Net-Sec newsletter
Issue 30 - 18.09.2000
http://net-security.org

Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. 
Visit Help Net Security for the latest security news - http://www.net-security.org.


Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Table of contents:

1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security books
6) Security software
7) Defaced archives




============================================================
Sponsored by VeriSign - The Internet Trust Company 
============================================================
Do you use the Internet to deliver the software you develop? 
Get VeriSign's FREE Guide to learn how you can digitally "shrink-wrap" your code 
to protect it against tampering, and how to sign your ActiveX controls, .cab files, 
jar files, HTML content, VB code, or Microsoft Office 2000 .doc files with a 
VeriSign Software Developer Digital ID. 
Go to: 
http://www.verisign.com/cgi-bin/go.cgi?a=n037010570200000
============================================================





General security news
---------------------

----------------------------------------------------------------------------

WORLD OF SPIES GETS PORTAL
While the secrets of the Russian secret services aren’t likely to be made available 
to the general public anytime soon, a curious person can now turn to a new 
Internet portal, www.agentura.ru, to make basic inroads into the murky world 
of spies. "We’re counting on the big existing interest in this topic and we want 
to fill in the information vacuum," said Andrei Soldatov, a political journalist with 
the influential Izvestia daily, who together with his father - Alexei Soldatov, 
president of the Relcom Internet provider - started the portal.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.themoscowtimes.com/stories/2000/09/14/010.html


MORE ON CARNIVORE
Several prominent universities have rejected the U.S. Justice Department's 
appeal to universities to test an electronic eavesdropping device known as 
Carnivore. Researchers from four universities have complained that the 
department has too much control over the review, and their public comments 
have prompted a fifth university to ignore the department's request.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://chronicle.com/free/2000/09/2000091501t.htm


720 WEB SITES DEFACED
Some of the sites remain defaced early Monday morning, with an anti-racism 
message left by the hacker, who calls him or herself "piffy." Piffy belongs to a 
group known as the RootShellHackers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/pubNews/00/155311.html


INTRODUCTION TO ENCRYPTION
Joshua Ryder did a good job with this introductive article. It goes from the 
very basics of explaining what encryption is ("Encryption is the process of 
converting data from one form into ciphertext"), and goes along with some 
basic examples of how encryption works.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/cover/coverstory20000918.html


A FEW RECIPES FOR EASIER FIREWALLS
"Every day, we hear of damage caused by viruses, of new exploits through 
which crackers compromise systems. For those of us in the information technology 
restaurant business, these are challenging times. We must be ever vigilant. A 
good firewall, then, is an excellent beginning. But how to do it simply is the question..."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www2.linuxjournal.com/lj-issues/issue78/4218.html



QAZ.TROJAN
This new backdoor Trojan allows attackers to access and control an infected 
system. TROJ_QAZ was initially distributed as "Notepad.exe" but might also 
appear with different filenames. Once an infected file is executed, TROJ_QAZ 
modifies the Windows registry so that it becomes active every time Windows
 is started. TROJ_QAZ also renames the original "notepad.exe" file to 
"note.com" and then copies itself as "notepad.exe" to the Windows folder. 
This way, the Trojan is also launched every time a user runs Notepad. 
TROJ_QAZ also attempts to spread itself to other shared drives on local 
networks.
Link: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_QAZ.A


MASSIVE DDOS?
Attackers are using the rcp.statd and wu-ftpd vulnerabilities to ready 
another distributed Denial of Service attack. MSNBC is reporting there are 
at least 560 computers infected.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://slashdot.org/articles/00/09/16/215225.shtml


SMARTCARDS BENEFIT FROM BIOMETRICS
Fingerprint authentication specialist Veridicom has announced a new combined 
smartcard reader and fingerprint scanner that is designed to improve smartcard 
authentication systems by replacing passwords with biometric security. Analyst 
firm Gartner Group recently reported that each year firms spend $350 per user 
managing password issues.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/37/ns-17927.html


AUTHOR OF CIH VIRUS ARRESTED IN TAIWAN
The virus writer who created the infamous Chernobyl virus has been
detained by authorities in Taiwan and could face up to 3 years in jail.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/36/ns-17921.html


AN INTERVIEW WITH PIMPSHIZ
"I met pimpshiz in the time span that Observers has been up, sometime in 
the last two years, when the news reports broke about "pimpshiz" having 
been responsible for the widespread defacement of websites in a protest over 
the potential closing of Napster. I wondered if it was the same individual we 
here at observers knew, and to my shock it was."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.observers.net/pimpshiz.html


EXPLOITATION OF RCP.STATD AND WU-FTPD VULNERABILITIES
Sites involved in related incidents are reporting finding hosts compromised 
through one of these two vulnerabilities. In several cases, hundreds of 
compromised hosts have been involved in single incidents. Intruders appear to 
be using automated tools to probe for and exploit vulnerable hosts on a 
widespread scale. A large majority of the compromised hosts involved in this 
activity have been running various versions of Red Hat Linux. Insecure default 
configurations in some versions, especially with respect to the vulnerable 
rpc.statd service often being enabled during automated installation and upgrade 
processes, have contributed to the widespread success of these attacks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cert.org/incident_notes/IN-2000-10.html


PGP "UNHASHED SUBPACKET" PROBLEM - SERIOUS?
"I've been studying the UNIX source code for PGP 6.5.1i, and it seems to me 
that the "unauthorized ADK" bug could be just one manifestation of what may 
in fact be a far more serious problem.As best I can tell, PGP's that implement 
the new (version-4) data format do not appear to care whether ANY signature 
subpacket is in the hashed section of the signature or not. If I'm right, the 
signature hashing mechanism can be bypassed completely, and ANY info in 
ANY version-4 signature (not just ARR/ADK info) can be easily forged by a 
malicious attacker."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/pgp-badbug2.htm


SECURITY SCANNERS
"There are various tools available for Linux system scanning and intrusion 
detection. I will explain some of the very famous tools available. I have 
divided the scanners into three categories: Host Scanners, Network Scanners, 
and Intrusion Scanners."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://linuxsecurity.com/feature_stories/feature_story-66.html


LINUX COMMUNITY SNUBS SDMI HACKER CHALLENGE
The Linux Journal is sponsoring a boycott of the Secure Digital Music Initiative 
hacking challenge, which promises to pay $10,000 to any hacker who strips 
out the watermark from a digital song. Some Linux lovers say the record industry
 is using the hackers as a "free consulting" service to help it crack down on 
legal uses of music in the future, in an attempt to exert unprecedented control 
over when and where people play songs.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/36/ns-17904.html


REPORTS RAISE QUESTIONS OVER WEB SECURITY
Fresh doubt has been cast on the security of using the Internet for commercial 
purposes after several high-profile Web sites were targeted by attackers. Two 
separate reports say that while consumers may prefer to use e-mail rather than 
the telephone, inefficient and insecure systems mean they often have to resort 
to the telephone anyway.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/09/14/britain.websecurity/index.html


MICHIGAN "ANTI-HACKER" LAW'S FIRST FELONY CHARGES
Attorney General Jennifer Granholm today announced that she has filed felony 
criminal charges against two Michigan men each accused of unlawfully entering 
a third-party computer system. The charges are the first under a Michigan 
law which makes the unauthorized alteration, damage or use of a computer 
system a felony. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ag.state.mi.us/AGWebSite/press_release/pr10189.htm


HACKER SUED BY AN ANTITERRORIST JUDGE
Vincent Plousey aka Larsen, who's been arrested by the DST (french counter–

intelligence agency), is accused of having disclosed national defence secrets by an antiterrorist judge. The trouble is that the informations he revealed on the Net are freely available in bookshops...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/larsen091200.htm


NEW TECHNOLOGY TRACKS, KILLS DOS ATTACKS AT ISP LEVEL
With the DoS attacks on the rise, four University of Washington computer 
networking experts formed a company, called Asta Networks, aimed at protecting 
websites from assaults. Stefan Savage, a Ph.D. candidate whose research is 
at the center of Asta's technology, said he and his computer science advisors 
decided they could have a greater impact on the industry by forming a company 
rather than by writing papers. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.planetit.com/techcenters/docs/security/news/PIT20000914S0028


ONLINE FRAUDSTERS FLEECE UK ETAILERS
Online crime pays, according to a report published today by Experian. The global 
information solutions group claims nine out of ten efraudsters aren't caught and 
are simply getting away with it. The survey reveals that when it comes to 
checking the authenticity of credit card transactions, many of Britain's etailers 
are lax. The survey of 800 British etailers found that many online authentication 
systems were wanting and most relied on manual systems to check credit card 
details.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/13251.html


COME MEET THE SUSE LINUX SECURITY TEAM
Meet the guys who repair and document security flaws for SuSE in this brief 
article. Further down the same page you'll find security reports, updates and 
resources.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.lwn.net/2000/0914/security.php3



E-SIGNATURE ACT
Some deals are still done with a signature on the dotted line, even with the 
advent of the Net. San Francisco-based LeaseExchange can process a rental 
request in less than a minute, but it can take days to execute leases – that 
is, getting everyone to sign the paperwork. CEO Aaron Ross admits it's "a very
inefficient process right now." He's eager to see whether authentication 
technologies will speed things up without harming customer relationships. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/09/12/esigs.drive.demand.idg/index.html


EVE.COM SECURITY BREACH
San Francisco Bay Area software developer Jonathan Khoo, discovered a 
breach in Eve.com, that allowed customers to view other people's orders 
by simply changing a number in the URL. After that, Eve.com shut down 
their servers, and now they are back online again.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1007-200-2770505.html


SEVERAL TAIWANESE SITES PENETRATED
Several Taiwanese electronic newspapers and Web newsletters published 
by IT companies were broken into Tuesday by a hacker presumed to be 
based in China. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://asia.internet.com/2000/9/1303-taiwan.html


HARRIS INTERACTIVE DROPS ITS LAWSUIT
Major polling firm Harris Interactive has dropped its lawsuit against Microsoft 
Corp., Qwest Communications International Inc., America Online Inc. and 
other ISPs it accused of unfairly blocking its e-mail. Along with the ISPs, 
Harris also sued the Mail Abuse Prevention System, which put Harris on 
its "black hole" list of spammers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com


VISA SEEKS NET SECURITY WITH "SMART CARD"
In a bid to provide tighter security for e-commerce and other transactions, 
Visa U.S.A. rolled out its new digital-based "smart card" on Tuesday. The 
smart card will store customer identification and account information within
 a microprocessor chip, and only smart card readers will be able to access 
the secured data. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ecommercetimes.com/news/articles2000/000913-4.shtml

----------------------------------------------------------------------------



============================================================
Sponsored by Dialego - Online Market Research
============================================================
We conduct the first world-wide online survey for IT-security specialists.
Please click http://www.dialego.de/1033_it/_e/sman.php3?co=e , fill in the 
online questionnaire and you may be one of the lucky people to win prizes in 
the amount of altogether € [EURO] 1500:
   1st prize: Casio Digital Camera
     2nd prize: 3Com Palm Personal Digital Assistant
        3rd prize: Tandem parachute jump
plus 50 personal firewalls as individual protection for your computer plus
50 programs for boot protection and hard disk encryption
============================================================




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

WEBSPHERE APPLICATION SERVER PLUGIN ISSUE
WebSphere uses the HTTP Host: header to decide which WAS Virtual Host will 
service a particular request. If you send huge amounts of data in the Host: 
request header. Depending on how many bytes were in the Host: header, you
could cause the web server process to fault on either signal 11 (SIGSEGV) or 
signal 10 (SIGBUS). 
Link: http://www.net-security.org/text/bugs/969275035,75755,.shtml


INTERNET SHOPPER'S MAIL SERVER OPEN RELAY BUG
Internet Shopper Ltd's Mail Server can be made to accept and handle mail for 
non-local sites. The version involved is Internet Shopper Ltd's Mail Server v3.02.13
Exploit: The use of the semi-colon in the "mail from" command will allow mail to 
be sent to machine that aren't local.
Link: http://www.net-security.org/text/bugs/969274960,45311,.shtml


MDAEMON WEB SERVICES HEAP OVERFLOW DoS
The Mdaemon Worldclient on TCP port 3000 and the Mdaemon Webconfig on 
TCP port 3001 both contain the same vulnerability. If a certain request is sent 
to the web service, it results in a heap overflow, crashing the service with a 
Dr. Watson access violation. This appears to be a general problem in the way 
that Mdaemon handles these kinds of URLs, so if other Mdaemon web services 
are used, those are probably vulnerable as well. The reason that the before 
mentioned services were tested is that they are enabled in a default installation. 
Link: http://www.net-security.org/text/bugs/969274876,97962,.shtml


VULNERABILITY IN CAMSHOT SERVER
CamShot is a web server that serves up web pages containing time stamped 
images captured from a video camera. This product contains a remotely 
exploitable security vulnerability that allows a remote attacker to gain elevated 
privileges on the remote system.
Link: http://www.net-security.org/text/bugs/969156843,52782,.shtml


MICROSOFT'S NTML PATCH RE-RELEASED
Microsoft has released a patch that eliminates a security vulnerability in the 
telnet client that ships with Microsoft(r) Windows 2000. The vulnerability could, 
under certain circumstances, allow a malicious user to obtain cryptographically 
protected logon credentials from another user.
Link: http://www.net-security.org/text/bugs/969156774,38080,.shtml


SAMBAR SERVER SEARCH CGI VULNERABILITY
The vulnerability occurs in the search.dll Sambar ISAPI Search shipped with this 
product. This dynamic link loader does not check on the 'query' parameter that 
is parsed to the server, therefore by constructing a malformed URL we are able 
to view the contents of the server, all folders, and files.
Link: http://www.net-security.org/text/bugs/969156650,43479,.shtml


RED HAT LINUX - FORMAT STRING EXPLOIT IN SCREEN
Screen allows the user to overload the visual bell with a text message that can 
be set by the user. This text message is handled as a format string, instead of 
as a pure string, so maliciously written format strings are allowed to overwrite 
the stack. Since screen in Red Hat Linux 5.2 and earlier releases was setuid 
root, this security hole could be exploited to gain a root shell. 
Link: http://www.net-security.org/text/bugs/968981154,31859,.shtml


SLACKWARE LINUX - XCHAT INPUT VALIDATION BUG FIXED
An input validation bug was found to affect Slackware Linux 7.0, 7.1, and 
-current. The problem is described in detail here:
http://www.securityfocus.com/bid/1601
Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the 
xchat.tgz package available in the Slackware -current branch.
Link: http://www.net-security.org/text/bugs/968981067,67750,.shtml


LINUX MANDRAKE - MOD_PHP3 UPDATE
A problem exists with PHP3 and PHP4 scripts regarding RFC 1867-based file 
uploads. PHP saves uploaded files in a temporary directory on the server, using 
a temporary name that is referenced as the variable $FOO where "FOO" is the 
name of the file input tag in the submitted form. Many PHP scripts process $FOO 
without taking measures to ensure that it is in fact a file that resides in the 
temporary directory. Because of this, it is possible for a remote attacker to 
supply an arbitrary file name as the value for $FOO by submitting a standard 
form input tag by that name, and thus cause the PHP script to process arbitrary 
files. The vulnerability exists in various scripts, and not necessarily with PHP 
itself, as the script determines what actions to perform on the uploaded file. 
Link: http://www.net-security.org/text/bugs/968980963,39268,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

CHEK POINT ANNOUNCES SECURE VIRTUAL NETWORK - [13.09.2000]

Check Point Software Technologies, the worldwide leader in securing the Internet, 
announced Secure Virtual Network (SVN) Solution Pack for Startups, bringing 
enterprise-class security to new Internet businesses. SVN Solution Pack for 
Startups is an affordable, integrated security solution that provides startup 
companies with the manageability, reliability, and scalability they need to secure 
their growing eBusinesses today and into the future.

Press release:
< http://www.net-security.org/text/press/968677302,82000,.shtml >

----------------------------------------------------------------------------

ACCORD NETWORKS ANNOUNCES VIDEO FIREWALL GATEWAY  - [13.09.2000]

Accord Networks, the leading manufacturer of a family of IP, ATM, and ISDN 
visual and voice communications solutions including network switches, 
conference bridges, gateways and management systems, announced the 
Accord(R) V2GC-20 Firewall Gateway, the latest member of the Accord 
V2IPERA family of advanced IP video and voice products and services. 

Press release:
< http://www.net-security.org/text/press/968677453,73167,.shtml >

----------------------------------------------------------------------------

AXENT'S RAPTOR FIREWALL "STILL FIRED UP" - [13.09.2000]

AXENT Technologies, Inc., one of the world's leading Internet security solution 
providers for e-business, that recently entered into a definitive agreement with 
Symantec Corporation to be acquired, announced today that its market-leading 
perimeter security solution, Raptor Firewall, was praised as "still fired up" in a 
recent InternetWeek magazine review for its proxy-based security, improved 
management console and integrated virtual private network (VPN) solution. 
The reviewer commended Raptor Firewall for its interoperability and flexibility, 
noting that the firewall is one of the "best application filtering firewalls on 
the market." 

Press release:
< http://www.net-security.org/text/press/968677494,15578,.shtml >

----------------------------------------------------------------------------

SMARTCARD READER & FINGERPRINT SENSOR INTEGRATION - [13.09.2000]

Veridicom, Inc., the leader in fingerprint-based e-business authentication devices 
and services, unveiled a PC peripheral to combine a smartcard reader with a 
highly accurate Veridicom fingerprint sensor into a single device no larger than a 
computer mouse. The compact Veridicom 5thSense Combo peripheral makes it 
convenient to use multi-factor authentication with a smartcard by replacing 
passwords and Personal Identification Numbers with simple "just-press-here" 
fingerprint authentication. 

Press release:
< http://www.net-security.org/text/press/968677552,80833,.shtml >

----------------------------------------------------------------------------

WANT TO BUY ENCRYPTION.COM? - [13.09.2000]

DomainMinds.com, LLC, a California-based domain name brokerage, announced 
that it is handling the auction of the highly coveted encryption.com domain 
name. "We are very excited to have the opportunity to offer this domain for 
sale," said DomainMinds.com, LLC president and CEO Blair Cummins. "With 
growing concern over Internet privacy and security, the encryption industry is 
showing rapid growth. The company that acquires the encryption.com domain 
will gain a strong advantage in what looks to be a highly competitive market. 
This truly is a powerful brand asset." 

Press release:
< http://www.net-security.org/text/press/968803014,51043,.shtml >

----------------------------------------------------------------------------

ALLADIN LAUNCHES ESAFE GATEWAY 3.0 - [13.09.2000]

Aladdin Knowledge Systems, a global leader in the field of Internet content and 
software security, launched eSafe Gateway 3.0, the first and only all-in-one 
proactive content security solution that protects corporate networks and users 
from known and unknown attacks, before they get to users' personal computers. 
Using new patent-pending NitroInspection technology, eSafe Gateway 3.0 allows 
for an uninterrupted flow of secure Internet content without the sacrifice in 
performance that occurs with competitive solutions. 

Press release:
< http://www.net-security.org/text/press/968803081,53343,.shtml >

----------------------------------------------------------------------------

NEW CLASSES FOR HACKING AND SECURING WINDOWS - [13.09.2000]

Foundstone Inc., the premier computer security training and consulting company, 
announced a new series of computer security classes, Ultimate NT/2000 Security: 
Hands On. The classes will teach how to combat security threats to Windows NT 
and Windows 2000 systems. The first class will be held in New York City on 
October 10th, with an additional class scheduled for New York in December. 
Participants will learn security techniques from a hacker's perspective, assessing 
architectural vulnerabilities and deploying countermeasures. Topics covered will 
include "Password Cracking," "Buffer Overflow Attacks," "Gaining Command-Line 
Access," and "Registry Manipulation." 

Press release:
< http://www.net-security.org/text/press/968803183,88077,.shtml >

----------------------------------------------------------------------------

SYBARI ENTERS BUSINESS SOLUTIONS FOR EXCHANGE - [13.09.2000]

Sybari Software, Inc., the premier antivirus and security specialist for groupware 
solutions today announced their acceptance into Compaq's Business Solutions 
for Exchange Program. Entry into Compaq's alliance of leading technology 
company's is yet another aggressive move by Sybari to further extend their 
reach to the Microsoft Exchange community with their award-winning antivirus 
and security solution, Antigen.

Press release:
< http://www.net-security.org/text/press/968803443,21714,.shtml >

----------------------------------------------------------------------------

NETGUARD FIREWALL FOR JUST $9,95 - [13.09.2000]

Businesses and corporations operating on Windows NT can now protect 
themselves from hackers, computer hijackers and internal bandwidth hogs 
thanks to a free firewall from NetGuard, Inc., a leading provider of enterprise 
class network security, privacy and management solutions. 

Press release:
< http://www.net-security.org/text/press/968803558,24065,.shtml >

----------------------------------------------------------------------------

CYLINK’S PRIVATEWIRE SECURES FINANCIAL TRANSACTIONS - [14.09.2000]

Cylink Corporation, a leading provider of secure e-business solutions, announced 
that Ball State Federal Credit Union has reached the 1,000-member milestone in 
sign-ups for secure access to financial information over the Internet using Cylink 
PrivateWire authentication and encryption technology. 

Press release:
< http://www.net-security.org/text/press/968887674,50364,.shtml >

----------------------------------------------------------------------------

TREND MICRO PROTECTS SYDNEY GAMES ORGANISERS - [14.09.2000]

Trend Micro Inc. announced that it has doubled its response team ahead of the 
Olympic Games' opening this Friday, in readiness to support such customers as 
the Sydney Organising Committee of the Olympic Games, Stadium Australia, the 
Sydney Opera House, New South Wales Police, Sydney Airport and Telstra during 
the hectic games period. In addition, Trend Micro has teamed up with Telstra to 
provide remotely-managed antivirus services to Stadium Australia, making it the 
first site in Australia to receive 24x7 "live" antivirus monitoring for the duration 
of the games. 

Press release:
< http://www.net-security.org/text/press/968887867,97472,.shtml >

----------------------------------------------------------------------------

SECUDE TO INTRODUCE IDENTRUS SECURITY SOLUTIONS - [14.09.2000]

German software supplier SECUDE GmbH is one of the first companies to offer 
security solutions complying with the Identrus standards for a global public key 
infrastructure, a critical step in enabling secure electronic financial transactions 
to take place over the Internet. Identrus is an initiative of leading international 
banks to establish binding standards for secure online transactions. Identrus 
standards ensure that the mutual electronic authentication of transactions 
creates an acknowledged reliability between banks and their business partners.

Press release:
< http://www.net-security.org/text/press/968888022,35898,.shtml >

----------------------------------------------------------------------------

PSA SECURITY NETWORKS RECOMMENDS MOTOROLA FLEXPASS - [14.09.2000]

ASIS Motorola announced that PSA Security Network, a large international 
electronic security systems company, now recommends Motorola FlexPass RFID 
security products for all new installations of proximity security and access 
control systems. "We see Motorola putting the kind of energy into customer 
service that produces and sustains real results, and we like that," says Jim 
Hawver, vice-president of sales and marketing at PSA Security Network.

Press release:
< http://www.net-security.org/text/press/968888158,76071,.shtml >

----------------------------------------------------------------------------

HIGH-LEVEL SECURITY SOLUTIONS FOR RACKSPACE - [14.09.2000]

Rackspace Managed Hosting, a leading provider of managed Internet hosting 
services, announced the launch of its new security offerings and managed 
security services, which provide Rackspace customers with a wide range of 
high-level security solutions. Round-the-clock support staff will be available 
both at Rackspace and through a partnership with ManagedFirewall.com to 
resolve security issues on demand. 

Press release:
< http://www.net-security.org/text/press/968896285,6915,.shtml >

----------------------------------------------------------------------------

CYLINK NETHAWK VPN "BEST BUY" IN SC MAGAZINE - [15.09.2000]

E-business security solutions provider Cylink Corporation announced that its 
NetHawk VPN, a high-performance virtual private network appliance for 
establishing secure Internet communications, has been named “Best Buy” in 
the September issue of SC Magazine. The information security magazine’s 
product review lauded NetHawk for “its exceptional speed and reliability” and 
the VPN’s PrivaCy Manager, a policy-based management application. “Once the 
device manager is installed, it is extremely scaleable; you simply plug in new 
boxes as and when you need them, which is perfect for any growing business,” 
the review said.

Press release:
< http://www.net-security.org/text/press/969017587,37286,.shtml >

----------------------------------------------------------------------------




Featured articles
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

Listed below are some of the recently added articles.

----------------------------------------------------------------------------

ISSUES: THE SECURITY OF ELECTRONIC BANKING, LEGACY OF THE C0W by Thejian

The article starts with the Dutch television show that exposed the Dutch banking 
organisation ABN AMRO's HomeNet program as being insecure. Computer science 
students had found a way to trick this electronic banking system into redirecting 
a user's bank transfers to a different account. As could have been expected, press 
and consumer organisations fell en masse for the possibilities the idea of"hackers" 
snooping around in your bank account presented. And it doesn't stop there...

Article:
< http://www.net-security.org/text/articles/thejian/legacy.shtml >

----------------------------------------------------------------------------

VIRUS SCANNER INADEQUACIES WITH NTFS by Chris Brenton

While the existence of data streams within the NT file system (NTFS) has been 
known for many years (Microsoft has released quite a bit of info on alternate 
streams), virus vendors have not taken steps to adequately check this area of 
the file system. This deficiency can be leveraged in order to hide malicious code 
or even cause the virus scanner itself to destroy critical system files.

Paper:
< http://www.net-security.org/text/articles/viruses/ntfs.shtml >

----------------------------------------------------------------------------

A DIFFERENT LANGUAGE ACROSS THE BORDER by Hyper Viper

In this article Hyper Viper explains how bi-lingual servers speaking different 
protocols to different networks can add security to your Internet exposed nodes.

Article:
< http://www.net-security.org/text/articles/language.shtml >

----------------------------------------------------------------------------

BUILDING A BASTION HOST USING HP-UX 11 by Kevin Steves
 
A bastion host is a computer system that is exposed to attack, and may be a 
critical component in a network security system. Special attention must be paid 
to these highly fortified hosts, both during initial construction and ongoing 
operation. This paper presents a methodology for building a bastion host using 
HP-UX 11. While the principles and procedures can be applied to other HP-UX 
versions as well as other Unix variants, the focus is on HP-UX 11.

Paper:
< http://www.net-security.org/text/articles/index-download.shtml#HP-UX >

----------------------------------------------------------------------------

NETWORK INTRUSION DETECTION OF THIRD PARTY EFFECTS by Richard Bejtlich

The main goal of this paper is to familiarize the reader with reactions and 
responses from innocent victims, who may be subject to reconnaissance or 
denial of service. If a perpetrator spoofs your address space you may see 
unsolicited traffic from an innocent second party.

Paper:
< http://www.net-security.org/text/articles/index-download.shtml#NID >

----------------------------------------------------------------------------

PROPHYLAXIS OF COMPUTER INFECTION by Kaspersky Lab

One of the major methods of fighting computer viruses, like in medical science, 
is timely prophylaxis or preventive measures. Computer preventive measures 
suggest following a small set of rules, allowing to lower considerably the 
possibility of virus infection and data loss. To define the main rules of computer 
hygiene, it is necessary to find out the main ways of virus intrusion into 
computer and computer network.

Article:
< http://www.net-security.org/text/articles/viruses/infection.shtml >

----------------------------------------------------------------------------

FORMAT STRING ATTACKS by Tim Newsham

The cause and implications of format string vulnerabilities are discussed. 
Practical examples are given to illustrate the principles presented. 

Article:
< http://www.net-security.org/text/articles/string.shtml >

----------------------------------------------------------------------------

KASPERSKY LAB REFUTES ACCUSATIONS ABOUT THE SPREADING OF "VIRUS HYSTERIA"

Given the latest events, Kaspersky Lab would like to once again confirm its 
position regarding the danger present in the NTFS alternate data streams. 
Furthermore, we state that by continuing to ignore the problem and not taking 
similar steps-steps that Kaspersky Lab has already taken and continues to 
take-to bring their anti-virus product up to contemporary standards, the 
aforementioned competitor anti-virus companies are neglecting their users' 
anti-virus security. 

Article:
< http://www.net-security.org/text/articles/viruses/hysteria.shtml >

----------------------------------------------------------------------------

COMPUTER SECURITY WEAKNESSES PERSIST AT THE VETERANS HEALTH ADMINISTRATION

In September 1998, the General Accounting Office reported that computer 
security weaknesses placed critical VA operations, including health care delivery, 
at risk of misuse and disruption. Since then, VA's New Mexico and North Texas 
health care systems have corrected most of the specific computer security 
weaknesses that were identified in 1998. However, serious computer security 
problems persist throughout VHA and the department.

Paper:
< http://www.net-security.org/text/articles/index-download.shtml#CSW >

----------------------------------------------------------------------------

QUANTUM CRYPTOGRAPHY by Caboom

This tutorial will give you a basic idea about quantum cryptography.

Paper:
< http://www.net-security.org/text/articles/index-download.shtml#Quantum >

----------------------------------------------------------------------------

MAIL ABUSE PREVENTION ORGANIZATION STANDS UP TO GIANT HARRIS INTERACTIVE

Mail Abuse Prevention System, the Redwood City based anti-spam organization, 
says that it will vigorously defend the law suit filed by online market research 
giant Harris Interactive Inc. Harris has sued Microsoft, and AOL, naming MAPS as 
a co-defendant, in an effort to force Microsoft and AOL to accept unsolicited 
bulk commercial email, also known as "spam", from Harris. MAPS maintains several 
databases which companies such as Microsoft's Hotmail use to help them manage 
the Internet email traffic which crosses their networks. We have a copy of the complaint.

Complaint:
< http://www.net-security.org/text/articles/index-download.shtml#MAPS >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

TOP SECRET INTRANET: HOW U.S. INTELLIGENCE BUILT INTELINK
THE WORLD'S LARGEST, MOST SECURE NETWORK

Using the example of "Intelink", the classified worldwide Intranet for the 
intelligence community, this book is one of the first on current intelligence 
operations written by an "insider". The CD-ROM includes sample Intelink 
software demos relating to collaboration tools, security products, and 
other applications.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0130808989/netsecurity >

----------------------------------------------------------------------------

BLACK BELT WEB PROGRAMMING METHODS; SERVERS, SECURITY, DATABASES AND SITES

Use this book to build a robust infrastructure for powerful Web sites. Master 
programmers who write for Web Techniques, Dr. Dobb's Journal, Interactivity, 
Data Base Management Systems, Network, and Software Development have 
joined forces to tackle the latest round of web programming puzzles for you. 
Learn airtight security procedures and hypertext transaction designs. Build 
databases that are easy to use. Whether you need to create distributed 
objects or automate Web site maintenance, these seasoned programmers 
explain how to do it right, and they give you the code to do the job. The 
companion code disk includes detailed, reusable code for each of the 
applications presented. Programming languages include C/C++ and Java.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0879304979/netsecurity >

----------------------------------------------------------------------------

ENCYCLOPEDIA OF DISASTER RECOVERY, SECURITY & RISK MANAGEMENT

The Encyclopedia of Disaster Recovery, Risk Management & Security is a 300+ 
page spiral bound manual, which provides over 2,000 pieces of research on the 
subjects of disaster recovery, risk management and security. The Encyclopedia 
is a comprehensive reference guide organized by easy to follow icons allowing 
quick navigation to areas of specific interest. The Encyclopedia draws on Mr. 
Schreiders 20+ years of experience in an A to Z presentation of industry 
research, risk management guidelines, recovery planning tips and techniques, 
security safeguards, and terminology. Disaster Recovery Planners, Risk 
Managers, and Security Administrators will all equally benefit from this 
invaluable storehouse of knowledge.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0966272900/netsecurity >

----------------------------------------------------------------------------

BUILDING LINUX CLUSTERS

This book discusses complex modeling, virtual world creation, and image 
generation; shows readers how to choose hardware; and explains cluster 
topologies. As the author notes, Linux clusters regularly make the list of the 
world's top 500 supercomputers. Not bad for a free system. Of course, running 
your own cluster isn't trivial, but the book shows how straightforward it can be 
for basic clusters, and how far clusters can be extended. The book covers the 
all-important intermachine-communications issues in exhaustive depth. Setting 
up the hardware can be relatively straightforward as is the software installation. 
The tutorial uses Red Hat's 6 Linux distribution--it's supplied with the book--and 
adds all the clustering software and tools.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1565926250/netsecurity >

----------------------------------------------------------------------------

CORBA SECURITY: AN INTRODUCTION TO SAFE COMPUTING WITH OBJECTS

The CORBA security specification adopted by the Object Management Group 
(OMG) represents a major step forward in making object technology suitable 
for business application development. The specification document, however, is 
long, detailed, and complex; it is a time-consuming task for software developers 
to make their way through it, and it is inaccessible to CIOs and other technical 
managers who need to understand object security and its impact on their 
organizations.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0201325659/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

FIRE-WALLER (LINUX)

Fire-Waller reads your syslog against packet filter rows and creates HTML 
output of the found rows. All addresses in logfiles are checked against a 
nameserver and protocols/services are converted from numeric values to text.

Link:
< http://net-security.org/various/software/968030527,29733,.shtml >

----------------------------------------------------------------------------

NETWORK SECURITY ANALYSIS TOOL (LINUX)

NSAT is a fast, stable bulk security scanner designed to audit remote network 
services and check for versions, security problems, gather information about the 
servers and the machine, and much more. Unlike many other auditing tools, it can 
collect information about services independently of vulnerabilities, which makes it 
less dependent on frequent updates as new vulnerabilities are found.

Link:
< http://net-security.org/various/software/968030615,24271,.shtml >

----------------------------------------------------------------------------

WINDOWS 2000 IIS 5.0 HOTFIX CHECKING TOOL

The HFCheck tool allows IIS5.0 administrators to ensure that their servers are 
up to date on all security patches. The tool can be run continuously or periodically, 
against the local machine or a remote one, using either a database on the MS web 
site or a locally-hosted copy. When the tool finds a patch that hasn't been installed, 
it can display or dialogue or write a warning to the event log.

Link:
< http://net-security.org/various/software/968181513,8218,.shtml >

----------------------------------------------------------------------------

WINZAPPER FOR WINDOWS NT 4.0 AND WIN 2K

WinZapper can only be used from an Administrators account, thus this has 
nothing to do with any new security vulnerabilities in Windows NT / 2000. After 
an attacker has gained Administrators access to your system, you simply cannot 
trust your security log! And as always, remember that attacker having that kind 
of access can do anything to your system!

Link:
< http://net-security.org/various/software/968284983,30844,.shtml >

----------------------------------------------------------------------------

SCANSSH (LINUX)

Scanssh scans a list of addresses and networks for running SSH servers and 
their version numbers. scanssh supports random selection of IP addresses from 
large network ranges and is useful for gathering statistics on the deployment of 
SSH servers in a company or the Internet as whole.

Link:
< http://net-security.org/various/software/968334220,65880,.shtml >

----------------------------------------------------------------------------

ANTIVIRUS FOR PALM OS BETA

Symantec AntiVirus for Palm OS is a Palm application that scans for and detects 
viruses in all Palm OS-compatible devices. Symantec AntiVirus for Palm OS 
ensures security for your data by running on-demand scans that detect and 
remove viruses directly on your handheld device, protecting data even between 
synchronizations. 

Mac users:
< http://net-security.org/various/software/968461705,78724,.shtml >

PC users:
< http://net-security.org/various/software/968461805,3997,.shtml >

----------------------------------------------------------------------------

VSE MY PRIVACY 1.2.1 (MAC)

VSE My Privacy is data security software that allows you to store and organize 
your confidential data in a safe place. It uses a military-strength, 448-bit 
encryption algorithm designed to be uncrackable. The application is designed to 
store bank account information, credit card numbers, Web site passwords, 
telephone numbers, private addresses, email account passwords, PINs, keys for 
unlocking software, membership numbers, and other confidential data in a simple 
and easy-to-use database.

Link:
< http://net-security.org/various/software/968461997,17766,.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[10.09.2000] - Ohio State Department of Commerce
Original: http://www.com.state.oh.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/10/www.com.state.oh.us/

[10.09.2000] - Government of Guam
Original: http://www.admin.gov.gu/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/10/www.admin.gov.gu/

[10.09.2000] - LegoLand Windsor
Original: http://www.legoland.co.uk/
Defaced: http://www.net-security.org/misc/sites/www.legoland.co.uk/

[10.09.2000] - Soccer Central USA
Original: http://www.soccercentralusa.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/10/www.soccercentralusa..com/

[10.09.2000] - North Carolina State Department of Commerce
Original: http://www.commerce.state.nc.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/10/www.commerce.state.nc.us/

[11.09.2000] - MIT Department of Chemical Engineering
Original: http://montoresa.mit.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/montoresa.mit.edu/

[11.09.2000] - Ryan D Williams MIT Web site
Original: http://rdw.mit.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/rdw.mit.edu/

[11.09.2000] - First Domain Name Company
Original: http://www.firstdomainnamecompany.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/www.firstdomainnamecompany.com/

[11.09.2000] - World Peace Collection
Original: http://www.worldpeacecollection.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/www.worldpeacecollection.com/

[11.09.2000] - Elite Crew
Original: http://www.elitecrew.nu/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/11/www.elitecrew.nu/

[12.09.2000] - GhostMail
Original: http://www.ghostmail.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/12/www.ghostmail.com/

[12.09.2000] - New American Leasing & Financing
Original: http://www.newamericanleasing.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/12/www.newamericanleasing.com/

[12.09.2000] - r00tabega
Original: http://www.r00tabega.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/12/www.r00tabega.org/

[12.09.2000] - #2 Organization of the Petroleum Exporting Countries
Original: http://www.opec.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/12/www.opec.org/

[13.09.2000] - Pennsylvania State Government
Original: http://www.dgs.state.pa.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/13/www.dgs.state.pa.us/

[13.09.2000] - Incra/Instituto Nacional de Colon e Ref. Acgraria
Original: http://www.nead.gov.br/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/13/www.nead.gov.br/

[14.09.2000] - Citizen's Scholarship Foundation
Original: http://www.csfa.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/14/www.csfa.org/

[15.09.2000] - Spamlaws.com
Original: http://www.spamlaws.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/15/www.spamlaws.com/

[15.09.2000] - National Highway Traffic Safety Administration
Original: http://www.nhtsa.dot.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/15/www.nhtsa.dot.gov/

[16.09.2000] - American Osteopathic Association
Original: http://www.aoa-net.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/16/www.aoa-net.org/

[16.09.2000] - Technosoft HK Ltd
Original: http://www.technosofthk.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/16/www.technosofthk.com/

[17.09.2000] - Internet Shinmun Co.,Ltd.
Original: http://www.2000korea.co.kr/
Defaced: http://www.attrition.org/mirror/attrition/2000/09/17/www.2000korea.co.kr/

----------------------------------------------------------------------------



Questions, contributions, comments or ideas go to:

Help Net Security staff

staff@net-security.org
http://net-security.org



---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org