Oblivion Magazine - Issue #6 This issue covers application programming interfaces, Windows 2000 File Encrytion, the Andrew File System, and multiprotocol transport net.
b6c17fa9d3f65ad61d715a1641527b552c04f17eed513571d99ebb26cc858bd6
_____ _ _ _____
| | |_| |_|| |
| | _ _ __ _ _ _ | | ____
| _ || | | |\ \\ \ | || || _ || _ \
| | | || |__ | | \ \\ \ | || || | | || | \ \
| | | || || | \ \\ \ | || || | | || | | |
| |_| || [] || |___\ \\ \| || || |_| || | | |
|_____||____||_____\\_\\___||_||_____||_| |_|
M a g a z i n e
-=[ Oblivion Magazine ]=-
-=[ http://www.0blivion.org ]=-
Feer Us Fools, Because We Are Gaining R00t On You
-=[ Editor: Cyber0ptix ]=-
-=[ cyberoptix@0blivion.org ]=-
-=[ Assistant Editor: Slider ]=-
-=[ Slider@0blivion.org ]=-
-=[ Writer/Advice: LockDown ]=-
-=[ lock-down@hushmail.com ]=-
Pain Is A Thing Of The Past, Feel Oblivion
-=[ IRC: #OBLIVIONMAG on EFNet ]=-
Join Us And Communicate
-----------------------------
Designed On 800x600 Resolution
-=[ Issue 6 - 15/08/2000 ]=-
The Sixth Sense
-=[ Contents ]=-
--------
--------------------------------------- -----------------
[ Articles ] [ Author ]
+-------------------------------------+ +---------------+
[ Contents ] [ 0blivion.org ]
[ Introduction To Issue 6 ] [ Slider ]
[ Editor - Comments/Rant ] [ Cyber0ptix ]
[ Speed up your Connection ] [ Cyber0ptix ]
[ Application Programming Interfaces ] [ Tango-Omega ]
[ Windows 2000 File System Encryption ] [ Kermit23 ]
[ The Andrew File System (AFS) ] [ Slider ]
[ Multiprotocol Transport Net. (MPTN) ] [ Slider ]
[ News - http://net-security.org ] [ 0blivion.org ]
[ End Credits ] [ 0blivion.org ]
--------------------------------------- -----------------
When Mozart was composing at the end of the eighteenth century,
the city of Vienna was so quiet that fire alarms could be given
verbally by a shouting watchman mounted on top of St. Stefan's
Cathedral. In twentieth-century society, the noise level is such
that it keeps knocking our bodies out of tune and out of their
natural rhythms. This ever-increasing assault of sound upon our
ears, minds, and bodies adds to the stress load of civilized
beings trying to live in a highly complex environment.
- Steven Halpern
----------------------------------------------
**********************************************
Introduction To Issue 6 - Slider
**********************************************
Re.
Welcome to Issue 6, this is a very short issue im afraid due to myself being
away on holiday and having to start a new job, and Cyber moving house (still!)
and working and being a typical student. At the moment we are trying to get
ideas in for articles, so we would appreciate any ideas for text files, no
matter how silly or indepth they might be that we can research and then write
about after gaining some experience in these subjects.
Many thanks to all of you who stuck in your points of view, and of course your
articles! And please will you continue sending them in, we appreciate points
of view and of course your articles. This way you can get your work published
to a wider audience. Also, if you are thinking of writing a article yourself
then also contact us, we will help you as much as possible to write it. We
are here to promote learning and sharing of information like the Internet
community should be, all we ask is that you publish the document or text in
Oblivion mag first, then distribute it to other mags if you wish. This gives
us peace of mind knowing that we got something good out of it!
At the moment i am trying to organise as many things as possible to get this
issue out and even have put my love life (shock horror) to one side for this
issue! dedication or shat... shit what am i saying ??? this aint like me, but
what the hell the groupies come first innit :]
And remember we may not be covering stuff like 0-day hacking tekniq's, but
instead we are covering stuff that should be known. We are here to be an
instrument for learning.
Also we are looking for a host that may be able to supply us with an shell
acc. so that we may increase our amount of bots on our channel. This is due
to take overs from unknown parties. May i add this is extrememley stupid and
irritating for all of us. Oblivion is a place to share and absorb information
from many people and parties, we dont need ppl doing this kind of stubborn
and stupid activities.
Also, more members in the chan would be v. much appreciated so if anyone has
any free time just come and idle with us. We are v. much acceptable to new
peeps and always happy to chat about anything under the sun.
[Cyber0ptix - Yeah and it gives me something to do when I get b0red at work
;0) ]
Slider.
All we could do was gaze in superfication at our
friends going to inevitable death...
- Reverend G. A. Pare, Chaplain, Glider
Pilot Regiment, British 1st Airbourne
division, describing the division
watching the thrid lift at Arnhem
on September 19, 1944
----------------------------------------------
**********************************************
My Rant - Cyber0ptix
**********************************************
Hi, and welcome to issue 6 of 0blivion. Well who woulkd believe we would
still be around after half a year! Well we are and still getting good
reviews and feedback although the articles have slowed down a lot ;o( This
means that this issue may be quite a short one. So come on and lets get
sending some articles in to make issue 7 the best ever.
So what has been happening this month? Well looks like BT attempt at letting
the UK have high speed 'always on' net connections using ADSL is going to be
a big let down. The have just changed the contention ratio of the line from
50:1 to a rediculous 80:1, this means that although you will have a maximum
speed of 512k upload this could be used by a maximum of 80 people at once
bringing it down to speeds the like of a 14,400 bps modem. Also rumours
around the net make it out like it is going to be so port blocked that all
you will be able to do is browse the web and send email. They arn't even
allowing ICQ to work. Come on BT, get you finger out and give us what we
need. The UK is so far behind in internet technology we will still be using
56k modems in 10 years time if they dont get it right. Oh well looks like we
will just have to wait for them to open up the local loop and get some
competition in there and show them how its done. But when the fuck is this
going to happen?
Also another crack at BT for their pathetic unmetered product SurfTime. Well
it would of been good but they just had to gedt involved with the data side
of it and completely fuck it up. Instead of just giving out free 0844
numbers that route through to the ISP's hardware they decided to make these
connect to the exchanges and then get routed through their data network to
free up the voice network for calls. Great a faster conection! Well you
would of thought so, but the number of hops it takes to get through to your
ISP's hardware is beyond a joke and puts ping rates to about 500. I have
seen poeople having 15 hops till they even reach the ISP. ISDN is
tempremental, and cos they have installed BT modems you get crap connection
speeds.
SurfTime was also down for 17 hours last month when a fibre cable split. Oh
well its a routing network you would of thought, no need to worry. Well BT
didn;t think about building b ackup routes into the network and decided to
leave it with a single point of failure, which resulted in no one being able
to connect.
Well I think that is enough slating of BT, I'll probably be getting sued by
them now. ;o)
Anyway so what else has been happening? Lotus notes was broken wide open at
Defcon 8 last weekend when information was released concerning the encryption
method used to store passwords and how easy it was to crack them.
Another e-commerce site has been down this week. www.wollies.co.uk as their
security was weak. The site has been taken down for a 'major security
overhaul' which is expected to take 2 weeks. Come on how long does it take
if you had of done it right in the first place.
Well that my little rant over for another month, and as I said lets get some
articles sent in from you the readers, it doesn;t matter how long they are,
or how technical as long as they are of a good standard and an interesting
read we will try and include them in the zine, just email them to me at
cyberoptix@0blivion.org.
Also happening next weekend is DNSCON 2. Unfortunately I am unable to go due
to work, but if anyone that goes can write a review for next month issue we
would be very grateful.
**********************************************
Getting the best Connection - Cyber0ptix
**********************************************
Well this is just a little text that I have written to help you all get the
fastest connection to the net without any slowdown or connection problems.
This is all basic stuff but this is bound to help out some people who arn't
too sure on this.
As you all know getting a fast connection over the PSTN relies on many
variables to ensure that every thing is OK. So I am going to outline a few
of the problems and how you can get round them.
1. Line Noise.
Most people tend to blame their ISP if they have a slow connection. Well you
are connecting over a phone system which was not designed to give high speed
data transfer. It may interest you to know that BT only gaurentees a data
connection upto 9600bps. Well what is the point in that in todays world with
modem technology at 56k and the soon to be released V.92, which is only going
to be any good if BT totally fuck up ADSL.
If you find that you are having random disconnects or slow connection speeds
then it is time to get in touc hwith your telco. First off fone the fault
department and ask them to check your line for noise. Tell them your number
and the number that you are dialing, your ISP's. Ask them to run a full
check between the two numbers. Also ask them to turn the gain up on your
line as this will get you a better connection.
2. DACS!
So you thought you'd get a dedicatedc line for the internet and leave your
other line so people can get in touch with you. So you get in touch with BT
and as kthem to install it. Thgey come round and fit everything and you go
to connect for the first time. You click connect and what do you see?
'Connected at 28,800bps'
What the fuck?
Well it looks like BT have DACS'ed you. This basically involves multiplexing
your existing line to give you the ability to have two lines on one by
splitting the bandwidth. This is fine for voice lines but when you want to
use one of them for the internet it is a complete waste of time.
So what can you do? Not much if you have already had it installed. As I
said earlier they only gaurentee data connections upto 9600bps and are within
their right to do this to your line. Try calling them and ask them to
replace it with a 'real' line so you can get the connection speed you want.
If they wont, refuse to pay and tell them to come and remove it.
Before you ask for a second line to be installed, tell them that you do not
want a DACS box as you need the line for the internet and tell them to
install a new line. This may be a problem as you exchange need free space to
add this free line, it also costs a lot more for BT to install the line so
they may refuse and only offer you the DACS box. Do NOT bother as there is
no point.
3. Netwkring Protocols.
Check through your Networking protocols and make sure you have the latest
updates installed.
IF you are running Windows goto Control Panel and click on Network. This
will tell you what you have installed. As a bare minimum all you want is the
following
Client for Microsoft Networks
Dial Up Adaptor
TCP/IP
You may have more installed for VPN? Support but this does not matter. If
you are having problems with data transfer try removing TCP/IP, reboot, add
it back in and then reboot again. This will reinstall the protocol stack and
should solve your problems. Remove all unwanted protocols such as IPX/SPX
compatable and NETBEUI.
Another problem is with Windows 98 which installs with 'Microsoft Family
Logon' as default instead of Client for Microsoft Networks. Remove this
imediately as it causes more problems than it solves. Replace it with Client
for Microsoft Networks and reboot.
4. Dial Up Networking.
First of, with Windows 95 make sure you have upgraded to DUN 1.3, this will
install the DUN with compatability for 56k modems. Without this upgrade you
will not get a good connection.
Next check your settings. My Computer > Dialup Networking, then right click
on the icon you connect with and select properties. Make sure the number you
are dialling is correct for your modem type. Some ISP's run different
numbers for different technologies. IF in doubt phone Tech Support or look
on their website.
Next click 'Server Types' Untick everything on this page except for the
following.
Use Software Compression
TCP/IP
Click OK and reboot your machine.
5. Modem Drivers.
As with all harware your modem has drivers installed to make it work. Make
sure these are uptodate by visiting your modem manufacturewrs website and
downloading the latest versions. Also see if they have a flash upgrade to
update the 'Software' inside your modem.
And thats it, once you have made sure all this uis correct you should enjoy
the fastest connection for your modem/phone line quality.
Happy Surfing.
Cyber0ptix.
**********************************************
Application Programming Interfaces - Tango-Omega
**********************************************
Application programming interfaces (APIs) allow developers to write
applications that can make use of TCP/IP services. The following sections
provide an overview of the most common APIs for TCP/IP applications.
-- The Socket API
The socket interface is one of several application programming interfaces
(APIs) to the communication protocols. Designed to be a generic communication
programming interface, it was first introduced by the 4.2BSD UNIX system.
Although it has not been standardized, it has become a de facto industry
standard. The socket interface is differentiated by the services that are
provided to applications: stream sockets (connection-oriented), datagram
sockets (connectionless), and raw sockets (direct access to lower layer
protocols) services.
A variation of the BSD sockets interface is provided by the Winsock interface
developed by Microsoft and other vendors to support TCP/IP applications on
Windows operating systems. Winsock 2.0, the latest version, provides a more
generalized interface allowing applications to communicate with any available
transport layer protocol and underlying network services, including, but no
longer limited to, TCP/IP.
-- Basic Socket Calls
The following lists some basic socket interface calls. In the next section we
see an example scenario of using these socket interface calls.
* Initialize a socket.
FORMAT:
int sockfd = socket(int family, int type, int protocol)
Where:
-* family stands for addressing family. It can take on values such as
AF_UNIX, AF_INET, AF_NS, AF_OS2 and AF_IUCV. Its purpose is to
specify the method of addressing used by the socket.
-* type stands for the type of socket interface to be used. It can take on
values such as SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, and SOCK_SEQPACKET.
-* protocol can be UDP, TCP, IP or ICMP.
-* sockfd is an integer (similar to a file descriptor) returned by the
socket call.
* Bind (register) a socket to a port address.
FORMAT:
int bind(int sockfd, struct sockaddr \localaddr, int addrlen)
Where:
-* sockfd is the same integer returned by the socket call.
-* localaddr is the local address returned by the bind call.
Note that after the bind call, we now have values for the first three
parameters inside our 5-tuple association:
{protocol, local-address, local-process, foreign-address, foreign-process}
* Indicate readiness to receive connections.
FORMAT:
int listen(int sockfd, int queue-size)
Where:
-* sockfd is the same integer returned by the socket call.
-* queue-size indicates the number of connection requests that can be
queued by the system while the local process has not yet issued the
accept call.
* Accept a connection.
FORMAT:
int accept(int sockfd, struct sockaddr \foreign-address, int addrlen)
Where:
-* sockfd is the same integer returned by the socket call.
-* foreign-address is the address of the foreign (client) process returned
by the accept call.
Note: this accept call is issued by a server process rather than a client
process. If there is a connection request waiting on the queue for this
socket connection, accept takes the first request on the queue and creates
another socket with the same properties as sockfd; otherwise, accept will
block the caller process until a connection request arrives.
* Request connection to the server.
FORMAT:
int connect(int sockfd, struct sockaddr \foreign-address, int addrlen)
Where:
-* sockfd is the same integer returned by the socket call.
-* foreign-address is the address of the foreign (server) process
returned by the connect call.
Note that this call is issued by a client process rather than a server
process.
* Send and/or receive data.
The read(), readv(sockfd, char *buffer int addrlen), recv(), readfrom(),
send(sockfd, msg, len, flags) and write() calls can be used to receive and
send data in an established socket association (or connection).
Note that these calls are similar to the standard read and write file I/O
system calls.
* Close a socket.
FORMAT:
int close(int sockfd)
Where:
-* sockfd is the same integer returned by the socket call.
-- An Example Scenario
As an example, consider the socket system calls for a connection-oriented
protocol.
Consider the previous socket system calls in terms of specifying the
elements of the association:
****************************************************************************
* Protocol * Local Local * Foreign Foreign *
* * Address , Process * Address , Process *
****************************************************************************
* connection-oriented server * socket() * bind() * listen() accept() *
****************************************************************************
* connection-oriented client * connect() * socket() *
****************************************************************************
* connectionless server * socket() * bind() * recvfrom() *
****************************************************************************
* connectionless client * socket() * bind() * sendto() *
****************************************************************************
The above diagram shows Socket System Calls and Association
The socket interface is differentiated by the different services that are
provided. Stream, datagram, and raw sockets each define a different service
available to applications.
* Stream socket interface (SOCK_STREAM): It defines a reliable
connection-oriented service (over TCP for example). Data is sent without
errors or duplication and is received in the same order as it is sent.
Flow control is built-in to avoid data overruns. No boundaries are imposed
on the exchanged data, which is considered to be a stream of bytes. An
example of an application that uses stream sockets is the File Transfer
Program (FTP).
* Datagram socket interface (SOCK_DGRAM): It defines a connectionless
service (over UDP for example). Datagrams are sent as independent packets.
The service provides no guarantees; data can be lost or duplicated, and
datagrams can arrive out of order. No disassembly and reassembly of
packets is performed. An example of an application that uses datagram
sockets is the Network File System (NFS).
* Raw socket interface (SOCK_RAW): It allows direct access to lower layer
protocols such as IP and ICMP. This interface is often used for testing
new protocol implementations. An example of an application that uses raw
sockets is the Ping command.
-- Remote Procedure Call (RPC)
Remote Procedure Call is a standard developed by Sun Microsystems and used
by many vendors of UNIX systems.
RPC is an application programming interface (API) available for developing
distributed applications. It allows programs to call subroutines that are
executed at a remote system. The caller program (called client) sends a call
message to the server process, and waits for a reply message. The call message
includes the procedure's parameters and the reply message contains the
procedure's results.
RPC also provides a standard way of encoding data in a portable fashion
between different systems called External Data Representation (XDR).
-- RPC Concept
The concept of RPC is very similar to that of an application program issuing
a procedure call:
* The caller process sends a call message and waits for the reply.
* On the server side, a process is dormant awaiting the arrival of call
messages.
When one arrives, the server process extracts the procedure parameters,
computes the results and sends them back in a reply message.
This is only a possible model, as the Sun RPC protocol doesn't put
restrictions on the concurrency model. In the model above, the caller's
execution blocks until a reply message is received. Other models are
possible; for instance, the caller may continue processing while waiting for
a reply, or the server may dispatch a separate task for each incoming call so
that it remains free to receive other messages.
The remote procedure calls differ from local procedure calls in the following
ways:
* Use of global variables as the server has no access to the caller program's
address space.
* Performance may be affected by the transmission times.
* User authentication may be necessary.
* Location of server must be known.
Transport: The RPC protocol can be implemented on any transport protocol.
In the case of TCP/IP, it can use either TCP or UDP as the transport vehicle.
The type of the transport is a parameter of the RPCGEN command. In case UDP
is used, remember that this does not provide reliability, so it will be up to
the caller program itself to ensure this (using timeouts and retransmissions,
usually implemented in RPC library routines). Note that even with TCP, the
caller program still needs a timeout routine to deal with exceptional
situations such as a server crash.
The call and reply message data is formatted to the XDR standard.
RPC Call Message: The RPC call message consists of several fields:
* Program and procedure numbers
Each call message contains three fields (unsigned integers): that uniquely
identify the procedure to be executed:
* Remote program number
* Remote program version number
* Remote procedure number
The remote program number identifies a functional group of procedures, for
instance a file system, which would include individual procedures such as
read and write. These individual procedures are identified by a unique
procedure number within the remote program. As the remote program evolves, a
version number is assigned to the different releases.
Each remote program is attached to an internet port. The number of this port
can be freely chosen, except for the reserved well-known-services port
numbers. It is evident that the caller will have to know the port number
used by this remote program.
Assigned program numbers:
00000000 - 1FFFFFFF defined by Sun
20000000 - 3FFFFFFF defined by user
40000000 - 5FFFFFFF transient (temporary numbers)
60000000 - FFFFFFFF reserved
* Authentication fields
Two fields, credentials and verifier, are provided for the authentication
of the caller to the service. It is up to the server to use this information
for user authentication. Also, each implementation is free to choose the
varieties of supported authentication protocols. Some authentication
protocols are:
-* Null authentication.
-* UNIX authentication. The callers of a remote procedure may identify
themselves as they are identified on the UNIX system.
-* DES authentication. In addition to user ID, a timestamp field is sent to
the server. This timestamp is the current time, enciphered using a key
known to the caller machine and server machine only (based on the secret
key and public key concept of DES).
* Procedure parameters
Data (parameters) passed to the remote procedure.
RPC Reply Message: Several replies exist, depending on the action taken:
-* SUCCESS: Procedure results are sent back to the client.
-* RPC_MISMATCH: Server is running another version of RPC than the caller.
-* AUTH_ERROR: Caller authentication failed.
-* PROG_MISMATCH: If program is unavailable or if the version asked for does
not exist or if the procedure is unavailable.
For a detailed description of the call and reply messages, see RFC 1057
RPC: Remote Procedure Call Protocol Specification Version 2, which also
contains the type definitions (typedef) for the messages in XDR language.
Portmap or Portmapper: The Portmap or Portmapper is a server application that
will map a program number and its version number to the Internet port number
used by the program. Portmap is assigned the reserved (well-known service)
port number 111.
Portmap only knows about RPC programs on the host it runs on. In order for
Portmap to know about the RPC program, every RPC program should register
itself with the local Portmapper when it starts up.
The RPC client (caller) has to ask the Portmap service on the remote host
about the port used by the desired server program.
Normally, the calling application would contact Portmap on the destination
host to obtain the correct port number for a particular remote program, and
then send the call message to this particular port. A variation exists when
the caller also sends the procedure data along to Portmap and then the remote
Portmap directly invokes the procedure.
RPCGEN: RPCGEN is a tool that generates C code to implement an RPC
protocol. The input to RPCGEN is a file written in a language similar to C,
known as the RPC language. Assuming that an input file named proto.x is used,
RPCGEN produces the following output files:
* A header file called proto.h that contains common definitions of constants
and macros
* Client stub source file, protoc.c
* Server stub source file, protos.c
* XDR routines source file, protox.c
-- Windows Sockets Version 2 (Winsock V2.0)
Winsock V2.0 is a network programming interface. It is basically a version
of Berkeley Sockets adapted for Microsoft Windows operating systems with more
functions and enhancements. The previous version of the Winsock API, Windows
Sockets V1.1, is widely implemented. Therefore, Winsock V2.0 retains
backwards compatibility with Winsock V1.1 but provides many more functions.
One of the most significant aspects of Winsock V2.0 is that it provides a
protocol-independent transport interface supporting various networking
capabilities. Besides, Winsock V2.0 also supports the coexistence of multiple
protocol stacks. The new functions of Winsock V2.0 can be summarized as
follows:
* Support for multiple protocols
* Protocol-independent name resolution
* Quality of Service
* Protocol-independent multicast and multipoint
* Overlapped I/O and event objects
- Socket sharing
* Layered service providers
The Winsock V1.1 architecture permits only one Dynamic Link Library (DLL),
WINSOCK.DLL or WSOCK32.DLL, on a system at a time, which provides the
Winsock API with a way to communicate with an underlying transport protocol.
This approach restricts the use of different types of Winsock
implementations in conjunction with Winsock V1.1. For systems that have more
than one network interface, this can become a hindrance. Winsock V2.0 provides
a better solution to this problem. The new Winsock V2.0 architecture allows
for simultaneous support of multiple protocol stacks, interfaces, and service
providers.
-- SNMP Distributed Programming Interface (SNMP DPI)
SNMP defines a protocol that permits operations on a collection of variables.
This set of variables (MIB) and a core set of variables have previously been
defined.
However, the design of the MIB makes provision for extension of this core set.
Unfortunately, conventional SNMP agent implementations provide no means for
an end user to make new variables available. The SNMP DPI addresses this issue
by providing a light-weight mechanism that permits end users to dynamically
add, delete, or replace management variables in the local MIB without
requiring recompilation of the SNMP agent. This is achieved by writing the
so-called subagent that communicates with the agent via the SNMP DPI. It is
described in RFC 1592.
The SNMP DPI allows a process to register the existence of a MIB variable with
the SNMP agent. When requests for the variable are received by the SNMP agent,
it will pass the query on to the process acting as a subagent. This subagent
then returns an appropriate answer to the SNMP agent. The SNMP agent
eventually packages an SNMP response packet and sends the answer back to the
remote network management station that initiated the request. None of the
remote network management stations have any knowledge that the SNMP agent
calls on other processes to obtain an answer.
Communication between the SNMP agent and its clients (subagents) takes place
over a stream connection. This is typically a TCP connection, but other
stream-oriented transport mechanisms can be used. (As an example, the VM
SNMP agent allows DPI connections over IUCV.)
The SNMP Agent DPI can:
* Create and delete subtrees in the MIB
* Create a register request packet for the subagent to inform the SNMP agent
* Create response packet for the subagent to answer the SNMP agent's request
* Create a TRAP request packet.
The following figure shows the flow between an SNMP agent and a subagent.
* The SNMP agent communicates with the SNMP manager via the SNMP
protocol.
* The SNMP agent communicates with some statically linked-in instrumentation
(potentially for the MIB II), which in turn talks to the TCP/IP layers and
kernel (operating system) in an implementation-dependent manner.
* An SNMP sub-agent, running as a separate process (potentially on another
machine), can set up a connection with the agent. The sub-agent has an
option to communicate with the SNMP agent through UDP or TCP sockets, or
even through other mechanisms.
* Once the connection is established, the sub-agent issues a DPI OPEN and
one or more REGISTER requests to register one or more MIB subtrees with the
SNMP agent.
* The SNMP agent responds to DPI OPEN and REGISTER requests with a
RESPONSE packet, indicating success or failure.
* The SNMP agent will decode SNMP packets. If such a packet contains a Get
or GetNext request for an object in a subtree registered by a sub-agent, it
sends a corresponding DPI packet to the sub-agent. If the request is for a
GetBulk, then the agent translates it into multiple DPI GETNEXT packets and
sends those to the sub-agent. However, the sub-agent can request (in the
REGISTER packet) that a GETBULK be passed to the sub-agent. If the
request is for a Set, then the agent uses a 2-phase commit scheme and sends
the sub-agent a sequence of SET/COMMIT, SET/UNDO or
SET/COMMIT/UNDO DPI packets.
* The SNMP sub-agent sends responses back via a RESPONSE packet.
* The SNMP agent then encodes the reply into an SNMP packet and sends it
back to the requesting SNMP manager.
* If the sub-agent wants to report an important state change, it sends a DPI
TRAP packet to the SNMP agent which will encode it into an SNMP trap
packet and send it to the manager(s).
* If the sub-agent wants to stop operations, it sends a DPI UNREGISTER and a
DPI CLOSE packet to the agent. The agent sends a response to an
UNREGISTER request.
* There is no RESPONSE to a CLOSE; the agent just closes the DPI connection.
A CLOSE implies an UNREGISTER for all registrations that exist for the DPI
connection being CLOSED.
* An agent can send DPI UNREGISTER (if a higher priority registration comes in
or for other reasons) to the sub-agent. The sub-agent then responds with a
DPI RESPONSE packet.
* An agent can also (for whatever reason) send a DPI CLOSE to indicate it is
terminating the DPI connection.
* A sub-agent can send an ARE_YOU_THERE to verify that the connection is
still open. If so, the agent sends a RESPONSE with no error, otherwise, it
may send a RESPONSE with an error.
-- FTP API
The file transfer protocol (FTP) API is supplied as part of TCP/IP for OS/2.
It allows applications to have a client interface for file transfer.
Applications written to this interface can communicate with multiple FTP
servers at the same time.
It allows up to 256 simultaneous connections and enables third-party proxy
transfers between pairs of FTP servers. Consecutive third-party transfers are
allowed between any sequence of pairs of FTP servers. An example of such an
application is FTPPM.
The FTP API tracks the servers to which an application is currently
connected.
When a new request for FTP service is requested, the API checks whether a
connection to the server exists and establishes one if it does not exist. If
the server has dropped the connection since last use, the API re-establishes
it.
Note: The FTP API is not re-entrant. In a multithreaded program, the access
to the APIs must be serialized. For example, without serialization, the
program may fail if it has two threads running concurrently and each thread
has its own connection to a server.
-- CICS Socket Interface
Customer Information Control System (CICS) is a high-performance
transaction-processing system. It was developed by IBM and has product
implementations in MVS/ESA, MVS, VSE, OS/400, OS/2 and AIX/6000.
CICS is the most widely used Online Transaction Processing (OLTP) system in
the marketplace today. It provides a rich set of CICS command level APIs to
the application transaction programs for data communications (using SNA) and
database (using VSAM, IMS or DB2).
Given the need for interoperability among heterogeneous network protocols,
there is a requirement to enhance the CICS data communications interface to
include support for TCP/IP in addition to SNA. The IBM Sockets Interface for
CICS is a first step towards addressing this requirement.
[ I am actually hoping to write a text on this next month, this is due to
attending courses detailing this - Slider ]
-- IMS Socket Interface
The IMS socket interface is implemented in TCP/IP for OS/390 V2R5.
The IMS to TCP/IP sockets interface allows you to develop IMS message
processing programs that can conduct a conversation with peer programs in
other TCP/IP hosts. The applications can be either client or server
applications. The IMS to TCP/IP sockets interface includes socket interfaces
for IBM C/370, assembler language, COBOL, and PL/I languages to use datagram
(connectionless) and stream (connection-oriented) sockets. It also provides
ASCII-EBCDIC conversion routines, an ASSIST module that permits the use of
conventional IMS calls for TCP/IP communications, and a Listener function to
listen for and accept connection requests and start the appropriate IMS
transaction to service those requests.
-- Sockets Extended
The Sockets Extended information described here is related to the
implementation in MVS only.
Sockets Extended provides programmers writing in assembler language, COBOL,
or PL/I with an application program interface that may be used to conduct
peer-to-peer conversations with other hosts in the TCP/IP networks. You can
develop applications for TSO, batch, CICS, or IMS using this API. The
applications may be designed to be reentrant and multithreaded depending upon
the application requirements. Typically server applications will be
multithreaded while client applications might not be.
-- REXX Sockets
REXX sockets allow you to develop REXX applications that communicate over a
TCP/IP network. Calls are provided to initialize sockets, exchange data via
sockets, perform management activities, and close the sockets.
The REXX Socket APIs are implemented in TCP/IP for MVS and OS/2.
Thats about it for a v. basic text on how API's work.
Tango-Omega Signing off.
----------------------------------------------
**********************************************
Windows 2000 File System Encryption - Kermit23
**********************************************
Windows 2000, or more specifically NTFS 5.0 feature EFS, Encrypted File
System. It's uses the code behind MS's CryptoAPI, which should allow for good
clean crypto fun, though appears to be essentially underdeveloped in the
first release of Windows 2000. I haven't had chance to take a look at the
brand spanking new SP1, yet, so this may have changed.
- Where in the world is EFS.
EFS is built into the kernel, and integrated with NTFS 5, which should make
for speedy use, on my celery 333, 192 megs ram it took about 1-1½ minutes to
encrypt a 3.8 meg directory, and there was no perceptable access time hit. One
of the strengths of EFS is also one of it's most annoying features. The EFS
driver is closest to the file system running on top (basically) of NTFS. It
communicates with the kernel IO manager, and the EFS service (part of the
security services natch) outside of the kernel. The EFS service deals with
all the key management duties (the system using public key encryption, see
below).
The ESF driver also communicates with NTFS thorough the EFS File System Run
Time Library (FSRTL). This packages and implements all the NTFS calls needed,
guarenteeing that NTFS, and hence it's permission system, is used at all
times, in addition to the protection used by EFS. In fact, NTFS callouts are
used exclusively for communication between the EFS driver and the FSRTL. All
the encryption keys are stored in the non paged pool, and hence not written
to disk.
This means that encrypted files can be messed about with in just about
anyway and remain encrypted as all the move, copy and other calls and
captured and dealt with by EFS, as long as the volume they are being, for
example, moved to is also NTFS 5.0. This also works copying across networks,
though the file will not be exactly the same as on the original machine, as a
new key will be used on the new machine.
This is also a pretty hard to avoid weakness, as if the file is copied to a
non NTFS 5 volume, it was be stored unencrypted, as the user never gets to
manipulate the encrypted version of the file. The same problem is
experienced if a program makes a temp copy of a file on a non NTFS 5 volume.
I am fairly sure that in any procedure it is the EFS service that does the
check of the certificate (of the public key), if it is invalid denying the
user the ability ot encrypt files. Decryption continues as long as the user
has a valid private key.
- Using EFS.
Either when the user is created or when EFS is first used (I am not sure
about this), a key pair is generated and signed by the signing authority (if
one's about) or self signed if not. The advanced button on the general tab
in the properties of an directory or file gives a nice little checkbox which
allows you to encrypt or decrypt files (the decrypt on a permenant basis
obviously, general use decryption being done automatically). There is also a
CLI program cipher which can do the same thing.
NB There was talk of disabling the file option in the EFS whitepaper, so
some betas of win2k may not have it, if you are still using one.
- Encryption Technologies.
EFS falls down in a pretty significant way with the strength of the
encryption. The basic method is 128 bit DESX, but there is no way to change
the strength or the algorithm, though this may appear in future version and
is supported by the CryptoAPI. The unfortunate thing however is that fact
that all the intl. beta's and possibly the intl. release versions of Windows
2000 were released with only 40 bit support (padded to 128 bit). This is
seriously rubbish, but hopefully should be improved with a service pack now
the crypto regulations in the US have been relaxed.
Coupled with this is RSA. The public key is used to encrypt the DES file key
(MS-speak: FEK, File Encryption Key), and a list of all the FEK's is stored
in a file atribute called the Data Decryption Field (DDF, shockingly). The
private part of the key has the potential to be stored anywhere including a
smart card (very cool), though is usually kept in the CryptoAPI's "software
based protected store".
The FEK is then also encrypted with a number (though not necessarily any, if
you don't want to) of encryption keys from the recovery agent, from their
X509 v3 certificate which is stored in the EDRA (Encrypted Data Recovery
Agent). A list of these keys are stored in another file atribute the Data
Recovery Field (DRF). The private portions of these keys (incidentally) are
supposed to be stored ina safe place as they are anticipated to be rarely
used.
If files are copied or moved, the temporary file is also encrypted while
attributes are transferred.
- Data Recovery
It is necessary to have a Data Recovery policy set up as a group policy as
EFS will not encrypt anything without it. The policy is simply any number (or
none) X509 certificates with a File Recovery key usage. Since these are
machine wide, the lowest level of policy is per computer. The administrator
is a recovery agent (holder of a recovery private key) by default. For a #
policy defined over a group of computers, if the policy is 0 keys, EFS cannot
be used, however if there is no policy, EFS can be used on individual
computers if set up with policies on each machine. If a recovery agents
certificate becomes invalid no further files can be encrypted, though
decryption continues as normal.
- Weakness.
As I mentioned earlier, there is a problem with copying to a non NTFS 5
volume. Interestingly the white paper mentions that while cut and paste will
retain file encryption drag and drop will not. Though this may have been true
in the beta stages, it has definitely been fixed on the release, and files
will remain encrypted. However, knowing Microsoft it may be worth checking
various releases in case the problem was "missed".
System files cannot be encrypted, and EFS will refuse to do so. The reason
for this is that the private key is not loaded until log in, and therefore
cannot be used to decrypt files which would probably be esential for boot.
This applies to any file marked as a system file.
On the default set up the private key is loaded automatically, so the
encryption is still down to a password, which is obviously a lot weaker than
the random keys (depending on the randomness of the generator, though this is
almost certainly still true). However, the private key does not have to be
stored in this fashion, though I would suspect that in most cases, and almost
all home use situations, the key will be stored in the default software cache.
I do not know how secure the software cache is, as this could be another
vunerability.
Similar to this is the way EFS protects against crashes and disk full
errors, by writing a plaintext version of the file to the disk before
encryption, then deleting it once the write is confirmed. A crash or software
interruption at the right time could leave a plaintext version of the file
open to be grabbed by traditional techniques for avoiding NTFS user
attributes.
In the specifications, there is potential for encrypted files to be shared
between various sets of users. This has not been implemented for the release
version of Win2k, though has been promised for later version. The main
reason for this is another weakness in the system, the fact that many "legacy"
(ie not released tomorrow) applications do not support EFS in certain key
features. This means that EFS and the CryptoAPI is not being used to it's
full potential. Even when more EFS aware application exist, there may, and
almost certainly will, be potential for penetration of the encryption by
using software that does not take account of the encryption.
While the CryptoAPI in itself is ready to be used, other key features like
back up and recovery are not finalised, or at least in any easily accessable
specification. This means programmers are less likely to implement various
features, and hence increase the time untill EFS can be used fully, and the
chances of finding some way of breaking it via the old implementation.
Finally, the Indexing Service index's the contents of a file for faster
searching. Though this can be tuned with relation to what should be indexed,
or disabled on a per file basis, in many cases I suspect this will not be
used, leaving potentially valuable information in an easily accessable place.
Incidentally, there was a NT/Bugtraq post recently regarding encrypting the
autoexec.bat to cause the system not to hang when it tried to read it. This
would require access to the file, and if you have that access the same trick
could be applied to several other system files. The weakness comes from the
fact that the file is writable by Power Users, while the other system files
are admin and SYSTEM only. There are several ways of avoiding this problem,
including setting system on autoexec.bat, and ignoring autoexec completely on
boot
(HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
\ParseAutoexec= 0),
but this problem should really be dealt with by having a properly configured
EFS policy, and users with properly set up access restrictions.
Kermit23@raegunne.com
----------------------------------------------
**********************************************
The Andrew File System (AFS) - Slider
**********************************************
This is a small short text on AFS and a v. v. brief overview of its use.
The Andrew File System (AFS) is a distributed file system used in non-DCE
environments. DCE DFS was based upon AFS, and the two file systems are
similar in architecture.
The latest version (AFS 3) has the following attributes:
* Single logical shared namespace
Every AFS user shares the same uniform name space. File names are
independent of both the user's and the file's physical locations. Groups
of client and server machines are known as cells.
* Client caching
Data is cached on client machines to reduce subsequent data requests
directed at file servers, which reduces network and server loads.
Servers keep track of client caches through callbacks, guaranteeing
cache consistency without constant queries to the server to see if the
file has changed.
RPCs AFS uses its remote procedure call (RPC) reads and writes for efficient
data transfer across the network.
Security Kerberos-based authentication requires that users prove their
identities before accessing network services. Once authenticated, AFS access
control lists (ACLs) give individual users or groups of users varying
levels of authority to perform operations on the files in a directory.
-- Replication
Replication techniques are used for file system reliability. Multiple
copies of applications and data may be replicated on multiple file
servers within a cell. When accessing this information, a client will
choose among the available servers. Replication also reduces the load
on any particular server by placing frequently accessed information on
multiple servers.
-- Management Utilities
Backup, reconfiguration and routine maintenance are all done without
any system down time, files remain available to users during these
operations. This is done by creating online clones of volumes (subsets
of related files).
AFS commands are RPC-based. Administrative commands can be
issued by any authenticated administrator from any client workstation.
System databases track file locations, authentication information and
access control lists. These databases are replicated on multiple
servers, and are dynamically updated as information changes.
Furthur information can be found at http://www.transarc.com/
Slider.
----------------------------------------------
**********************************************
Multiprotocol Transport Network (MPTN) - Slider
**********************************************
Multiprotocol transport networking (MPTN), developed by IBM, is an open
architecture for:
* Mixed-protocol networking: running applications associated with one
network protocol over different network protocols
* Network concatenation: connection matching applications across networks of
different protocols through gateways
- Requirements for Mixed-Protocol Networking
With the growth of networking in general and local area networks in
particular, many large customer networks have become confederations of
individual networks running different networking protocols. This heterogeneity
has arisen for a number of reasons. Some of these include:
* Shift of customer interest away from selecting a particular networking
architecture in favor of finding solutions to business problems, regardless
of the specific network protocol required
* Inter-enterprise information exchange requirement, for example, direct
manufacturing, order placement, or billing systems
* Company mergers requiring interconnection
- MPTN Architecture
Networking protocols generally provide three types of functions:
* Transport
* Naming and addressing
* Higher level functions
Transport functions are those that provide the basic facility for two partners
to communicate, either through connections or in a connectionless manner
through datagrams. Naming and addressing conventions define how entities are
known and how they are to be found. The higher level functions include
allocation of the connections to users and control of their use. Not all
networking protocols support higher level functions. SNA and OSI do; TCP/IP
and NetBIOS do not.
MPTN separates transport functions from higher level functions and from the
address formats as seen by the users of the protocol. Its goal is to allow
any higher level protocol using the corresponding address structure to run
over any transport function. The division of functions between transport and
higher level was chosen because the transport level is the highest level at
which there are common functions that can be reasonably mapped across
protocols. At other levels the number of services is either too large or too
small to provide a practical division.
- MPTN Methodology
MPTN architecture solves the above requirements by defining a new canonical
interface to a set of transport services that concatenate connections across
multiple networking protocols. When an application is written for a particular
transport service, it may be written so that it makes assumptions about the
particular transport service. Thus it may appear to be transport-specific in
the services that it uses. For example, applications written to the NetBEUI
interface may request a message be broadcast. In environments where a
particular service is not natively supported over the underlying transport
network, MPTN provides compensation. In essence though, MPTN frees up
applications so that they are able to operate over different transport
networks.
Another way of thinking about this is that (in the OSI model) functions from
the session layer up are users of transport services or transport users. These
services are in turn provided by functions from the transport layer down. MPTN
defines a boundary interface, called the transport-layer protocol boundary
(TLPB), which clearly delineates this distinction between transport user and
transport provider.
- MPTN Major Components
MPTN functions appear in four types of nodes:
* MPTN Access Node
An MPTN access node contains the transport-layer protocol boundary (TLPB),
which provides a semantic interface so that higher level protocols or
application interfaces written for a particular transport protocol can be
transported over another protocol with no apparent change. Such a node can
run application programs independent of the underlying transport network and
can run application programs on different underlying transport networks.
The applications in the MPTN access node are generally written to an
existing application programming interface (API). The API uses the functions
of the native communications protocol. When transport-level MPTN functions
are accessed, the API will be converted to access these functions instead of
the native communication protocol, while keeping the same interface to the
application program. For example, the NetBEUI application interface is written
to use the NetBIOS communications protocol. To use another protocol stack
below the transport layer, the NetBEUI API must be made to invoke the MPTN
functions. After this is done, all programs using NetBEUI on this MPTN access
node can communicate via, for example, SNA, TCP/IP, OSI and other
protocols, with another NetBEUI application within the MPTN network. All this
is possible without the original application program requiring any change.
* MPTN Address Mapping Server Node
An address mapping server node is an MPTN node with a special function that
provides a general address mapping service to the address mapping client
component of other MPTN nodes, access or gateway, connected to the same
transport provider network.
* MPTN Multicast Server Node
A multicast server node is an MPTN node with a special function, the multicast
server, which manages multicast and broadcast distribution of datagrams in
networks that do not provide the service as a natural consequence of their
design. For example, a NetBIOS transport network is designed to support
multicast distribution of datagrams while an SNA network is not. The multicast
server operates in cooperation with the address mapping server to provide a
multicast service where this capability does not exist within the services
offered by the transport network.
* MPTN Gateway Node
An MPTN gateway connects two transport networks to provide an end-to-end
service over both of them for one or more transport user protocols. There
are two types of gateways, nonnative-to-nonnative, with respect to the
supported transport user protocol, and native-to-nonnative, with respect to
the supported transport user protocol.
In the case of nonnative-to-native one of the transport providers connected
to the gateway node is native to the transport user. This type of gateway
allows access to an end node that has no MPTN function. When one side is
native, the MPTN protocol (of the nonnative side) terminates in the gateway.
Slider.
----------------------------------------------
**********************************************
News - 0blivion.org + Net-security.org
**********************************************
Net-Sec newsletter
Issue 22 - 17.07.2000
http://net-security.org
Net-Sec is a newsletter delivered to you by Help Net Security. It covers
weekly
roundups of security events that were in the news the past week.
Visit Help Net Security for the latest security news -
http://www.net-security.org.
General security news
---------------------
----------------------------------------------------------------------------
US MAY ANNOUNCE NEW ENCRYPTION RULES
Following closely on the heels of the European Union's relaxing of export and
encryption controls, William Reinsch, head of the Commerce Department's Bureau
of Export Administration said today that the US was prepared to announce
similar regulations in an effort to keep US companies competitive with
foreign manufacturers.
Link: http://www.computeruser.com/news/00/07/11/news13.html
DEFEATING OPENHACK
Austrian hacker Alexander Lazic received $500 award for exploiting MiniVend,
e-commerce storefront package on OpenHack.com. BTW MiniVend had about million
downloads, so there are lot of vulnerable e-commerce sites out there.
ZDNet's article describes the hack.
Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
FBI SYSTEM COVERTLY SEARCHES E-MAIL
The U.S. Federal Bureau of Investigation is using a superfast system called
Carnivore to covertly search e-mails for messages from criminal suspects.
Contributed by Jonathan.
Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2601502,00.html
AN INTRODUCTION TO PGP
In today's busy world of online communication and transaction thousands of
messages consisting of sensitive data are sent across the Internet daily. Do
you want everyone looking at your email? Is the encryption of email really
necessary? Undoubtedly.
Link: http://www.ironboxtech.com/articles/neurality/intropgp.shtml
MICROSOFT FIXING NEW EXCEL BUG
Microsoft said it is working to close a security hole in its Excel
spreadsheet program that could open computers to attack while bypassing
warning systems.
Link: http://www.net-security.org/text/bugs/963357077,83705,.shtml
Link: http://news.cnet.com/news/0-1005-200-2247443.html?dtn.head
MAN ARRESTED FOR PENETRATING INTO NASA SERVERS
A 20-year-old man was arrested Wednesday for allegedly breaking into
two computers owned by NASA's Jet Propulsion Laboratory, and different
counts of stealing credit card and penetrating other systems.
Link: http://dailynews.yahoo.com/h/nm/20000712/tc/crime_hacker_dc_1.html
ISPS BITE BACK AT CARNIVORE
Internet-service providers and privacy advocates are concerned about the
implications of a new electronic surveillance system devised by the Federal
Bureau of Investigation, with some providers vowing to resist if they are
asked to install it on their networks.
Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2602200,00.html
KEVIN MITNICK ALLOWED BACK ONLINE
Mitnick's federal probation officer informed him this week that he could
pursue some computer-related work. Among the jobs approved: writing
for Steven Brill's online magazine Contentville, speaking in Los Angeles on
computer security, consulting on computer security, and consulting for a
computer-related TV show.
Link: http://news.cnet.com/news/0-1005-200-2250843.html
KASPERSKY LAB WARNS OVER JULY 14 SMASH VIRUS
The Russian antivirus specialist, says that the Win95 Smash virus, which
first surfaced in late April, could cause problems for PC Windows users
when it triggers on July 14.
Link: http://www.computeruser.com/news/00/07/14/news20.html
NMAPNT FROM EEYE DIGITAL SECURITY
"nmap has various options to perform stealth scans, ping scans, UDP
scans, as well as a whole handful of other scan types. nmap also has
the ability to remotely fingerprint an IP address. Basically what that
means is by sending various queries to a remote IP address, and reading
the responses, nmap can determine if the remote IP address is running
a certain operating system or maybe it is a router or network printer.
Infact, nmap's datebase of fingerprints has over 500 unique finger prints
in it."
Link: http://www.eeye.com/html/Databases/Software/nmapnt.html
EXCITE USER BLOCKED FROM JPL WEB SITES
After several attempted breakins from Excite @ Home subscribers,
technicians at the Jet Propulsion Lab quietly blocked access to some
of its Web sites to all Excite subscribers.
Link: http://www.msnbc.com/news/432831.asp?cp1=1
E-SECURITY CHALLENGE
From Secure Computing: "We are launching Secure's e-Security
Challenge at Blackhat and will run it for the duration of 60 days
thereafter. Secure's e-Security Challenge lets you test your wit
and skills...and if you're good enough, you might even win $10,000
US Dollars!"
Link: http://www.net-security.org/phorum/read.php?f=2&i=11&t=11
ANTI-MILOSEVIC DEFACEMENT
Three days ago, web site of Serbian pro-government magazine "Politika"
was defaced with a false message that Serbian president Slobodan
Milosevic was killed by a bomb detonation.
Link: http://www.active-security.org/images/1207_b_politika.gif
EFF BRIEFING
EFF in conjunction with H2K Conference, held a briefing about the
latest information on the case, and an in-depth look at the issues
surrounding the first trial brought under the controversial DMCA.
Link:
http://www.eff.org/pub/Intellectual_property/Video/dvd_briefing_release.html
CDC AT HOPE2K
Oxblood Ruffin announced that he had personally recruiting a group
of six programmers (Mixter and BroncBuster were mentioned in the
article) to work on a project to stop censored Internet in some countries.
Link:
http://dailynews.yahoo.com/h/zd/20000716/tc/cult_of_the_dead_cow_s_bizarre_theater_1.html
PENENBERG IS LEAVING FORBES
Adam Penenberg, who always did great articles on computer underground,
says he's leaving his job because Forbes magazine won't support his
refusal to testify before a federal grand jury.
Link:
http://www.washingtonpost.com/wp-dyn/style/columns/medianotes/A54672-2000Jul16.html
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
EXCEL 2000 VULNERABILITY - EXECUTING PROGRAMS
Excel 2000/Windows 98 (suppose other versions are also vulnerable, have not
tested) allows executing programs when opening an Excel Workbook (.xls
file). This may be also be exploited thru IE or Outlook. This may lead to
taking full control over user's computer.
Link: http://www.net-security.org/text/bugs/963357077,83705,.shtml
APACHE::ASP HOLE FIXED
Apache::ASP had a security hole in its ./site/eg/source.asp distribution
examples file, allowing a malicious hacker to potentially write to files in
the directory local to the source.asp example script.
Link: http://www.net-security.org/text/bugs/963357248,90975,.shtml
BIG BROTHER VULNERABILITY
The problem exists in the code where $HOSTSVC does not do authenticity
checking for its assigned variable. All files could be snatched just with a
browser.
Link: http://www.net-security.org/text/bugs/963357356,65475,.shtml
NETSCAPE ADMINISTRATION SERVER PASSWORD DISCLOSURE
The administration server is installed when you first install SuiteSpot
server.
For remote logon, it authenticates by validating the password prompt input
with the administration server password file. This password file is kept in
a local directory within the SuiteSpot server.
Link: http://www.net-security.org/text/bugs/963135822,65666,.shtml
FEARTECH FTP BROWSER PROBLEM
FTP Browser allows you to display a html enhanced directory listing, which
is great for managing your ftp files. FTP Browser can also be used for
downloading password files.
Link: http://www.net-security.org/text/bugs/963578519,23215,.shtml
"ABSENT DIRECTORY BROWSER ARGUMENT" PROBLEM PATCHED
Microsoft has released a patch that eliminates two security vulnerabilities
in Microsoft Internet Information Server. In sum, the vulnerabilities could
allow a malicious user to stop the web server from providing useful service,
or to extract certain types of information from it.
Link: http://www.net-security.org/text/bugs/963664473,69872,.shtml
"THE IE SCRIPT" VULNERABILITY PATCHED
Microsoft has released a patch that eliminates a security vulnerability
in Microsoft Office 2000 (Excel and PowerPoint) and in PowerPoint 97.
Microsoft has also documented a workaround that prevents the use of
Microsoft Access to exploit a vulnerability in Internet Explorer. A patch
for the latter vulnerability will be available soon and we will have an
update to this bulletin.
Link: http://www.net-security.org/text/bugs/963664619,71371,.shtml
[MANDRAKE] CVSWEB UPDATE
Cvsweb contains a hole that provides attackers who have write access
to a cvs repository with shell access. Thus, attackers who have write
access to a cvs repository but not shell access can obtain a shell. In
addition, anyone with write access to a cvs repository that is viewable
with cvsweb can get access to whatever user the cvsweb cgi script
runs as (typically nobody or www-data, etc.). This update closes all
of these possibly exploited pipe-opens.
Link: http://www.net-security.org/text/bugs/963664736,92640,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
AGREEMENT ON DEBIT CARD FRAUD PROTECTION SERVICE - [10.07.2000]
NYCE Corporation and MasterCard International have signed an agreement to
bring enhanced neural network fraud prediction services to MasterMoney issuers
that are processed by NYCE. The service, called RiskFinder , is a neural
network system developed by MasterCard and HNC Software. RiskFinder uses HNC's
patented neural network modeling technology while leveraging the MasterCard
Banknet global transaction processing network to predict and, ultimately,
help to reduce fraud losses associated with credit and offline debit cards.
Press release:
< http://www.net-security.org/text/press/963246513,23242,.shtml >
----------------------------------------------------------------------------
ENTRUST/TRUEPASS WEB SECURITY SOLUTION AVAILABLE - [10.07.2000]
Entrust Technologies Inc. (NASDAQ: ENTU), a global leader in solutions that
bring trust to e-business, announced today the commercial availability of
Entrust/TruePass, web security solution, a new product to enhance its
market-leading public-key infrastructure (PKI) portfolio of solutions, which
began shipping to customers during the last week in June.
Press release:
< http://www.net-security.org/text/press/963246890,86727,.shtml >
----------------------------------------------------------------------------
RAINBOW ADDS NEW FEATURES TO SENTINELSUPERPRO 6.0 - [10.07.2000]
Rainbow Technologies, a leading provider of high-performance security
solutions for the Internet, eCommerce and software protection, today
announced new upgrades to the company's flagship Sentinel software protection
product family.
The new SentinelSuperPro 6.0 significantly improves the ease-of-use and
rapid deployment while maintaining powerful levels of security and software
protection. SentinelSuperPro 6.0 provides users with a new graphical user
interface, which is more intuitive and instructional. This makes
implementing security into a customer's software application as simple as
possible.
Press release:
< http://www.net-security.org/text/press/963247005,78506,.shtml >
----------------------------------------------------------------------------
INSURANCE FOR E-COMMERCE AND INTERNET SECURITY - [10.07.2000]
Counterpane Internet Security today announced that its clients and their
customers will be able to purchase insurance policies to protect against
loss of revenues and information assets caused by Internet and e-commerce
security breaches. The first of its kind, this new insurance program from
Lloyd's of London was arranged by leading insurance brokers Frank Crystal &
Co. and SafeOnline and offers up to $100 million in coverage.
Press release:
< http://www.net-security.org/text/press/963247191,59797,.shtml >
----------------------------------------------------------------------------
AXENT'S NETPROWLER WINS AT NETWORKS TELECOM 2000 - [10.07.2000]
AXENT Technologies, Inc., one of the world's leading Internet security
solutions providers for e-business, announced today that its network-based
intrusion detection solution, NetProwler, part of its ProwlerIDS Series, won
Network Telecom 2000's "Security Monitoring Product of the Year" award,
presented by Network News magazine. To win the award, NetProwler defeated
competitors such as Network Associates, Inc.'s CyberCop Scanner, and Internet
Security System, Inc.'s Real Secure, among others.
Press release:
< http://www.net-security.org/text/press/963247286,56322,.shtml >
----------------------------------------------------------------------------
IDENTIX LAUNCHES WIRELESS INTERNET SECURITY BUSINESS - [12.07.2000]
Identix Inc. announced the launch of a new secure-transaction service, itrust,
which will operate as a new division of Identix. In conjunction with the
launch, Motorola announced that it has invested $3.75 million in Identix
through the company's global, strategic venture capital investment arm, One
Motorola Ventures. itrust is one of the first security service solutions
designed to offer secure biometric authenticated transaction services for the
Internet and wireless Web e-commerce marketplace through a server-based
security infrastructure.
Press release:
< http://www.net-security.org/text/press/963358016,72875,.shtml >
----------------------------------------------------------------------------
VIREX RECEIVES HIGH RATINGS FROM MACWORLD - [12.07.2000]
McAfee Retail Software, a division of Network Associates, today announced
that its Dr. Solomon's Virex software received a four out of five rating in a
recent review by Macworld. The rating is higher than any other anti-virus
software product, including Norton AntiVirus, which received a three out of
five rating. The Virex product was commended for its sophisticated virus
update and scheduling features as well as its new, streamlined interface.
Press release:
< http://www.net-security.org/text/press/963437149,41361,.shtml >
----------------------------------------------------------------------------
SECURE ONLINE ELECTRONIC DOCUMENT DELIVERY - [12.07.2000]
CertifiedMail.com, the premier provider of secure Internet and wireless
document delivery and BizProLink.com, an Internet Business Service Provider
Network supporting the daily needs of businesses within 124 industry
sectors, today announced that they have signed a strategic partner agreement.
Together, BizProLink.com and CertifiedMail.com will offer businesses direct
access to secure electronic document delivery solutions without the need to
download any special software.
Press release:
< http://www.net-security.org/text/press/963437517,84790,.shtml >
----------------------------------------------------------------------------
SECURE EPAYMENT SOLUTIONS FOR WIRELESS E-COMMERCE - [12.07.2000]
Trintech Group PLC, a leading provider of secure electronic payment
infrastructure solutions, and Visa International, today announced a strategic
partnership to jointly develop the next generation of ePayment solutions to
speed the global adoption of secure mobile commerce. The alliance follows
Trintech's announcement today of the launch of PayWare mAccess, the company's
secure payment solution designed specifically for mobile devices, as well as
a strategic collaboration with Phone.com. PayWare mAccess allows for "one
touch" payment and real time authentication of user while shopping using
mobile phones and other non-PC devices.
Press release:
< http://www.net-security.org/text/press/963437700,17134,.shtml >
----------------------------------------------------------------------------
BLUE LANCE RELEASES LT AUDITOR+ 7.0 - [14.07.2000]
Blue Lance Inc., one of the leading network security software companies in the
country, has announced the newest release of its popular program designed
especially for use on the Microsoft NT and Windows 2000 platforms, LT Auditor+
7.0 for NT. The program is significantly more robust in its features and
functionality than any of its predecessors. It gives users greater flexibility
in structuring security alerts, increases options and control of rights and
access and, in general, provides a greater level of security for all assets
managed and protected by computers.
Press release:
< http://www.net-security.org/text/press/963578674,72424,.shtml >
----------------------------------------------------------------------------
Net-Sec newsletter
Issue 23 - 24.07.2000
http://net-security.org
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
General security news
---------------------
----------------------------------------------------------------------------
NEW ENCRYPTION REGULATIONS
The Clinton administration today said it plans to change laws governing the
export of powerful encryption technologies to allow export of all
information-scrambling products to any end user in the European Union and to
eight other trading partners.
Link: http://www.computeruser.com/news/00/07/18/news12.html
Link: http://www.wired.com/news/politics/0,1283,37617,00.html
WHEN HACKING IS GUESSING
A survey by credit card giant Visa has found that 67% of passwords chosen to
protect information are easy to guess names or numbers. It revealed that the
majority of people choose their birth date, nickname or favourite sports
team as a password.
Link: http://news.bbc.co.uk/hi/english/sci/tech/newsid_837000/837802.stm
THE BIOMETRIC CONSORTIUM 2000 CONFERENCE
"In addition to the speakers and panel sessions, over fifteen Supporting
Organizations will have exhibits and demonstrations available. The Conference
is open to the Biometric Consortium members and to the general public. We are
very pleased to announce that Stephen Walker, a widely recognized expert and
leader in information security technology and policy, is scheduled to
deliver the opening address."
Link: http://www.nist.gov/itl/div895/isis/bc/bc2000/
"CARNIVORE" AND OTHER CYBERSNOOP PROGRAMS
In what may be the first request of its kind, the American Civil Liberties
Union is asking the Federal Bureau of Investigation to disclose the computer
source code and other technical details about its new Internet wiretapping
programs. In a Freedom of Information Act (FOIA) request sent today to the
FBI, the ACLU is seeking all agency records related to the government e-mail
"cybersnoop" programs dubbed Carnivore, Omnivore and Etherpeek, including
"letters, correspondence, tape recordings, notes, data, memoranda, email,
computer source and object code, technical manuals, [and] technical
specifications."
Link: http://www.aclu.org/news/2000/n071400a.html
ERIC CORLEY FACES PIRACY TEST CASE
A court case pitting Hollywood against Eric Corley has started in the US, in
what is being seen as a test case against alleged digital piracy. Movie giants
including Disney, Universal and Paramount, accuse Eric Corley (aka Emmanuel
Goldstein) of posting links to software on his website, allowing users to
break the copy protection system on digital video discs.
Link: http://news.bbc.co.uk/hi/english/sci/tech/newsid_839000/839609.stm
POWERGEN IN SECURITY SCANDAL
UK utility, Powergen, has admitted to a massive security breach that left the
debit card details of thousands of customers open to a potential multimillion
pound fraud. The security hole was discovered by a Powergen customer and
silicon.com viewer, John Chamberlain, when he went to the company's site to
pay his bill online. Chamberlain - an IT manager - said he was surprised to
discover three files on the web server, containing the names, addresses and
card details of more than 7,000 home and business users, including his own.
Link:
http://www.silicon.com/public/door?REQUNIQ=963958275&6004REQEVENT=&REQINT1=38650&REQSTR1
BUREAU NAMES NEW eFBI CHIEF
The FBI has named a new assistant director to oversee the design and launch
of eFBI, a recently renamed and resurrected program that will give bureau
agents the ability to share and sift through information via the World Wide
Web.
Link: http://www.fcw.com/fcw/articles/2000/0717/web-efbi-07-18-00.asp
STAGES IS YET UNKNOWN? NOT.
Malaysian The Star magazine has an article on viruses that were sent trough
State Department's office of public mailing list. Reporter writes that e-mails
have "life stages" written in the subject line, and to him it is "yet unknown
virus which can destroy a computer's hard drive". Of course Stages worm is
known to all of us for a while.
Link:http://thestar.com.my/tech/story.asp?file=/2000/7/18/technology/hacksum18&sec=technology
Link:http://net-security.org/text/viruses/962240637,93160,.shtml
MY EXPERIENCE WITH BEING CRACKED
"I emailed my findings to the systems admin and the owner of the ISP,
including the backdoor password and how to use it, with the suggestion
that they should backup everything, wipe the machine, and load a current
version of Red Hat (6.0 at the time) with the latest patches. They replied
that they would look into it."
Link: http://www.rootprompt.org/article.php3?article=678
PENENBERG'S LETTER
Black Market Enterprises published a copy of Adam Penenberg's letter of
resignation to Forbes' owner, Tim Forbes.
Link: http://www.b-m-e.com/features.411.forbes_penenberg_doj.html#letter
ANOTHER BRICK IN THE WALL
Brian Martin from Attrition did another great article entitled "Another
brick in
the
wall - Fighting a losing battle on the front lines of security".
Link: http://www-4.ibm.com/software/developer/library/su-wall.html
FIRST AUTOCAD VIRUS FOUND
Kaspersky Lab, an international anti-virus software development company,
announces the discovery of a first computer virus that affects the world's
most
popular PC-based design software AutoCAD.
Link: http://www.net-security.org/text/viruses/autocad.shtml
BT UNDER DoS ATTACKS
"This is my payback to BT for ripping this country off. I'm tired of being
cut off the net at 12 just because I have a cable line heres my payback :\,"
- said someone in an e-mail message sent to The Register staff.
Link: http://www.theregister.co.uk/content/6/12097.html
MESSAGING RIVALS CALL AOL ON PRIVACY, SECURITY ISSUES
A group of America Online's instant messaging rivals accused the Internet
giant of using inflated security and privacy concerns to stall progress on
technology standards that would allow its services to work with those of
competitors.
Link: http://news.cnet.com/news/0-1005-200-2312096.html
'NEW BREED' DROWNING OUT HACKER CULTURE?
Weld Pond, a research scientist working with the security firm @Stake Inc.,
talks about script kiddies and their numbers compared to those who actually
have the hacking skills to find the vulnerabilities in a supposedly secure
system.
Link: http://www.zdnet.com/zdnn/stories/comment/0,5859,2605327,00.html
MORE ON SPAM
This time, Louis Trager from Inter@ctive Week, did yet another rant on spam
entitled "Spam, Spam, Baloney And Spam".
Link:
http://mcafee.snap.com/main/page/pcp/cd/0,85,-1713-1517323-413516,00.html
LINUX DISTRIBUTION SECURITY REPORT
How are the various Linux distributions doing in terms of general security?
Link: http://www.securityportal.com/cover/coverstory20000724.html
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
ROXEN SECURITY ALERT
Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs
containing null characters can gain the browser access to information he is
not authorized to.
Link: http://www.net-security.org/text/bugs/964399028,33871,.shtml
[MANDRAKE] INN UPDATE
A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf.
This vulnerability could be used to gain root access on any system with inn
installed. This new version also does not install inews as setgid news or
rnews as setuid root. Many other security paranoia fixes have been made as
well.
Link: http://www.net-security.org/text/bugs/964398854,44315,.shtml
"PERSISTENT MAIL-BROWSER LINK" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability
affecting Microsoft Outlook Express. The vulnerability could allow a
malicious user to send an email that would "read over the shoulder" of the
recipient as he previews subsequent emails in Outlook Express
Link: http://www.net-security.org/text/bugs/964176207,44621,.shtml
UPDATED PATCH FOR FOR "MALFORMED E-MAIL HEADER" PROBLEM
On July 18, 2000, Microsoft released the original version of this bulletin, to
advise customers of the issue and recommend that they install either of the
two service packs that will eliminate the vulnerability. On July 20, 2000, the
bulletin was updated to announce the availability of patches that eliminate
the vulnerability.
Link: http://www.net-security.org/text/bugs/964176103,14653,.shtml
O'REILLY WEBSITE PROFESSIONAL OVERFLOW
The indexing utility webfind.exe distributed with O'Reilly WebSite
Professional contains an unchecked buffer allowing for the remote execution of
arbitrary code on vulnerable hosts.
Link: http://www.net-security.org/text/bugs/964141648,97231,.shtml
[@STAKE] IKEY 1000 PROBLEMS
Rainbow Technologies' iKey 1000 (http://ikey.rainbow.com) is a portable USB
(Universal Serial Bus) smartcard-like device providing authentication and
digital storage of passwords, cryptographic keys, credentials, or other data.
Using the legitimate user's PIN number and the physical USB key, access to the
public and private data within the key will be granted. The iKey also allows
administrator access using the MKEY (Master Key) password. Administrator
access to the iKey, normally used for initialization and configuration, will
allow all private information stored on the key to be accessed.
Link: http://www.net-security.org/text/bugs/964141537,67366,.shtml
HP JETDIRECT - INVALID FTP COMMAND DOS
If you connect to the ftp service on your HP printer and send it the
following string: quote AAAAAAAAAAA < cr> The printer crashes. It may
require that you turn the power off and on again to get the printer to work
again. The display will show an error message similar to this: 86:0003 (the
bit after the colon seems to vary a bit, we've also gotten :0004, :000B).
Link: http://www.net-security.org/text/bugs/964103346,59356,.shtml
REMOTELY EXPLOITABLE BUFFER OVERFLOW IN OUTLOOK
The vulnerability could enable a malicious sender of an e-mail message with
a malformed header to cause and exploit a buffer overrun on a user's
machine.
The buffer overrun could crash Outlook Express, Outlook e-mail client, or
cause arbitrary code to run on the user's machine.
Link: http://www.net-security.org/text/bugs/964100872,57148,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
SYMANTEC'S WEB SUPPORT NAMED ONE OF THE BEST - [17.07.2000]
Symantec Corp. today announced that for the third consecutive year, the
company's technical support Web site, has been selected as one of the year's
ten best online Web support sites by the Association of Support
Professionals, an international organization dedicated to the advancement of
the technical support profession.
Press release:
< http://www.net-security.org/text/press/963845931,19665,.shtml >
----------------------------------------------------------------------------
AXENT TO SECURE NOKIA WAP SERVER - [17.07.2000]
AXENT Technologies, Inc., one of the world's leading Internet security
solutions providers for e-business, announced that customers worldwide can
leverage Enterprise Security Manager, AXENT's market-leading security
assessment solution, to help secure the Nokia wireless application protocol
(WAP) server.
Like all servers, the Nokia WAP server, which provides the content for
wireless devices such as cell phones, personal data assistants, and laptops,
can be compromised through vulnerabilities in their operating systems. Now
with ESM, companies can find and secure these vulnerabilities, and be assured
of the security and availability of the WAP server providing the wireless
content.
Press release:
< http://www.net-security.org/text/press/963846068,8460,.shtml >
----------------------------------------------------------------------------
PC-CILLIN 2000 ACHIEVES ICSA CERTIFICATION FOR W2K - [17.07.2000]
Trend Micro Inc., a leader in enterprise and personal antivirus and content
security for the Internet age, today announced that its consumer desktop
antivirus software, PC-cillin(R) 2000, has been granted ICSA Certification by
the Anti-Virus Product Developers Consortium. Antivirus product certification
testing was recently revised to include products that protect the Windows
2000 operating system. To achieve ICSA Anti-Virus Certification, products are
tested for their ability to detect 100% of the "in the wild" viruses as they
enter the system and also during periodic file and directory scans.
Press release:
< http://www.net-security.org/text/press/963846158,52053,.shtml >
----------------------------------------------------------------------------
ALADDIN SHIPS SECURE USB AUTHENTICATION TOKEN - [19.07.2000]
Aladdin Knowledge Systems, a global leader in the field of Internet content
and software security, has announced that its new USB security token, eToken
R2, is now being shipped to customers worldwide. Aladdin also announced that
Gecko Internet joined Aladdin's eToken Technology Partner Program.
Press release:
< http://www.net-security.org/text/press/964002572,83662,.shtml >
----------------------------------------------------------------------------
INTERSCAN VIRUSWALL CERTIFIED FOR ASP DEPLOYMENT - [19.07.2000]
Trend Micro, a leading provider of enterprise antivirus and Internet content
security products, today announced that its best-of-breed InterScan VirusWall
Internet gateway virus protection software has become one of the first
thirteen products and the only antivirus product to achieve Sun Microsystems'
SunTone Application Certification for deployment in ASP environments. The
SunTone Certification confirms Trend Micro's ability to deliver reliable and
highly scalable Unix-based technology that can meet the demanding requirements
of Service Providers.
Press release:
< http://www.net-security.org/text/press/964002786,39586,.shtml >
----------------------------------------------------------------------------
SYMANTEC CONTINUES PERSONAL FIREWALL LEADERSHIP - [19.07.2000]
Symantec Corp. today announced that EarthLink, a leading broadband Internet
Service Provider has selected Symantec's Norton Personal Firewall software to
protect it's PC-using EarthLink DSL customers. EarthLink will offer Norton
Personal Firewall free of charge to new and existing EarthLink DSL customers.
Norton Personal Firewall will be delivered via a redeemable electronic coupon
e-mailed to customers after their DSL service is installed. Norton Personal
Firewall is then downloaded from co-branded Web site.
Press release:
< http://www.net-security.org/text/press/964002938,79452,.shtml >
----------------------------------------------------------------------------
SYMANTEC OFFICIALS WILL SPEAK AT ISACA CONFERENCE - [19.07.2000]
Symantec Corp., a world leader in Internet security technology, announced
today three executives have been invited to speak at the International 2000
Conference of the Information Systems Audit and Control Association, July
17-19 in Orlando, Florida. Mark Egan, chief information officer and vice
president of Information Technology; Char Sample, principal researcher of the
Core Technology Group; and Greg Adams, director of Development Enterprise
Security Solutions, will each address separate sessions of the conference.
Press release:
< http://www.net-security.org/text/press/964003015,17911,.shtml >
----------------------------------------------------------------------------
RAINBOW RESPONDS TO @STAKE RL'S ADVISORY - [21.07.2000]
Rainbow Technologies, Inc. responded to a Security Advisory issued by
@stake Research Labs regarding potential weaknesses in the company's iKey
1000 entry-level workstation authentication device. @stake's Advisory, issued
to several security mailing lists, confirmed in-house testing being performed
at Rainbow which also uncovered potential weaknesses in the iKey 1000. The
threat can exist in cases where an adversary is able to obtain a user's
iKey. Rainbow has improved the iKey 1000's design to defend against this
class of attack. Rainbow began a thorough internal testing of the iKey 1000
in May after @stake issued a Security Advisory on a competitive key token
product.
Press release:
< http://www.net-security.org/text/press/964140967,15366,.shtml >
----------------------------------------------------------------------------
SECURE COMPUTING TO DELIVER SECURITY TO ASPS - [21.07.2000]
Secure Computing announced that it has signed an OEM agreement with
Hewlett-Packard Company. Under the terms of the agreement, Secure
Computing's SafeWord authentication application is to be resold as a standard
feature of HP's e-utilica instant e-service solution for Application Service
Providers. HP's e-utilica is a pre-integrated solution that enables ASPs to
offer businesses instant access to design collaboration applications and
scalable computer capacity on a pay-per-use basis, keeping the information
technology overhead low and providing a secure platform for e-business.
Press release:
< http://www.net-security.org/text/press/964141092,13277,.shtml >
----------------------------------------------------------------------------
Net-Sec newsletter
Issue 24 - 01.08.2000
http://net-security.org
Net-Sec is a newsletter delivered to you by Help Net Security. It covers
weekly roundups of security events that were in the news the past week.
Visit Help Net Security for the latest security news -
http://www.net-security.org.
General security news
---------------------
----------------------------------------------------------------------------
PICKING THE LOCKS ON THE INTERNET SECURITY MARKET
"Another day, another e-commerce break-in ... The problem, argue a number
of new startups, isn't products. It's people."
Link:
http://www.redherring.com/insider/2000/0724/tech-fea-security-home.html
WE'RE STILL GETTING SECURITY WRONG
Worries about security, and justified ones at that, could still stop the
eCommerce bandwagon in its tracks, it seems. The recent revelation of a
security loophole in MS Outlook has been followed by a report from IDC
asserting that corporate Europe is still adopting the wrong approach to
strengthening the security of its systems.
Link: http://www.it-director.com/00-07-25-3.html
EVALUATION TECHNOLOGY FOR INTERNATIONAL SECURITY STANDARD
The international standard serves as a framework for establishing system
reliability by a product's functions, quality, operation and management. More
specifically, the standard prescribes requirements for the functioning and
quality of the security component that systems must meet to prevent intrusion
and unauthorized access.
Link:
http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/news/108225
COST OF INTRUSIONS
Enterprises hiring reformed crackers to expose their soft underbellies will
only add to the more than $2.6 trillion lost worldwide annually because of
security intrusions, warns professional services firm PricewaterhouseCoopers.
Link: http://www.it.fairfax.com.au/industry/20000725/A26681-2000Jul24.html
MICROSOFT SECURITY EXECUTIVE PROMISES IMPROVEMENTS
The man who receives more complaints about the security of Microsoft Corp.'s
software than anyone on the planet vowed here yesterday that the company's
products are improving in quality and will continue to become more secure.
Link: http://www.idg.net/ic_204796_1794_9-10000.html
Can we believe that? Comment this in our forum:
http://www.net-security.org/phorum/read.php?f=2&i=41&t=41
WHY PEOPLE NEED OUTLOOK
With all this problems with Microsoft Outlook, people are wondering why do
others use Outlook rather than some other mail clients. On HNS forum, Ladi
wrote her opinion on "Why is Outlook so widely used in corporate
environments?".
Link: http://www.net-security.org/phorum/read.php?f=2&i=39&t=29
DEFACEMENTS BY WEBSERVER
Attrition published statistics entitled "Defacements by Webserver August 01,
1999 - July 22, 2000". According to the stats, Microsoft IIS had the biggest
number of defacements.
Link: http://www.attrition.org/mirror/attrition/webserver-graphs.html
ERROR AND ATTACK TOLERANCE OF COMPLEX NETWORKS
The Internet's reliance on only a few key nodes makes it especially vulnerable
to organized computer attacks, according to a new study on the structure of
the worldwide network.
Link:
http://www.nature.com/cgi-taf/DynaPage.taf?file=/nature/journal/v406/n6794/full/406378a0_fs.html
SECURITY POLICY
Marcus Ranum, chief technology officer at NFR: "We are creating hordes and
hordes of script kiddies. They are like cockroaches. There are so many script
kiddies attacking our networks that it's hard to find the real serious
attackers because of all the chaotic noise."
Link: http://news.excite.com/news/zd/000726/18/silence-the-best
NSA OFFICIAL BLASTS AT SECURITY VENDORS
The National Security Agency's senior technical director Thursday lambasted
developers of security tools, which he said were so weak that they
encouraged attacks by computer crackers.
Link: http://www.infoworld.com/articles/hn/xml/00/07/28/000728hnnsa.xml
BRITISH VERSION OF CARNIVORE IS NOW LAW
The British government approved the Regulation of Investigatory Powers (RIP)
that allows British law-enforcement agencies to force ISPs to hand over 'Net
traffic logs and encrypted e-mail messages, along with the decryption keys
needed to read their content. ISPs will have to set up secure channels to the
government's monitoring center and to install "black boxes" that will do the
tracking if the government issues a notice and has a warrant asking the ISP
to do so.
Link: http://www.geek.com/news/geeknews/q22000/gee2000728001991.htm
HOW THE FBI INVESTIGATES COMPUTER CRIME
This guide provides information about the federal investigative and
prosecutive process for computer related crimes. It will help you understand
some of the guidelines, policies, and resources used by the Federal Bureau of
Investigation when it investigates computer crime.
Link: http://www.cert.org/tech_tips/FBI_investigates_crime.html
TOOL TRACES DENIAL OF SERVICE SOURCES
The Internet Engineering Task Force (IETF) is working on technology that
will minimise the problem of denial of service attacks by making it possible
to quickly trace the source of the attack. The organisation last week formed
a working group to develop ICMP Traceback Messages, which would allow network
administrators to trace the path packets take through the internet.
Link: http://www.vnunet.com/News/1107643
RECRUITING HACKERS
Department of Defense and military officials turned a hacker conference into
a recruiting drive Friday, trying to woo the best and the brightest into
becoming security experts.
Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2609334,00.html
DEFCON
Defcon has always been an event known as much for its intensive technical
content - talks on "advanced buffer overflow techniques" are de rigueur - as
its social opportunities, but this year it seems to have become more party
than conference. Call it the new American geek holiday.
Link: http://www.wired.com/news/culture/0,1284,37896,00.html
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
VULNERABILITY IN NETSCAPE BROWSERS
This advisory explains a vulnerability in Netscape browsers present since at
least version 3.0 and up to Netscape 4.73 and Mozilla M15. The vulnerability
is fixed in Netscape 4.74 and Mozilla M16.
Link: http://www.net-security.org/text/bugs/964528232,40698,.shtml
IBM WEBSPHERE VULNERABILITY
A show code vulnerability exists with IBM's Websphere allowing an attacker
to view the source code of any file within the web document root of the
web server.
Link: http://www.net-security.org/text/bugs/964528397,78068,.shtml
ANALOGX PROXY DOS
AnalogX Proxy is a simple but effective proxy server that has the ability
to proxy requests for the following services: HTTP, HTTPS, SOCKS4,
SOCKS4a, SOCKS5, NNTP, POP3, SMTP, FTP. Using commands of an
appropriate length, many of the services exhibit unchecked buffers causing
the proxy server to crash with an invalid page fault thus creating a denial
of service. Normally this would only be a concern for users on the LAN side
of the proxy, but by default Proxy is configured to bind to all interfaces
on the host and so this would be exploitable remotely from over the Internet.
Link: http://www.net-security.org/text/bugs/964577654,52746,.shtml
PATCH FOR "NETBIOS NAME SERVER PROTOCOL SPOOFING"
Microsoft has released a patch that eliminates a security vulnerability in
a protocol implemented in Microsoft Windows systems. It could be used
to cause a machine to refuse to respond to requests for service.
Link: http://www.net-security.org/text/bugs/964789771,23452,.shtml
BEA'S WEBLOGIC SHOW CODE VULNERABILITY
Two show code vulnerabilities exist with BEA's WebLogic 5.1.0 allowing
an attacker to view the source code of any file within the web document
root of the web server. Depending on web application and directory
structure attacker can access and view unauthorized files.
Link: http://www.net-security.org/text/bugs/964901015,87907,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
E-SHOPPING MADE FAST, EFFICIENT AND SECURE - [24.07.2000]
JAWS Technologies Inc. announced that it has signed a memorandum of
understanding with iSolver.com to integrate JAWS security solutions into
iSolver's technology and facilities. JAWS will develop new secure Internet
encryption products to support iSolver's Universal Cart Technology (UCT). In
addition, JAWS will validate, develop and deliver security concepts for all
new Internet applications conceived by iSolver. The two firms expect to
complete a definitive Business Partnership Agreement Aug. 1, 2000, which will
have JAWS provide for a total security solution to support iSolver's business
offering.
Press release:
< http://www.net-security.org/text/press/964399208,14554,.shtml >
----------------------------------------------------------------------------
JAVA-BASED B2B TECHNOLOGY TO ALLOW DIGITAL SIGNATURES - [24.07.2000]
With the recent passage of the landmark Electronics Signature Act giving
digital signatures legal validity, Cyclone Commerce, Inc. continues to take
the lead in making E-Signatures an eCommerce reality. With its flagship
product, Cyclone Interchange, organizations can apply valid and secure
digital signatures to every document sent. This is made possible by Cyclone
CrossWorks Security Framework, a revolutionary technology the company
pioneered.
Press release:
< http://www.net-security.org/text/press/964475791,79890,.shtml >
----------------------------------------------------------------------------
ZKS PREVIEWS LINUX VERSION OF FREEDOM - [24.07.2000]
Zero-Knowledge Systems, the leading developer of privacy solutions for
consumers and companies, will release its first source code. Mike Shaver,
Zero-Knowledge's Chief Software Officer, last week previewed the Linux
client of the company's award-winning privacy software, Freedom at the Ottawa
Linux Symposium. In this first source release, Zero-Knowledge will release the
source code of the Freedom Linux kernel interface.
Press release:
< http://www.net-security.org/text/press/964475936,91408,.shtml >
----------------------------------------------------------------------------
RAINBOW SIGNS NEW CRYPTOSWIFT OEM AGREEMENT - [25.07.2000]
Rainbow Technologies, Inc., a leading provider of high-performance security
solutions for the Internet and eCommerce, today announced that the company
has signed a major OEM agreement with a leading provider of next-generation
Internet infrastructure solutions - and has received an initial order of
nearly $1 million. Rainbow's CryptoSwift eCommerce accelerator is a key
component in a new family of products designed to enable eBusinesses to meet
the demands resulting from the rapid growth of the Internet. This new family
of products are optimized to manage Web traffic - and provide the high
performance and availability of leading networking infrastructure solutions.
Press release:
< http://www.net-security.org/text/press/964482291,24441,.shtml >
----------------------------------------------------------------------------
SYBARI'S ANTIGEN SELECTED BY SUNBELT SOFTWARE - [25.07.2000]
Sybari Software, Inc., the premier antivirus and security specialist for
groupware solutions today, announced that it has been selected by Sunbelt
Software, the No. 1 provider of "best-of-breed" solutions for Windows
2000/NT, for antivirus protection of their groupware environment. "We needed
something we knew could protect our groupware. A network disabled, even for
a short while, from a virus attack is not acceptable," said Stu Sjouwerman,
president of Sunbelt Software.
Press release:
< http://www.net-security.org/text/press/964482448,58117,.shtml >
----------------------------------------------------------------------------
DEFENDNET SOLUTIONS PARTNERS WITH TREND MICRO - [25.07.2000]
DefendNet Solutions Inc., a leading provider of total managed security
solutions for the Internet, today announced that it has partnered with Trend
Micro Inc. to deliver virus scanning services based on Trend Micro's
award-winning InterScan VirusWall technology. By incorporating Trend Micro's
InterScan antivirus software into its comprehensive suite of managed security
offerings, DefendNet will enable its carrier partners to offer remotely
managed gateway virus protection to their corporate customers.
Press release:
< http://www.net-security.org/text/press/964482508,73308,.shtml >
----------------------------------------------------------------------------
SYMANTEC STRENGHTENS WITH ACQUISITION OF AXENT - [27.07.2000]
Symantec Corp. and AXENT Technologies, announced that their boards of
directors have approved the acquisition of AXENT by Symantec in a
stock-for-stock transaction valued at approximately $975 million. The
combination of the two companies will create a new leader in Internet security
for enterprise customers. Under the agreement, AXENT shareholders will receive
in a tax-free exchange 0.50 shares of Symantec common stock for each share
of AXENT common stock they own.
Press release:
< http://www.net-security.org/text/press/964717984,72585,.shtml >
----------------------------------------------------------------------------
'HACK PROOFING YOUR NETWORK' - [28.07.2000]
Syngress Publishing, Inc., today announced the publication of "Hack Proofing
Your Network: Internet Tradecraft" by Ryan Russell and with contributing
grey-hat hackers such as "Mudge," "Rain Forest Puppy," "Caezar," "Effugas,"
and "Blue Boar." The premise of the book is "The only way to stop a hacker is
to think like one." It provides a tour of information security from the
hacker's perspective and offers practical advice for fending off local and
remote network attacks. The book is divided into four parts on theory and
ideals, local attacks, remote attacks, and reporting.
Press release:
< http://www.net-security.org/text/press/964790472,38581,.shtml >
----------------------------------------------------------------------------
FREE INDUSTRY-LEADING ANTI-VIRUS SOLUTION - [28.07.2000]
Verio Inc. and Computer Associates International, Inc. today announced that
the two companies have entered into a partnership to help ensure safe
computing in eBusiness environments. The alliance provides Verio with the
opportunity to offer its 400,000 customers a free, downloadable version of
CA's award-winning anti-virus solution, InoculateIT Personal Edition. The
anti-virus software is a component of eTrust, CA's comprehensive Internet
security solutions suite.
Press release:
< http://www.net-security.org/text/press/964790527,6132,.shtml >
----------------------------------------------------------------------------
@STAKE ACQUIRES CERBERUS INFORMATION SECURITY - [27.07.2000]
@stake, the world's leading Internet security professional services firm,
today announced the acquisition of London-based Cerberus Information Security,
Ltd, specialists in penetration testing and security auditing services. As a
result of today's acquisition, @stake has formalized its entry into the
European market, paving the way for further global expansion. With this
agreement, CIS' security specialists will become @stake security consultants.
In addition, @stake will inherit CIS' client base, a roster of more than 20
blue-chip clients based in the UK. Financial terms of the acquisition were
not disclosed.
Press release:
< http://www.net-security.org/text/press/964837499,43578,.shtml >
----------------------------------------------------------------------------
Net-Sec newsletter
Issue 25 - 07.08.2000
http://net-security.org
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
General security news
---------------------
----------------------------------------------------------------------------
BARCLAYS SLAMMED OVER INTERNET SECURITY FLAW
Barclays came under fire from customers and consumer groups today after a
security breach exposed confidential account details. The bank was forced to
shut down its online banking service yesterday evening after a Saturday
night upgrade to the online transaction software left user data accessible to
other account holders.
Link: http://www.uk.internet.com/Article/100360
NORTON PATCHES FIREWALL HOLES
Symantec has quietly modified its Norton Personal Firewall and Norton
Internet Security 2000 products to block advertising programs that are
sometimes dubbed "spyware." The programs, called adbots, fetch banner ads over
the Internet, but they also transmit encrypted data about the user back to
the advertising companies. This function has earned them the "spyware" label
among privacy and security advocates.
Link: http://www.pcworld.com/pcwtoday/article/0,1510,17880,00.html
250 LINUX SERVERS INFECTED
Some 250 Linux servers were found to have been infected with a program used
in denial of service attacks, raising serious security concerns with the
popular open source code servers.
Link: http://www.koreaherald.co.kr/news/2000/08/__10/20000801_1026.htm
STOP CARNIVORE WEB SITE LAUNCHED
A new site devoted to shutting down the FBI's Carnivore email surveillance
system has launched - "Stop Carnivore". The site explains what Carnivore is,
why it is wrong, what you can do, and how it hurts the Internet.
Link: http://cipherwar.com/news/00/stop_carnivore.htm
SNOOPING IN NETHERLANDS
Dutch newspaper De Volkskrant said Monday that the Internal Security Service
(Binnenlandse Veiligheidsdienst) had monitored e-mail messages between an
unnamed Dutch software company and an Iranian customer.
Link: http://www.infoworld.com/articles/hn/xml/00/08/01/000801hndutch.xml
LINUXSECURITY.COM WINS SOURCE OF THE MONTH FOR JULY
"This month's LinuxLock.Org Security Source of the Month goes to a group of
individuals dedicated to bringing security to the fore-front of the linux
community; this is the staff of LinuxSecurity.Com. Since we started following
the site in January 2000, it has evolved into one of the internet's premiere
sources of Linux Security Information."
Link: http://www.linuxlock.org/features/somjuly00.html
BARCLAYS, AGAIN
Troubled online bank Barclays admitted to another security blunder that again
led to Internet accounts being compromised.
Link: http://www.zdnet.co.uk/news/2000/30/ns-17040.html
STEALING DATA FROM LOS ALAMOS
Hackers suspected of working for a Chinese government institute in Beijing
broke into a computer system at Los Alamos National Laboratory and pilfered
large amounts of sensitive information, including documents containing the
word "nuclear," The Washington Times has learned.
Link: http://www.washingtontimes.com/national/default-20008321179.htm
MYANMAR MILITARY SITE DEFACED
Myanmar telecommunications engineers were trying Thursday to restore the
military government’s Web site after hackers shut it down, a military
intelligence officer said.
Link: http://www.msnbc.com/news/441508.asp?cp1=1
"MAFIABOY" FACES 64 NEW CHARGES
A Canadian youth pleads innocent to accusations that he orchestrated denial
of service attacks on Yahoo!, eBay and other high-profile Web sites.
Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2611672,00.html
AOL HIT WITH CREDIT CARD SCAM
According to an AOL member who contacted CNET News.com, over the past
24 hours some AOL Instant Messenger subscribers have received a message
informing them of credit card problems. The scam directs members to a site
on AOL's Hometown service, a personal Web site builder, and requests credit
card information to update customer records.
Link: http://news.cnet.com/news/0-1005-200-2435585.html
BROWN ORIFICE SECURITY HOLE
From Dan Brumleve homepage - "I've discovered a pair of new capbilities in
Java, one residing in the Java core and the other in Netscape's Java
distribution.
The first (exploited in BOServerSocket and BOSocket) allows Java to open a
server which can be accessed by arbitrary clients. The second
(BOURLConnection
and BOURLInputStream) allows Java to access arbitrary URLs, including local
files.
As a demonstration, I've written Brown Orifice HTTPD for Netscape
Communicator.
BOHTTPD is a browser-resident web server and file-sharing tool that
demonstrates
these two problems in Netscape Communicator. BOHTTPD will serve files from a
directory of your choice, and will also act as an HTTP/FTP proxy server."
Link: http://www.brumleve.com/BrownOrifice/BOHTTPD.cgi
EXCITE@HOME IP FLAW EXPOSED
Excite@Home has warned it will take action against anybody who attempts
utilise an IP vulnerability that allows a single user to block up to 127 IP
addresses, effectively shutting people out of the service.
Contributed by Apocalyse Dow.
Link: http://www.zdnet.com.au/zdnn/stories/zdnn_display/au0004627.html
ICAT - SEARCHABLE INDEX OF SECURITY ISSUES
The U.S. government has created a searchable index of computer
vulnerabilities called ICAT. ICAT links users into a variety of publicly
available vulnerability databases and patch sites, thus enabling one to find
and fix the vulnerabilities existing on their systems
Link: http://csrc.nist.gov/icat
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
[MANDRAKE LINUX] PAM UPDATE
There is a problem with the pam_console module that incorrectly identifies
remote X logins for displays other than :0 (for example, :1, :2, etc.) as
being local displays, thus giving control of the console to the remote user
Link: http://www.net-security.org/text/bugs/965226007,4809,.shtml
[MANDRAKE LINUX] KON2 UPDATE
There is a vulnerable suid program called fld. This program accepts option
input from a text file and it is possible to input arbitrary code into the
stack, thus spawning a root shell.
Link: http://www.net-security.org/text/bugs/965226086,20677,.shtml
[TURBOLINUX] CVSWEB-1.90 UPDATE
A security hole was discovered in the cvsweb-1.90 package. Current and
previous version of cvsweb allow remote users to access/write files as the
default web user via the cvsweb.cgi script.
Link: http://www.net-security.org/text/bugs/965226233,73749,.shtml
MS WINDOWS 2000 PIPE IMPERSONATION VULNERABILITY
A vulnerability in the way Windows 2000 handles named pipes allows any
non-privileged user to elevate his or her current security context to that of
an arbitrary service (started by the service control manager). By exploiting
this bug, a non-privileged local user can gain privileged access to the
system.
Link: http://www.net-security.org/text/bugs/965262176,1136,.shtml
MS WINDOWS 2000 PIPE IMPERSONATION VULNERABILITY PATCHED
Microsoft has released a patch that eliminates a security vulnerability in
Microsoft Windows 2000. The vulnerability could allow a user logged onto a
Windows 2000 machine from the keyboard to become an administrator on the
machine.
Link: http://www.net-security.org/text/bugs/965262270,2600,.shtml
CISCO SECURITY ADVISORY - GIGABIT SWITCH ROUTER
A defect in Cisco IOS(tm) Software running on all models of Gigabit Switch
Routers (GSRs) configured with Gigabit Ethernet or Fast Ethernet cards may
cause packets to be forwarded without correctly evaluating configured access
control lists (ACLs). In addition to circumventing the access control lists,
it is possible to stop an interface from forwarding any packets, thus causing
a denial of service.
Link: http://www.net-security.org/text/bugs/965352730,637,.shtml
FTP SERV-U 2.5E VULNERABILITY
Sending FTP Serv-U a string containing a large number of null bytes will
cause it to stack fault. The system Serv-U is running on may become
sluggish/unstable and eventually bluescreen. A valid user/pass combination
is not required to take advantage of this vulnerability.
Link: http://www.net-security.org/text/bugs/965608002,70838,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
CYBERCASH PROVIDES ONLIONE FRAUD DETECTION SERVICES - [02.08.2000]
CyberCash, Inc., the world's leading provider of electronic payment
technologies and services, announced it will offer integrated online payment
and fraud detection support for Microsoft Commerce Server 2000. Merchants who
use Microsoft's Commerce Server 2000 to create Internet storefronts will be
able to easily configure their storefronts with real-time payment processing
and CyberCash's new Internet fraud detection service by simply installing
CyberCash's components.
Press release:
< http://www.net-security.org/text/press/965182044,72105,.shtml >
----------------------------------------------------------------------------
CERTIFICATES IN WEBTRENDS ENHANCED LOG FORMAT PROGRAM - [02.08.2000]
Further enhancing its position as the standard in eBusiness Systems
management and reporting solutions, WebTrends Corporation announced that 12
leading firewall vendors have been certified in the WebTrends Enhanced Log
Format program, ensuring that their firewall products are compatible with
WebTrends Firewall Suite 3.0. Released today, Firewall Suite 3.0 manages,
monitors and reports on Firewall activity, alerting IT and security managers
to issues with incoming and outgoing activity, protocol usage, security
problems, employee Internet activity and bandwidth consumption.
Press release:
< http://www.net-security.org/text/press/965182212,13233,.shtml >
----------------------------------------------------------------------------
BINDVIEW'S BV-CONTROL SELECTED BY BUY.COM - [02.08.2000]
BindView Corporation, a provider of IT risk management solutions, announced
that Internet retailer buy.com has selected BindView's bv-Control for Windows
2000 software to provide further security for its Web servers. The Internet
superstore will use bv-Control to administer and secure their Windows
enterprise. bv-Control is an administration and security management solution
that pinpoints and corrects risks to the safety and integrity of a network.
BindView's relationship with buy.com further establishes the company's
expertise in working with dot com companies to provide IT risk management
solutions.
Press release:
< http://www.net-security.org/text/press/965182290,73090,.shtml >
----------------------------------------------------------------------------
NETWORK-1 SECURITY SOLUTIONS SELECTED BY BMC - [02.08.2000]
Network-1 Security Solutions, Inc., a leader in distributed intrusion
prevention solutions for e-Business networks, today announced the signing of
an enterprise-wide site license agreement with BMC Software, Inc., the
leading provider of e-Business systems management. The agreement enables BMC
Software to deploy Network-1's unique CyberwallPLUS-WS software - a
distributed, workstation-resident firewall and intrusion prevention product
- on all of its enterprise users' Windows NT/2000 computers. This will provide
BMC Software's employees with protection against hacking and unauthorized
network intrusions.
Press release:
< http://www.net-security.org/text/press/965182394,59788,.shtml >
----------------------------------------------------------------------------
NEW ABILITIES IN CHECK POINT REALSECURE 5.0 - [02.08.2000]
Check Point Software Technologies Ltd., the worldwide leader in securing the
Internet, and Internet Security Systems, a leading provider of security
management solutions for the Internet, introduced the next level in
advanced network intrusion detection capabilities with Check Point RealSecure
5.0. The new version of Check Point RealSecure includes:
- X-Press Updates for real-time notification of newly identified cyber
attack signatures, including the over 500 attack signatures already cataloged
in Check Point RealSecure 5.0
- The ability to reassemble fragmented packets to provide defense against
attackers using split up attack signatures
- New detection logic to improve performance and greatly reduce the number
of "false positives," or legitimate network traffic that is misdiagnosed as
an attack.
Press release:
< http://www.net-security.org/text/press/965182530,80729,.shtml >
----------------------------------------------------------------------------
FREE INTRODUCTORY OFFER BY IVERIFY.COM - [03.08.2000]
iVerify.com launches its verified Internet identification service, iV-Caller,
with a free introductory offer to companies who agree to try the service for
three months. Trial offer winners will receive customization, turnkey
installation and up to 1000 free verifications. Insuring that web users
provide a valid phone number where they can actually be reached, iV-Caller is
an Internet application and service that incorporates quickly and easily into
virtually any web site. IV-Caller can be used in an endless variety of web
scenarios including the verification of credit card purchases, auction buyers
and sellers, sales leads, e-groups, chat rooms and much more.
Press release:
< http://www.net-security.org/text/press/965310705,2208,.shtml >
----------------------------------------------------------------------------
EVIRUS BUYS 51% IN VIRTUAL AIR-GAP TECHNOLOGY - [03.08.2000]
eVirus announces that it has completed the acquisition of a 51% interest in
CIPLOCKS Inc., a Canadian computer security company. The acquisition gives
eVirus exclusive rights to CIPLOCKS' revolutionary computer security
technology. CIPLOCKS Inc. has created an innovative 'anti-hacking' software
architecture known as Virtual Air-Gap Technology that is a means of keeping
computers secure from Internet based attacks by controlling the link to the
outside world.
Press release:
< http://www.net-security.org/text/press/965310780,25330,.shtml >
----------------------------------------------------------------------------
CYLINK AND METRICOM TEAM FOR WIRELESS SECURITY - [03.08.2000]
Cylink Corporation today announced that it will participate in Metricom's
Alliance Partner Program and is planning to provide its security solution for
resale through Ricochet Authorized Service Providers. By combining Metricom's
Ricochet technology and Cylink's award-winning PrivateWire software,
customers can receive a fast, easy-to-use mobile access solution that
incorporates strong encryption, authentication and auditing capabilities to
prevent unauthorized access to applications that are used during
wireless-to-Internet communications.
Press release:
< http://www.net-security.org/text/press/965310833,49198,.shtml >
----------------------------------------------------------------------------
PENTASAFE ACQUIRES BRAINTREE SECURITY SOFTWARE - [03.08.2000]
PentaSafe Security Technologies, Inc., a leading developer of IT auditing
and security software, today announced that it has acquired privately held
BrainTree Security Software. BrainTree Security Software is a leading
international developer of Oracle , Sybase, and SQL Server database security
software solutions. This acquisition supports PentaSafe's strategy to offer
its customers a broad portfolio of security solutions across all facets of
their IT operations.
Press release:
< http://www.net-security.org/text/press/965312120,48220,.shtml >
----------------------------------------------------------------------------
Net-Sec is a newsletter delivered to you by Help Net Security. It covers
weekly roundups of security events that were in the news the past week.
Visit Help Net Security for the latest security news -
http://www.net-security.org.
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org
Any questions about how this was put together for Oblivion please
direct them to :
Slider@0blivion.org
----------------------------------------------
|
|
|
\____ 0wning The World Is A Slow Process,So Give Up And Let Us Gain R00t On
You
#OblivionMag EFNet
Copyright 0blivion.org 2000
B0w Down And Feer The Revolution Of Oblivion
Designed On 800x600 Resolution
Sponsors : http://www.slidersecurity.co.uk
http://net-security.org
http://www.hackernews.com
http://www.caffeine.org.uk
http://www.slidersecurity.co.uk/omega
Music : Rage Against The Machine
Zombie Nation
Death in Vegas
Red Hot Chilli Peppers - Californication
Live feed from Ministry Of Sound via. www.ministryofsound.co.uk
Drink : Red Bull - Late nite shizz
Java Coffee
Thanks : Vortex, For hosting 0blivion.org
Spammy for his Bot's on #oblivionmag - Where they gone ???
Pep - Have a good trip mate!
Aleph1, R.F.P and all the h0es that make my life worth living online
And Akt0r, DC_`, d0tslash, Cl0wn, TNC, redmang and a few others that i
forget
#Darkcyde, #bellcrew, #2600-uk, #bifemunix, #hax0r, #b10z, #is, #beyond
Funny : Colin Noble aka. CPUKiller - http://COLINSDOMAIN.4MG.COM
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed