Net-Sec newsletter
Issue 34 - 16.10.2000
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. Visit Help 
Net Security for the latest security news - http://www.net-security.org.


Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter


Table of contents:

1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security books
6) Security software
7) Defaced archives



==========================================================
Sponsored by Kaspersky Lab - You Personal Anti-Virus Guard
==========================================================
The Breakthrough Technology Protecting Your Computers From Viruses!

Subscribe to Kaspersky Lab's FREE newsletter delivering you
the latest and trustworthy information source on computer
viruses and their counter measures. You will always be up
to date when securing your computer!
Join now!  http://www.kasperskylab.ru/eng/news/maillist.asp
==========================================================




General security news
---------------------

----------------------------------------------------------------------------

SMALL BUSINESSES, BIG SECURITY RISKS
According to a survey released by analyst GartnerGroup smaller companies 
particularly lack the security expertise necessary to fend off computer 
attackers. Its research suggests that, without taking immediate steps 
to remedy the situation, 50 percent of these businesses will be the victim 
of a successful hack or a damaging virus outbreak in the next couple of years.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2640674,00.html


SECURITY BREACH AT BUY.COM
A security hole on buy.com's website exposed the personal information 
of customers who returned products to the company. For several hours 
on Thursday, the buy.com website allowed determined visitors to peruse 
the names, addresses, and phone numbers of customers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://wired.com/news/technology/0,1282,39438,00.html


ATTACKING EAGLE NETWORK
A Nederland-based Internet company was back online Wednesday after 
11 days during which executives say their service was held hostage by 
a European hacker making political and monetary demands.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.denverpost.com/business/biz1012d.htm


ISS UNLEASHES SERVER SECURITY
Security management solutions company, Internet Security Systems has 
released its RealSecure Server Sensor software, which enables organisations
to protect their servers by detecting attacks, and preventing system misuse.
Link: http://www.netimperative.com/technology/newsarticle.asp?ArticleID=5780


WATCH OUT FOR MALICIOUS HTML PAGES
Recently discovered security hole in Internet Explorer 5 (allowing for not 
signed ActiveX components to perform malicious actions on PC) led to 
invention of new virus callec GODMESSAGE. The computer can be infected 
by simply viewing the web page, containing the Active X applet. Message 
from the creators : "godmessageIV.html - view, get rooted. It is a modified 
tHing 1..6 server without ICQ notification, without hide process (so it will 
run on NT/w2k). A fellow named splyc took out the ICQ notification which 
I got from blade's forums. I took out the hide process function because it 
was not allowing the tHing to run on NT or 2k. The tHing listens on port 
7777 and the password is pass."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.astonsoft.com/ntrojan.html


BYPASSING EMAIL SERVERS WITH FTPMAIL
FTPMail is a secure communication platform that uses the Point to Point 
File Transfer Protocol as its exclusive means of information transfer 
instead of Simple Mail Transport Protocol (SMTP). Some of its features 
are: Guaranteed Online Privacy, Secure Data Transmissions, Untraceable 
through SMTP or POP, Does not utilize conventional ports, Password 
protected interface, Encrypted Message Database...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ftpmail.net/


FINAL CIPHER FROM "THE CODE BOOK" CRACKED
A team of researchers in Sweden has cracked the final cipher set by 
Simon Singh in "The Code Book" and claimed the L10,000 prize. It took a 
year and month between publication of the challenge and its completion 
without the use of a super computer.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/13929.html


HACKERS GOING LEGIT
Hackers from Shanghai Internet Security Base Co. (www.ISBase.com), 
the largest—hacker organization in China, have begun looking for jobs 
assisting customers with network security work, reported the Qingnian 
Bao newspaper last month. It looks like many Chinese hackers are giving 
up the racket and going legit.
Link: http://www.insidechina.com/localpress/chonline.php3?id=208769


FIREWALLS
"Simply put, a Firewall is a system that prevents unauthorized access to 
or from a private network by examining the incoming packets and/or 
requests coming from (in this case) the Internet. Here’s an analogy, let’s 
say a firewall is like a bouncer at a 21 and over bar called MyNetworkRocks, 
and the unauthorized InternetGuru is under 21. Well, because InternetGuru
is under 21 he’s not getting past the firewall (bouncer) into MyNetworkRocks, 
at least not easily. Firewalls can be setup with software, hardware, or both, 
depending on how paranoid, I mean secure, you want to be."
Link: http://www.techextreme.com/display.asp?ID=228&Page=1


INTERPOL ORDERS IMMEDIATE CYBERCRIME ACTION
The head of Interpol has warned nations, law enforcement groups and 
companies to act swiftly if they are to stand any chance of beating 
cybercrime. Speaking at a conference in London Wednesday, Raymond 
Kendall, secretary general of Interpol said his organisation is concerned 
that unlawful computer techniques are developing at such a rate that 
they represent a "new phenomenon" for international law enforcers. Kendall 
urged international organisations not to wait for conventions to be passed 
before drawing up guidelines for an allied response to the threat of cybercrime.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/40/ns-18393.html


FORMER BELLCORE CEO SEES LOOMING NETWORK SECURITY ISSUES
"Network security will be a bigger problem than data security," according 
to former Bellcore CEO George Heilmeier. Heilmeier offered 10 predictions 
for the IT and telecom industries at a forum this week at Columbia University. 
Heilmeier explained that third parties who intentionally block access to e-mail 
pose a greater danger than the risk the information will be read.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.telekomnet.com/writer_telekomnet/10-11-00_sidebar.asp


ANDY MUELLER-MAGUHN ELECTED TO ICANN BOARD
The five new grass-roots members, each representing a major region of 
the globe, will be a part of a 19-member board elected to run the Internet 
Corporation for Assigned Names and Numbers, the group charged with 
overseeing the technical functions of the global Internet. One of the five 
regional directors is Chaos Club member Andy Mueller-Maguhn.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2639191,00.html


DEVELOPER TACKLES WAP SECURITY GLITCH
A Swedish company claims that it can solve the security problems related 
to Wap by doing away with the Wap gateway. Mi4e, developer of mobile 
internet infrastructure software, has unveiled its ThunderWap software 
series, which allows businesses to offer instant Wap capabilities to users 
without employing a portal.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1112381


GATES PENETRATING TO NASA
The Orange County Register said its Web site was infiltrated Sept. 29 and 
an article was changed to say Microsoft Corp. Chairman Bill Gates had 
been arrested for breaking into NASA computers. Original one for sure...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.denver-rmn.com/business/1011msft8.shtml


HARDWARE FIREWALL RUNS ON NSA TECHNOLOGY
A relationship with the National Security Agency has netted Marconi 
Communications the technology to produce a firewall that is said to run 
at OC-12 speeds (622 Mbits/second) and to be undetectable to potential 
intruders. The technology, licensed from the NSA and sold back to the 
agency in product form, is part of a longstanding relationship between 
government agencies and Fore Systems Inc., which Marconi (Pittsburgh) 
acquired last year.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.electronicstimes.com/story/OEG20001009S0056


SECURE VPN
Dynarc is signing a purchase agreement worth $1.2 million over the next 
12 months with Sonet Communications. Dynarc's auto-provisioning routers 
will contribute to Sonet's initial 10-city network development plan, which 
will provide business SOHO customers with a high-speed, secure virtual 
private network (VPN) delivering gigabit data transfer speeds, video and 
voice over a fiber-optic IP network.
Link: http://www.fiberopticsonline.com/content/news/article.asp?DocID={C6B5488D-9E9D-11D4-8C6C-009027DE0829}


LIB DEM EMAILS PENETRATED
A Labour party MP is alleged to have illegally penetrated into a Liberal 
Democrat's email. Following the allegations, House of Commons officials 
have been asked to launch an investigation, and a memo has been circulated 
in the Lib Dem party, warning members to take precautions to protect their 
emails.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/13864.html


CYBERWAR
Chinese "hackers" have threatened to destroy rival Taiwan's websites as 
the island state prepares to celebrate national day on Tuesday, television 
reports said. The Chinese "hackers" may penetrate major government websites 
as well as some civil websites close to President Chen Shui-bian, the cable 
television TVBS said Monday.
Link: http://www.insidechina.com/news.php3?id=207812


RED HAT RESPONDS TO QUALITY ALLEGATIONS
This a summary of the events that occured after the release of Red Hat 7 
and it contains a response from the Red Hat people. It also includes some 
embarassing comments regarding Slashdot's Red Hat story in which they 
published that the distribution had over 2,500 bugs.
Link: http://linuxtoday.com/news_story.php3?ltsn=2000-10-09-005-21-NW-CY-RH


FBI PUSHES FOR CYBER ETHICS EDUCATION
FBI agents are spreading a new gospel to parents and teachers, hoping 
they'll better educate youths that vandalism in cyberspace can be economically 
costly and just as criminal as mailbox bashing and graffiti spraying. The Justice 
Department and the Information Technology Association of America, a trade 
group, has launched the Cybercitizen Partnership to encourage educators and 
parents to talk to children in ways that equate computer crimes with 
old-fashioned wrongdoing.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/10/09/ethics.in.cyberspace.ap/index.html


ENIGMA TO BE RETURNED?
The head of Bletchley Park spy museum is confident that the stolen Enigma 
code machine will be returned after she spoke directly to one of the mystery 
men demanding L25,000 for the encrypter.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ananova.com/news/story/sm_79029.html


WEB-BASED E-MAIL ISN'T SAFE FROM CORPORATE EYES
Slashdot has a big discussion related to the October 3rd CNET article - 
"Unfortunately, security experts say many employees would be surprised to 
know that Web-based email services also offer little privacy. Messages sent 
via a Yahoo or Hotmail account, or through instant messaging products, such 
as ICQ or America Online's Instant Messenger (AIM), are just as accessible 
to nosy employers."
Link: http://slashdot.org/article.pl?sid=00/10/08/2048204


CYBERCRIME TREATY
The new, improved draft of the international Cybercrime treaty is out, and 
David Banisar says it's bigger and badder than ever.
Link: http://www.securityfocus.com/commentary/98

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

MASTER INDEX TRAVERSE ADVISORY
Synnergy Labs has found a flaw within Master Index that allows a user to 
successfully traverse the filesystem on a remote host, allowing arbitary 
files/folders to be read. 
Link: http://www.net-security.org/text/bugs/971179170,91401,.shtml


DEBIAN LINUX - NEW VERSIONS OF BOA PACKAGES
In versions of boa before 0.94.8.3, it is possible to access files outside of the 
server's document root by the use of properly constructed URL requests.
This problem is fixed in version 0.94.8.3-1, uploaded to Debian's unstable 
distribution on October 3, 2000. Fixed packages are also available in proposed
updates and will be included in the next revision of Debian/2.2 (potato).
Link: http://www.net-security.org/text/bugs/971179295,4133,.shtml


DEBIAN LINUX - ESOUND PACKAGE IS NOT AFFECTED
Linux-Mandrake has recently released a Security Advisory covering a race 
condition in the esound. 
Link: http://www.net-security.org/text/bugs/971179403,38597,.shtml


CONNECTIVA LINUX - TMPWATCH LOCAL DOS
Versions of the tmpwatch package as shipped with Conectiva Linux contain a 
vulnerability which could lead to a local DoS. These versions, though, are not 
vulnerable to the local root exploit published earlier because they do not have 
the fuser option, which appeared only in later versions. 
Link: http://www.net-security.org/text/bugs/971179510,7441,.shtml


SUSE LINUX - NOT AFFECTED TO TMPWATCH PROBLEM
"The tmpwatch packages as shipped with SuSE distributions are not vulnerable 
to the attacks as discussed on security forums, initiated and discovered by 
zenith parsec. The version of tmpwatch that we ship is a bit older than the 
bleeding edge, but it has proven to do what it says, which is just as important. 
We did not (silently) fix the problems in the package - the version that we use 
does not have the features that cause the security problems."
Link: http://www.net-security.org/text/bugs/971179586,22555,.shtml


TRUSTIX SECURE LINUX - TMPWATCH PROBLEMS
All versions of Trustix Secure Linux have hitherto been shipped with a version 
of tmpwatch that can be tricked into excessive fork()ing filling up the process 
table, requiring the box to be rebooted. The version of tmpwatch can also, in 
certain cases, be tricked into giving local users a root shell.
Link: http://www.net-security.org/text/bugs/971179653,98073,.shtml


EXTROPIA WEBSTORE DIR TRAVERSAL VULNERABILITY
The Web Store is a shopping cart product by eXtropia. This script merges 
Selena Sol's Electronic Outlet HTML and Database shopping cart apps and 
adds all new routines for error handling, order processing, encrypted mailing, 
frames, Javascript and VBscript.
Link: http://www.net-security.org/text/bugs/971179782,82714,.shtml


INTERACTIVE'S WEB SHOPPER DIR TRAVERSAL VULNERABILITY
shopper.cgi allows users to switch between product pages using the 
$VALUES{'newpage'} variable. This would make 
http://example.com/cgi-bin/shopper.cgi?newpage=product1.htm display product1.htm. 
Although this script has regex statements that single out the double dot (..), 
it does not perform these checks by default. 
Link: http://www.net-security.org/text/bugs/971179934,13930,.shtml


MICROSOFT SECURITY - "SHARE LEVEL PASSWORD" PATCH
Microsoft has released a patch that eliminates a security vulnerability in 
Microsoft Windows 95, 98, 98SE, and Windows Me. The vulnerability could 
allow a malicious user to programmatically access a Windows 9x/ME file 
share without knowing the entire password assigned to that share.
Link: http://www.net-security.org/text/bugs/971265164,93554,.shtml


MANDRAKE LINUX - OPENSSH UPDATE
A problem exists with openssh's scp program. If a user uses scp to move 
files from a server that has been compromised, the operation can be used 
to replace arbitrary files on the user's system. The problem is made more 
serious by setuid versions of ssh which allow overwriting any file on the 
local user's system.
Link: http://www.net-security.org/text/bugs/971265294,96285,.shtml


SHRED 1.0 BUG REPORT
Ran a test with Shred v1.0 and found some unexpected results. This utility is 
supposed to overwrite a file with several passes of different bit patterns followed 
by one random pattern. The file is then unlinked. This is supposed to make the 
file unrecoverable with utilities which read raw disk blocks. Using the icat utility 
from Dan Farmer and Wietze Venema's TCT Toolkit it appears that the data is 
not overwritten. This test was done on two different RedHat 6.0 systems.
Link: http://www.net-security.org/text/bugs/971265364,54158,.shtml


HP JETDIRECT MULTIPLE DOS
The firmware in the HP JetDirect card contain multiple vulnerabilities that can 
have effects ranging from the service crashing to the printer initiating a 
firmware upgrade based on random garbage in the memory, and in the last 
case powercycling won't fix the crash. It requires a new firmware burn by 
eg. HP to restore the Jetdirect card.
Link: http://www.net-security.org/text/bugs/971265417,19017,.shtml


MS - WEBTV FOR WINDOWS DENIAL OF SERVICE
There is a denial of service vulnerability in WebTV for Windows that may allow 
a malicious user to remotely crash either the WebTV for Windows application 
and/or the computer system running WebTV for Windows. Restarting the 
application and/or system will return the system to its normal state. Microsoft 
has released a patch that eliminates this security vulnerability.
Link: http://www.net-security.org/text/bugs/971375310,5567,.shtml


MANDRAKE LINUX - APACHE UPDATE
The Apache web server comes with a module called mod_rewrite which is used 
to rewrite URLs presented by the client prior to further processing. There is a 
flaw in the mod_rewrite logic that allows an attacker to view arbitrary files on 
the server system if they contain regular expression references.
Link: http://www.net-security.org/text/bugs/971375814,81283,.shtml


PHP REMOTE FORMAT STRING VULNERABILITIES
Format string vulnerabilities exist in the error logging routines of PHP versions 3 
and 4, allowing remote users to execute arbitrary code under the web server's 
user id. A web server having PHP installed and one or more PHP scripts is 
vulnerable to the problem if error logging is enabled in php.ini. Also any PHP 
script using the "syslog" command of PHP may be vulnerable, regardless of 
error logging.
Link: http://www.net-security.org/text/bugs/971375894,65809,.shtml


PROBLEM WITH NETSCAPE MESSAGING SERVER 4.15
The problem is that the POP3 server displays a different message for an 
authentication error due to an invalid password then for one due to an invalid 
username. This could be used to "harvest" email addresses for spam lists.
Link: http://www.net-security.org/text/bugs/971439529,51461,.shtml


APACHE 1.3.14 RELEASED
The Apache Software Foundation and The Apache Server Project are pleased 
to announce the release of version 1.3.14 of the Apache HTTP server. Version 
1.3.13 was never released. This version of Apache is primarily a security fix and 
bug fix release, but there are a few new features and improvements.
Link: http://www.net-security.org/text/bugs/971484402,83017,.shtml


DEBIAN LINUX - CURL AND CURL-SSL UPDATE
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the 
error logging code: when it created an error message it failed to check the size 
of the buffer allocated for storing the message. This could be exploited by the 
remote machine by returning an invalid response to a request from curl which 
overflows the error buffer and trick curl into executing arbitrary code.
Link: http://www.net-security.org/text/bugs/971559341,76634,.shtml


REMOTE RETRIEVAL OF AUTHENTICATION DATA FROM IE
"We will show that it could be possible to retrieve the cached authentication 
data from your user's web browser with little or no user's cooperation, even 
when due care was taken to protect the communication between browser 
and server with SSL."
Link: http://www.net-security.org/text/bugs/971559586,2881,.shtml


MS - "CACHED WEB CREDENTIALS" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability in 
Microsoft Internet Explorer. Under a daunting set of conditions, the 
vulnerability could enable a malicious user to obtain another user's userid 
and password to a web site.
Link: http://www.net-security.org/text/bugs/971559684,92219,.shtml


MANDRAKE LINUX - MOD_PHP3 UPDATE
PHP version 3 which ships with Linux-Mandrake are vulnerable to format string 
attacks due to logging functions that make improper use of the syslog() and 
vsnprintf() functions. This renders PHP3-enabled servers vulnerable to 
compromise by remote attackers. This attack is only effective on PHP 
installations that log errors and warnings while those servers that do 
not are not affected. By default, Linux-Mandrake systems do not have 
logging enabled.
Link: http://www.net-security.org/text/bugs/971559791,26568,.shtml


ANACONDA FOUNDATION DIRECTORY VULNERABILITY
Synnergy Labs has found a flaw within Anaconda Foundation Directory that 
allows a user to successfully traverse the filesystem on a remote host, 
allowing arbitary files/folders to be read
Link: http://www.net-security.org/text/bugs/971559891,18741,.shtml


CALDERA SECURITY UPDATE: FORMAT BUG IN PHP
There's a format bug in the logging code of the mod_php3 module. It uses 
apache's aplog_error function, passing user-specified input as the format 
string. This can be exploited by a remote attacker to execute arbitrary shell 
commands under the HTTP server account (user httpd). In order for this bug 
to be exploitable, the PHP error logging must be enabled. By default, error 
logging is off.
Link: http://www.net-security.org/text/bugs/971690142,53185,.shtml


WINU 1.0-5.1 BACKDOOR PASSWORDS
"After downloading WinU 5.1 I noticed the built-in "emergency password" 
capability, mentioned in the help file. I decided to take a look around. 
AND WOW! GOT 'EM ALL!"
Link: http://www.net-security.org/text/bugs/971690328,13624,.shtml


DEBIAN LINUX - LOCAL EXPLOIT IN NIS PACKAGE
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains an 
ypbind package with a security problem. ypbind is used to request information 
from a nis server which is then used by the local machine. The logging code in 
ypbind was vulnerable to a printf formating attack which can be exploited by 
passing ypbind a carefully crafted request. This way ypbind can be made to 
run arbitrary code as root.
Link: http://www.net-security.org/text/bugs/971690367,54647,.shtml


MS - "NETMEETING DESKTOP SHARING" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability in 
NetMeeting, an application that ships with Microsoft Windows 2000 and is 
also available as a separate download for Windows NT 4.0. The vulnerability 
could allow a malicious user to temporarily prevent an affected machine from 
providing any NetMeeting services and possibly consume 100% CPU utilization 
during an attack.
Link: http://www.net-security.org/text/bugs/971690405,3329,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

SITEARMOR SUITE OF ADVANCED SECURITY OPTIONS - [10.10.2000]

To protect e-businesses from hacker intrusion and denial of service attacks, 
Space4rent.com announced the launch of its SiteArmor suite of security services, 
a comprehensive compilation offering customers complete, scalable security 
services designed to protect Internet-based applications, data and 
e-commerce activities.

Press release:
< http://www.net-security.org/text/press/971180165,61814,.shtml >

----------------------------------------------------------------------------

INVENTORS OF PKI CRYPTOGRAPHY AWARDED BY MARCONI - [11.10.2000]

Two innovators whose mathematical formulations developed nearly 25 years 
ago unleashed the key to private communications and secure transactions on 
the Internet will receive the 26th annual Marconi International Fellowship 
award October 10 for their breakthrough invention and activism in the cause 
of privacy rights. Whitfield Diffie and Martin Hellman will share the $100,000 
fellowship prize honoring advances in telecommunications for humanitarian 
benefit, to be presented at Columbia University in New York City, the 
academic home of the Marconi International Fellowship Foundation.

Press release:
< http://www.net-security.org/text/press/971265008,5331,.shtml >

----------------------------------------------------------------------------

COM21 LICENSES SONICWALL TECHNOLOGY - [13.10.2000]

SonicWALL, Inc., a leading provider of Internet security solutions, announced a 
license agreement with Com21 to embed its high performance Internet security 
technology into Com21's Internet access products. Under the terms of the 
agreement, SonicWALL will embed its security technology into consumer cable 
modems manufactured by Com21, enabling service providers to deliver secure 
access and other value added services to their broadband subscribers.

Press release:
< http://www.net-security.org/text/press/971439887,80256,.shtml >

----------------------------------------------------------------------------

ALADDIN SECURES HONG KONG'S ESDLIFE PORTAL - [14.10.2000]

Aladdin Knowledge Systems, a global leader in the field of Internet content and 
software security, announced that Hong Kong's high-profile Electronic Service 
Delivery (ESD) Scheme uses Aladdin's eSafe for proactive and comprehensive 
Internet security.

Press release:
< http://www.net-security.org/text/press/971528523,49326,.shtml >

----------------------------------------------------------------------------

CO-OPERATION ON SMART CARD PKI - [16.10.2000]

Fingerprint Cards AB and Litronic Inc. have signed a Memorandum of 
Understanding that they will co-operate on the development of a new, 
strong authentication solution combining fingerprint biometrics and smart 
card based digital signatures on the Microsoft Windows Powered Smart 
Card platform.

Press release:
< http://www.net-security.org/text/press/971690462,22362,.shtml >

----------------------------------------------------------------------------

NETWORK-1 SECURITY SOLUTIONS AND RIPPLE PARTNER - [16.10.2000]

Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention 
solutions for e-Business networks, announced a strategic technology alliance 
with Ripple Technologies, Inc., a leading developer of enterprise-wide, 
management system solutions. Network-1 has entered into an agreement to 
include RippleTech LogCaster, a Windows NT and Windows 2000 systems and 
applications management software, in its CyberwallPLUS family of distributed 
firewalls. 

Press release:
< http://www.net-security.org/text/press/971708821,6720,.shtml >

----------------------------------------------------------------------------




Featured articles
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

Listed below are some of the recently added articles.

----------------------------------------------------------------------------

UNVERIFIED FIELDS - A PROBLEM WITH FIREWALLS & FIREWALL TECHNOLOGY TODAY
by Ofir Arkin

The following problem (as discussed in this paper) has not yet been identified. 
Certain firewalls today, will not authenticate the validity of certain protocol fields, 
within the packet they are processing. The risk is exposure of information. What 
kind of information can be exposed? Mainly it will be unique patterns of behavior 
produced by the probed machines answering our crafted queries (or other kind of 
network traffic initiated in order to elicit a reply). Those patterns will help a 
malicious computer attacker to identify the operating systems in use.

Paper:
< http://www.net-security.org/text/articles/index-download.shtml#Firewalls >

----------------------------------------------------------------------------

SUID PROGRAMS, GETTING TO THE ROOT OF THE PROBLEM
by Aleksandar Stancin aka D'Pressed

Here we go again. There are still some little touches left to make your linux 
even a bit more secure, involving suid, nouser, sudo and etc. Now, this article 
is also newbie friendly, but also it requires some small amount of knowledge. 

Article:
< http://www.net-security.org/text/articles/suid.shtml >

----------------------------------------------------------------------------

TESTING TIMES FOR TROJANS by Ian Whalley

In the field of computing, Trojan horses have been around for even longer 
than computer viruses – but traditionally have been less of a cause for 
concern amongst the community of PC users. In recent years, however, 
they have been the focus of increased attention from anti-virus companies 
and heightened levels of user concern. This paper aims to investigate the 
Trojan phenomenon; particular attention will be paid to the claims made in 
the field of NVM detection and those made by those who aim to test the 
vendors’ claims. 

Paper:
< http://www.net-security.org/text/articles/index-download.shtml#Trojans >

----------------------------------------------------------------------------

A STUDY-GUIDE ON HOW TO DETECT A VIRUS HOAX YOURSELF by Kaspersky Lab

It is difficult to imagine anybody today who does not treat computer viruses as 
a real threat to a regularly functioning computer system. However, contiguously 
with the virus spreading has occurred another syndrome, which is not any less 
dangerous – virus hoaxes.

Article:
< http://www.net-security.org/text/articles/viruses/hoax.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

THINK UNIX

The many variants of the Unix operating system require use of a mode of 
thought that's significantly different from the one that's required by simpler 
operating systems. Think Unix introduces readers to important fundamental 
and intermediate Unix commands and, in the process, inculcates them in the 
Unix way of thinking. It's a worthy goal in a world with more Linux users than 
ever, and author Jon Lasser accomplishes it. He's both a capable writer and a 
knowledgeable user of Unix shell commands. Lasser uses bash under Red Hat 
Linux in most examples, which usually apply equally well to other Unix variants, 
and makes asides about other shells and environments, as needed.

Book:
< http://www.amazon.com/exec/obidos/ASIN/078972376X/netsecurity >

----------------------------------------------------------------------------

SOLARIS 8: THE COMPLETE REFERENCE

This book shows you what you need to understand if you want to make a 
living as administrator of a modern Sun workstation. Of course, this book is 
not absolutely complete - no technical book about a subject as large as 
Solaris 8 could hope to be - but it should be more than adequate for most 
readers' purposes. Whether you have experience with another enterprise 
operating system and have recently been charged with figuring out Solaris, 
or you're a long-time Solaris jock and need a handy reference to guide you 
through procedures that you don't follow every day, this book has your 
number.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0072121432/netsecurity >

----------------------------------------------------------------------------

STEAL THIS COMPUTER BOOK: WHAT THEY WON'T TELL YOU ABOUT THE INTERNET

Viruses, e-mail bombings, ANSI bombings, keystroke monitors, scams - just 
what are these phenomena? Steal This Computer Book answers this question 
and discusses the ethical issues surrounding hacking. This thoroughly updated 
new edition incorporates the latest on: Trojan Horse programs how they work, 
where to find them, and what kind of damage they can cause; the illegal copying 
of MP3 music files and DVD-encrypted movie disks; computer forensics used for 
recovering deleted data; security issues accompanying broadband Internet 
technologies; and more. A gallery of hacker's tools and a CD-ROM with various 
antihacker and security tools are included.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1886411425/netsecurity >

----------------------------------------------------------------------------

THE HUNDREDTH WINDOW: PROTECTING YOUR PRIVACY AND SECURITY IN 
THE AGE OF THE INTERNET

The proverbial hundredth window represents the most vulnerable link in a system. 
It derives from an allegory relating castle windows to potential security holes. If 
even one out of a hundred windows is left open, security becomes compromised. 
Since the Internet maximizes information sharing (admittedly a largely beneficial 
enterprise) would-be big-time marketers and shady characters can - without 
trying all that hard--spy on your Web clicking habits, read your e-mail, and even 
see files on your hard disk drive. This means you may receive spam from 
marketers who think they know what kind of stuff you like to buy--e-mail that 
can be helpful to some and aggravating to others. Sharing your name and other 
identifying personal information can cause you more serious problems: someone 
else could use that information to commit fraud or other crimes--and you would 
be responsible.

Book:
< http://www.amazon.com/exec/obidos/ASIN/068483944X/netsecurity >

----------------------------------------------------------------------------

WINDOWS: SYSTEM POLICY EDITOR

Considering that most administrators could figure out the System Policy Editor 
through experimentation and some study of its documentation - this book 
includes lots of advice on proper use of the utility. Case studies are most 
helpful; a typical one explains how to set up system policies for a machine 
that will live in a university computer lab that's accessible to the public. 
Topics covered: How and why to use the Windows System Policy Editor to 
set user, group, and computer access privileges on computers that run 
Windows 9x and Windows NT. The user interface is fully documented, as 
are the structure and syntax of policy files and templates.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1565926498/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

ADVANCED PASSWORD GENERATOR 2.7 

Advanced Password Generator is a application designed to generate passwords 
of any length and character content. Advanced Password Generator allow users 
to do choice random number generator, which built into this application.This 
feature is used to generate an extremely random seed value.

Link:
< http://net-security.org/various/software/971265936,63201,.shtml >

----------------------------------------------------------------------------

SYBERGEN SECURE DESKTOP 2.1

Sybergen Secure Desktop is a personal firewall software that protects a single 
computer from malicious intruders and Trojan horse applications. Unlike standard 
network firewalls, Secure Desktop guards against these attempts while users 
are not connected to a corporate network.

Link:
< http://net-security.org/various/software/971265985,41824,.shtml >

----------------------------------------------------------------------------

WEB CONFIDENTIAL 2.1 (SYSTEM 7)

Web Confidential is a security program that manages passwords with an intuitive 
card-file metaphor. The program is fully configurable and integrates easily into 
Netscape Navigator, Internet Explorer, and other similar applications. Web 
Confidential also lets you encrypt your password files with a key of up to 448 
bits in length.

Link:
< http://net-security.org/various/software/971266080,20694,.shtml >

----------------------------------------------------------------------------

POLAR CRYPTO COMPONENT 1.0

This ActiveX component allows you to easily include powerful encryption and 
decryption features in your applications. It uses the strong SHS hash algorithm 
and the formidable Twofish encrypting algorithm with a 128-, 192-, and 256-bit 
key, thus ensuring maximum level security for the encrypted data.

Link:
< http://net-security.org/various/software/971266181,17759,.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[08.10.2000] - Ohio State Government
Original: http://www.oy2k.state.oh.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/08/www.oy2k.state.oh.us/

[08.10.2000] - Southern New England Telecommunications
Original: http://www.tsac.snet.net/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/08/www.tsac.snet.net/

[08.10.2000] - The Centre for Electronics Design and Technology
Original: http://www.cedt.iisc.ernet.in/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/08/www.cedt.iisc.ernet.in/

[08.10.2000] - Naperville File Exchange
Original: http://www.nfe.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/08/www.nfe.com/

[09.10.2000] - Scania Slovenija, d.o.o.
Original: http://www.scania.si/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/09/www.scania.si/

[09.10.2000] - Arpao Servicos de Informatica Ltda
Original: http://www.arpao.com.br/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/09/www.arpao.com.br/

[10.10.2000] - Dalian Software Park Development
Original: http://www.dlsoftwarepark.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/10/www.dlsoftwarepark.com/

[10.10.2000] - LARC NASA
Original: http://se-pc7.larc.nasa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/10/se-pc7.larc.nasa.gov/

[10.10.2000] - Net Deamon
Original: http://www.netdeamon.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/10/www.netdeamon.org/

[12.10.2000] - Mississippi State Board of Contractors
Original: http://www.msboc.state.ms.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/12/www.msboc.state.ms.us/

[12.10.2000] - Portland Communications Ltd
Original: http://ksusha.port5.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/12/ksusha.port5.com/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
 
staff@net-security.org
http://net-security.org



---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org