Net-Sec newsletter
Issue 38 - 19.11.2000
http://net-security.org
 
This is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. Visit Help 
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
 
Table of contents:
 
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Featured books
6) Security software
7) Defaced archives




General security news
---------------------
 
----------------------------------------------------------------------------

FOILING DNS ATTACKS
Most of us take DNS servers for granted. Here, in a continuing series on 
attacking and defending your own machines, I discuss how people attack
DNS servers and what you can do to better your security. I answer these 
questions: How do crackers exploit your DNS servers? How can you harden 
your DNS servers via configuration? How can you really make it a pain to 
hack your DNS servers?
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/cover/coverstory20001113.html


WHERE THE LOG FILES LIVE
You know there are logs on your FreeBSD system somewhere; you've probably 
also heard that it is a good thing to read these logs on a regular basis. You 
may have even heard horror stories about logs filling up a user's hard drive. 
So how do we go about finding these mysterious logs?
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.oreillynet.com/pub/a/bsd/2000/11/08/FreeBSD_Basics.html


BLACKHAT '00 VIDEO INTERVIEW - JOHN FLOWERS
A feature video interview with John Flowers, CEO of Hiverworld. In this 
interview, John discusses recent advances in IDS technology and the 
IDS industry as a whole.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/media/76


CYBERTERROR SHOULD BE INTERNATIONAL CRIME
As pro-Israeli and pro-Palestinian attackers continue to attack Middle Eastern 
Web sites, Israel's former science minister has called for an international 
convention that would make sabotage over the Internet an international crime, 
"just like any other terrorism."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/11/13/news13.html


ENCRYPTION SYSTEM FOR GOVT BOSSES
Top bureaucrats will be able to swap classified material on the Net with the 
launch this week of a "Secure Electronic Environment" linking Treasury, the 
State Services Commission and the Department of Prime Minister and Cabinet. 
The system should reduce the need to courier sensitive information between 
departments and make it easier for policy-makers to share information and 
work jointly on projects from their desktop computers. But the system will not 
offer quite the level of security originally envisaged, as "compromises" have 
been made to ensure it is usable. Instead of secure individual-to-individual 
e-mail, it will only offer security between departments. The Secure Electronic 
Environment (SEE) lets about 500 policy-makers and managers exchange 
encoded e-mail, electronically "signed" by digital certificates.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.stuff.co.nz/inl/index/0,1008,484516a28,FF.html


SECURITY MEASURES MAY BE VIRUS CARRIERS
Leading European security experts have warned that viruses may be spread 
through the use of public keys. Digital signatures, as a part of the public key 
infrastructure, can create a false sense of security between the sender and 
receiver as the signature makes the message appear secure. However, 
specialists have warned that encrypted viruses will be on the increase as 
soon as encrypted communication becomes more commonplace.
Link: http://www.silicon.com/public/door?REQUNIQ=974125583&6004REQEVENT=&REQINT1


MYCIO.COM PLANS
"Security has gotten much more serious as we've moved from trying to figure 
out how we secure our data to trying to figure out how we selectively expose 
that data to partners and customers. And companies are looking at every way 
possible to make the data secure." - said myCIO.com's CEO Zach Nelson.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2653766,00.html


BSA HITS SOFTWARE PIRATES
It looks like the Business Software Alliance filed lawsuits in the United States 
and United Kingdom and has brought enforcement actions in Germany, charging 
dozens of individuals with selling pirated and counterfeit software over auction 
sites like eBay and QXL.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsa.org/usa/press/newsreleases//2000-11-14.350.phtml


MOBILE HANDSET SECURITY
CellF-Shield technology, which the Israeli company White Cell plans to licence 
to the wireless communications hardware industry, can protect a handset as 
effectively as an anti- virus program protects a PC, its creators say.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.white-cell.com/technology.html


ISRAELIS HACKERS VOW TO DEFEND
A group of self-described ethical hackers are taking the reins of the Israelis' 
Web networks into their own hands in the Middle East's cyberwar. Known as 
the Israeli Internet Underground, the coalition of anonymous online activists 
from various Israeli technology companies has set up a website to disseminate 
information concerning the ongoing battle in cyberspace.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,40187,00.html


LOW-LEVEL E-SECURITY DESPITE HIGH PROFILE ATTACKS
Despite high profile attacks, companies are still not taking e-security seriously, 
according to research group Datamonitor. E-security breaches cause over 
$15bn damage worldwide each year, yet the total spend on security and 
services is only just over half that at $8.7bn.
Link: http://www.silicon.com/public/door?REQUNIQ=974292920&6004REQEVENT=&REQINT1=40841


SECURE XML STANDARD DEFINED FOR E-COMMERCE
Netegrity announced plans on Wednesday to develop an XML-based standard 
to secure e-commerce transactions. Called Security Services Markup Language 
(S2ML), the standard seeks to build a common vocabulary for sharing user 
information and transactions -- and encourage single-sign-on -- across multiple 
platform business-to-business portal and business-to-consumer environments, 
Bill Bartow, vice-president of marketing at Netegrity, said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/11/15/001115hnnetegrity.xml


WASTING AN ATTACKER'S TIME
Attackers regularly waste the time and resources of system and network 
administrators. Constant port scans result in reams of firewall logs, masking 
real attacks and requiring significant resources to process. The majority of 
attackers have plenty of time to devote to probing and attacking networks, 
while the majority of network admins are quite busy and stretched for time. 
One attacker can easily probe thousands of machines overnight in an 
automated fashion, then cull that data to collect more detailed information, 
and finally check things out manually later on. So why not implement 
mechanisms to slow attackers down, and ultimately force them to waste 
time going after imaginary targets?
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20001115.html


FIGHTING THE RISING TIDE
Today, the Internet is more like the everyday world, with all of its promises 
and problems, than a reflection of academia or an island village. While it's 
become a tremendous tool for commerce and information, the 'Net has also 
become a home to thieves, terrorists and vandals. Unlike the real world, 
where you can usually tell when you're entering a bad neighborhood or 
confronted by a thug, the Net provides concealment for malicious users.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infosecuritymag.com/nov2000/uwash.htm


POLICY.COM DEFACED
According to the Newsbytes article, politics web site Policy.com, was defaced 
by a group called "Anti-Security Hackers". Article covers the story about the 
defacement, then from the perspective Attrition.org team and then finishes 
with saying that Mafiaboy is a 'notorious hacker'...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/00/158206.html


COMPUTER SECURITY 2000 MEXICO
The Computer Security Department of the University of Mexico (UNAM), invites 
everyone to the Computer Security 2000 Mexico congress which will be held 
from November 25 to November 30th.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.seguridad2000.unam.mx


CAN LINUX BE PIRATED?
Linux luminaries including Linus Torvalds and Jon 'maddog' Hall attempted to 
answer this question during a low-key panel session in the darkest depths of 
Comdex this week. In a debate about the internationalisation of Linux, the 
panel was asked whether Linux would suffer the same problems with software 
piracy that Microsoft and others have in areas such as Asia and Eastern Europe. 
The 200 or so delegates heard several opinions, but none that nailed down the 
awkward question.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1114020


PYTHON: SECURITY ASPECTS
The great flexibility of Python rests in its ability to accept HTTP requests and 
to be embedded in HTML pages. It is a powerful scripting language, like a Unix 
shell script with overdrive capabilities. Being able to handle more complex data 
structures such as associative arrays, the language fills a wide range of roles, 
including searching databases or acting as a CGI script...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/python20001116.html


NEW CRYPTO-GRAM NEWSLETTER
New issue of Bruce Schneier's CRYPTO-GRAM is released. Topic include - Why 
Digital Signatures Are Not Signatures, Crypto-Gram Reprints, Counterpane 
Internet Security News. _Secrets and Lies_ News, SDMI Hacking Challenge 
and Microsoft Hack (the Company, not a Product).
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.counterpane.com/crypto-gram-0011.html


"BE SECURE OR BE SUED" BUSINESSES WARNED
Businesses around the world are sitting on a legal powder keg by failing to 
adequately protect their servers from intrusions. Nick Lockett, ecommerce 
lawyer at Sidley & Austin, said that sites which were used by attackers to 
launch DoS attacks could be liable for large compensation claims. Lockett 
said: "There is a distinct probability that if your site has been hijacked for 
a denial of service attack, then you could be liable for damages. I would 
definitely advise clients they have grounds to sue."
Link: http://www.silicon.com/public/door?REQUNIQ=974418189&6004REQEVENT=&REQINT1=40900


INFECTABLE OBJECTS
What parts of my Windows system can be infected by a virus? In the third 
articles in this series on infectable objects, Robert Vibert examines what's 
vulnerable and what's not in the face of the new macro viruses.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/virus/articles/infobj3.html


BIOMETRICS LET YOU FORGET YOUR PASSWORD
At Comdex earlier this week, a host of companies making everything from 
fingerprint scanners to voice and face recognition systems showed off their 
products - many of which are in the $100-per-user range. "It's out there. It's 
not a concept anymore," said Identix president Jim Scullion, as workers at his 
booth held up black signs reading "Kill the passwords" and "Practice safe 
computing" on the Comdex floor.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/11/16/comdex.biometrics.idg/index.html


WILL THE FUTURE BE ANONYMOUS?
The work of David Chaum and Stefan Brands on protocols, such as blind 
signatures, that provide anonymity has attracted a great deal of interest 
among people interested in cryptography.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/anonymous20001117.html


CREATE FIREWALL-FRIENDLY DISTRIBUTED APPS
The Simple Object Access Protocol (SOAP) promises nothing less than to 
change how you architect, implement, and deploy VB applications today. At 
the same time, SOAP, as it stands now, has some significant limitations, not 
the least of which is performance. Understanding what SOAP is and what it 
can do for you, as well as what it can't, is the key to using it effectively.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.xmlmag.com/upload/free/features/xml/2000/05win00/ys0005/ys0005.asp


BELGIAN DE MORGEN WEB SITE DEFACED
SecurityWatch reports about the defacement of Belgian daily newspaper De 
Morgen. Rant mode ON - "So let's analyze the newsworthiness of the story. 
These observations will ring true for the majority of defacements we've seen 
this year". Ranting keeps on till the end of the article...
Link: http://www.securitywatch.com/scripts/news/list.asp?AID=4725


EDS DEVISES PACKAGE TO PRE-EMPT ATTACKERS
Services giant EDS last week said it knew about recent denial-of-service 
attacks two months before they happened, and had even identified the tools 
the crackers were planning to use. Speaking in Las Vegas before the launch 
of new EDS Internet security services, vice-president for global information 
assurance Shakil Kidwai said the company was now offering its anti-attacker 
intelligence as part of a package of security measures.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/45/ns-19144.html


ID FRAUD BOOK GOES TOO FAR - MITNICK
Kevin Mitnick, said that a new book that documents how people can uncover 
ID fraud, as well as conceal their own identities, has gone too far. In his review 
of "Who Are You? The Encyclopedia of Personal Identification," Mitnick said that 
the book is "dangerous to the general public and should never have been published."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/00/158317.html


XINETD
xinetd - extended Internet services daemon - provides a good security against 
intrusion and reduces the risks of Deny of Services (DoS) attacks. Like the well
known couple (inetd+tcpd), it allows to fix the access rights for a given machine, 
but it can do much more. In this article we will discover its many features.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://mercury.chem.pitt.edu/~tiho/LinuxFocus/English/November2000/article175.shtml

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

GAIM REMOTE VULNERABILITY
There is a buffer overflow in Gaim's parsing of HTML tags when using the OSCAR 
protocol which allows shell code to be executed when recieving a message with 
a large HTML tag (i.e. < AAAA...AAA>). The size of the static buffer which is 
overflowed is about 4100. 
Link: http://www.net-security.org/text/bugs/974250880,29780,.shtml


DOS VULNERABILITY IN SUN ANSWERBOOK2
Sun's Answerbook fails under certain conditions to delete temporary files that 
are built by its print function, filling /tmp, and causing the system to fail because 
processes cannot fork. Briefly, the dwhttp print function builds Postscript files in 
/tmp and downloads them to the user's browser. It deletes Postscript files after 
they are successfully sent to the browser. It fails to delete postcript files if the 
requesting TCP connection is broken before files are completely built and sent to 
the browser. Undeleted files can be large, and they are more likely to be large 
than small. First, some printed documents are in excess of 50mb. Second, users 
often abort print requests for large documents because the requests require a 
long time to fulfill and users believe that their requests have failed. Users often 
try again. Relatively few large requests are necessary to fill a reasonably sized 
/tmp directory. When /tmp fills Solaris fails because /tmp is used for swap. 
If/when /tmp fills, swap space eventually also fills preventing additional 
procesees from being swapped. Eventually system memory will fill causing 
a failure of process spawning alltogether.
Link: http://www.net-security.org/text/bugs/974250893,61218,.shtml


MORE PROBLEMS FOR PHP-NUKE
Recentely the "fixed" version of the user.php script was released. The 
vulnerability was reported in the article which can be read in 
http://www.phpnuke.org/article.php?sid=251.
This new version though still allows any registered user to alter the password 
and other personal details of other registered users.
Link: http://www.net-security.org/text/bugs/974250908,80619,.shtml


VULNERABILITY IN DCFORUM CGI SCRIPT
Any file can be read with the permissions of user nobody (or webserver) Posible 
root comprimise in /dcforum/dcboard.cgi script.Command execution is not allowed. 
(Read Only) This has only been tested on unix and linux versions and is unknown 
if windows versions are effected. 
Link: http://www.net-security.org/text/bugs/974338238,4697,.shtml


TRUSTIX - BIND AND OPENSSH UPDATES
Trustix has created updated packages for Trustix Secure Linux 1.0x and 1.1 that 
fixes one security problem and one DOS attack: openssh, openssh-clients, 
openssh-server: The openssh client does not enforce the "ForwardX11 no", and 
"ForwardAgent no" configuration options, so that a malicious server could force 
a client to forward these even if they are turned off.
Link: http://www.net-security.org/text/bugs/974338263,38259,.shtml


NETOPIA ISDN ROUTER 650-ST ISSUE
The logs of the router can be viewed from the telnet login screen by pressing a 
certain key combination. To access the WAN event log type Ctrl-F at the login 
screen. To access the device event log type Ctrl-E at the login screen Access 
to these logs may allow access to sensitive information such as usernames or 
passwords to an arbitary internet user.
Link: http://www.net-security.org/text/bugs/974465255,239,.shtml


NETSNAP WEBCAM SOFTWARE REMOTE OVERFLOW
There's a problem in the handling of GET requests by named server. An 
unchecked buffer here can be overflowed by a string of approximately 
342 bytes, effectively crashing the server and allowing the execution 
of arbitrary code.
Link: http://www.net-security.org/text/bugs/974465278,55718,.shtml


JOE'S OWN EDITOR FILE LINK VULNERABILITY
If a joe session with an unsaved file terminates abnormally, joe creates a rescue 
copy of the file being edited called DEADJOE. The creation of this rescue copy 
is made without checking if the file is a link. If it is a link, joe will append the 
information in the unsaved file to the file that is being linked to DEADJOE, 
resulting in a corrupted file. 
Link: http://www.net-security.org/text/bugs/974465302,15109,.shtml


RED HAT - FIXIED LOCAL ROOT EXPLOIT BUG
modutils, a package that helps the kernel automatically load kernel modules 
(device drivers etc.) when they're needed, could be abused to execute code 
as root. modutils versions between 2.3.0 and 2.3.20 are affected.
Link: http://www.net-security.org/text/bugs/974465337,62610,.shtml


STILL A CGI-SECURITY HOLE IN DNSTOOLS
"following the notice about Version 1.08 of Dnstools I looked into the new 
version (1.10) that is currently downloadable on dnstools.com. It still contains 
a sedurity bug by not parsing input-values."
Link: http://www.net-security.org/text/bugs/974465354,28429,.shtml


"EXCHANGE USER ACCOUNT" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability in 
Microsoft Exchange 2000 Server and Exchange 2000 Enterprise Server. This 
vulnerability could potentially allow an unauthorized user to remotely login 
to an Exchange 2000 server and possibly other servers on the affected 
computer's network.
Link: http://www.net-security.org/text/bugs/974465386,87359,.shtml


REALSERVER MEMORY CONTENTS DISCLOSURE
A memory contents disclosure vulnerability was found on RealNetworks 
RealServer which will give out information about the server configuration, 
runtime memory data and tokens and authentication credentials. This 
information allows an external attacker to possibly obtain administrative 
access to the server or to data belonging to other user sessions.
Link: http://www.net-security.org/text/bugs/974465400,56046,.shtml


ANALOGX PROXY SERVER VULNERABILITY
The Problem lies when FTP Service is ON and Logging is enabled or disabled, or 
SMTP Service is ON and Logging is enabled or disabled, POP3 Service is ON and 
logging is enabled. When the Attacker Sends a Multiple Abnormal Strings to a 
certain affected service it causes the whole Proxy to Shutd0wn. the proxy 
needs to re-start again to perform normal operation.
Link: http://www.net-security.org/text/bugs/974465418,74337,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

SYBARI - NEW WORM VIRUS NAVIDAD.EXE - [12.11.2000]

"The viral part of the e-mail is an attachment called: NAVIDAD.EXE. If executed, 
it displays a dialog box containing the text "UI" It will then try to use senders' 
addresses from new emails to email itself to others. The worm copies itself into 
the Windows and Windows system directories with the filenames WINSVRC.VXD 
and WINSVRC.EXE and makes changes to the registry so that it executes on boot."

Press release:
< http://www.net-security.org/text/press/974035838,46210,.shtml >

----------------------------------------------------------------------------

DEVATES ON IP PROTECTION AT WEBNOIZE 2000 - [12.11.2000]

Can any digital media truly be secured against piracy? No. It quite simply can't 
be done. Yet developers of digital rights management systems say that their 
solutions aren't designed to eliminate piracy, only to keep already honest 
consumers honest. Still, debates exist relevant even to that seemingly 
modest proposal.

Press release:
< http://www.net-security.org/text/press/974035896,68022,.shtml >

----------------------------------------------------------------------------

INSIDER ABUSE OF INFORMATION - BIGGEST SECURITY THREAT - [12.11.2000]

Company insiders intentionally or accidentally misusing information pose the 
biggest information security threat to today's Internet-centric businesses, 
said Jack Strauss, president and CEO of SafeCorp, a professional information 
security consultancy headquartered in Dayton, Ohio. 

Press release:
< http://www.net-security.org/text/press/974036126,43054,.shtml >

----------------------------------------------------------------------------

VYNAMIC CLOSES $ 1.2 M FINANCING - [15.11.2000]

Vynamic, the Portsmouth, NH based e-Learning security firm, announced the 
close of a $ 1.2 M seed round of financing from individual investors. Vynamic is 
an Internet infrastructure company providing security solutions expressly 
designed to support the needs of the e-Learning marketplace. Vynamic utilizes 
a proprietary, secure student ID technology, which ensures that students are 
authenticated and all online learning transactions are encrypted and protected. 

Press release:
< http://www.net-security.org/text/press/974249672,45444,.shtml >

----------------------------------------------------------------------------

INFOEXPRESS UNVEILS CYBERGATEKEEPER - [15.11.2000]

In response to increasing security threats resulting from explosive growth in the 
number of remote users of corporate networks via the Internet, InfoExpress, Inc. 
has unveiled "CyberGatekeeper", a remote access firewall solution that dynamically 
enforces the security policies of a corporate network.

Press release:
< http://www.net-security.org/text/press/974249896,20488,.shtml >

----------------------------------------------------------------------------

STRONGEST ROOT-KEY PROTECTION AVAILABLE - [15.11.2000]

E-business security pioneer Cylink Corporation announced the integration of 
Chrysalis-ITS' Luna CA, the most widely deployed root-key management device 
in the public key infrastructure market, with Cylink's NetAuthority PKI software 
to provide the strongest root-key protection available.

Press release:
< http://www.net-security.org/text/press/974291057,32468,.shtml >

----------------------------------------------------------------------------

SOPHOS DOWNGRADES NAVIDAD AND HYBRIS - [16.11.2000]

Sophos Anti-Virus, one of the world's leading developers of anti-virus solutions, 
called for calm regarding two new viruses, Navidad and Hybris and urged 
computer users to follow safe computing guidelines. The move followed media 
interest and a decision by the US Army to rate Hybris as 'high risk'. 

Press release:
< http://www.net-security.org/text/press/974337447,59776,.shtml >

----------------------------------------------------------------------------

NETWORK-1 NAMES MARK TO BOARD OF DIRECTORS - [16.11.2000]

Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention 
solutions for e-Business networks, today announced that Jonathan I. Mark has 
been named to its Board of Directors. 

Press release:
< http://www.net-security.org/text/press/974337609,20138,.shtml >

----------------------------------------------------------------------------

ZKS'S DR. STEFAN BRANDS RELEASES A BOOK - [16.11.2000]

Dr. Stefan Brands, a renowned senior cryptographer at leading privacy company 
Zero-Knowledge Systems and adjunct professor at McGill University's School of 
Computer Science, unveils new privacy-enhancing techniques in his book 
"Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy," 
published by MIT Press.

Press release:
< http://www.net-security.org/text/press/974337742,17621,.shtml >

----------------------------------------------------------------------------

NETSTORE SELECTS TREND MICRO FOR AV PROTECTION - [16.11.2000]

Trend Micro Inc., a leading provider of enterprise antivirus and content security, 
announced that it has entered into an agreement with NetStore, Europe's leading 
ASP, to provide its customers with protection from email-borne viruses using 
ScanMail for Microsoft Exchange 2000 v5.0, a solution specially designed for the 
Microsoft Exchange 2000 platform.

Press release:
< http://www.net-security.org/text/press/974384956,21064,.shtml >

----------------------------------------------------------------------------

SONICWALL ACQUIRES PHOBOS CORP. - [16.11.2000]

SonicWALL, the leading supplier of Internet access security and security 
services to small and medium business, today announced that it has 
completed its acquisition of Phobos Corporation, a manufacturer of 
Internet transaction security technology.

Press release:
< http://www.net-security.org/text/press/974385053,64093,.shtml >

----------------------------------------------------------------------------

ENETSECURE SELECTS BLUE WAVE SYSTEMS - [16.11.2000]

Blue Wave Systems Inc. has announced that eNetSecure Inc., a leading 
provider of scalable network security solutions and a subsidiary of Applied 
Signal Technology, Inc., is using its ComStruct building blocks for 
communications processing in its new telecommunications security system.

Press release:
< http://www.net-security.org/text/press/974385135,11778,.shtml >

----------------------------------------------------------------------------

PROVIDING SECURE DIGITAL IDENTITIES - [16.11.2000]

Equifax Inc., a worldwide leader in information management and e-commerce 
solutions, and Arcot Systems, Inc., the leading provider of secure digital 
identities, announced that they have established a strategic partnership to 
provide end-to-end digital authentication for validation and protection of all 
e-business transactions. With combined capabilities, Equifax and Arcot will 
address new customer needs and application requirements.

Press release:
< http://www.net-security.org/text/press/974385239,37512,.shtml >

----------------------------------------------------------------------------

OPERATOR SECURITY SYSTEM FOR LABVIEW - [15.11.2000]

Engineers and scientists who develop mission-critical LabVIEW applications can 
now take advantage of the Operator Security System (OSS) released by 
e-NoteBooks. The LabVIEW OSS is a fully integrated user password/security 
management system. Its main features include programmable operator security 
levels; an encrypted user/passwords database; a security time-out function 
that reverts the system back to a "safe" (low security clearance) state after 
a preprogrammed time interval; a configuration set-up wizard to step end-users 
through security system configuration; complete online configuration and 
updating; automatic operator log file generation; networking capabilities for 
distributed HMI configurations, and more.

Press release:
< http://www.net-security.org/text/press/974464286,89716,.shtml >

----------------------------------------------------------------------------




Featured articles
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

Below is the list of the recently added articles.

----------------------------------------------------------------------------

A GUIDE TO SYSTEM V INIT by Aleksandar Stancin aka D'Pressed

After you have exorcised all of the daemons that were haunting your system, 
you might be interested in all of the boring processes that occur when booting 
your linux. It might seem a bit mystical right now, but it's all quite simple. 

Read more:
< http://www.net-security.org/text/articles/init.shtml >

----------------------------------------------------------------------------

PARANOIA VS. TRANSPARENCY AND THEIR EFFECTS ON INTERNET SECURITY by Mixter 

Lately, reactions to non-intrusive probes and network activity that is merely 
unexpected are becoming increasingly hostile; a result from increasing amounts 
of incidents and security threats. From my perspective of security, overreactions 
to activities not crossing authorization and legal boundaries, are leading to a 
scenario where anyone acquiring basic information about a system needs to be 
afraid about potential consequences. Seen under a wide scope, this leads to 
network security no longer being transparent. 

Read more:
< http://www.net-security.org/text/articles/effects.shtml >

----------------------------------------------------------------------------

ONLINE BANK SECURITY: COVER YOUR ASSETS! by Randy M. Nash

Why are there so many concerns about online banking? Where is the breakdown 
in security? Even brick and mortar banks have internal networks that must be 
secured. It's my understanding that these are very well secured indeed. What 
happens when these security-conscious organizations move their presence to 
the Internet?

Read more:
< http://www.net-security.org/text/articles/cover.shtml >

----------------------------------------------------------------------------

HYBRIS: THE STORY CONTINUES

Kaspersky Lab, warns users of the discovery of Hybris, a new Internet-worm. 
Kaspersky Lab has been receiving reports of the discovery of this virus "in the 
wild" worldwide, being particularly active in Latin America although infections 
by this virus have also been found in Europe. 

Read more:
< http://www.net-security.org/text/articles/viruses/hybris.shtml >

----------------------------------------------------------------------------

EXTRAORDINARY SIMULTANEOUS ACTIVITY OF SEVERAL DANGEROUS
INTERNET-WORMS HAS BEEN DETECTED

Kaspersky Lab, an international data-security software-development company, 
warns users of the notable activity of several dangerous Internet-worms 
occurring at this time.

Read more:
< http://www.net-security.org/text/articles/viruses/time.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

IN THE TRENCHES: INSTALLING AND ADMINISTERING LINUX

Installing and Administering Linux helps network professionals bridge the gap 
between their prior experience on Windows NT-, NetWare-, and UNIX-based 
networks and Linux. In a fast-paced, reference style, the authors focus on 
topics, concepts, and commands for readers with a working knowledge of 
networking. The Publisher's Edition of Red Hat Linux 6.2 is included on a 
CD-ROM. Additional technical information and value-added resources are 
available to readers at the publisher's Web site.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1930713002/netsecurity >

----------------------------------------------------------------------------

THE ESSENTIAL GUIDE TO NETWORKING

>From the back cover: Your complete, no-nonsense guide to networking: the 
fundamentals, without the hype! The Essential Guide to Networking is the 
complete briefing on networking and the Internet for every non-technical 
professional! In one easy-to-understand book, James Keogh explains all of 
today's hottest networking technologies - and helps you make sense of the 
fast-changing networking industry. The Essential Guide to Networking is a 
breath of fresh air: an intelligent, thorough, friendly, and up-to-date guide 
to networking for non-engineers!

Book:
< http://www.amazon.com/exec/obidos/ASIN/0130305480/netsecurity >

----------------------------------------------------------------------------

DEBUGGING WINDOWS PROGRAMS: STRATEGIES, TOOLS, 
AND TECHNIQUES FOR VISUAL C++ PROGRAMMERS

The focus is on providing practical tips for more successful debugging, but many 
of the suggestions are for tweaking the way in which you write C++ code. Early 
sections examine how to take full advantage of assert statements (whether in 
C, MFC, or custom functions), which can be used to write safer code; trace 
statements, which are used to log debug messages, are covered, too. (Chances 
are that you haven't seen all of the APIs; luckily, they're rounded up for you 
here.) There are also numerous tips about C++ style, like how to choose 
readable variable names, along with the debugging dos and don'ts of working 
with errors, exceptions, COM objects, and threads.

Book:
< http://www.amazon.com/exec/obidos/ASIN/020170238X/netsecurity >

----------------------------------------------------------------------------

CORE C++: A SOFTWARE ENGINEERING APPROACH

Aimed at the Visual C++ newcomer, Core C++: A Software Engineering
Approach provides a rich and sometimes densely packed tour of the language, 
with plenty of advice on the best ways to use this powerful programming 
language effectively. It's full to the brim with useful advice for creating and 
using classes effectively, and gaining an expert's understanding of the language. 
The writing style and presentation of C++ in this book are outstanding. The 
explanations of key C++ concepts, from basic language features to class design 
to advanced C++ whistles and bells, are by turns colloquial, garrulous, and 
almost always enjoyable and understandable. While it's not uncommon for 
today's computer book to weigh in at over 1,000 pages, the raw word count 
here is quite exceptional. You're challenged repeatedly to think for yourself, 
and the intricacies of C++ are exposed thoroughly, from language features 
that are indispensable to what to avoid in your code.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0130857297/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

SAINT JUDE LKM

Saint Jude LKM is a Linux Kernel Module for 2.2.11 and greater kernels. This 
module implements the Saint Jude model for improper privilege transitions. This 
will permit the discovery of local, and ultimately, remote root exploits during the 
exploit itself. Once discovered, Saint Jude will terminate the execution, 
preventing the root exploit from occuring. This is done without checking for 
attack signatures of known exploits, and thus should work for both known 
and unknown exploits.

Info/Download:
< http://net-security.org/various/software/973306563,75975,.shtml >

----------------------------------------------------------------------------

SACKURITY 2.0

SACKurity was made for all those people who want to leave there computer 
and know no one is messing around with is while you are gone. When the 
password is stored on the computer, it is encrypted, so it is not easily 
cracked. Ctr. + Alt. + Delete, taskbar, and other functions are disabled, so 
you cannot leave the SACKurity screen without entering the correct password.

Info/Download:
< http://net-security.org/various/software/974252964,23274,.shtml >

----------------------------------------------------------------------------

SUPER SECURE 2000 V.1.0

Super Secure 2000 is a easy program that can lock anything from the control 
panel to applications. Super secure is a windows based program that's easy, 
and fast to use. Ideal for home / office / schools. Protect your settings with a 
CSuper Secure is not like most security programs, most security programs run 
a program in the back ground that protects the computer, however, if the file 
is not loaded it will not protect. Super secure doesn't load a program in the 
background, it makes the changes to windows that you specify, then by loading 
a simple EXE, it unlocks it. Super Secure 2000 is fast, reliable, and easy.

Info/Download:
< http://net-security.org/various/software/974253942,10521,.shtml >

----------------------------------------------------------------------------

DREAMENCRYPT V.1.0

DreamEncrypt is an advanced text encryption system which uses a random 
algorithm based code to ensure your data stays secure. It is ideal for 
transferring confidential information across the internet or by e-mail. It 
encrypts your information using the random-seed generator inside your 
computer, making codes almost impossible to decypher and keeping your 
data safe.

Info/Download:
< http://net-security.org/various/software/974254357,89487,.shtml >

----------------------------------------------------------------------------

TCPSPY V.1.1

tcpspy is a linux administrator's tool that logs information about incoming and 
outgoing TCP/IP connections: local address, remote address and, probably the 
most useful feature, the user name. The current version allows you to include 
and exclude certain users from logging - this may be useful if you suspect one 
of the users on your system is up to no good but do not want to violate the 
privacy of the other users. 

Info/Download:
< http://net-security.org/various/software/974254437,44635,.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[13.11.2000] - Harvard University
Original: http://www.hbsp.harvard.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/13/www.hbsp.harvard.edu/

[13.11.2000] - Presidenza Del Consiglio Dei Ministri
Original: http://www.protezionecivile.it/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/13/www.protezionecivile.it/

[14.11.2000] - Georgia Department of Education - Office of Technology
Original: http://techservices.doe.k12.ga.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/14/techservices.doe.k12.ga.us/

[15.11.2000] - #2 National Highway Traffic Safety Administration
Original: http://www.nhtsa.dot.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/15/www.nhtsa.dot.gov/

[15.11.2000] - University of Missouri - Law Department
Original: http://www.law.umkc.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/15/www.law.umkc.edu/

[16.11.2000] - Eastern Energy Resources Team
Original: http://energy.er.usgs.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/16/energy.er.usgs.gov/

[16.11.2000] - Ministerio De Desarrollo Economico
Original: http://www.mindesa.gov.co/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/16/www.mindesa.gov.co/

[17.11.2000] - Governo do Estado de Sao Paulo
Original: http://pfeinfo.fazenda.sp.gov.br/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/17/pfeinfo.fazenda.sp.gov.br/

[17.11.2000] - Ministere de l'Economie et des Finances
Original: http://www.mfie.gov.ma/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/17/www.mfie.gov.ma/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
 
staff@net-security.org
http://net-security.org



---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org