.net-security.org/text/press/989659469,10481,.shtml > ---------------------------------------------------------------------------- ALADDIN'S ESAFE PROTECTS OF HOMEPAGE WORM - [12.05.2001] Aladdin Knowledge Systems, a global leader in the field of Internet content and software security, today announced its eSafe Internet content security solution successfully blocks the new medium-risk vandal named VBS.Homepage. Press release: < http://www.net-security.org/text/press/989659605,74425,.shtml > ---------------------------------------------------------------------------- BIOMETRIC SECURITY FOR NEW NASA FACILITY - [12.05.2001] Bioscrypt Inc., a leading provider of biometric authentication solutions, announced that the Triana Science and Operations Center (TSOC), a NASA funded facility at the University of California in San Diego, is using Bioscrypt's advanced biometric technology to control physical access and provide security for their operations. Press release: < http://www.net-security.org/text/press/989659723,75766,.shtml > ---------------------------------------------------------------------------- Featured products ------------------- The HNS Security Database is located at: http://www.security-db.com Submissions for the database can be sent to: staff@net-security.org ---------------------------------------------------------------------------- GENUITY SECURITY ADVANTAGE Genuity Security Advantage service lets you outsource your security needs and gives you local access to security management services independent of any specific ISP, hardware platform, or operating system. Furthermore, the service uses IPsec-compliant hardware and software, enabling you to establish secure, site-to-site Virtual Private Networks (VPNs), thereby avoiding costly leased-line fees. Read more: < http://www.security-db.com/product.php?id=149 > This is a product of Genuity, for more information: < http://www.security-db.com/info.php?id=27 > ---------------------------------------------------------------------------- LT AUDITOR+ Blue Lance�s LT Auditor+ is a Windows-based intrusion detection/audit trail security software solution. LT Auditor+ is designed to protect organizational assets accessible through NT and/or Novell networks. LT Auditor+ provides around-the-clock monitoring of network activity across the enterprise. LT Auditor+ is used to secure corporate assets against unauthorized access, fraud and theft. Highly acclaimed by Netware Users International, Blue Lance's LT Auditor+ is in use by the world�s largest banks, government agencies and corporations. Read more: < http://www.security-db.com/product.php?id=436 > This is a product of Blue Lance, for more information: < http://www.security-db.com/info.php?id=97 > ---------------------------------------------------------------------------- LANGUARD NETWORK SCANNER LANguard network scanner is a freeware security scanner to audit your network security. It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. It does OS detection, password strength testing, detects registry issues and more. Reports are outputted in HTML. A security scanner that is always up to date Many commercial security scanning tools exist that claim to find all security holes in an OS. Fact is, because of the number of OS versions (service packs) & amount of security issues discovered daily, these database based products are almost immediately out of date. Read more: < http://www.security-db.com/product.php?id=640 > This is a product of GFI Software Ltd., for more information: < http://www.security-db.com/info.php?id=146 > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- VISUALSOFT FILESECURE VisualSoft FileSecure encrypts selected files and/or folders and produces a self-decryption archive. The encrypted file can be decrypted simply by double clicking the archive with the given passphrase. The user needs no installation of any application to decrypt the files. The user can also split the generated self-decryption archive by choosing appropriate settings. VisualSoft FileSecure uses Blowfish symmetric key for both encryption and de-cryptio. It can also provides file compression and secure file transfer using FTP. Info/Download: < http://www.net-security.org/various/software/989519664,9161,windows.shtml > ---------------------------------------------------------------------------- VISUALSOFT CRYPT V.3.0 VisualSoft Crypt provides strong cryptographic algorithms for secure enterprise application development. Information such as Passwords, Credit Card numbers, Email and other transaction data can be securely transferred on the untrusted networks like Internet etc., using this component. It encrypts and decrypts files using Advanced Encryption Standard (Rijndael) algorithm and Industry standard Cryptography methodologies namely Serpent, Mars, DES, TDES, BlowFish, and IDEA. This component also supports MIME Format files. It is can also be used to store or transport information securely within a network environment. Info/Download: < http://www.net-security.org/various/software/989519782,27322,windows.shtml > ---------------------------------------------------------------------------- PORT SCAN ATTACK DETECTOR Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Info/Download: < http://www.net-security.org/various/software/989519878,70603,linux.shtml > ---------------------------------------------------------------------------- PC VIPER PC Viper is the first product of its kind to provide strong firewall security to your home PC's as you surf the absolutely no protection against Internet Intrusion. The PC Viper Personal Edition solves this problem by providing an extremely strong firewall located on the user's machine. PC Viper sits between the operating system and the modem to monitor all traffic. Because it is resident on the same machine that it is protecting, Viper can monitor any PC applications that access the Internet to protect against Trojan Horse Viruses from transmitting user-sensitive information. PC Viper also features an adult-material filter built in which can be enabled to prevent adult content or pornography from reaching the protected machine. Info/Download: < http://www.net-security.org/various/software/989520145,24540,windows.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [07.05.2001] Original: http://www.commerzbank.com.uy/ Defaced: http://defaced.alldas.de/mirror/2001/05/07/www.commerzbank.com.uy/ OS: Windows Original: http://www.blizzard.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/07/www.blizzard.com/ OS: Windows Original: http://investor2.cnet.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/07/investor2.cnet.com/ OS: Windows Original: http://www.opel.dk/ Defaced: http://defaced.alldas.de/mirror/2001/05/07/www.opel.dk/ OS: Windows Original: http://www.bmw.com.mx/ Defaced: http://defaced.alldas.de/mirror/2001/05/07/www.bmw.com.mx/ OS: Windows Original: http://www.toyota.co.ug/ Defaced: http://defaced.alldas.de/mirror/2001/05/07/www.toyota.co.ug/ OS: Windows Original: http://www.sanyo.com.mx/ Defaced: http://defaced.alldas.de/mirror/2001/05/07/www.sanyo.com.mx/ OS: Windows [08.05.2001] Original: http://www.mcdonalds.co.id/ Defaced: http://defaced.alldas.de/mirror/2001/05/08/www.mcdonalds.co.id/ OS: Windows Original: http://www.fujifilm.co.kr/ Defaced: http://defaced.alldas.de/mirror/2001/05/08/www.fujifilm.co.kr/ OS: Windows Original: http://www.honda.com.au/ Defaced: http://defaced.alldas.de/mirror/2001/05/08/www.honda.com.au/ OS: Windows Original: http://www.puma.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/08/www.puma.com/ OS: Windows Original: http://www.dinersclub.com.ph/ Defaced: http://defaced.alldas.de/mirror/2001/05/08/www.dinersclub.com.ph/ OS: Windows Original: http://www.toyota.kz/ Defaced: http://defaced.alldas.de/mirror/2001/05/08/www.toyota.kz/ OS: Windows Original: http://www.unicef.no/ Defaced: http://defaced.alldas.de/mirror/2001/05/08/www.unicef.no/ OS: Windows Original: http://streamer.microsoft.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/08/streamer.microsoft.com/ OS: Windows [09.05.2001] Original: http://www.agfa.co.za/ Defaced: http://defaced.alldas.de/mirror/2001/05/09/www.agfa.co.za/ OS: Windows Original: http://pc.microsoft.is/ Defaced: http://defaced.alldas.de/mirror/2001/05/09/pc.microsoft.is/ OS: Windows Original: http://www.twbookmark.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/09/www.twbookmark.com/ OS: Windows Original: http://www.sanyo.com.mx/ Defaced: http://defaced.alldas.de/mirror/2001/05/09/www.sanyo.com.mx/ OS: Windows [10.05.2001] Original: http://webonair.worldonline.co.za/ Defaced: http://defaced.alldas.de/mirror/2001/05/10/webonair.worldonline.co.za/ OS: Windows Original: http://www.quantum.it/ Defaced: http://defaced.alldas.de/mirror/2001/05/10/www.quantum.it/ OS: Windows Original: http://www.compaq.co.jp/ Defaced: http://defaced.alldas.de/mirror/2001/05/10/www.compaq.co.jp/ OS: Windows Original: http://www.wintek.be/ Defaced: http://defaced.alldas.de/mirror/2001/05/10/www.wintek.be/ OS: Windows [11.05.2001] Original: http://www.shipping.co.il/ Defaced: http://defaced.alldas.de/mirror/2001/05/11/www.shipping.co.il/ OS: Windows Original: http://www.camelot.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/11/www.camelot.com/ OS: Windows Original: http://www.stockphotos.com.br/ Defaced: http://defaced.alldas.de/mirror/2001/05/11/www.stockphotos.com.br/ OS: Windows [12.05.2001] Original: http://www.datasun.com.hk/ Defaced: http://defaced.alldas.de/mirror/2001/05/12/www.datasun.com.hk/ OS: Windows Original: http://www.chaintech.com.tw/ Defaced: http://defaced.alldas.de/mirror/2001/05/12/www.chaintech.com.tw/ OS: Windows Original: http://www.exergy.net/ Defaced: http://defaced.alldas.de/mirror/2001/05/12/www.exergy.net/ OS: Windows Original: http://www.twphillips.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/12/www.twphillips.com/ OS: Windows [13.05.2001] Original: http://pmacrae.oracle.co.uk/ Defaced: http://defaced.alldas.de/mirror/2001/05/13/pmacrae.oracle.co.uk/ OS: Windows Original: http://www.newport.com.hk/ Defaced: http://defaced.alldas.de/mirror/2001/05/13/www.newport.com.hk/ OS: Windows ---------------------------------------------------------------------------- ======================================================== Advertisement - HNS Security Database ======================================================== HNS Security Database consists of a large database of security related companies, their products, professional services and solutions. HNS Security Database will provide a valuable asset to anyone interested in implementing security measures and systems to their companies' networks. Visit us at http://www.security-db.com ======================================================== Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org http://security-db.com