HNS Newsletter
Issue 33 - 02.10.2000
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Table of contents:

1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security books
6) Defaced archives


==========================================================
Sponsored by Kaspersky Lab - You Personal Anti-Virus Guard
==========================================================
The Breakthrough Technology Protecting Your Computers From Viruses!

Subscribe to Kaspersky Lab's FREE newsletter delivering you
the latest and trustworthy information source on computer
viruses and their counter measures. You will always be up
to date when securing your computer!
Join now! http://www.kasperskylab.ru/eng/news/maillist.asp
==========================================================


General security news
---------------------


----------------------------------------------------------------------------

BUSH CAMPAIGN MOUNTS EMAIL ASSAULT
"A strangely spamlike viral marketing campaign is being cranked-up in
support
of George W Bush's campaign for the US presidency. We use the term
"spamlike"
advisedly; as we all know, spamming is what other people do, we do
permissions
based email marketing, right?"
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.u
k/content/1/13824.html


WHY KIDS SHOULDN'T BE CRIMINAL HACKERS
"Many kids who become criminal hackers think that what they're doing is just
good harmless fun - like a neat video game. They are wrong. To understand
why using a computer system without permission causes problems, you have
to understand the goals of information security: confidentiality, control,
integrity,
authenticity, availability, and utility."
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/c
over/coverstory20001009.html


A YEAR AGO: SOFTSEEK INFECT USERS WITH NETBUS TROJAN
Internet security Web site, PCHelp, Thursday evening issued a security alert
accusing popular download site Softseek.com of infecting the computers of
users with Trojan horse program, NetBus, leaving them vulnerable to remote
attack. Within the alert, PCHelp alleges that "Windows security program"
WinSec, supposed to enable administrators to restrict user access to
different
Windows features, carries the well-known back door Trojan, Net Bus 170 W95.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news
/2000/40/ns-18324.html


OPENBSD PLUGS A RARE SECURITY LEAK
"For most open source projects, news of an overlooked security hole is
simply
part of the debugging process. But for the developers of OpenBSD, an
operating system whose design motto is "secure by default," it's nothing
short
of an affront."
Link: http://www.upside.com/texis/mvm/story?id=39dceffe0


OMTOOL UNVEILS EASY-TO-USE E-MAIL ENCRYPTION TOOL
Client-server software vendor Omtool has launched an encrypted messaging
application that it said is simpler to use and deploy than complex PKI-based
systems. Although the security level is not as high as with PKI, Omtool's
product offers an elevated degree of protection for companies that currently
have to send confidential messages via unsecured email.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.telekomnet.com/n
ews_security/10-6-00_omtool_encrypttool.asp


SECPROG MAILING LIST
SecurityFocus has opened a new mailing list called SECPROG. It is dedicated
to the discussion of secure programming methods and techniques. One of the
goals of the mailing list is to work on a comprehensive document that will
serve
as a secure programming guideline.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.co
m/forums/secprog/secure-programming.html


CYBERCRIME OUTPACING SECURITY SPENDING
Cybercrime is skyrocketing despite increased spending on security measures,
according to "The 2000 Information Security Survey," a study released by
Information Security magazine. The survey found that more media attention
is given to so-called "sexy cyberattacks" - such as denial-of-service (DoS),
Web defacements, and buffer overflows - committed by outsiders. However,
most cybercrimes are committed by insiders.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ecommercetimes.c
om/news/articles2000/001006-1.shtml


EXPERTS APPLAUD MOVE TO CLOSE WAP SECURITY HOLE
European experts welcomed news that US authorities have finally standardised
an encryption algorithm, saying that it will help close a security hole in
WAP
gateways. William Whyte, senior cryptographer at Baltimore Technologies,
said:
"The point of vulnerability lies at the gateway of a WAP server which
potentially
could allow anyone to read that message. The universal adoption of AES
should
make it possible for people to encrypt directly from the wireless device to
any
web server and it will subsequently remove the point of vulnerability."
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.silicon.com/a400
75


NEW CERT/CC VULNERABILITY DISCLOSURE POLICY
Effective October 9, 2000, the CERT Coordination Center will follow a new
policy with respect to the disclosure of vulnerability information. All
vulnerabilities reported to the CERT/CC will be disclosed to the public 45
days after the initial report, regardless of the existence or availability
of patches
or workarounds from affected vendors.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cert.org/faq/vul
disclosurepolicy.html


SECURE SHELL NOW IN NETBSD MAINLINE
An OpenSSH-based Secure Shell is now available in the main NetBSD
sources. And it will be pulled into the netbsd-1-5 branch, so it will be
available inNetBSD 1.5. (ssh-1.2.27 and OpenSSH were already
available in the NetBSD packages collection.) According to an NetBSD
announcement, the OpenSSH-based implementation is temporary. They
believe it will be replaced within the next couple months with a "completely
independent implementation".
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/200
0/October/News299.html


BINDV9 AND INTERNET SECURITY RELATED INTERVIEW
In this interview, Paul Vixie and David Conrad talk about the Internet
Software
Consoritum, the changes in the latest major version of bind, the security
features designed into it, and the future of Internet security.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.co
m/feature_stories/conrad_vixie-1.html


SECURITY BREACH CONCERNS ARE UP
Audits conducted last year by the General Accounting Office and agency
inspectors general show that 22 of the largest federal agencies have
significant
computer security weaknesses. Among the common problems cited were poor
controls over system access, data access and software development.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.latimes.com/busi
ness/cutting/20001003/t000093746.html


BOSSES GAIN EMAIL SNOOPING RIGHTS
The Government has abandoned "impractical" plans to force companies to seek
permission from their staff to monitor email and phone usage at work. From
October 24th, companies will be permitted "routine access" to any business
emails and phone calls to see if they are business-related.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.u
k/content/1/13722.html


WARNER MUSIC PLAYS WITH DIGITAL SECURITY
In an effort to develop new digital products and thwart Internet piracy,
Warner
Music Group is expanding its partnerships with secure online distributors
and
preparing to unveil a new, high-quality DVD-audio format with anti-copying
features.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0
-1005-200-2925971.html


INTERVIEW WITH MARK ABENE A.K.A. PHIBER OPTIK
Mark Abene, former member of MOD and founder of Crossbar Security talks
candidly about his early hacking and the supposed "war" with LOD as well as
offering his thoughts on the "Golden Age" of hacking.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.co
m/media/65


AOL, HP EXECS CALL FOR NET PRIVACY LAWS
America Online and Hewlett Packard executives told U.S. lawmakers that
industry efforts alone are insufficient to protect consumer privacy online
and
legislation is needed to guard personal data.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.usatoday.com/lif
e/cyber/tech/cti608.htm


FIRSTGOV.GOV FLUNKS SECURITY TEST
A one-stop gateway to all 27 million U.S. government Web pages set up last
month is inadequately protected from attackers.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/s
tories/news/0,4586,2635962,00.html


VIRUS NAMING CHAOS CAUSES CONFUSION
A need to standardise the naming of viruses has become apparent after the
same
virus was given at least four different names by antivirus vendors. Trend
Micro
this week issued an alert for a virus it calls VBS_Columbia, a Love Bug
variant,
which spreads itself by email. Rival vendor Symantec said the virus was
actually
discovered several weeks ago and is called VBS.Plan.A. Sophos calls it
Loveletter.AS and Network Associates calls it Loveletter.AV.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/
1112012


LINUX VIRUS SCANNERS: COMMON PROBLEMS
"So, we've covered Virus scanning for Linux in general, as well as where to
place the scanning software. Even if you do all that perfectly, though, you
can still run into problems."
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/a
rticles/linuxscan20001003-1.html


FBI RELEASES FIRST BATCH OF CARNIVORE DOCUMENTS
The Electronic Privacy Information Center, which sued the FBI for the
information through the Freedom of Information Act, is reviewing the
documents and will soon release its analysis based on the data. The FBI
is required to release additional files at regular intervals, until all
3,000
pages have been delivered to EPIC.
Link:
http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0
-1005-200-2917414.html

----------------------------------------------------------------------------



Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

VULNERABILITY IN MOREOVER.COM'S CACHED_FEED.CGI
Yet another CGI that lacks sufficient (or in this case -any-) input
validation,
leading to the exposure of readable files on the system.
Link: http://www.net-security.org/text/bugs/970533061,34083,.shtml


GNORPM LOCAL /TMP VULNERABILITY
While fixing other problems with the gnorpm package a locally exploitable
security
hole was found where a normal user could trick root running GnoRPM into
writing
to arbitary files due to a bug in the gnorpm tmp file handling. A new
release of
GnoRPM (0.95.1) is now available. This fixes significant numbers of gnorpm
bugs
including the security hole. Administrators who use this program on
multi-user
machines may well want to update it, and anyone who uses it regularly will
probably appreciate the fact it now works rather better than before.
Link: http://www.net-security.org/text/bugs/970533126,51743,.shtml


VULNERABILITY IN CYBEROFFICE SHOPPING CART
It is possible with default installations (according to vendor instructions)
of
CyberOffice to gain access to the database which holds information on
customer
orders, details and credit card information. This data is held in an
unprotected
and un-encrypted Microsoft Access Database.
Link: http://www.net-security.org/text/bugs/970533370,54017,.shtml


WINGATE 4.0.1 DENIAL-OF-SERVICE
The Wingate engine can be disabled by sending an abnormal string to the
Winsock Redirecter Service. The attack is not logged. Vulnerable: Wingate
Home/Standard/Pro 4.0.1, possible prior versions (untested).
Link: http://www.net-security.org/text/bugs/970533572,73497,.shtml


LOCAL VULNERABILITY IN XFCE 3.5.1
XFCE 3.5.1 ships with the following entry in /etc/X11/xfce/xinitrc:
xhost +$HOSTNAME
If a person is using this on a multiuser system, all local users may connect
to
their X session and capture keystrokes, etc.
Link: http://www.net-security.org/text/bugs/970575943,34613,.shtml


PROBLEMS WITH THTTPD 2.19 SSI
The included cgi-bin program "ssi" (combined with a lesser bug in the thttpd
server) allows the viewing of arbitrary files on the remote server. This
includes
files outside of the web root and files in cgi-bin directories (that would
normally
only be executed). However, only files readable by the user that the server
is
running under (usually user 'nobody') can be viewed. This typically limits
the
exposure to world-readable files only.
Link: http://www.net-security.org/text/bugs/970576048,12856,.shtml


RESOURCES NOT FOR ALL
This patch gives limited access for non-root to process table ,only root see
all
process and have access to their entries in proc filesystem. Permission to
directories in proc filesystem is changed to 550 (dr-xr-x---). Non-root
users can
only see own proceses.
Link: http://www.net-security.org/text/bugs/970576193,14761,.shtml


PEGASUS MAIL FILE READING VULNERABILITY
The default setup of Pegasus Mail contains a remotely exploitable security
hole
that allows a remote website to gain copies of files on the users hard
drive.
Link: http://www.net-security.org/text/bugs/970621168,87016,.shtml


CALDERA LINUX - GNORPM PACKAGE
Gnorpm versions prior to 0.95 use files in the /tmp dir in an insecure
manner.
If gnorpm is run as root, this vulnerability could lead to any file on the
system
being overwritten by gnorpm.
Link: http://www.net-security.org/text/bugs/970621281,58939,.shtml


PROBLEM WITH GNU GROFF UTILITIES
The vulnerability is particularly dangerous in Linux distributions that have
the
"lesspipe" feature. By default, a "LESSOPEN" environment variable is set
which
points to a wrapper script for the "less" pager program named
"/usr/bin/lesspipe.sh".
If less is passed a filename with any of the extensions ".1" through ".9",
".n", or
".man", it automatically calls groff to handle the file.
Link: http://www.net-security.org/text/bugs/970702976,58239,.shtml


UNAUTHORIZED "DIRECTORY LISTINGS" UNDER IIS 5.0
It is possible to gain a directory listing of the root directory and every
sub
directory. The impact of this is such that attackers may be able to discover
"hidden" files or enumerate .inc files used in ASP applications and then
directly
download them. .inc files can contain sensitive information such as database
login names and passwords.
Link: http://www.net-security.org/text/bugs/970703043,90499,.shtml


IMMUNIX OS SECURITY UPDATE FOR LPR
RedHat has put out an update to the lpr package due to a potential format
string security bug.
Link: http://www.net-security.org/text/bugs/970703094,39891,.shtml


AOL INSTANT MESSENGER DOS
AOL Instant Messenger version 4.1.2010 (others?) appears to be vulnerable to
a DoS attack when handling file transfers with filenames containing %s. This
DoS is apparently related to a problem with format strings.
Link: http://www.net-security.org/text/bugs/970703303,25609,.shtml


"WORD MAIL MERGE" VULNERABILITY PATCHED
Microsoft has released a patch that eliminates a security vulnerability in
Microsoft
Word 2000 and 97. The vulnerability could allow a malicious user to run
arbitrary
code on a victim's computer without their approval.
Link: http://www.net-security.org/text/bugs/970836665,24380,.shtml


ANOTHER IE 5.5/OUTLOOK SECURITY VULNERABILITY
Internet Explorer 5.5/Outlook allow executing arbitray programs after
viewing web
page or email message. This may lead to taking full control over user's
computer.
Link: http://www.net-security.org/text/bugs/970837661,95810,.shtml


RED HAT LINUX - TRACEROUTE SETUID ROOT EXPLOIT
A root exploit due to a segfault when using multiple -g options is fixed for
Red
Hat Linux 6.x and Red Hat Linux 5.x. A potential denial-of-service attack is
alleviated by enforcing a maximum buffer size of 64Kb. On Red Hat Linux 6.x,
loose source routing (LSRR) now works correctly.
Link: http://www.net-security.org/text/bugs/970919340,13901,.shtml


RED HAT LINUX - ESOUND CONTAINS A RACE CONDITION
Esound, the Gnome sound server, contains a race condition that a malicious
user could exploit to change permissions of any file owned by the esound
user.
Link: http://www.net-security.org/text/bugs/970919495,33832,.shtml


INSECURE CALL OF EXTERNAL PROGRAMS IN RH LINUX TMPWATCH
The tmpwatch utility is used in Red Hat Linux to remove temporary files.
This
utility has an option to call the "fuser" program, which verifies if a file
is currently
opened by a process. The fuser program is invoked within tmpwatch by calling
the system() library subroutine. Insecure handling of the arguments to this
subroutine could potentially allow an attacker to execute arbitrary
commands.
Link: http://www.net-security.org/text/bugs/971105993,28410,.shtml


IMMUNIX OS SECURITY UPDATE FOR TMPWATCH
RedHat has put out an update to the tmpwatch package due to a local denial
of service problem and a potential root exploit
Link: http://www.net-security.org/text/bugs/971106040,86351,.shtml


PHPIX 1.0.X DIRECTORY TRAVERSAL VULNERABILITY
Synnergy has discovered a flaw within PHPix that allow a remote user to
traverse
a directory as a request to the script using the
$mode=album&album=_some_dir_variable.
It is then possible to read any file or folder's contents with priviledges
as the httpd.
Link: http://www.net-security.org/text/bugs/971106264,49747,.shtml

----------------------------------------------------------------------------



Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------
ADVANCED ENCRYPTION STANDARD FROM BALTIMORE TECH. - [03.10.2000]

Baltimore Technologies, a global leader in e-security, announced that it
will fully
support the new AES algorithm, Rijndael, across its full product range,
including
both its hardware and software products. The AES algorithm, chosen today by
the United States National Institute of Standards and Technology (NIST),
will
be incorporated in all Baltimore products including Baltimore KeyTools, a
radical
new suite of developer products and Baltimore SureWare, a range of next
generation e-security hardware products. The AES algorithm will be available
within the KeyTools family beginning Wednesday, October 11th.

Press release:
< http://www.net-security.org/text/press/970533748,63057,.shtml >

----------------------------------------------------------------------------

NOKIA AND MCAFEE TEAM UP - [03.10.2000]

Nokia, a proven leader in network security infrastructure and McAfee, a
Network
Associates, Inc. business unit and the recognized leader in virus
protection,
announced the WebShield for Nokia Appliance, a joint offering designed to
leverage
the growing trend toward network appliance implementations and managed
services.

Press release:
< http://www.net-security.org/text/press/970575888,50055,.shtml >

----------------------------------------------------------------------------

ADDITIONS TO BALTIMORE'S SOLUTIONSPLUS - [03.10.2000]

Baltimore Technologies, a global leader in e-security solutions, announced
the
addition of its Signature Validation Platform as part of SolutionsPlus for
the
Identrus system. Baltimore's SolutionsPlus for the Identrus system is
designed
to provide leading financial institutions worldwide with all the tools they
need to
quickly implement Identrus systems that enable secure business-to-business
e-commerce transactions in a private, confidential, non-reputable manner.

Press release:
< http://www.net-security.org/text/press/970591283,10421,.shtml >

----------------------------------------------------------------------------

MVPN SELECTS BALTIMORE'S SECURE VPN SOLUTION - [03.10.2000]

Baltimore Technologies, a global leader in e-security solutions, announced
that
mVPN has deployed Baltimore's Secure VPN solution, part of the Baltimore
SolutionsPlus line of e-business solutions. The Secure VPN solution is a
combination of best-of-breed partners and leading PKI technology for the
implementation of Virtual Private Networks (VPNs). Secure VPN ensures highly
scalable, cost-effective and easy-to-deploy, yet secure, access to protected
corporate data using public networks such as the Internet.

Press release:
< http://www.net-security.org/text/press/970591356,78974,.shtml >

----------------------------------------------------------------------------

E-SECURITY EXPO AND CONFERENCE INFORMATION - [04.10.2000]

The e-Security Expo and Conference, to be held November 7-8 at the San
Francisco Hilton & Towers will provide executives and technology
professionals
the information they need to protect their customer data, business
intelligence,
and minimize disruptions to their businesses. The conference also focuses on
new
opportunities that can be advantageous for their company's e-business
provided
the right e-security measures are taken.

Press release:
< http://www.net-security.org/text/press/970621097,14964,.shtml >

----------------------------------------------------------------------------

ALADDIN RELEASES ETOKEN ENTERPRISE 1.1 - [0.10.2000]

Aladdin Knowledge Systems, a global leader in the field of Internet content
and
software security, released the beta version of eToken Enterprise 1.1.
Providing
simple implementation of two-factor authentication, secure login, secure
messaging, digital signatures and GINA replacement, eToken Enterprise is
truly an
out-of-the-box solution for securing corporate networks, e-commerce,
e-banking
and Virtual Private Networks (VPNs).

Press release:
< http://www.net-security.org/text/press/970700204,76777,.shtml >

----------------------------------------------------------------------------

SECURE COMPUTING ANNOUNCES Q3 RESULTS  - [05.10.2000]

Secure Computing Corporation, will announce third quarter results on
Thursday,
October 19, after market close. A one-hour conference call has been
scheduled
at 2:00 p.m. PDT (5:00 p.m. EDT). John McNulty, chairman and CEO, Tim
McGurran, SVP of operations and CFO, and Carr Biggerstaff, SVP product
planning, marketing & business development, will discuss the results
followed
by a question-and-answer session.

Press release:
< http://www.net-security.org/text/press/970702188,50462,.shtml >

----------------------------------------------------------------------------

E-MAIL ENCRYPTION FOR WEB BASED EMAIL PROVIDERS - [06.10.2000]

Sigaba Corporation, a secure Internet communications company, announced
Sigaba's Software Developer's Kit that lets web-based email companies offer
their users a one click security solution to encrypt their mail. "Email
users today
are more savvy than ever and they are very aware of the online threats to
their
privacy," said Gary B. Friedman, Sigaba Chairman/co-founder.

Press release:
< http://www.net-security.org/text/press/970835866,84227,.shtml >

----------------------------------------------------------------------------

BALTIMORE TECH. ANNOUNCES NEW DEPUTY CHAIRMAN - [06.10.2000]

Baltimore Technologies, a global leader in e-security, announced that Mr.
Fran
Rooney, Chief Executive Officer of the Company, has also been appointed to
the position of Deputy Chairman on the Board of Directors, with immediate
effect.

Press release:
< http://www.net-security.org/text/press/970836014,73596,.shtml >

----------------------------------------------------------------------------

ALADDIN'S ESAFE PROTECTS AGAINST NEW IE EXPLOIT - [06.10.2000]

Aladdin Knowledge Systems, a global leader in the field of Internet content
and
software security, today announced its eSafe content security solutions
protect
against a new security hole discovered in Internet Explorer. Though the
exploit
itself is not a vandal, it allows hackers to infect user's PCs with
dangerous trojans,
vandals and other malicious code.

Press release:
< http://www.net-security.org/text/press/970843885,74986,.shtml >

----------------------------------------------------------------------------

LATEST NEWS FROM BINDVIEW CORPORATION - [09.10.2000]

BindView Corporation, a leading provider of IT administration and security
management solutions, today announced that it identified and Microsoft
eliminated recent vulnerabilities in the Microsoft operating system. These
latest vulnerabilities could allow a range of effects, including possible
Denial
of Service Attacks and privilege elevation. The two companies have created
a well-defined process for efficiently working together to identify and
close
these type of vulnerabilities.

Press release:
< http://www.net-security.org/text/press/971105242,81029,.shtml >

----------------------------------------------------------------------------

CISCO IP VPN SOLUTION FOR SERVICE PROVIDERS - [09.10.2000]

Cisco Systems, Inc., the worldwide leader in networking for the Internet,
announced a complete network-based IPsec VPN solution. Based on the new
Cisco VPN 5000 concentrator and client, and available today, the new Virtual
Private Network (VPN) platform securely connects remote users and branches
to their corporate networks and business partners across the Internet.
Cisco's
new VPN 5000 solution brings service providers a new revenue generating
opportunity by allowing them to offer their customers a single, secure
solution
for both remote access and Intranet and Extranet VPNs from a variety of
client platforms.

Press release:
< http://www.net-security.org/text/press/971105289,22829,.shtml >

----------------------------------------------------------------------------

SIGABA ANNOUNCES EMAIL ENCRYPTION FOR USE WITH MS IE 5.5 - [09.10.2000]

Sigaba Corporation, a secure Internet communications company, announced that
SigabaSecure(TM), an email encryption client, is now available for use with
Microsoft Internet Explorer 5.5 to encrypt Hotmail and Yahoo! Mail.
SigabaSecure
for IE 5.5 is a plug-in which allows users to send encrypted mail, shred
mail so it
cannot be re-opened, and confirm that mail has been read from their Yahoo!
Mail
and Hotmail accounts.

Press release:
< http://www.net-security.org/text/press/971105808,83402,.shtml >

----------------------------------------------------------------------------

SECURE COMPUTING SUPPORTS CISCO'S SAFE E-BUSINESS - [09.10.2000]

Secure Computing Corporation, a leading provider of safe, secure extranets
for
e-Business, today announced that Secure's SafeWord and SafeWord Plus AAA
servers provide managed, secure access for the new SAFE security blueprint
from Cisco Systems, Inc. SAFE is a flexible, comprehensive security
blueprint
that is designed to help organizations securely, reliably and
cost-effectively
engage in e-business.

Press release:
< http://www.net-security.org/text/press/971105865,58560,.shtml >

----------------------------------------------------------------------------

TELERELAY TEAMS WITH TREND MICRO - [09.10.2000]

Trend Micro Inc., a leading provider of enterprise antivirus and content
security
solutions, and messaging outsourcing specialist TeleRelay today announced
that
they are working together to provide a safer electronic messaging
environment
by delivering reliable, managed virus protection to the business community.

Press release:
< http://www.net-security.org/text/press/971105924,88098,.shtml >

----------------------------------------------------------------------------



Featured articles
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

Listed below are some of the recently added articles.

----------------------------------------------------------------------------

ISSUES: THE MEDIA'S GUIDE TO TALKING TO HACKERS by Thejian

Two years ago, the then just started HNN, published an article in their
Buffer
Overflow section called "A hacker's guide to talking to the media". It was
received
with different opinions around the scene (I remember it referred to as "a
hackers
guide to talking to your local newspaper") but what people failed to grasp
at that
point was the importance of the attempt to educate the hax0rs on relations
with
the media. Wether you like it or not, especially in this scene, what one
person
says WILL affect us all.

Article:
< http://www.net-security.org/text/articles/thejian/media.shtml >

----------------------------------------------------------------------------

USING CONSERVATION OF FLOW AS A SECURITY MECHANISM IN
NETWORK PROTOCOLS by Tuomas Aura, Matt Bishop and John Hughes

The law of Conservation of Flow, which states that an input must either be
absorbed or sent on as an output (possibly with modification), is an
attractive
tool with which to analyze network protocols for security properties. One of
its
uses is to detect disruptive network elements that launch Denial of Service
attacks by absorbing or discarding packets. Its use requires several
assumptions
about the protocols being analyzed. In this paper, the authors examine the
WATCHERS algorithm to detect misbehaving routers. They show that it uses
Conservation of Flow without sufficient verification of its assumptions, and
can
consequently be defeated. They suggest improvements to make the use of
Conservation of Flow valid.

Article:
< http://www.net-security.org/text/articles/index-download.shtml#Flow >

----------------------------------------------------------------------------

SECURING A DEFAULT LINUX INSTALLATION by Aleksandar Stancin aka D'Pressed

This article is written for a linux newbie or anybody who cares, at least a
bit
about the data stored on his hard drive. You'll notice that it's aimed
mainly for
home-users, not for large network administrators or similar. All procedures
have
been done and checked on an installed SuSE 6.4 linux distribution.

Article:
< http://www.net-security.org/text/articles/default.shtml >

----------------------------------------------------------------------------

KASPERSKY LAB LAUNCHES A NEW VERSION OF ANTIVIRAL TOOLKIT PRO

Kaspersky Lab announces the launch of a new version, 3.5, of its world
famous,
award-winning virus hunter, AntiViral Toolkit Pro (AVP). It is powered by
numerous unique anti-virus technologies and features a new design of the
main user interface.

Article:
< http://www.net-security.org/text/articles/viruses/newavp.shtml >

----------------------------------------------------------------------------



Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org

----------------------------------------------------------------------------

UPGRADING AND TROUBLESHOOTING NETWORKS: THE COMPLETE REFERENCE

Read this one if you're new to data communications, seeking any of several
professional certifications that have to do with computer connectivity, or
even
if you've established yourself as a networking pro and want a solid
reference on
hand. This book generally deals with network equipment and protocols in a
platform-independent way, although it dips into the specifics of Novell
NetWare
and Microsoft Windows networking after the foundation is laid. Topics
covered:
Local and wide area networking for personal computers, both generically and
as
implemented under Windows NT, Windows 2000, and Novell NetWare. Hardware
and architecture coverage is followed by a detailed discussion of protocols,
naming schemes and name-allocation services, directory services (notably
Novell
Directory Services and Active Directory), and Internet services.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0072122560/netsecurity >

----------------------------------------------------------------------------

UNDERSTANDING MICROSOFT WINDOWS 2000 DISTRIBUTED SERVICES

This book explains the big picture in its latest Windows DNA and Windows
2000
incarnations. This isn't strictly a programmer's text (it doesn't give
recipes for
building distributed applications), but neither is it just an
administrator's guide
(instructions for configuring Active Directory appear in other books).
Instead,
it's a thorough and carefully written explanation of how Windows 2000 and
its
applications run in a distributed environment, and how Windows supports
distributed software and data in a secure way. Topics covered: Windows 2000
and the Windows DNA distributed computing technologies, including Active
Directory, the Component Object Model (COM), COM+, ActiveX Data Objects,
Distributed Transaction Services, and Microsoft Message Queuing Services.
Also, there's in-depth discussion of how they all fit together.

Book:
< http://www.amazon.com/exec/obidos/ASIN/157231687X/netsecurity >

----------------------------------------------------------------------------

UNDERSTANDING SQL AND JAVA TOGETHER : A GUIDE TO SQLJ, JDBC,
AND RELATED TECHNOLOGIES

Many books on Java cover JDBC in detail, but this title goes much further by
surveying a handful of other database standards from a variety of vendors,
including Oracle and Sybase. (Don't worry: there's full coverage of JDBC for
versions 1.0 and 2.0.) The real focus of this book is on SQLJ, which really
comprises three standards. SQLJ Part 0 is the easiest to understand, as it
supports embedded SQL calls within Java code. Next comes SQLJ Part 1, by
which a database product (like Oracle) can use Java to define stored
procedures.
Here, the authors take care to show off how to deploy JAR files into a
database.
(Their sample movie database, used throughout this book, is both
comprehensible
and a little more entertaining than most sample database schemas.) Next, the
authors look at SQL user-defined types (UDTs) and SQLJ Part 2, which allows
Java code to make use of these UDTs directly, as well as store Java objects
in a
database. The last stop on the tour is a "true" object/relational mapping,
Sun's
Java Blend standard, which allows Java objects to be saved and restored from
a database transparently.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1558605622/netsecurity >

----------------------------------------------------------------------------

WEB SECURITY

Tiwana, who writes a monthly column for Information Technology, offers a
guide
for systems administrators, security consultants, and others concerned about
the
security of web sites. He explains how to create and execute a comprehensive
strategy, identify and eliminate potential vulnerabilities, frame a security
policy,
and test existing security measures. The CD-ROM contains security and
weakness
scanners, log analysis tools, firewalls, and other software.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1555582109/netsecurity >

----------------------------------------------------------------------------

BEGINNING VISUAL BASIC 6 APPLICATION DEVELOPMENT

This book puts enterprise-level programming into the hands of intermediate
VB
users with a capable tour of every facet of multitiered development. This
book
is all you need to start using server-side objects and Web-based interfaces
with
VB. What's best here is the comprehensive yet approachable guide to all of
the
Microsoft tools, APIs, and standards that are needed for using VB to create
large
enterprise-level applications. This means looking at the three tiers for
application
partitioning--user, business, and data services--along the lines of
Microsoft's
recommended practice. The authors cover all of the steps needed to design
and
code applications in today's corporate environments, along with a solid
introduction
to UML diagrams. Wherever possible, they make use of tools (like the VB
Class
Builder) to speed up development; also, the title is chock full of actual
screenshots
to help you along.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1861001096/netsecurity >

----------------------------------------------------------------------------



Defaced archives
------------------------

[01.10.2000] - Stanford University
Original: http://almond.stanford.edu/
Defaced:
http://www.attrition.org/mirror/attrition/2000/10/01/almond.stanford.edu/

[02.10.2000] - Ministerio de Economia, El Salvador
Original: http://www.minec.gob.sv/
Defaced:
http://www.attrition.org/mirror/attrition/2000/10/02/www.minec.gob.sv/

[03.10.2000] - NTAS Gov (TW)
Original: http://www.ntas.gov.tw/
Defaced:
http://www.attrition.org/mirror/attrition/2000/10/03/www.ntas.gov.tw/

[03.10.2000] - State of Washington
Original: http://dor.wa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/03/dor.wa.gov/

[03.10.2000] - US DOI, Bureau of Land Management
Original: http://adoptahorse.blm.gov/
Defaced:
http://www.attrition.org/mirror/attrition/2000/10/03/adoptahorse.blm.gov/

[04.10.2000] - Society for Electronics Test Engineering, India
Original: http://www.sete.gov.in/
Defaced:
http://www.attrition.org/mirror/attrition/2000/10/04/www.sete.gov.in/

[04.10.2000] - IntiGov (AR)
Original: http://ayelen.inti.gov.ar/
Defaced:
http://www.attrition.org/mirror/attrition/2000/10/04/ayelen.inti.gov.ar/

[07.10.2000] - Moscow Institute of Physics and Technology
Original: http://games.mipt.ru/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/07/games.mipt.ru/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:

Help Net Security staff

staff@net-security.org
http://net-security.org


---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org