Net-Sec newsletter
Issue 27 - 28.08.2000
http://net-security.org

Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. 
Visit Help Net Security for the latest security news - http://www.net-security.org.


Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Table of contents:

1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security books
6) Security software
7) Defaced archives



============================================================
In association with Kaspersky Lab (www.kasperskylabs.com), HNS staff
created a new section of the site, with about 400 descriptions of well known and
not so know viruses. Specially interesting part of that section are screenshots
of 50 virus infections. All viruses are well categorized and easy to browse.

Point your browser to this URL:
http://www.net-security.org/text/viruses
============================================================




General security news
---------------------


----------------------------------------------------------------------------

TROJAN USERS CAUGHT IN CHINA
Three local high school students were arrested on Monday for allegedly running 
Trojan programs to steal dial-up account passwords from compromised computer 
systems. Reporter speaks about SunSeven trojan program, but it is obvious 
that SubSeven was used...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.chinatimes.com.tw//english/esociety/89082202.htm


ATTACKING WEB SITES TO GET THE MESSAGE OUT
Several sites around the world were reportedly broken into and changed last 
week by one or more people claiming to be calling attention to the fight 
between the music industry and the digital music-swapping Web site Napster. 
A manifesto of sorts was posted in support of Napster's fight against music 
industry labels, titled "The Save Napster Hack Attack."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/08/21/napster.hacks.idg/index.html


HIRING HACKERS - RANT
"Palante", who works in an unnamed Fortune 500 company's infosec consulting 
division, posted his opinion on all those struggles that some companies started 
with saying that people shouldn't hire hackers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.globetechnology.com/archive/gam/News/20000822/ROUTS.html


PRETENDER
Someone tried to dupe several Malaysian Internet users into giving away their 
private financial information by posing as an online executive at Maybank 
company. The article has a standard mistake - trojans are connected with the 
word hacker.
Link: http://thestar.com.my/tech/story.asp/2000/8/22/technology/22hack&sec=technology


TREND MICRO ITALIA SITE DEFACED
Italian branch of anti virus company Trend Micro (www.trendmicro.it), got its 
site defaced yesterday for two times. A note was left for the admins - 
"secure yourself man, *hint - securityfocus.com".
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.attrition.org/mirror/attrition/2000/08/21/www.trendmicro.it/

WRISTWATCHES COULD PROVIDE THE KEY TO BETTER IT SECURITY
A US company has devised a plan to make IT security as simple as telling 
the time - by incorporating an automated PC locking device into wristwatches. 
Michigan-based Ensure technologies argue that despite the furore about 
attackers, most breaches of security occur in-house - namely in users' 
complacency in leaving PCs switched on or divulging their passwords to 
others.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ananova.com/news/story/technology_us-gadgets-privacy_942524.html


SECURE MESSAGING OFFERED
VeriSign and Slam Dunk Networks are teaming up to offer a message 
delivery infrastructure that will guarantee business-to-business transaction 
participants that their messages will be protected, delivered, and properly 
accepted at their rightful destinations. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/08/22/000822hnverslam.xml


AUSTRALIA FEARS HACKERS MAY TARGET GAMES
Computer experts will work around the clock during the Sydney Olympics 
to keep out cyber hackers who might try to vandalize Games Web sites.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.mercurycenter.com/svtech/news/breaking/internet/docs/334890l.htm


THE WORLD'S MOST SECURE OPERATING SYSTEM
"OpenBSD is probably one of the most secure operating systems out there," 
says Chris Brenton, author of Mastering Network Security. "The crew does
a fantastic job of locking down and being responsive when vulnerabilities 
are found." Such a good job that the U.S. Department of Justice uses 260 
copies of OpenBSD to store and transmit its most sensitive data..."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.thestandard.com/article/article_print/1,1153,17541,00.html


BT WEB SITE SECURITY BLUNDER
The Insight Interactive portion of the BT.com Web site has a gaping hole 
in its security. Any registered user's details can be accessed by entering 
their user name and password. The trouble is, the same password works 
whichever username you use.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/12794.html


WILL 3G DEVICES BE SECURE?
While anticipating the delights of 3G, be aware of the inherent dangers. 
According to computer security experts, all this connectivity and 
functionality will inevitably mean an increased risk of attack by mobile 
viruses and worms as well as malicious attackers. Evidence of potential 
for new threats can already be seen. Earlier this month Japan's highly 
successful mobile broadband standard i-mode ran into its first major 
security issue highlighting the dangers ahead.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/33/ns-17466.html


YET ANOTHER CONTEST
Noted Chinese consumer electronics production company, Hisense, has 
challenged everybody to penetrate a server equipped with its newly 
developed firewall products before September 1 to win 500,000 yuan.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://english.peopledaily.com.cn/200008/23/eng20000823_48861.html

PIMPSHIZ INTERVIEWED BY HWA
HWA Security has an interview with 16 year old 'pimpshiz' who reportedly 
defaced over 60 sites in a pro-napster social disobedience action.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.hwa-security.net/pimpshiz.txt


BIG BROTHER DATABASE APPARENTLY COMPROMIZED
An unknown attacker has apparently gained unauthorized access to 
the main database of contestants for Spain's version of Big Brother, 
called Gran Hermano in Spain. According to reports, the database 
contains details including credit history, IQs, and mental health on 
over 1,700 would-be contestants.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.geek.com/news/geeknews/q22000/gee2000824002209.htm


NASTY PGP BUG
Ralf Senderek has found a nasty bug in PGP versions 5 and 6. It's of 
scientific interest because it spectacularly confirms a prediction made 
by a number of researchers in the paper on `The Risks of Key Recovery, 
Key Escrow, and Trusted Third-Party Encryption' that key escrow would 
make it much more difficult than people thought to build secure systems.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/pgp-badbug.htm


PIKACHU WORM SPREADING
A computer worm featuring the cuddly Japanese cartoon character 
Pikachu has been found in computers in the United States, leaving 
some operating systems devastated, an anti-virus software firm said 
on Thursday. The worm was found by Trend Micro near two months ago.
Link: http://net-security.org/text/viruses/962474496,16084,.shtml


HOW TO SPY ON YOUR EMPLOYEES
Companies that want to spy on employees' Internet usage already 
have an array of tools. Research firm IDC predicts that in four years, 
the industry will generate $562 million in revenue. But employers fixated 
on monitoring employees may be wasting time and killing morale. Moreover, 
they may be setting themselves up to be sued.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/449233.asp?cp1=1


YAHOO TO OFFER ENCRYPTED EMAIL OPTION
Yahoo plans to let its email account holders use data scrambling to protect 
the privacy of their messages, marking a potentially significant advance 
for the mainstream use of encryption.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1005-200-2605437.html


TRUSTE PRIVACY SITUATION
Interhack Corporation has issued a report stating that visitors to the 
TRUSTe website have themselves unknowingly been tracked and were 
having pseudonymous information about them being directed to a third 
party, TheCounter.com.
Link: http://www.securitywatch.com/scripts/news/list.asp?AID=3697


RSA UPGRADING SECURITY SOFTWARE
RSA Security next week will unveil an upgraded version of its PKI software, 
adding support for digital certificates from multiple vendors and making it 
easier for security administrators to register users to receive certificates 
through an automated download process.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/08/25/000825hnrsa.xml


HOAX HITS EMULEX
Shares of Emulex tumbled to $43 from their previous close of $113.063 
after false news circulated that the California-based company was 
restating its earnings, that its CEO had quit, and that it was under 
investigation by the Securities and Exchange Commission.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.techserver.com/noframes/story/0,2294,500243647-500360148-502111278-0,00.html


NEW PGP RELEASE
MIT Distribution Center for PGP software has the new version of the 
program posted on-line. This release corrects a security-related bug 
with Additional Decryption Keys (ADKs) that may allow sophisticated 
attackers to add unauthorized ADK key IDs to the unhashed areas of 
PGP public keys.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://web.mit.edu/network/pgp.html


KOREAN MINISTRY WEBSITE HIT BY DOS
The Ministry of Information and Communication fell prey to attackers 
who managed to bring the Web site to a standstill for 10 hours Saturday. 
The Web site was downed at 12 but all services were restored by 10 p.m.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://koreaherald.co.kr/news/2000/08/__10/20000828_1038.htm


MAC OS X SERVER - SECURITY GUIDELINES
This document outlines some security measures for the Mac OS X Server 
1.0 - 1.2 platform. While Mac OS X Server (OSXS) is a fairly secure 
environment out of the box, these basic measures help create a more 
secure computing environment.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securemac.com/osxsecurity.cfm


ARACHNE BROWSER ARCHITECT DISMISSES VIRUS CHARGE
Michael Polak, a Czech scientist whose browser has been causing so many 
problems for its users that he was accused of disseminating a virus, issued 
an explanation on his Web site this week. Polak, who offers Arachne free 
of charge for non-commercial use, had received numerous complaints from 
people who had their files wiped out after they installed the browser.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/08/28/news1.html


BUG HUNTERS
Associated Press has an article entitled "Bug hunters consider whether to 
reveal software flaws" which speaks of bug reporting to software vendors. 
The interesting part is that they have quotes from bug hunters and several 
companies about reacting to security issues.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.techserver.com/noframes/story/0,2294,500244316-500361480-502123615-0,00.html


----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------


FRONTPAGE SERVER EXTENSIONS SHTML.EXE DOS
The FrontPage Server Extensions are vulnerable to a remote denial of service 
attack that will disable all FrontPage operations on a web site. By requesting a 
URL that includes a DOS device name, the server extensions will hang and will 
not service any further requests. To re-enable the server extensions requires 
restarting IIS or rebooting the server.
Link: http://www.net-security.org/text/bugs/967048516,37265,.shtml


REMOTE DOS IN PRAGMA TELNETSERVER 2000
The Ussr Labs team has recently discovered a buffer overflow memory problem 
in the rpc module of the Pragma TelnetServer 2000. What happens is by 
performing an attack with a malformed request to port 512 it will cause 
the process containing the services to crash.
Link: http://www.net-security.org/text/bugs/967122232,16999,.shtml


WEBSERVER PRO 2.3.7 VULNERABILITY
The vulnerability (or bad server administration) allow any user to create 
arbitrary files with arbitrary text on the victim machine, from the Internet 
Web Browser.
Link: http://www.net-security.org/text/bugs/967214843,48495,.shtml


[MANDRAKE LINUX] XCHAT UPDATE
XChat 1.3.9 and later allow users to right-click on a URL appearing in an 
IRC discussion and select the "Open in Browser" option. To open the URL in 
a browser, XChat passes the command to /bin/sh. This allows a malicious 
URL the ability to execute arbitrary shell commands as the user that is running 
XChat. This update changes the functionality of XChat to bypass the shell 
and execute the browser directly. Thanks go to Red Hat for providing the patch.
Link: http://www.net-security.org/text/bugs/967214951,8515,.shtml


[CALDERA LINUX] LD.SO UNSETENV PROBLEM
A bug has been discovered in ld.so that could allow local users to obtain super 
user privilege. The dynamic loader ld.so is responsible for making shared libraries 
available within a program at run-time. Normally, a user is allowed to load 
additional shared libraries when executing a program; they can be specified 
with environment variables like LD_PRELOAD. 
Link: http://www.net-security.org/text/bugs/967215087,33684,.shtml


"IIS CROSS-SITE SCRIPTING" VULNERABILITIES PATCHED
Microsoft has released a patch that eliminates security vulnerabilities in Microsoft 
Internet Information Server. The vulnerabilities could allow a malicious web site 
operator to misuse another web site as a means of attacking users.
Link: http://www.net-security.org/text/bugs/967298521,30706,.shtml


"MONEY PASSWORD" VULNERABILITY PATCHED
Microsoft has released a patch that eliminates a security vulnerability in 
Microsoft  Money. The vulnerability could allow a malicious user to obtain 
the password of a Money data file.
Link: http://www.net-security.org/text/bugs/967298631,3545,.shtml


ADVISORY: MGETTY LOCAL COMPROMISE
Faxrunqd follows symbolic links when creating certain files. The default location 
for the files is /var/spool/fax/outgoing, which is a world-writable directory. Local 
users can destroy the contents of any file on a mounted filesystem because 
faxrunqd is usually run by root
Link: http://www.net-security.org/text/bugs/967304131,68635,.shtml


KERBEROS PASSWORD AUTHENTICATION ISSUES
Kerberized programs that perform password authentication may be vulnerable 
to an attacker with the ability to spoof KDC responses (either as a race 
condition on the LAN, or via DNS cache poisoning, spoofed ICMP redirects 
or router advertisments, etc.).
Link: http://www.net-security.org/text/bugs/967488533,33506,.shtml


----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press


----------------------------------------------------------------------------

PKI-BASED DIGITAL SIGNING OF WEB PAGES - [22.08.2000]

Celo Communications, a global innovator in the development and deployment of
digital signatures, announced a unique digital signature product for secure 
Internet transactions. CeloCom eSigner is based on Public Key Infrastructure, 
and enables digital signing of entire web pages. The CeloCom eSigner allows 
complex legal documents and contracts to be digitally signed, authenticated 
and validated, bringing e-business transaction security to new levels.

Press release:
< http://www.net-security.org/text/press/966913616,96346,.shtml >

----------------------------------------------------------------------------

CERTIFICATION FOR CHECK POINT VPN-1/FIREWALL-1 - [22.08.2000]

Foundry Networks, Inc., a leader in high-performance end-to-end switching and 
routing solutions, announced that Foundry's ServerIron Internet traffic and 
content management switches are the first to receive OPSEC (Open Platform 
for Security) Certification from Check Point Software Technologies Ltd., for Check 
Point VPN-1/FireWall-1 high availability with load balancing. Check Point certified 
that Foundry's award winning ServerIronXL switches are the first to provide load 
balancing and fail-over of all active sessions, including VPN-1 sessions, for Check
Point's VPN-1/FireWall-1 4.1 products.

Press release:
< http://www.net-security.org/text/press/966913668,25089,.shtml >

----------------------------------------------------------------------------

NORTON INTERNET SECURITY WITH INTEL DESKTOP BOARDS - [22.08.2000]

Symantec Corp., a world leader in Internet security, announced that Intel Corp., 
the leader in desktop PC technology, has chosen Norton Internet Security
Family Edition to ship with selected Intel Desktop Boards. The combination of 
Symantec's award-winning security software with the performance and quality
of Intel Desktop Boards provides a solid foundation with superior Internet 
protection for the consumers' home office and small business environments.

Press release:
< http://www.net-security.org/text/press/966913803,24061,.shtml >

----------------------------------------------------------------------------

NEW ONLINE ANTI-VIRUS SCANNER CERTIFICATION - [23.08.2000]

ICSA.net announced an expansion of its anti-virus product certification-testing 
suite with the introduction of the new Online Anti-Virus Scanner Certification 
Program. The Internet security leader also announced that HouseCall from 
Trend Micro Inc. is the first product to achieve the certification. Trend Micro is 
a leading provider of tools to detect and block viruses, malicious code and 
related Internet security threats. The new certification program's criteria initially 
will include monthly testing for 100 percent of viruses currently found "in the 
wild," as well as for 100 percent of the current common infectors list.

Press release:
< http://www.net-security.org/text/press/966994207,5238,.shtml >

----------------------------------------------------------------------------

WAVE SYSTEMS ANNOUNCES TRUST @ THE EDGE - [23.08.2000]

Wave Systems Corp., announced a strategic new security architectural model 
for creating multi-party trust in user devices. Trust @ the Edge specifies the 
integration of strong security in every user device, a major breakthrough in the 
challenge of creating trusted and private digital relationships while enabling 
reliable electronic exchange and commerce over the Internet.

Press release:
< http://www.net-security.org/text/press/966994343,19617,.shtml >

----------------------------------------------------------------------------

NEW BOOK BY BRUCE SCHNEIER - [23.08.2000]

Bruce Schneier, computer security expert, CTO and founder of Counterpane 
Internet Security, Inc., has written a new book specifically for corporate 
managers. Secrets and Lies: Digital Security in a Networked World is a practical, 
straightforward guide to understanding and achieving security throughout 
computer networks. Schneier draws on his extensive field experience to dispel 
myths as well as help business executives assess corporate security risks to 
choose the right solutions and implement the right processes.

Press release:
< http://www.net-security.org/text/press/966994526,44171,.shtml >

----------------------------------------------------------------------------

TREND MICRO LAUNCHES ANTIVIRUS AFFILIATE PROGRAM - [23.08.2000]

Trend Micro, Inc., announced the launch of an affiliate marketing program that 
further enables mutually beneficial relationships between Trend Micro and on-line 
service providers including ISPs. The Affiliate Program is part of Trend Micro's 
eDoctor Global Network, a worldwide Internet security initiative comprised of 
service providers that offer virus scanning and information as a value-added 
service to their customers. Through the Antivirus Affiliate Program Trend Micro 
is inviting U.S. and Canadian ISPs and other on-line service providers to add 
valuable content and links to their web sites to help their visitors and customers 
to enjoy a safer Internet experience including: 
- Virus alerts and other informational content 
- Hot links to Trend Micro's "Virus Encyclopedia" 
- Options to link or frame Trend Micro's HouseCall online virus scanner 
- 10% commissions on Trend Micro product sales to their Websites' 

Press release:
< http://www.net-security.org/text/press/967047592,24761,.shtml >

----------------------------------------------------------------------------

ADVANCED VIRUS PROTECTION FOR MAIL.COM - [25.08.2000]

Mail.com, Inc., a leading Messaging Service Provider to businesses, announced 
the next generation in its scalable, fully outsourced e-mail firewall services - 
enhanced MailWatch solution- providing innovative and robust protection for 
corporate e-mail systems against viruses, spam, offensive or threatening 
content, and inappropriate attachments. The advanced MailWatch service 
features are available to businesses as a stand-alone service or can work in 
conjunction with Mail.com's leading edge business e-mail services. As an 
additional layer of security, customers of Mail.com's business e-mail services 
are protected through SSL encryption for all user authentication and messaging.

Press release:
< http://www.net-security.org/text/press/967215417,80712,.shtml >

----------------------------------------------------------------------------

SECURANT TECHNOLOGIES PARTNERS WITH BALTIMORE TECH - [25.08.2000]

Securant Technologies, the access management company that secures 
e-business, announced its partnership with Baltimore Technologies, a global 
leader in e-security solutions. Through the Baltimore PKI World program, 
Securant will deliver integrated solutions for protecting eBusiness resources 
based on the award winning ClearTrust SecureControl access management 
system and Baltimore UniCERT Certificate Management system. This will allow 
enterprises, government agencies and service providers to centrally control and 
personalize access to Web-based and Web-presented applications, content and 
transactions by marrying Baltimore e-security with Securant's dynamic, 
rules-based authorization and access management platform.

Press release:
< http://www.net-security.org/text/press/967215503,81794,.shtml >

----------------------------------------------------------------------------




Featured articles
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

Listed below are some of the recently added articles.

----------------------------------------------------------------------------

CONSOLE IOCTLS UNDER LINUX by Shok (Matt Conover)

Console IOCTLs can be very useful and powerful. These are the IOCTls that 
involve the console. They are the user interface to manipulation of the console.
I am going to go over these console IOCTLs and give you examples of them. 
You can make some pretty powerful programs, whether they be general utilities 
or security programs, with these (such as Auto Console Switching and Console 
Access Protection). The structure of this article will be the name of the IOCTL, 
and then example source code to uses of the IOCTL. 

Article:
< http://www.net-security.org/text/articles/console.shtml >

----------------------------------------------------------------------------

LKM: KERNEL HACKING MADE EASY by Nicolas Dubee - w00w00.org

The following applies to the Linux i86 2.0.x kernel series. It may also be
accurate for previous releases, but has not been tested. 2.1.x kernels
introduced a bunch of changes, notably in the memory managment routines,
and are not discussed here. 

Article:
< http://www.net-security.org/text/articles/kernel.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

SECRETS AND LIES: DIGITAL SECURITY IN A NETWORKED WORLD

Internationally recognized computer security expert Bruce Schneier offers a 
practical, straightforward guide to achieving security throughout computer 
networks. Schneier uses his extensive field experience with his own clients to 
dispel the myths that often mislead IT managers as they try to build secure 
systems. This practical guide provides readers with a better understanding of 
why protecting information is harder in the digital world, what they need to 
know to protect digital information, how to assess business and corporate 
security needs, and much more.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0471253111/netsecurity >

----------------------------------------------------------------------------

WINDOWS 2000 SYSTEM ADMINISTRATION HANDBOOK

>From the Inside Flap: Welcome to the Windows 2000 Systems Administration 
Training Course. As IT professionals, we have watched Windows 2000 slowly 
mature from a very rough NT5 beta 1 to a robust, polished Windows 2000 
released product. As authors, we have attempted to bring you a collection of 
the topics most relevant to systems administration while adding insight from 
our own personal experiences implementing and administering Windows 2000 
throughout the lengthy beta period, up to and including the final release. We 
hope that you will find this multimedia training course useful as you study and 
develop your Windows 2000 system administration skills. 

Book:
< http://www.amazon.com/exec/obidos/ASIN/0130270105/netsecurity >

----------------------------------------------------------------------------

WINDOWS 2000 AND MAINFRAME INTEGRATION

The following topics are covered for both Windows 2000 and OS/390 (except 
the topics that are inherently Windows 2000 specific): History of the operating 
systems; overview of the operating systems; system architecture; memory 
management; multitasking (multiprogramming); i/o device management; file 
system; how programs are loaded and managed by the OS; job and task 
management; Windows Scripting Host; catalogs and directories (including, 
briefly, Windows 2000 Active Directory Service); DNS; printer management; 
operator control of OS features; security; networking; transaction, database, 
and message processing; communicating with OS/390 using terminal emulation 
or an SNA server; SNA subdomains; overview of integrating Windows 2000 and 
mainframe applications; using Mainframe Express to create a mainframe 
development environment on a workstation; scalability; and availability.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1578702003/netsecurity >

----------------------------------------------------------------------------

TRUST ON TRIAL: HOW THE MICROSOFT CASE IS REFRAMING THE RULES 
OF COMPETITION

Is Microsoft truly a classic monopoly, whose aggressive pursuit of markets for 
Internet browsers and operating systems is harmful to consumers and worthy 
of government intervention? Or has it actually been a victim of aggressive rivals 
(led by Sun, Novell, Oracle, and IBM) who called in high-level favors to keep Bill 
Gates & Company out of the lucrative market for network servers? Richard 
McKenzie, a noted economist and the author of more than 20 books, is 
convinced of the latter. He advances a formidable argument on that behalf in 
Trust on Trial, which maintains "the Microsoft case has shown--and not for the 
first time - how politics can taint the antitrust enforcement process." Starting 
with copies of major U.S. antitrust laws, McKenzie shows how cases such as 
this eventually may affect consumers in both the short and long term.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0738203319/netsecurity >

----------------------------------------------------------------------------

PROFESSIONAL WAP

Wireless Application Protocol and its related technologies are emerging as the 
standard way of creating network-wise software for wireless computing devices,
such as mobile telephones. Wrox Press's crack team of programmer-writers have
put together a winner in Professional WAP. To a greater extent than any other 
WAP book on the market, this volume shows its readers how to do real work by 
using WAP, Wireless Markup Language (WML), WMLScript, and various toolkits 
and servers that ease wireless application development. Best of all, the authors 
realize that most folks working as WAP developers have Web roots; they explain 
their subjects in terms that anyone with a bit of HTML and Web-scripting 
(JavaScript or VBScript) background should be able to follow easily.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1861004044/netsecurity >

----------------------------------------------------------------------------

DESIGNING SECURE WEB-BASED APPLICATIONS FOR MICROSOFT WINDOWS 2000

"Web-based applications" is getting to be a redundant term, but that only 
highlights the fact that up-to-date programmers need to be familiar with the 
strategies and practices used to build modern networked software. Designing 
Secure Web-Based Applications for Microsoft Windows 2000 explains precisely 
what its title specifies: the mechanisms for allowing Windows programs to 
communicate over the network while maintaining security, plus their ways of 
fitting into complete product architectures. It's an engineering document 
with considerable information on identifying security threats, giving them 
relative weight, and deciding how to deal with them in the designs of your 
systems. The author has both done his homework and worked in the industry, 
and it's a pleasure to read his distilled knowledge.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0735609950/netsecurity >

----------------------------------------------------------------------------




Security Software
-----------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

FIRESTARTER 0.4.1 (LINUX)

The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for 
setting up, administrating and monitoring firewalls for Linux machines. FireStarter 
is made for the GNOME desktop. It can actively monitor your firewall and list any 
unauthorized connection attempts made to your machine in a readable table 
format. Changes: Better service determination, can launch firewall on PPP 
connect, and bug fixes.

Link:
< http://net-security.org/cgi-bin/file.cgi?firestarter-0.4.1.tar.gz >

----------------------------------------------------------------------------

APPSTRAKA 3.10

AppsTraka is a powerful security program you can use to paint a very clear 
picture of how others are using your computer. You can set it up to log all
open windows, including title, time, and duration, and to save screenshots of 
your desktop at a regular interval of your choosing. Beyond surveillance, 
AppsTraka allows you to deny access to any programs on your computer, 
based on the current user. You can simply deny access altogether, impose a 
time limit, or require a password to access any program you add to the secured
list. You can also hide items from the Start menu and select drives. You can run 
AppsTraka in stealth mode, making the program all but undetectable, or make it 
as visible as you wish, complete with warning messages.
This download expires after 30 days. The cost to register is $30. 

Link:
< http://net-security.org/cgi-bin/file.cgi?appstraka310.exe >

----------------------------------------------------------------------------

QMAIL-SCANNER 0.92 (LINUX)

Qmail-Scanner (also known as Scan4Virus) is an addon that enables a Qmail 
e-mail server to scan all gatewayed e-mail for certain characteristics. It is 
typically used for its anti-virus protection functions, in which case it is used in 
conjunction with commercial virus scanners. But it also enables a site to react 
to e-mail that contains specific strings in particular headers, or particular 
attachment filenames or types. Qmail-Scanner is integrated into the mail server 
at a lower level than some other Unix-based virus scanners, resulting in better 
performance. It is capable of scanning not only locally sent/received e-mail, but 
also e-mail that crosses the server in a relay capacity.

Link:
< http://net-security.org/cgi-bin/file.cgi?qmail-scanner-0.92.tgz >

----------------------------------------------------------------------------

WINFINGERPRINT 227

Advanced remote windows OS detection. Current Features: Determine OS using 
SMB Queries, PDC (Primary Domain Controlller), BDC (Backup Domain Controller), 
NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE SERVER,
WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate
Shares including Administrative ($), Enumerate Global Groups, E numerate Users,
Displays Active Services, Ability to Scan Network Neighborhood, Ability to
establish NULL IPC$ session with host, Ability to Query Registry (currently
determines Service Pack Level & Applied Hotfixes.

Link:
< http://net-security.org/cgi-bin/file.cgi?winfingerprint-227.zip >

----------------------------------------------------------------------------

SPYTECH NETARMOR 1.0.2

Spytech NetArmor is a secure Internet protection utility for your Windows PC.
NetArmor's main objective is to detect possible malicious hacker intrusions and 
alert you so you can safely shutdown your machine, log off, or disconnect from 
the Internet. NetArmor is not a firewall, but a connection monitoring utility - 
good for personal and corporate protection. NetArmor can detect attacks from 
over 350 common backdoors. The unregistered version limits monitoring sessions 
to 10 minutes. Registration costs $19.95.

Link:
< http://net-security.org/cgi-bin/file.cgi?netarmor.zip >

----------------------------------------------------------------------------

NMAP 2.54 BETA (LINUX)

Nmap is a utility for port scanning large networks, although it works fine for 
single hosts. Sometimes you need speed, other times you may need stealth. In 
some cases, bypassing firewalls may be required. Not to mention the fact that 
you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap 
supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP 
FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, 
SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK 
and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning 
(ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote 
OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap 
also supports a number of performance and reliability features such as dynamic 
delay time calculations, packet timeout and retransmission, parallel port scanning, 
detection of down hosts via parallel pings. 

Link:
< http://net-security.org/cgi-bin/file.cgi?nmap-2.54BETA3.tgz >

----------------------------------------------------------------------------





Defaced archives
------------------------

[21.08.2000] - Compunet Engineering
Original: http://www2.cne-kc.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/21/www2.cne-kc.com/

[21.08.2000] - Computer multimedia and internet technology Pvt.Ltd 
Original: http://www.visionindia.net/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/21/www.visionindia.net/

[21.08.2000] - National Oceanic and Atmospheric Administration
Original: http://vortex.cmdl.noaa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/21/vortex.cmdl.noaa.gov/

[21.08.2000] - Malaysian Department of Immigration
Original: http://www.imi.gov.my/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/21/www.imi.gov.my/

[21.08.2000] - Atlantic City Free Public Library LibGate
Original: http://libgate.atlantic.city.lib.nj.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/21/libgate.atlantic.city.lib.nj.us/

[21.08.2000] - Interactive Media, Inc.
Original: http://www.iowa.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/21/www.iowa.com/

[21.08.2000] - Trend Micro Italy
Original: http://www.trendmicro.it/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/21/www.trendmicro.it/

[22.08.2000] - Ars Electronica Center FORCE Server
Original: http://force.aec.at/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/22/force.aec.at/

[22.08.2000] - Machine Intelligent System International
Original: http://misasia.com.sg/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/22/misasia.com.sg/

[22.08.2000] - Linux Malaga
Original: http://www.linux-malaga.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/22/www.linux-malaga.org/

[22.08.2000] - Gridlink Internet Services (primary nameserver)
Original: http://ns1.gridlink.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/22/ns1.gridlink.com/

[22.08.2000] - South Georgia Business Systems
Original: http://www.sogbs.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/22/www.sogbs.com/

[22.08.2000] - Ticketmaster UK Ltd
Original: http://www.ticketmaster.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/22/www.ticketmaster.co.uk/

[23.08.2000] - American Association for Higher Education
Original: http://aahe.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/23/aahe.org/

[24.08.2000] - Highgate & Islington Internet
Original: http://www.digitalcertificate.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/24/www.digitalcertificate.co.uk/

[24.08.2000] - APG SA
Original: http://linux.atomis.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/24/linux.atomis.com/

[25.08.2000] - JPL Space Exploration Post 509
Original: http://www.post509.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/25/www.post509.org/

[26.08.2000] - Net Deamon
Original: http://www.netdeamon.net/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/26/www.netdeamon.net/

[26.08.2000] - Eutelsat
Original: http://www.euteltracs.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/26/www.euteltracs.org/

[26.08.2000] - Solution Bankcard
Original: http://www.solutionbankcard.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/26/www.solutionbankcard..com/

[26.08.2000] - Gamescentral.com
Original: http://www.gamescentral.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/26/www.gamescentral.com/

----------------------------------------------------------------------------



Questions, contributions, comments or ideas go to:

Help Net Security staff

staff@net-security.org
http://net-security.org



---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org