💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HNS › issue053.… captured on 2022-01-08 at 15:57:47.
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
HNS Newsletter Issue 53 - 04.03.2001 http://net-security.org http://security-db.com This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Current subscriber count to this digest : 1979 Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured articles 5) Featured books 6) Security software 7) Defaced archives General security news --------------------- ---------------------------------------------------------------------------- ONE-STOP SECURITY? IT managers looking for one-stop security shopping may soon have more superstores to visit. But whether that will mean a more secure enterprise is uncertain. The one-stop security shop is not a new strategy, nor a proven one. Network Associates Inc. went on a vigorous two-year acquisition spree to offer customers soup-to-nuts security only to scrap the plan last year. This time, Vigilinx Inc., a New York-based security consultancy, is giving it a try. Last week, it acquired its second company of this year, LogiKeep Inc., for its security assessment software. Last month, the company acquired IF SEC, another security consulting company, and it has at least one more acquisition pending, officials said. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2689558,00.html MR LEGOLAND WINDSOR BANGED UP An Internet fraudster was jailed for a year today after wangling credit card details out of surfers by starting bogus sites under the names of famous companies. Craig Cottrell, also known by the name of Legoland Windsor, received the sentence after Marks & Spencer took matters into its own hands and marched him to the High Court. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17186.html INFORMATION DISCOVERY BASICS AND PLANNING This is the seventh installment in SecurityFocus.com's Field Guide for Investigating Computer Crime. The previous installment in this series, "Search and Seizure, Evidence Retrieval and Processing", concluded the overview of search and seizure with a discussion of the retrieval and processing of computer crime scene evidence. In this installment, we will begin our discussion of information discovery, the process of viewing log files, databases, and other data sources on un-seized equipment, in order to find and analyze information that may be of importance to a computer crime investigation. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ih/articles/crimeguide7.html GOVERNMENT E-SECURITY MEASURES INADEQUATE The Government's attempt to fight hackers through the latest anti-terrorism legislation is flawed, according to legal and network security experts. Critics claim that the legislation covers attacks on utilities and hospitals, but has no provision for the prosecution of a cyber terrorist who attacks a bank or business. Link: http://www.computerweekly.com/cwarchive/daily/20010227/cwcontainer.asp?name=C2.HTML&SubSection=6&ct=daily IS HACKER CULTURE A HELP OR HINDRANCE? Everyone knows there's a hacker culture among Linux users. On the whole it's a good thing. However, there are times when it is counterproductive. While many Linux users get by without ever writing a line of code, it's fair to say that, compared with other operating systems, programming plays a much more important role. Before going further, let's be absolutely clear about definitions. Hackers are the clever, possibly mad, yet strangely dedicated people who stay up all night stringing bits of code together. Hacking is about getting noughts and ones to dance and sing. Hacking should not be confused with digital vandalism or other illegal acts - that's something else altogether. Linux could not exist without hackers." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxtoday.com.au/r/article/jsp/sid/664917 CONTENT BLOCKING IN CHINA The Ministry of Public Security has released new software designed to keep "cults, sex and violence" off the Internet in China, a police official said. Link: http://www.technewsworld.com/story/?sn=949538 'I HIRED A HACKER' Computerworld has a story entitled 'I Hired a Hacker': A Security Manager's Confession', where Mathias Thurman writes about how he found about security hole, which made all the private information on his company's server public. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerworld.com/cwi/story/0,1199,NAV47_STO58018,00.html SPACE-SEEKING HACKER TAKES FILES A Web surfer in Sweden got into an unprotected Indiana University computer, removing more than 3,000 student names and identification numbers while leaving behind a cache of downloaded music files. University officials believe the student data was taken by accident, since the person was looking for computer space to store the MP3 files. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/culture/0,1284,42051,00.html A SHOT IN THE ARM FOR NET VIRUS FIGHTERS The scientists analyzed the statistical incidence of more than 800 computer viruses and found that they lived much longer than current theories predicted - in some cases up to three years. Because "vaccines" for most viruses are usually available within hours or days, the network theoretically should be totally protected within weeks. But that's not what actually happens. PC viruses continue to infect a small but persistent percentage of computers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/162479.html MAGIC NUMBERS AND RSA DON'T MIX! A recent item on the Bugtraq mailing list, which advises people of security flaws in popular software, has warned of a flaw in the way earlier versions of the SSH protocol use RSA for encryption. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/magicnumbers20010227.html SRP: PART DEUX "It's been over a year since I spoke to Tom Wu about SRP. In that time it would appear he's been hard at work, like a beaver on crystal meth, and it's starting to pay off. SRP still has a long trip ahead of it, however. For a protocol to gain wide acceptance there need to be many implementations and available software packages that support it. Of course that usually doesn't happen until it's widely accepted. Hopefully in the near future we'll see more vendors shipping SRP support in telnet and so on." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010228.html SQL SERVER 6.5 SECURITY MODES In this article, Alexander Chigrik shows you the various security models in SQL Server 6.5 and how to change models after installation. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.swynk.com/friends/achigrik/SQL65SecurityModes.asp TREK 2000 THUMBDRIVE SECURE REVIEW Radeonic has posted a review of the aptly named Trek 2000 Thumbdrive Secure storage device which is pretty tiny and can store anywhere from 8 to 512MB with USB connectivity. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.radeonic.com/tdrive.htm ACTIVISTS TARGET BANK'S WEB SITE Hacktivists have targeted the Web site of a US investment bank which saved a controversial drug testing company from liquidation with an attack designed to make its site unavailable. The Web site of investment bank Stephens, which provides finance for Huntingdon Life Sciences, was yesterday subject to an attempted "virtual sit-in" by cyberactivists using a tool called Floodnet. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17243.html TOO MUCH SECURITY IS HOLDING BACK ECOMMERCE Evidian, a subsidiary of Groupe Bull, has completed a survey of 40 blue chip companies and found that two in five of them think complicated security is "the most irritating aspect of conducting business online". Multiple password entry and excessive authorisation procedures were recorded as particular irritants to respondents to Evidian's survey, ahead in annoyance of factors like downtime and poor customer service in doing business online. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17242.html VIRUS PROTECTION FOR SMALL ENTERPRISES With the recent proliferation of .VBS exploits, virus protection for small enterprises has become increasingly important. After a recent outbreak of the VBS.plan virus at his company, SecurityFocus writer Chris Jackson conducted a review of his organization's procedures in order to assess their network's security against viruses. This article represents an analysis of a virus outbreak at the firm, including a breakdown of how the outbreak occurred, what conditions facilitated the outbreak, and what could have been done to protect the firm against outbreak. It is hoped that this analysis will provide some insight into what other small to medium sized enterprises can do to avoid a similar incident. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/virus/articles/smallent.html ANTICRYPTOGRAPHY Ever since Mosaic, the computer industry has been obsessed with cryptography. The crusade to put strong encryption technology in the hands of ordinary computer users is a noble and important cause. Yet in our obsession with encryption and electronic anonymity, we've overlooked something equally important, the idea of creating complex messages that decode themselves. Anticryptography is based on the idea of making a message that decodes itself. The goal in anticryptography is to create a message that can be easily deciphered, even by somebody (or something) who has no prior knowledge of how the message is composed or what information it contains. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.oreilly.com/news/seti_0201.html UPDATING A BSD/OS SYSTEM WITH MODS BSDi's BSD/OS has an easy-to-use system for updating a system with important fixes. It is especially useful for administrators who do not want to (or can not) compile the entire system. In addition, the BSD/OS patches are able to back out to undo changes. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/2001/February/Features422.html NETWORK MONITORING, ACCESS CONTROL, AND BOOBY TRAPS TCP Wrappers is one of the most common methods of access control on your Unix box. A wrapper program 'wraps' around existing daemons and interfaces between clients and the server. Good access control and logging are strong points. In this first part, we introduce you to the concept behind TCP Wrappers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.freeos.com/articles/3729/ A BRIEF HISTORY OF COMPUTER HACKERISM The staff at Linux.com are proud to publish the first of four excerpts from the acclaimed new work, "The Hacker Ethic and the Spirit of the Information Age" by Pekka Himanen, Linus Trovalds and Manuel Castells. Link: http://www.linux.com/news/newsitem.phtml?sid=1&aid=11832 FUNDS FOR E-GOVERNMENT, COMPUTER SECURITY Trillion-dollar tax cut notwithstanding, President Bush recommends hiking federal spending for e-government and computer security initiatives in his proposed budget, released by the White House. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/162551.html ZEN AND THE ART OF BREAKING SECURITY - PART I Designing a secure solution, be it a protocol, algorithm or enterprise architecture, is far from trivial. Apart from the technical or scientific difficulties to overcome, there is a mental trap easy to fall into: looking at the picture through the eyes of the designer. The designer often works with concepts, not with the real thing. We look at an algorithm's specifications and we mistake it for its implementation in a particular program. We read several RFCs and we say, this is TCP/IP. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/zenandsecurity20010301.html NETWORK MANAGERS RAPPED OVER LAX SECURITY Network managers have been ignoring warnings to download a Microsoft security patch and have been hammered by attackers over the last few weeks as a result. Intel, Hewlett Packard, Compaq, Gateway and the New York Times were all attacked because they used unpatched versions of Netscape Enterprise Server or Microsoft IIS. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1118379 PRIVACY AT WORK? BE SERIOUS If you feel your privacy at work has been eroding lately, it's probably more than just your imagination. Experts say companies are under increasing pressure to monitor employees electronically, and workers should assume they are being watched. Concerns about liability in harassment suits, skyrocketing losses from employee theft, and productivity losses from employees shopping or peeping at porn from their cubicles have led to an explosion in the number of companies conducting some form of electronic monitoring on their employees. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/business/0,1367,42029,00.html SAN SECURITY ARCHITECTURES Security within the monitoring and management of storage and storage area network devices is still evolving and still somewhat limited. Progress is being made and it would be advantageous to emulate current security practices incorporated within the LAN/WAN arenas. Until then, storage managers should use every and any available method to carefully defend their devices. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://industry.java.sun.com/javanews/stories/story2/0,1072,35188,00.html SEC ATTACKS ONLINE SCAMMERS Federal securities regulators have taken action against con artists who used Internet and e-mail campaigns to perpetrate some rather old-fashioned investment scams. On Thursday, the U.S. Securities and Exchange Commission filed charges against 23 companies and individuals who used spam e-mails, phony Internet press releases, fallacious message board postings and other online means to pump up stock prices and defraud investors. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,42107,00.html LINUX 2.4: NEXT GENERATION KERNEL SECURITY This document outlines the kernel security improvements that have been made in the 2.4 kernel. A number of significant improvements including cryptography and access control make 2.4 a serious contender for secure corporate environments as well as private virtual networking. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/kernel-24-security.html SYMANTEC TO OFFER SMS NOTIFICATION OF VIRUSES Symantec in the second quarter of this year will offer live notification of Internet borne viruses and virus fixes to its customers outside North America and Europe, using Short Message Service to send alerts to mobile phones. The company also plans to offer the new service to some customers in the U.S. and Europe. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/internet/03/01/symantec.SMS.idg/index.html TRUSTIX SECURE LINUX 1.2 [REVIEW] Trustix Secure Linux is a distribution that has one focus and one focus only - to provide a server distribution that is secure. There are no frills with this distribution. When you install Trustix, you very quickly realize that you are on the business end of the server. There is no GUI, nor are there any real configuration tools. What you get is very close to a traditional UNIX server. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.thedukeofurl.org/reviews/misc/trustix12/ ARE U.S. AGENCIES HACKER-PROOF? A congressional subcommittee asked 15 federal agencies Friday to report how they've been testing and securing their computer systems from outside attack. Under a federal law passed last year, agencies have to do their own security testing and hire an outside auditor to do "penetration testing," in which hackers are paid to try to break into a network. Its passage came amid a flurry of reports that federal computers were open to devastating attacks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,42148,00.html STUDY: DOMAIN NAME SYSTEM SECURITY STILL LAX Companies rushed to upgrade Domain Name System software after warnings were issued in late January about a flaw in widely used DNS software. In the past weeks, however, upgrading has come to a halt, concludes the Iceland DNS consultancy and software firm Men & Mice. Men & Mice tested the DNS systems for the Web sites of Fortune 1000 companies and random, .com domains at set dates after the alerts were released. The results were made public on the company's site. The CERT at Carnegie Mellon University, meanwhile, said this week that it has begun receiving reports of Berkeley Internet Name Domain (BIND) holes being successfully exploited. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/internet/03/02/lax.on.DNS.idg/index.html LEARN ABOUT SAMBA Want to know what Samba is? Want to know how to integrate Linux into a Windows network? Join #linux.com-live! on irc.openprojects.net to answer these questions and more. When? March 14th at 6:00 pm US/Pacific time. 12 KEYS FOR LOCKING UP TIGHT In a perfect world, a bit of common sense and a dash of due diligence would protect us from hackers, saboteurs and the common cold. Well, the world isn't perfect, and we know we can never be completely secure. There is a measure of safety to be gained by following a formula of threat education, security breach prevention and risk mitigation. "There's no single answer," says Bruce Schneier, CTO of security consultancy Counterpane Internet Security. "I can't say, 'Do these seven steps and you'll be magically secure.'" Although every organization's security infrastructure must be unique to be effective, Schneier and other experts point to the following essential ingredients. Pay close attention to these basic security issues. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cio.com/archive/030101/keys.html MICROSOFT MAY DISABLE UPGRADED PCS Users who upgrade their PCs may find they will not work when switched back on, under the software giant's plan to use an artificial intelligence engine to deactivate illegal copies of Windows XP. Microsoft's Windows XP will control how many times users can reinstall the operating system by using an artificial intelligence engine, similar to those used to monitor credit card transactions, it emerged this week. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/8/ns-21343.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- THE SIMPLE SERVER HTTPD VULNERABILITY Adding the string "/../" to an URL allows an attacker to view any file on the server provided you know where the file is at in the first place. Link: http://www.net-security.org/text/bugs/983288289,59607,.shtml LACK OF SECURITY ON IBM HOST ON DEMAND "A major healthcare organization asked my employer's tech support staff to start using an IBM Host on Demand server to access their hospital's critical systems to provide support. While using Ethereal to watch one of our tech support people use this service, I made a few disturbing observations." Link: http://www.net-security.org/text/bugs/983288309,36674,.shtml LINUX MANDRAKE - ZOPE UPDATE A new Hotfix for Zope has been released that fixes a very important security issue that affects all versions of Zope prior to and including 2.3.1b1. Users can use through-the-web scripting capabilities on a Zope site to view and assign class attributes to ZClasses, possibly allowing them to make inappropriate changes to ZClass instances. As well, perceived security problems with the ObjectManager, Property Manager and PropertySheet classes have been fixed as well. It is highly recommended that all Linux-Mandrake users using Zope upgrade to these new packages immediately. Link: http://www.net-security.org/text/bugs/983364382,86386,.shtml RED HAT LINUX - NEW ZOPE PACKAGES Link: http://www.net-security.org/text/bugs/983288428,22428,.shtml CONECTIVA LINUX - ZOPE UPDATE http://www.net-security.org/text/bugs/983591051,6556,.shtml TRUSTIX - SUDO UPDATE "sudo" is a program used to delegate superuser privileges to ordinary users and only for specific commands. There is a buffer overflow vulnerability in sudo which could be used by an attacker to obtain higher privileges. Link: http://www.net-security.org/text/bugs/983288461,42454,.shtml LINUX MANDRAKE - SUDO UPDATE Link: http://www.net-security.org/text/bugs/983288493,43832,.shtml CONECTIVA LINUX - SUDO UPDATE Link: http://www.net-security.org/text/bugs/983288542,17892,.shtml SLACKWARE - SUDO UPDATE Link: http://www.net-security.org/text/bugs/983288600,96836,.shtml IMMUNIX OS - SUDO UPDATE Link: http://www.net-security.org/text/bugs/983368835,52950,.shtml ORANGE WEB SERVER V2.1 DOS Orange Web Server v2.1 is vulnerable to a very simple Denial of Service attack where its possible to cause the server to shut down at once and cause a invalid page fault. Link: http://www.net-security.org/text/bugs/983368813,42791,.shtml A1 SERVER V1.0A HTTPD VULNERABILITIES A1 Server v1.0a is vulnerable to a nasty Denial of Service attack where it can be flooded with useless junk until the server crashes promptly. Once it has been crashed it needs to be restarted again for it to work properly. All windows versions apear to be affected. Link: http://www.net-security.org/text/bugs/983368906,39469,.shtml JOE'S OWN EDITOR FILE HANDLING ERROR joe looks for its configuration file in ./.joerc (CWD), $HOME/.joerc, and /usr/local/lib/joerc in that order. Users could be tricked into execute commands if they open/edit a file with joe in a directory where other users can write. Link: http://www.net-security.org/text/bugs/983410681,78639,.shtml SLACKWARE HAS UPDATED IMAPD A remote exploit exists for the previously included version of imapd, so all sites running imapd are urged to upgrade to the new version immediately. Note that imapd has been installed to run by default in previous versions of Slackware, including 7.1. Link: http://www.net-security.org/text/bugs/983411116,25599,.shtml SURGEFTP DENIAL OF SERVICE Due to a design issue in the SurgeFTP server a denial of service condition exists in it which could allow any user with local or shell access to the host to crash the server. The problem resides in the local handling of the directory listing command, which after first being successfully initialized will die if followed by a "malformed" request. Link: http://www.net-security.org/text/bugs/983590606,62264,.shtml VULNERABILITY IN TYPSOFT FTP SERVER A vulnerability exists which allows a remote attacker to break out of the ftp root using relative paths (ie: '...'). Link: http://www.net-security.org/text/bugs/983477514,3945,.shtml VULNERABILITY IN FTPXQ SERVER A vulnerability exists which allows an attacker to download files outside the ftp root. Link: http://www.net-security.org/text/bugs/983590668,76525,.shtml VULNERABILITY IN SLIMSERVE FTPD A vulnerability exists which allows an attacker to break out of the ftp root using relative paths (ie: '...'). Link: http://www.net-security.org/text/bugs/983590732,23207,.shtml CALDERA - BUFFER OVERFLOW IN /BIN/MAIL There is a buffer overflow in /bin/mail which allows a local attacker to read, modify and delete mails of other users on the system. Link: http://www.net-security.org/text/bugs/983591002,3815,.shtml RED HAT LINUX - UPDATED JOE PACKAGES When starting, joe looks for a configuration file in the current working directory, the user's home directory, and /etc/joe. A malicious user could create a .joerc file in a world writable directory such as /tmp and make users running joe inside that directory using a .joerc file that is customized to execute commands with their own userids. The current working directory has been removed from the list of possible directories with the .joerc configuration file. Link: http://www.net-security.org/text/bugs/983591090,68864,.shtml WINZIP32 ZIPANDEMAIL BUFFER OVERFLOW The /zipandemail option in winzip contains a buffer overflow flaw when handling very long filenames. The EIP is overwritten and a carefully crafted filename could allow for execution of arbitrary code. The probability of this happening "in the wild" is very low, as the overflow only triggers if winzip is used with this option. Theoretically, this could occur when a .jpg with a malformed filename is 'zipped and emailed'. Alternatively if an attacker managed to place a malicious file in the log directory on an automated logging system� then the automated zipping and emailing of the log would trigger the overflow. Link: http://www.net-security.org/text/bugs/983591239,59525,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- SECURITY VISIONARIES LAUNCH CORRENT CORP. - [26.02.2001] Corrent Corp., a semiconductor start-up company founded by a group of leading visionaries in the Internet security field, Monday announced the formal launch of its operations and the opening of its headquarters in Tempe. The company is developing a family of high-performance security processors based on a new patent-pending architecture designed specifically for securing the exchange of private Internet information in next-generation optical network systems. Press release: < http://www.net-security.org/text/press/983189279,31735,.shtml > ---------------------------------------------------------------------------- NOKIA EXPANDS FAMILY OF VPN SOLUTIONS - [26.02.2001] Nokia announced the expansion of its award winning line of VPN solutions for seamless network connectivity. The extended offering includes the new Nokia CC5205 Gigabit Ethernet VPN appliance and Windows 2000-compliant Nokia VPN Policy Manager. This expansion addresses the demands of enterprise customers everywhere by providing high performance, encryption processing power, unlimited network scalability and bulletproof reliability. Nokia's extended VPN line further demonstrates Nokia's commitment to delivering a new level of security and reliability. Press release: < http://www.net-security.org/text/press/983189470,83180,.shtml > ---------------------------------------------------------------------------- WELLMED SELECTS PGP SECURITY - [26.02.2001] PGP Security, a Network Associates business, announced that WellMed, Inc., a leading provider of online consumer health management tools, has chosen PGP Security's E-Business Server to secure the transfer of personal health information. Health care organizations, self-insured employers, pharmaceutical companies and consumer Web sites license the WellMed Personal Health Manager to empower their members and employees with personalized, up-to-date, accessible health information, self-care tools and communication channels. The Personal Health Manager enables individuals to check their health status, store personal health records, identify their health risks and obtain accurate, detailed information relevant to their unique needs in a private and secure environment. Press release: < http://www.net-security.org/text/press/983197382,70931,.shtml > ---------------------------------------------------------------------------- MICROSOFT SUPPORTS COMMITMENT TO SECURITY - [26.02.2001] Today at the InfoSec World security trade show in Orlando, Microsoft Corp. announced the general availability of its enterprise firewall and Web cache, Internet Security and Acceleration (ISA) Server, along with more than 30 add-on security solutions that extend and tailor networks to customers' IT security needs. In addition, the recently announced Microsoft(R) Security Services Partner Program, which gives customers a place to turn for immediate network security support, has been extended to include support for ISA Server. Press release: < http://www.net-security.org/text/press/983197468,21074,.shtml > ---------------------------------------------------------------------------- BOOSTING BEA WEBLOGIC SERVER 6.0 SECURITY - [26.02.2001] Entegrity Solutions(R) Corporation, a leader in application security software and services, today announced support for BEA WebLogic Server(R) 6.0, the industry's most advanced Java application server. Entegrity AssureAccess boosts the native security of WebLogic Server, providing businesses with integrated single sign on (SSO) for Web and application server environments. AssureAccess also provides centrally managed and policy-based access management for WebLogic application security that scales to meet the high-volume demands of mission-critical application servers and Web servers. Press release: < http://www.net-security.org/text/press/983197585,73630,.shtml > ---------------------------------------------------------------------------- FIRST ANNUAL SECURITY EXCELLENCE AWARDS - [27.02.2001] Information Security magazine announced yesterday the winners of its first annual Information Security Excellence Awards. Selected via online balloting by the magazine's subscribers, the winning info security products and services represent the "best-in-class" solutions in each of eight categories. "Combating the constant barrage of cyber threats to corporate networks and information resources requires robust, time-tested security solutions," says Andy Briney, editor-in-chief of Information Security. "The winning products and services represent, in our readers' estimations, the best-of-breed technologies for securing the enterprise." Press release: < http://www.net-security.org/text/press/983287711,95723,.shtml > ---------------------------------------------------------------------------- SECURANT SECURES BEA WEBLOGIC 6.0 - [27.02.2001] Securant Technologies, the company that secures eBusiness, announced here at BEA eWorld 2001 that the award winning ClearTrust SecureControl user access management system has been certified to seamlessly inter operate with and support the BEA WebLogic 6.0 application server platform. The 100 percent JAVA-based ClearTrust SecureControl product is the industry's only access management system that provides native integration for the BEA WebLogic Platform, via a plug-in module. This unique capability enables enterprises to centrally manage, from ClearTrust SecureControl, the security policies that govern user access permissions for all their BEA WebLogic applications - without writing any code. In addition, as new applications are developed and deployed they can be "snapped" into and immediately protected by ClearTrust SecureControl. Press release: < http://www.net-security.org/text/press/983287831,47464,.shtml > ---------------------------------------------------------------------------- NORTON ANTIVIRUS SUPPORTS WINDOWS ME - [27.02.2001] Symantec Corp., a world leader in Internet security technology, announced the availability of Norton AntiVirus Corporate Edition now including support for the Microsoft Windows Millennium Edition operating system. Symantec's Norton AntiVirus Corporate Edition, the first corporate anti-virus solution to support the Windows Me platform, is a key component of Symantec Enterprise Security, a comprehensive and modular Internet security solution for enterprise computing environments. "Symantec's Norton AntiVirus Corporate Edition, with support for the Microsoft Windows Millennium Edition Platform, is one more example of Symantec's leadership in providing its enterprise customers with the best protection possible against new and unknown threats," said Gail Hamilton, senior vice president, Enterprise Solutions Division, Symantec. Press release: < http://www.net-security.org/text/press/983287945,9365,.shtml > ---------------------------------------------------------------------------- BALTIMORE SECURES ERICSSON SMARTPHONE R380 - [27.02.2001] Baltimore Technologies, a global leader in e-security, and Ericsson, Inc., one of the leading mobile phone manufacturers, announced that Baltimore's digital certificate technology is embedded in the Ericsson smartphone R380 to allow secure and trusted transactions. This agreement enables Ericsson customers worldwide to benefit from advanced security and authentication features provided by the award winning Baltimore Telepathy wireless e-security product and service offering. Future Ericsson phones, such as the GPRS phone R520, will also be secured using Baltimore root certificates. Press release: < http://www.net-security.org/text/press/983288063,11640,.shtml > ---------------------------------------------------------------------------- VIGILANTE INTEGRATES NESSUS - [27.02.2001] VIGILANTe today announced the integration of the leading open-source security scanner, Nessus, into its premier automated Internet security assessment service, SecureScan. This addition to SecureScan bolsters an arsenal of commercially available, open- source and proprietary assessment tools. The combination of these tools with VIGILANTe's intelligent testing methodologies and reporting delivers the most advanced, automated, thorough, and reliable security assessment. "As a security service provider, we have recognized that one tool alone can not find all known vulnerabilities," said Michelle Drolet, CEO of CONQWEST Inc. By implementing best of breed tools into one integrated solution, SecureScan allows us to provide more comprehensive security assessments of our clients' environment. By automatically configuring the tests and compiling results into a single report, our invaluable security resources can focus on helping our companies resolve their security problems, not just testing." Press release: < http://www.net-security.org/text/press/983290634,416,.shtml > ---------------------------------------------------------------------------- PENTASAFE PARTNERS WITH BEA SYSTEMS - [27.02.2001] PentaSafe Security Technologies, Inc., the leading developer of enterprise security infrastructure solutions, announced a strategic marketing relationship with BEA Systems, Inc., one of the world's leading e-business infrastructure software companies. The relationship is announced in conjunction with the release of PentaSafe's VigilEnt Security Agent (VSA) for BEA WebLogic. VSA is designed to ensure security policy compliance for applications deployed on the BEA WebLogic Server platform, BEA's market- leading Java application server. VSA provides developers with exceptional security management capabilities that have never before been available on the market. Press release: < http://www.net-security.org/text/press/983290705,15978,.shtml > ---------------------------------------------------------------------------- MAXIMUM SECURITY CONFERENCE SPONSORING - [28.02.2001] As "maximum security" becomes the theme of the Web-enabled financial world, CyberGuard Corporation, the technology leader in network security, will co sponsor the Maximum Security conference slated for March 7-9, 2001 in San Francisco. Paul Henry, Director of Asian Operations for CyberGuard, will be presenting "Understanding and Applying the Ideal Firewall for your Network." "With new security threats constantly emerging, it is crucial for institutions to protect themselves as well as their customers by investing in the most current technologies," said Henry. Press release: < http://www.net-security.org/text/press/983369017,8744,.shtml > ---------------------------------------------------------------------------- CHECK POINT UNVEILS NEW USER INTERFACE - [28.02.2001] Check Point Software Technologies Ltd., the worldwide leader in securing the Internet, announced a ground-breaking user interface that meets the industry's next generation Internet security requirements, including simplified security management for increasingly complex environments. Built upon Check Point's Secure Virtual Network (SVN) architecture, the Next Generation User Interface revolutionizes the way security administrators define and manage enterprise security by further integrating management functions into a security dashboard and creating a visual picture of security operations. The Next Generation User Interface delivers unparalleled ease-of-use, improved security and true end- to-end security management. Press release: < http://www.net-security.org/text/press/983369089,120,.shtml > ---------------------------------------------------------------------------- ORACLE LABEL SECURITY FOR US GOVERNMENT - [28.02.2001] Oracle Corp., the largest provider of software for e-business, announced the immediate availability of Oracle Label Security, a powerful Oracle9i Database option for controlling access to critical data. Developed for the U.S. government to protect highly confidential information, Oracle Label Security is now commercially available to organizations looking to achieve the right balance between sharing and securely separating data for confidentiality or privacy reasons. This option requires no programming and allows customers to use sensitivity tags, known as labels, to secure mission-critical data at the row level, instead of at the table level, whether the data resides within the e-business or at an online service provider's facility. Press release: < http://www.net-security.org/text/press/983369530,92213,.shtml > ---------------------------------------------------------------------------- SOPHOS: TOP TEN VIRUSES IN FEBRUARY - [01.03.2001] This is the latest in a series of monthly charts counting down the ten most frequently occurring viruses as compiled by Sophos, a world leader in corporate anti-virus protection. Press release: < http://www.net-security.org/text/press/983402714,63948,.shtml > ---------------------------------------------------------------------------- SOPHOS PARTNERS WITH IT DIRECT AT LLOYD'S - [01.03.2001] Sophos, a world leader in corporate anti-virus protection is partnering with IT Direct at Lloyd's to provide anti-virus software to more than 250 of the Lloyd's of London Market companies. This relationship sees IT Direct at Lloyd's providing Sophos Anti-Virus as part of its wide portfolio of technology products and services. Bob Blatchford, MD of IT Direct, said "It is our aim to ensure that every one of the Lloyd's Market companies has access to best-of-breed software and service at a competitive price. Our customers have requested the addition of Sophos Anti-Virus to our range due to its reputation for reliability and after-sales support." Press release: < http://www.net-security.org/text/press/983477655,72177,.shtml > ---------------------------------------------------------------------------- PROGINET SECURPASS SUPPORTS LDAP - [01.03.2001] Proginet Corporation, a leader in password management software and Internet file transfer software, announced that its SecurPass password management software product supports LDAP (Light Directory Access Protocol), the Internet standard for accessing inter-network directory services that has been universally endorsed by leading industry players. Proginet's responsiveness to the needs of today's global enterprises with SecurPass support of LDAP significantly expands the Company's reach into the security market, estimated at $3 billion, comprised of increasingly Internet-dependent enterprises. Press release: < http://www.net-security.org/text/press/983477704,29626,.shtml > ---------------------------------------------------------------------------- HIGH-PERFORMANCE SECURITY PROCESSOR - [01.03.2001] SonicWALL, Inc., a leading provider of Internet security solutions, announced its new high performance security processor. This custom Application Specific Integrated Circuit (ASIC) will be incorporated into SonicWALL's full line of Internet security appliances to create the industry's most advanced hardware platform for integrating firewall, VPN and a range of other value-added security services. SonicWALL will also license the ASIC to OEM partners to incorporate strong, high performance security into their networking and security products. Press release: < http://www.net-security.org/text/press/983477807,54779,.shtml > ---------------------------------------------------------------------------- SPONSORING INTERNET SECURITY CONFERENCE - [02.03.2001] The Internet Security Conference announced the addition of Interop, a Key3Media Group, Inc. brand, as a media sponsor for its upcoming conference to be held June 4-8, 2001 at the Century Plaza Hotel in Los Angeles. Interop is the world's leading brand in the networking, Internet and telecommunications event and educational marketplace, staging events such as NetWorld+Interop and Interop NetResults and the community resource interop.com. Press release: < http://www.net-security.org/text/press/983554019,88144,.shtml > ---------------------------------------------------------------------------- Featured articles ----------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org Below is the list of the recently added articles. ---------------------------------------------------------------------------- GNUTELLA USERS WARNING: BEWARE OF THE MANDRAGORE WORM! Kaspersky Labs announces the discovery of a new worm "Mandragore" spreading across the popular Gnutella file exchange network that uses the Peer-to-Peer technology. Read more: < http://www.net-security.org/text/articles/viruses/gnutella.shtml > ---------------------------------------------------------------------------- THE "LOVELETTER" NEVER DIES Kaspersky Labs warns computer users about the possible recurrence of the epidemic of the LoveLetter worm caused by its new modification - "Myba"! Kaspersky Lab has already received several reports of the worm "in-the-wild". Read more: < http://www.net-security.org/text/articles/viruses/loveletter.shtml > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- SSH, THE SECURE SHELL: THE DEFINITIVE GUIDE Secure your computer network with SSH! With transparent, strong encryption, reliable public-key authentication, and a highly configurable client/server architecture, SSH (Secure Shell) is a popular, robust, TCP/IP-based solution to many network security and privacy concerns. It supports secure remote logins, secure file transfer between computers, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. Best of all, SSH is free, with feature-filled commercial versions available as well. "Our book is written for all SSH users, from technically-inclined beginners up to experienced sysadmins. We begin with the basics for Unix (SSH, SSH2, OpenSSH, F-Secure) as well as Windows and the Mac. Then we go far beyond the SSH man pages, providing in-depth coverage of advanced topics." Book: < http://www.amazon.com/exec/obidos/ASIN/0596000111/netsecurity > ---------------------------------------------------------------------------- CISCO SWITCHING: BLACK BOOK A practical in-depth guide to configuring, operating, and managing Cisco LAN switches. Covers basic to advanced ISL, spanning tree, switch configuration, and switch technologies featuring Cisco's line of Catalyst switches. It's also an excellent guide for Cisco WAN and ATM switches. No other book thoroughly covers the advanced topics required to achieve this level of comprehensive Cisco knowledge or certification in the new CCNP and CCIE curricula. Book: < http://www.amazon.com/exec/obidos/ASIN/157610706X/netsecurity > ---------------------------------------------------------------------------- SATELLITE ENCRYPTION The book explains the need for secure satellite communications, including ways of implementing them, and discusses their implications (in business, government, and warfare). Author John Vacca focuses on United States satellite encryption policies. This is far more than a networking or government-policy text, though its contents have bearing upon wide area network (WAN) designers and legislators alike. Vacca explains the physics involved in getting a satellite into the most desirable orbit, the computing techniques used for cracking keys, and various key-escrow strategies (including Clipper). In addition, there's a lot of background information on national security topics other than satellite encryption, including missile-defense satellites and the purchase of dangerous military surplus by terrorist groups. There's a somewhat breathless warning of year 2000 mayhem, but Vacca's approach is generally very deliberate and informative. Topics covered: The importance of secure satellite communications, government encryption policies, implementation of satellite encryption, information-theft techniques, use and abuse of key-escrow schemes, and the role of satellite encryption in the future of business and government. Book: < http://www.amazon.com/exec/obidos/ASIN/0127100113/netsecurity > ---------------------------------------------------------------------------- LINUX SYSTEM ADMINISTRATION HANDBOOK More and more businesses are turning to Linux as a cost-effective, rock-solid solution for Internal networks and Internet connectivity. This is the first book that systematically teaches Linux system administrators the real-world skills they need to succeed. The Linux System Administration Handbook covers Linux networking, file service, E-mail, security, backups, print sharing, Web, FTP, NetNews, and much more.... Book: < http://www.amazon.com/exec/obidos/ASIN/0136805965/netsecurity > ---------------------------------------------------------------------------- LINUX: NETWORKING FOR YOUR OFFICE SOHO Linux Networking provides all the answers you need when setting up a Linux server in a SOHO (small office, home office) environment, or as a subnetwork off of a larger organization's network. This book combines information documented in existing Linux material such as HOWTOs, individual package documentation, and other books into a single package, complete with Red Hat Linux on CD. Book: < http://www.amazon.com/exec/obidos/ASIN/0672317923/netsecurity > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- LANGUARD NETWORK SCANNER LANguard network scanner is a freeware security scanner to audit your network security. It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. It does OS detection, tests password strength, detects registry issues and much more. Reports are outputted in HTML. Info/Download: < http://www.net-security.org/various/software/983589788,4876,windows.shtml > ---------------------------------------------------------------------------- PROGRAM LOCK PRO 2.0 Lock and unlock any program on your pc so it cannot be used. You can also choose your own message to display if anyone attempts to run one of your locked programs. Includes password protection so only you can unlock the program when you are ready to use it. Allows the entire PC to remain active and running, and it only locks and prevents access to the programs that you specify. Info/Download: < http://www.net-security.org/various/software/983589926,19650,windows.shtml > ---------------------------------------------------------------------------- IMSAFE 0.2.2 Imsafe is a host-based intrusion detection tool for Linux which does anomaly detection at the process level and tries to detect various type of attacks. Since Imsafe doesn't know anything about specific attacks, it can detect unknown and unpublished attacks or any other form of malicious use of the monitored application. Created for Linux systems but works on almost every UNIX flavor by watching strace outputs. Info/Download: < http://www.net-security.org/various/software/983590047,62882,linux.shtml > ---------------------------------------------------------------------------- QUICKENCRYPT V3.1 QuickEncrypt is a feature-packed, yet easy to use, file encryption utility. If you have files that you want to keep private, QuickEncrypt will help you achieve your goal. In short, it's simple enough for anyone to use right away, but it has a zillion configuration options that will satisfy the power user. Info/Download: < http://www.net-security.org/various/software/983590312,57629,mac.shtml > ---------------------------------------------------------------------------- MACWASHER V2.1 MacWasher is a powerful tool for covering your Internet tracks. Every time you use the Net, you're sending information about yourself and your online activities to people in the form of cookies. You are also leaving a potential gold mine of information about yourself on your Mac in places like e-mail cache files, history logs, etc. You are even leaving evidence of applications you recently used, etc. MacWasher "washes" all of these tracks away, including the ability to securely delete files using the approved techniques of the National Security Agency. While the interface is a little garish, such minor flaws are offset by the power and versatility of the program. A great tool for people concerned about security on the Net, or who want to make sure that they aren't leaving potentially damaging (or just embarrassing) evidence on their Mac. Info/Download: < http://www.net-security.org/various/software/983590427,59420,mac.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [26.02.2001] Original: http://www.sony.fr/ Defaced: http://defaced.alldas.de/mirror/2001/02/26/www.sony.fr/ OS: Windows Original: http://www.venezuela.gov.ve/ Defaced: http://defaced.alldas.de/mirror/2001/02/26/www.venezuela.gov.ve/ OS: Solaris Original: http://www.aiwa.com.pa/ Defaced: http://defaced.alldas.de/mirror/2001/02/26/www.aiwa.com.pa/ OS: Unknown Original: http://www.erd.gov.lk/ Defaced: http://defaced.alldas.de/mirror/2001/02/26/www.erd.gov.lk/ OS: Windows Original: http://html.it/ Defaced: http://defaced.alldas.de/mirror/2001/02/26/html.it/ OS: Windows [27.02.2001] Original: http://www.samsung.it/ Defaced: http://defaced.alldas.de/mirror/2001/02/27/www.samsung.it/ OS: Windows Original: http://www.israel.dk/ Defaced: http://defaced.alldas.de/mirror/2001/02/27/www.israel.dk/ OS: Unknown Original: http://www.casio.cl/ Defaced: http://defaced.alldas.de/mirror/2001/02/27/www.casio.cl/ OS: Windows Original: http://www.imi.gov.my/ Defaced: http://defaced.alldas.de/mirror/2001/02/27/www.imi.gov.my/ OS: Unknown Original: http://www.olivetti.ru/ Defaced: http://defaced.alldas.de/mirror/2001/02/27/www.olivetti.ru/ OS: Windows Original: http://www.oman-tv.gov.om/ Defaced: http://defaced.alldas.de/mirror/2001/02/27/www.oman-tv.gov.om/ OS: Windows Original: http://perldev.digitalcreators.com/ Defaced: http://defaced.alldas.de/mirror/2001/02/27/perldev.digitalcreators.com/ OS: Linux [28.02.2001] Original: http://www.feds.co.za/ Defaced: http://defaced.alldas.de/mirror/2001/02/28/www.feds.co.za/ OS: Windows Original: http://www.3wire.net/ Defaced: http://defaced.alldas.de/mirror/2001/02/28/www.3wire.net/ OS: Unknown Original: http://mothernature.com/ Defaced: http://defaced.alldas.de/mirror/2001/02/28/mothernature.com/ OS: Windows Original: http://www.shjpolice.gov.ae/ Defaced: http://defaced.alldas.de/mirror/2001/02/28/www.shjpolice.gov.ae/ OS: Unknown Original: http://www.rainforestalliance.com/ Defaced: http://defaced.alldas.de/mirror/2001/02/28/www.rainforestalliance.com/ OS: Windows Original: http://www.moeacgs.gov.tw/ Defaced: http://defaced.alldas.de/mirror/2001/02/28/www.moeacgs.gov.tw/ OS: Windows [01.03.2001] Original: http://www.coca-cola.it/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/www.coca-cola.it/ OS: Windows Original: http://www.eti.gov.ee/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/www.eti.gov.ee/ OS: Windows Original: http://www.funmrd.gov.ve/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/www.funmrd.gov.ve/ OS: Linux Original: http://www.labor.gov.tw/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/www.labor.gov.tw/ OS: Windows Original: http://www.eti.gov.ee/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/www.eti.gov.ee/ OS: Windows Original: http://site4.nyc.gov.tw/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/site4.nyc.gov.tw/ OS: Windows Original: http://www.faber-castell.com.au/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/www.faber-castell.com.au/ OS: Windows Original: http://www.canon.com.br/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/www.canon.com.br/ OS: Windows Original: http://www.burgerking.co.uk/ Defaced: http://defaced.alldas.de/mirror/2001/03/01/www.burgerking.co.uk/ OS: Windows [02.03.2001] Original: http://www.vipfe.gov.bo/ Defaced: http://defaced.alldas.de/mirror/2001/03/02/www.vipfe.gov.bo/ OS: Windows Original: http://uslocator.com/ Defaced: http://defaced.alldas.de/mirror/2001/03/02/uslocator.com/ OS: Windows Original: http://www.atlantica.fr/ Defaced: http://defaced.alldas.de/mirror/2001/03/02/www.atlantica.fr/ OS: Windows Original: http://www.health.gov.bh/ Defaced: http://defaced.alldas.de/mirror/2001/03/02/www.health.gov.bh/ OS: Windows Original: http://www.bible.org/ Defaced: http://defaced.alldas.de/mirror/2001/03/02/www.bible.org/ OS: Windows Original: http://www.intershop.nl/ Defaced: http://defaced.alldas.de/mirror/2001/03/02/www.intershop.nl/ OS: Windows [03.03.2001] Original: http://www.nameyourprice.co.uk/ Defaced: http://defaced.alldas.de/mirror/2001/03/03/www.nameyourprice.co.uk/ OS: Linux Original: http://www.health.gov.bh/ (Redefacement) Defaced: http://defaced.alldas.de/mirror/2001/03/03/www.health.gov.bh/ OS: Windows Original: http://www.goldencard.gov.cn/ Defaced: http://defaced.alldas.de/mirror/2001/03/03/www.goldencard.gov.cn/ OS: Solaris Original: http://www.sansui.co.jp/ Defaced: http://defaced.alldas.de/mirror/2001/03/03/www.sansui.co.jp/ OS: Windows Original: http://www.lordoftherings.gr/ Defaced: http://defaced.alldas.de/mirror/2001/03/03/www.lordoftherings.gr/ OS: Windows Original: http://www.usacpw.belvoir.army.mil/ Defaced: http://defaced.alldas.de/mirror/2001/03/03/www.usacpw.belvoir.army.mil/ OS: Windows [04.03.2001] Original: http://power.lucent.com/ Defaced: http://defaced.alldas.de/mirror/2001/03/04/power.lucent.com/ OS: Windows Original: http://www.xtnews.gov.cn/ Defaced: http://defaced.alldas.de/mirror/2001/03/04/www.xtnews.gov.cn/ OS: Unknown Original: http://www.alcatel.co.kr/ Defaced: http://defaced.alldas.de/mirror/2001/03/04/www.alcatel.co.kr/ OS: Windows Original: http://www.cdhb.gov.cn/ Defaced: http://defaced.alldas.de/mirror/2001/03/04/www.cdhb.gov.cn/ OS: Solaris ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org http://security-db.com