Net-Sec Newsletter
Issue 39 - 26.11.2000
http://net-security.org
 
This is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. Visit Help 
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
 
Table of contents:
 
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Featured books
6) Security software
7) Defaced archives




General security news
---------------------
 
----------------------------------------------------------------------------

NEW ZEALAND ANTI-HACKING BILL FACES SELECT COMMITTEE
A planned amendment to New Zealand's crime bill that would outlaw malicious 
hacking for the first time - while also controversially allowing security services 
the freedom to hack into citizens' computers and intercept e-mail and faxes - 
has passed through to the Government's Law and Order Select Committee. The 
long-awaited legislation is mainly intended to criminalize computer hacking in 
New Zealand. The country has so far been without specific laws outlawing 
malicious hacking.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/11/19/news7.html


TELEWORKING CAUSES SERIOUS SECURITY THREAT
In the wake of the "hack" into Microsoft's network, security administrators have 
turned their attention to what some believe is the greatest security challenge 
facing corporations: teleworkers. Network administrator at US firm SR Equipment 
Craig LaHote is struggling with it now, and just a week ago he had a meeting 
with executives about it. "We're having a hard time controlling it. It's a real grey 
area with home computers accessing the network and the Internet," he said. 
"We really have a hard time enforcing policies there. We have a policy but no 
real way to audit [users] except basically asking them to comply."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/46/ns-19163.html


HACKERS AND THE MEDIA
"Have you ever watched the news, read the newspaper, went to your favorite 
tech site and read the news? Of course you have, and you have probably heard 
the term 'Hacker' used before. Well, let me tell you something my feeble-minded 
friend. You have been subjected to over-hyped crap that is not true."
Link: http://geeknews.net/article.php?story=20001119193710182


FILESYSTEM SECURITY - EXT2 EXTENDED ATTRIBUTES
If asked to name the top five security features of the Linux kernel, most 
administrators would probably not mention ext2 filesystem attributes. 
Although the definitions for most of the useful ext2 filesystem flags 
appeared in the kernel source at least as early as the 1.1 development 
series, this humble feature often takes a back seat to more exotic and 
recently introduced tools for preserving and assuring system integrity 
such as LIDS, Tripwire, and others.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/linux/articles/ext2attr.html


FIREWALL ACCELERATION OVER ATM
Firewalls are not new; but high-performance firewalls are. Historically, firewalls 
used software to examine every packet and then make the decision to forward 
or drop the packet. This made them slow. When administrators placed them in 
line with low-speed WAN access links, firewalls introduced no bottlenecks. But 
the trust boundary where a firewall is needed doesn't always lie at a WAN link. 
A finance department's network needs protection from disruption by other 
departments in the building.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nwfusion.com/news/tech/2000/1120tech.html


THE LATEST SECURITY FAD: PARTNERING
Security vendors, still scrambling for the right combination of software, hardware 
and services to offer the enterprise, have another new idea: When in doubt, 
partner. This week, firewall and intrusion detection maker Zone Labs Inc., of 
San Francisco, and Tokyo-based anti-virus software developer Trend Micro 
Inc. will announce a close relationship, capping a furious week of partnering 
and punctuating a year of failed security solutions.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2655640,00.html


INFOSEC, QUALITY ASSURANCE, AND EXTORTION
"...Anyway, in our conversation, the student and I started off discussing the 
issue of full disclosure of security vulnerabilities, complete with technical details 
and even exploit code. I argued that there were better ways to contribute to 
security than to make powerful exploits available even to cyberspace sociopaths 
and children. But then we shifted the discussion to people who release details 
of vulnerabilities to pressure software firms for rapid fixes to problems..."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/cover/coverstory20001120.html


BLACKHAT '00 VIDEO INTERVIEW - IAN GOLDBERG
Ian Goldberg, Chief Scientist with Zero-Knowledge System. In this interview, Ian 
Goldberg, Chief Scientist with Zero-Knowledge System, offers his perspective on 
privacy and security issues affecting us today.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/media/79


RUSSIA'S HACKERS: NOTORIOUS OR DESPERATE?
In a recent poll on a hacker-oriented Web site, 82 percent said Russia had the 
world's best hackers; only 5 percent said Americans were better. But the 
bravado is laced with frustration. Hackers are motivated as much by a lack of 
opportunity in economically struggling Russia as by criminal leanings, people 
inside and outside the hacker community say. Sergei Pokrovsky, editor of the 
magazine Khaker, said that hackers in his circle have skills that could bring 
them rich salaries in the West, but they expect to earn only about $300 a 
month working for Russian companies.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/11/20/russia.hackers.ap/index.html


'ANALYZER' DEFENDS ISRAELI SITES
The twenty-one year old Tenenbaum is serving as CTO of the security firm 
2XS. Two weeks ago, according to Tenebaum, he heard from a hacker group 
he founded in 1996, called the "Israeli Internet Underground" (IIU). The group 
asked Tenebaum if his company would provide security solutions for Israeli 
companies for free. "They claimed they are going to help all the Israeli sites 
that are under attack, or sites that there is a good reason to believe will be 
attacked," says Tenenbaum. "I liked the idea in general."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/116


IS THERE HOPE?
What is the feasibility of running national federal elections over the Internet? 
SunWorld guest writer Avi Rubin focuses on the limitations of the currently 
deployed infrastructure, with an emphasis on concerns over the security of 
voting hosts and the Internet itself.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sunworld.com/sunworldonline/swol-11-2000/swol-1103-voting.html


SIX MONTHS DOWNTIME
A former computer science student has been sentenced in the US to six months 
house arrest, two years probation and been banned from using computers for 
recreational purposes after he attacked Nasa computers last year. 29-year-old 
Ikenna Iffih, from Boston, Massachusetts, pleaded guilty to charges of defacing 
a commercial website and wilful malicious interference of communications in June.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1114257


A STAR WARS DEFENSE
Basing their strategy on a grad student's work, a new Internet security 
company has begun beta-testing its solution to Denial-of-Service attacks 
on the high-speed experimental Internet2 backbone. Asta Networks was 
formed earlier this year to develop and market the security system by Asta 
chief scientist Stefan Savage, a doctoral candidate at the University of 
Washington, and members of the school's Computer Science and Engineering 
faculty. Their approach to the Denial-of-Service problem is based on his 
doctoral thesis.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,40297,00.html


INTRODUCTION TO FIREWALLS
"In this article I cover some of the design decisions that have to be made 
before creating a firewall, from architecture to various decisions that 
should be made."
Link: http://www.linux.com/sysadmin/newsitem.phtml?sid=1&aid=11296


WINDOWS WHISTLER ADVANCED SECURITY FEATURES
Jim Ewel, Vice President of IT infrastructure and hosting for Microsoft, told 
reporters in London that the next build of Windows codenamed Whistler, will 
feature several new security options. One such feature, set to prevent the 
onslaught of viruses and other scripting problems, prevents Windows from 
executing any single application lacking a digital signature.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/sp/stories/news/0,4538,2655786,00.html


SECURING ROAMING ACCESS PORTS ON YOUR NETWORK
In this day of the mobile office, a system administrator may have to not only 
worry about all of the boxes that "live" permanently on the network, but must 
also now manage hundreds, possibly even thousands, of machines that plug in 
and out of the network randomly. The people using these roaming machines 
expect that they will have similar access on their laptops as they do on their 
desktops, an expectation that can prove to be quite problematic. Each user 
can theoretically have their own configurations of hardware and software, 
none of it necessarily having any strong links to the machines that are 
currently on your network. How then can we still keep a secure network 
amongst all of this diversity?
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/roaming20001121.html


OPENSSH INSTALLATION AND CONFIGURATION
The Internet is built with communication in mind. You will routinely move around 
the Web from one site to the other or telnet to another machine to check your 
mail or to administer that machine. The trouble with most of these protocols is 
that they are not encrypted. Over a telnet connection, your passwords are 
sent as plain-text, which can be read by anyone. Using packet sniffers, even 
an amateur hacker can spy on your connection and grab your data. Secure 
Shell was built to address these faults and provide a more secure environment 
to work in. SSH encrypts all your traffic including your passwords when you 
connect to another machine over the net. SSH also replaces telnet, ftp, rsh, 
rlogin and rexec.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.freeos.com/articles/2745/2/13/


ENCRYPTION, FREE SPEECH AND GOVERNMENT REGULATION
Encryption software has sparked regulation by the U.S. government and at 
least two important lawsuits involving the First Amendment. Exporting encryption 
products requires a thorough understanding of what's legal and what's not. This 
article explains the issues.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.gigalaw.com/articles/grossman-2000-05a-p1.html


FREEBSD 4.2-RELEASE IS NOW AVAILABLE
Following the release of FreeBSD 4.1.1 in September, 2000, many bugs were 
fixed, important security issues dealt with, and a conservative number of new 
features added. 4.2-RELEASE is now available for i386 and alpha in "FTP 
installable" form and can be installed directly over the net using the boot 
floppies or copied to a local NFS/ftp server.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/2000/November/News338.html


MOROCCO GOVT INTERNET SITE ATTACKED
A attacker broke into Morocco's Finance Ministry's Web site for the first time 
at the weekend but caused no damage, an official said on Monday. Web surfers 
or potential investors visiting the site at www.mfie.gov.ma found a message in 
bad French saying the cover page had been hacked by "NetOperat." The tainted 
page maintained a link with the ministry's original Internet site stressing the 
server was not corrupted and invited authorities to protect their system better.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/22info23.htm


DIMITRI VISITS MICROSOFT IN THE NEDERLANDS
"We saw each other last week and had a useful conversation," Michiel Gosens, 
a spokesperson for Microsoft in the Netherlands said, after 19-year-old IT 
student with handle 'Dimitri', visited Microsoft's Dutch office. If you don't 
remember, Dimitri penetrated and defaced one of the Microsoft's servers 
for two times in past few weeks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/11/21/001121hnsecret.xml


WORM BLOCKS ANTI-VIRUS SITES
The software virus known as W95/MTX now can block users from going to 
certain anti-virus software vendor Web sites, thus preventing access to 
updates. Command Software Systems, a security provider, said the virus 
was spreading quickly. W95/MTX is a virus, worm, backdoor access Trojan 
that arrives through e-mail as an attachment, and has a variety of decoy 
file names. Once launched, it can wipe out files and be difficult to remove.
Link: http://www.telekomnet.com/xml_news/story.asp?id=xml_news_data/11-22-00_worm_antivirussites.xml


WORKERS OPEN BACK DOORS FOR ATTACKERS
Employees are the biggest threat to network security - and they don't even 
know it. Unauthorised equipment attached to a company network can, 
according to Robin Dahlberg, UK MD of Internet Security Systems, 
compromise the best efforts of a network manager to secure the 
system by creating a "backdoor" into the network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/14910.html


CONTROLLING AND MONITORING COMMUNICATIONS
Aaron Sullivan's popular series "The Crux of NT Security" continues with a look 
at secure network design and implementation - Where should the Exchange 
server go? The database server? The firewall?? What protocols should be 
permitted, and where?
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/microsoft/nt/crux3.html


BIG BUSINESSES STILL IGNORE VIRUS ALERTS
British businesses are still failing to grasp the importance of internet security 
and network availability according to research released this morning. Despite 
a raft of scare stories in recent months, more than 70 per cent of respondents 
believe employees aren't aware of security threats and 40 per cent felt end 
users remain the most dangerous part of the network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.silicon.com/a41036


SHROPSHIRE RALLIES AGAINST ATTACKER
The Virtual Shropshire website is tightening security after it was invaded by the 
attacker who rubbished the county online, describing it as a "series of decaying 
and festering market towns". The website's description of the county as a rural 
idyll that welcomed visitors from all over the world was changed by the attacker 
to a "land of boringly verdant landscapes which have inspired unsuccessful 
writers and artists for centuries".
Link: http://www.thisislondon.com/dynamic/news/story.html?in_review_id=337726&in_review_text_id=280865


MORE ON CARNIVORE
House Republican leader Dick Armey added his voice Wednesday to those 
accusing an outside review panel of whitewashing a controversial FBI cyber 
surveillance tool. "The Department of Justice stacked the deck for this report," 
said Armey, a Texas Republican known as a champion of smaller, less intrusive 
government. "It selected reviewers and set the rules in order to ensure they 
would get the best possible review."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,40342,00.html


YAHOO! VOWS TO STOP PEDOPHILES
In an exclusive interview with ZDNet News U.K., Martina King, U.K. managing 
director of Yahoo!, confirmed that the company is about to employ a Yahoo! 
"inspector" charged with ensuring that Yahoo!’s Messenger system is not 
polluted with pedophile content.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/493473.asp


U.S. ARMY KICK-STARTS CYBERWAR MACHINE
The U.S. military has a new mission: Be ready to launch a cyberattack against 
potential adversaries, some of whom are stockpiling cyberweapons. Such an 
attack would likely involve launching massive distributed denial-of-service 
assaults, unleashing crippling computer viruses or Trojans, and jamming the 
enemy's computer systems through electronic radio-frequency interference. 
An order from the National Command Authority - backed by President Clinton 
and Secretary of Defense William Cohen - recently instructed the military to 
gear up to wage cyberwar. The ability of the U.S. to conduct such warfare 
"doesn't exist today," according to a top Army official speaking at a 
conference in Arlington, Va., last week.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/11/22/cyberwar.machine.idg/index.html


TOP 50 SECURITY TOOLS
"I was so impressed by the list they created that I am putting the top 50 up 
here where everyone can benefit from them. I think anyone in the security field 
would be well advisted to go over the list and investigate any tools they are 
unfamiliar with. I also plan to point newbies to this page whenever they write 
me saying "I do not know where to start". Respondants were allowed to list 
open source or commercial tools on any platform. Commercial tools are noted 
as such in the list below."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.insecure.org/tools.html


SNAPSHIELD INTROS ENCRYPTED PHONE CALL SERVICE
Snapshield, formerly known as Microlink, an Israeli company, has developed a 
phone encryption technology that it says is almost unbreakable. The firm has 
teamed with Bezeq, the Israeli telecommunications carrier, to offer the service 
to end users. Bezeq is running its system on a Snapshield secure network 
access platform, an IT security system that encrypts voice and fax 
communications.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/11/23/news6.html


BAWP WEB SITE DEFACED
The Register reports that The British Association of Web Professionals Web site 
(www.bawp.co.uk) has been defaced by a character known as Evil Angelica.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/14983.html


THREE ARRESTED IN JAPAN
A team of investigators from five prefectural police forces in Japan arrested 
three people Thursday on suspicion of illegally accessing computer networks 
(using others' passwords).
Link: http://www.japantimes.co.jp/cgi-bin/getarticle.pl5?nn20001124a9.htm


MORE REGARDING THE MIDDLE EAST CONFLICT
As tensions in the Middle East continue to simmer, more than a hundred Web 
sites have been defaced or shut down by pro-Palestinian and pro-Israeli 
attackers, often with the assistance of activists from several countries not 
actively involved in the conflict, according to security experts. Ben Venzke, 
director of intelligence production at iDefense, a Web security firm that has 
been monitoring the Middle East conflict as it plays out online, said attackers 
from as far away as South America to the U.S. are expanding the conflict by 
contributing their skills to whichever side has their sympathies.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/11/25/news1.html

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

RED HAT - NEW NETSCAPE PACKAGES
A buffer overflow exists in Netscape's HTML parsing code. By using specially 
designed code, a remote website could cause arbitrary code to be run on 
the local machine.
Link: http://www.net-security.org/text/bugs/974730975,56143,.shtml


REMOTE DOS IN SMARTSERVER 3
There are remote DoS vulnerabilities in both the SMTP and POP components 
of the SmartServer3 email server. By passing large arguments to commands 
in both components, the services can be caused to fail.
Link: http://www.net-security.org/text/bugs/974730989,79739,.shtml


DECRYPTING PASSWORDS FOR SMARTSERVER 3
SmartServer3 (SS3) is a small business email server from NetCPlus. It installs by 
default in C:\Program Files\smartserver3\ . In this folder it stores a configuration 
file called 'dialsrv.ini' . This file is accessible to all authenticated users 
(authenticated to Windows) and contains entries for every user which 
include their weakly encrypted password.
Link: http://www.net-security.org/text/bugs/974731010,81908,.shtml


WINVNC 3.3.X VULNERABILITY
During the InstallShield setup utility, it creates the registry key:
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\
which is used to store all of WinVNC's default settings. By default, Administrator 
and SYSTEM have full control, and Everybody has Special Access (read and 
modify). The connection password, ip and query restrictions and other settings 
are all stored here, all editable by anybody.
Link: http://www.net-security.org/text/bugs/974731046,16257,.shtml


ANOTHER IE 5.X/OUTLOOK VULNERABILITY
There is a security vulnerability in IE 5.5/Outlook/Outlook Express which allows 
executing arbitratrary programs using .chm files and revealing the location of 
temporary internet files folder. This may lead to taking full control over user's 
computer. 
Link: http://www.net-security.org/text/bugs/974764463,85116,.shtml


CGIFORUM 1.0 VULNERABILITY
CGIForum is a free forum. We can set 'thesection' parameter to view files on 
the vulnerable system with privileges of the user "nobody". This is caused from 
OutputHTMLFile function in cgiforum.pl script where $section (= $thesection ) 
isn't checked (never besides in this script).
Link: http://www.net-security.org/text/bugs/974764481,65837,.shtml


"SESSION ID COOKIE MARKING" VULNERABILITY
On October 23, 2000, Microsoft released the original version of this bulletin, to 
discuss the availability of a patch that eliminates a security vulnerability in 
Microsoft Internet Information Server. The vulnerability could allow a malicious 
user to "hijack" another user's secure web session, under a very restricted set 
of circumstances. On November 20, 2000, we re-released the bulletin to advise 
customers using IIS 4.0 on Alpha platforms, or IIS 5.0 on x86 platforms, that 
new versions of these patch are available, to correct an error in the original 
version of the patch. The x86 IIS 4.0 patch was not affected by the error, 
and customers using these systems do not need to take any action.
Link: http://www.net-security.org/text/bugs/974813634,97052,.shtml


SECURITY PROBLEM IN ADCYCLE INSTALLATION
Adcycle is a banner management system which is written in Perl and uses 
MySQL for data storage. Installation is done by editing AdConfig.pm, creating a 
Mysql user/password/database and then running the build.cgi script. That script 
checks if the database connection is working (showing the username/password 
it reads from AdConfig.pm) and creating the tables within the database. The 
'exploit' is quite simple: when the build.cgi remains executable for your httpd 
process after the installation, every internet user can view the output of it, 
including your manager password and database password. Attackers can delete, 
change and add banner campaigns. Another big problem is when build.cgi is 
called from a webbrowser, the AdCycle tables are dropped so all banner 
campaigns are lost. 
Link: http://www.net-security.org/text/bugs/974813650,52259,.shtml


DISCLOSURE OF JSP SOURCE CODE
Under a particular configuration, ServletExec AS v3.0C will disclose the source 
code of JSP pages when some special characters are appended to HTTP requests. 
Link: http://www.net-security.org/text/bugs/974858485,9354,.shtml


LINUX MANDRAKE - PINE UPDATE
By adding specific headers to messages, the pine mail reader could be made 
to exit with an error message when users attempted to manipulate mail folders 
containing those messages.
Link: http://www.net-security.org/text/bugs/974858502,41213,.shtml


QUICKSTORE SHOPPING CART VULNERABILITY
In a few versions of QuikStore's Shopping Cart it is posible to read any world 
readable file on the server. One such example is that someone could easily get 
your password file if it is unshadowed. Also, it's possible, after the passwords 
have been cracked, to steal credit card information(Yes it does use pgp but 
some admins may keep the key on the same system. Yes its very likely it 
could happen.) ,or client personal information.
Link: http://www.net-security.org/text/bugs/974858522,49182,.shtml


LINUX MANDRAKE - JOE UPDATE
When exiting joe in a non-standard way (such as a system crash, closing an 
xterm, or a network connection going down), joe will unconditionally append 
its open buffers to the file DEADJOE. This can be exploited by the creation 
of DEADJOE symlinks in directories where root would normally use joe. In this 
way, joe could be used to append garbage to potentially sensitive files, 
resulting in a denial of service or other problems.
Link: http://www.net-security.org/text/bugs/974858537,65453,.shtml


INPERSON VULNERABILITIES
InPerson is a multimedia desktop conferencing tool for IRIX workstations. There 
have been several reports of vulnerabilities in InPerson which allow users with 
local accounts on IRIX workstations to obtain root access. SGI has investigated 
the issue and recommends the following steps for neutralizing the exposure. It 
is HIGHLY RECOMMENDED that these measures be implemented on ALL 
vulnerable SGI systems.
Link: http://www.net-security.org/text/bugs/974858551,11592,.shtml


BROKER FTP VULNERABILITY
Broker FTP is vulnerable to two very dangerous attack. First one allows 
attacker to browse servers whole disk while second one allows attacker to 
fetch passwords and account information easily.
Link: http://www.net-security.org/text/bugs/975035606,70513,.shtml


UPDATED OPENSSH FOR RED HAT LINUX 7.0
An OpenSSH client will do agent or X11 forwarding at the request of a server, 
even if the user has not requested that it be done. A malicious server can 
exploit this vulnerability to gain access to the user's display.
Link: http://www.net-security.org/text/bugs/975035631,86990,.shtml


DEBIAN LINUX - NEW VERSION OF JOE RELEASED
When joe (Joe's Own Editor) dies due to a signal instead of a normal exit it 
saves a list of the files it is editing to a file called `DEADJOE' in its current 
directory. Unfortunately this wasn't done safely which made joe vulnerable 
to a symlink attack. This has been fixed in version 2.8-15.1
Link: http://www.net-security.org/text/bugs/975035645,47327,.shtml


UPDATE: MICROSOFT SECURITY BULLETIN #86
On November 06, 2000, Microsoft released the original version of this bulletin, 
announcing the availability of a patch that eliminates a security vulnerability 
in Microsoft IIS 5.0. On November 10, 2000, we updated the bulletin to clarify 
the scope of the issue. On November 21, 2000, we updated it again, to discuss 
two newly-discovered variants of the original vulnerability. The new variants 
don't change the effect of exploiting the vulnerability. However, they do affect 
a larger number of products. The original variant affected IIS 5.0 in all cases, 
but only affected IIS 4.0 when a service pack prior to Windows NT 4.0 Service 
Pack 6a was in use. The new variants affect both IIS 4.0 and IIS 5.0 regardless 
of the service pack is in use. Microsoft recommends that all affected customers 
apply the new versions of the patches.
Link: http://www.net-security.org/text/bugs/975035667,76284,.shtml


"DOMAIN ACCOUNT LOCKOUT" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability in 
Microsoft Windows 2000. The vulnerability could allow a malicious user to use 
repeated attempts to guess an account password even if the domain 
administrator had set an account lockout policy.
Link: http://www.net-security.org/text/bugs/975035697,89168,.shtml


DOS POSSIBILITY IN SYSLOG-NG
When syslog-ng parses log messages a variable named "left" is used to store 
the remaining length of the log message. The priority part in the message 
should look like this:
< 6>
When the line ends without the closing '>' this "left" variable becomes -1 
due a to a bug. The remaining part of the message parsing routine checks if 
there's any characters left using the condition: left != 0, since -1 is not 0, 
this condition evaluates to true.
Link: http://www.net-security.org/text/bugs/975035728,81790,.shtml


602PRO LAN SUITE WEB ADMIN OVERFLOW
The remote administration component (webprox.dll) of this application is subject 
to a buffer overflow attack through a lengthy GET command. If this request 
contains 1059 bytes or more it will overflow a buffer and allow the execution 
of arbitrary code.
Link: http://www.net-security.org/text/bugs/975035749,3698,.shtml


PHORUM PHP MESSAGE BOARD VULNERABILITY
Any user can parse a choosed php script file using the Phorum sustem. It is 
also possible, under certain circunstances, to execute arbitrary commands 
on the server as the httpd user. This is fixed in version 3.2.7 that was 
released on 2000-11-22.
Link: http://www.net-security.org/text/bugs/975035768,82550,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

SMARTCARD SECURITY FOR E-BUSINESS - [20.11.2000]

Cylink Corporation announced that it will offer Veridicom's fingerprint-based 
smartcard reader with Cylink's PrivateCard under a reseller's agreement that 
will allow the e-business security pioneer to deliver a new class of secure 
martcards protected with fingerprint authentication for secure desktop and 
laptop e-business transactions.

Press release:
< http://www.net-security.org/text/press/974731559,96730,.shtml >

----------------------------------------------------------------------------

SECURE BLUETOOTH-BASED FINANCIAL SERVICES - [21.11.2000]

Rainbow Technologies, Inc., a leading provider of high-performance security 
solutions for the Internet and eCommerce, today announced an agreement to 
partner with Consumer Direct Link, Inc. (CDL) and Acer, Inc., to jointly develop 
secure Bluetooth-based solutions for the financial services and retail markets. 
Under terms of the agreement, the companies will develop BluePoint and 
BlueZone Access Controllers with Rainbow's Virtual Private Network (VPN) 
encryption technology.

Press release:
< http://www.net-security.org/text/press/974763478,86814,.shtml >

----------------------------------------------------------------------------

MCAFEE PLAYS WITH HOLIDAY HYPE - [21.11.2000]

McAfee Consumer Products Division, a business unit of Network Associates, will 
again provide consumers with extensive online protection this holiday season 
with the strong privacy and security technology found in Internet Guard Dog 
and Internet Guard Dog Pro software. These comprehensive suites offer strong, 
customizable, privacy controls and security features such as personal firewall 
technology and encryption, to safeguard consumers' sensitive information while 
they shop online for holiday gifts. A recent survey by Jupiter Media Metrix 
reports 35 million people in the United States will purchase gifts online this 
holiday season, compared with 20 million who shopped online last year.

Press release:
< http://www.net-security.org/text/press/974814019,13449,.shtml >

----------------------------------------------------------------------------

SECURE STUDENT-TO-GOVERNMENT TRANSACTIONS - [21.11.2000]

VeriSign, Inc., the leading provider of Internet trust services, announced that it 
will provide Public Key Infrastructure (PKI) consulting and application integration 
support for a number of Federal Agencies to enable students to use digital 
certificates to secure online transactions with the Agencies. These Federal 
Agencies, including the Department of Education, Department of Labor, 
Department of Veterans Affairs and the United States Postal Service are 
collaborating to offer students a single online interface to a multitude of 
Federal programs, such as student financial aid applications.

Press release:
< http://www.net-security.org/text/press/974814103,24903,.shtml >

----------------------------------------------------------------------------

DYNAMIC INTERNET SECURITY MARKETPLACE - [22.11.2000]

In an effort to maximize shareholder value and capitalize on the growth 
and profit potential of the Internet security software business, Inforum 
Communications, Inc. announces a shift in business strategy that will allow 
the Company to focus solely on the continued development of its Internet 
security software subsidiary, 2Cactus Development, Inc.

Press release:
< http://www.net-security.org/text/press/974858708,65409,.shtml >

----------------------------------------------------------------------------

ENTRUST ESTABLISHES PRESENCE IN SINGAPORE - [22.11.2000]

Entrust Technologies Inc., a global leader in solutions that bring trust to 
e-business, announced plans to establish a local presence in Singapore to 
better serve and support customers in the South East Asian markets. 
Recognizing the importance of the region as a hub of e-commerce growth, 
Entrust plans to directly invest in Singapore to create an infrastructure to 
expand business throughout South East Asia.

Press release:
< http://www.net-security.org/text/press/974858767,8054,.shtml >

----------------------------------------------------------------------------

ALADDIN RELEASES HASP CD9 WITH LINUX SUPPORT - [22.11.2000]

Aladdin Knowledge Systems, a global leader in the field of Internet content and 
software security, announced the release of HASP CD9, the latest software for 
the HASP4 hardware-based software protection system that offers high-level 
security for Linux developers, as well as new ease-of-use features.

Press release:
< http://www.net-security.org/text/press/974858982,86834,.shtml >

----------------------------------------------------------------------------

PARTNERSHIP TO SECURE BUSINESS WEBS - [22.11.2000]

Bowstreet, a leading provider of business web automation solutions for plug-
and-play e-commerce, and Netegrity Inc., the leading provider of e-commerce 
infrastructure solutions for secure portal management, joined forces to bring 
enhanced security to "business webs." Business webs are emerging e-business 
networks that connect partner companies to lower transaction costs, generate 
new revenue, enable collaboration on new products and services, and deliver 
new value to customers.

Press release:
< http://www.net-security.org/text/press/974859095,77195,.shtml >

----------------------------------------------------------------------------

ZONE LABS AND TREND MICRO PARTNER - [24.11.2000]

Zone Labs Inc., developers of the award-winning security products ZoneAlarm 
and ZoneAlarm Pro, and Trend Micro, a leading provider of enterprise antivirus 
and content security products, announced a far-reaching strategic partnership 
that allows Trend Micro to incorporate Zone Labs' patented technology in the 
next generation of Trend Micro's best-of-breed antivirus products. In addition, 
the agreement opens new co-marketing and distribution channels for each 
company.

Press release:
< http://www.net-security.org/text/press/975083837,5240,.shtml >

----------------------------------------------------------------------------

WEBTRENDS SECURITY ANALYZER AWARDED - [24.11.2000]

WebTrends Corporation, the leading provider of Enterprise Solutions for 
eBusiness Intelligence and Visitor Relationship Management, announced that 
WebTrends Security Analyzer was awarded Editors' Choice in PC Magazine's 
November 16 roundup of security scanners.

Press release:
< http://www.net-security.org/text/press/975083917,88772,.shtml >

----------------------------------------------------------------------------

SONICWALL APPLIANCE AWARDED - [24.11.2000]

SonicWALL, Inc., the market leader in Internet security solutions announced 
that its ipXpress load-balancing appliance has received the "Best of The Tests" 
award for Web Acceleration Tools from Network World magazine. The ipXpress 
was originally a product of Phobos Corporation, a manufacturer of secure 
transaction processing and load balancing products, which was recently 
acquired by SonicWALL.

Press release:
< http://www.net-security.org/text/press/975083972,90488,.shtml >

----------------------------------------------------------------------------




Featured articles
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

Below is the list of the recently added articles.

----------------------------------------------------------------------------

GUIDE TO KERNEL COMPILATION WITH SHORT REFERENCE TO THE NEW 
'IPTABLES' FIREWALLING by Aleksandar Stancin aka D'Pressed 

In the following article I'll discuss, in brief, compiling of a new kernel, or an old 
one, which ever pleases you most, on a example of the upcoming kernel 2.4.0, 
by using the 2.4.0-test9 version, and some references on new and improved 
firewalling implemented in it, called iptable.

Read more:
< http://www.net-security.org/text/articles/compilation.shtml >

----------------------------------------------------------------------------

ENABLING A NEW PGP KEY by M. E. Kabay

You will recall that PGP generates two keys at a time (a keypair) that are 
complementary: what one key encrypts, the other decrypts - and vice versa. 
One of the keys is made public; the other is kept secret by its user. This 
asymmetric encryption algorithm makes possible the public-key crypto-system, 
and that is very useful indeed.

Read more:
< http://www.net-security.org/text/articles/nwf/pgp.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

SUSE LINUX AND NETFINITY SERVER INTEGRATION GUIDE (REDBOOKS)

>From the Back Cover: Here's all the information you need to maximize SuSE Linux 
performance and reliability on IBM's state-of-the-art Netfinity server platforms. 
In this book, a team of IBM's top Linux experts presents start-to-finish, Netfinity 
server-specific coverage of SuSE Linux 6.2/6.3 deployment and system 
administration throughout the entire system lifecycle! You'll get running fast 
with IBM's expert step-by-step preparation and installation techniques: review 
updating your BIOS and firmware; making the CD-ROM bootable, preparing SCSI 
devices, partitioning, configuration, XWindows setup, deploying IBM ServeRAID 
in SuSE Linux environments, and much more. Next, you'll master all the key 
techniques of day-to-day SuSE Linux system administration, including backup 
and recovery, Internet and email connectivity, DNS/DHCP name services, and 
using SuSE Linux with Samba as a world-class file/print server for Windows 
workstations. IBM-tested, proven, and crystal clear, this is the one essential 
book for everyone running SuSE Linux on Netfinity servers.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0130286753/netsecurity >

----------------------------------------------------------------------------

VISUAL BASIC SHELL PROGRAMMING

Windows users take advantage of shell extensions on the desktop every single 
day, but understanding what they are and how to program with them can be 
tricky and, until now anyway, usually required the use of Visual C++. Filled with 
expert knowledge of the underlying Windows shell COM objects, Visual Basic 
Shell Programming is all that you need to write shell-enabled applications that 
look more professional, as well as rival the functionality of programs that are 
written in C++. First and foremost, this efficiently packaged text is a reference 
to all of the COM objects and APIs that are needed to program with the 
Windows shell successfully. Each section is organized by topic, with an 
explanation of what kind of functionality you can add, and then all of the 
COM objects, methods, and constants that you'll need to use in VB, along 
with sample code. For many of the examples, a custom file extension (.rad) 
illustrates how to integrate this file into the desktop, and extend what it 
can do within the Windows desktop.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1565926706/netsecurity >

----------------------------------------------------------------------------

Managing IMAP

Topics covered: The Internet Mail Access Protocol and its implementation, 
especially in the University of Washington's IMAP server and the Cyrus IMAP 
server. After presenting the case for IMAP and comparing it to Post Office 
Protocol (POP), the book shows how to set up and administer both major IMAP 
servers. It also compares IMAP clients. Other topics that are covered include 
security, user management, and scalability. A directory of IMAP administration 
interfaces and an IMAP command reference round out the volume.

Book:
< http://www.amazon.com/exec/obidos/ASIN/059600012X/netsecurity >

----------------------------------------------------------------------------

THE UNIVERSAL HISTORY OF COMPUTING: FROM THE ABACUS TO THE 
QUANTUM COMPUTER

>From the I Ching to AI, tremendous human brainpower has been devoted to 
devising easier means of counting and thinking. Former math teacher Georges 
Ifrah has devoted his life to tracking down traces of our early calculating tools 
and reporting on them with charm and verve. This book gives a grand title to 
a grand subject, and Ifrah makes good on his promise of universality by leaping 
far back in time and spanning all of the inhabited continents. If his scope is 
vast, his stories and details are still engrossing. Readers will hang on to the 
stories of 19th-century inventors who converged on multiplication machines 
and other, more general "engines," and better understand the roots of 
biological and quantum computation. Ifrah has great respect for our 
ancestors and their work, and he transmits this feeling to his readers 
with humor and humility.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0471396710/netsecurity >

----------------------------------------------------------------------------

JAVA EXAMPLES IN A NUTSHELL

Aimed at those who have some previous Java experience, Java Examples in a 
Nutshell, 2nd Edition provides an outstanding collection of code samples that 
are designed to help you improve your programming skills--by studying code 
that works. With over 150 expert examples that illustrate a wide range of 
Java APIs, this volume definitely can bring your knowledge of Java to the 
next level. Many programming titles rely on code excerpts to illustrate key 
programming concepts. This book reverses that approach by emphasizing 
the code itself, enhancing it with introductory material and explanations. 
While some short examples illustrate simple algorithms (such as random-
number generation and sorting), many of the examples are substantial: 
for example, how to create a multithreaded Web server, a proxy server, 
and even a simple Web browser (by using built-in Swing classes for a 
user interface). These longer examples occupy several pages; generally, 
they're well-commented models of coding clarity.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0596000391/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

NCPQUERY V.1.2

NCPQuery is an open source tool that allows probing of a Novell Netware 
5.0/5.1 server running IP. It uses TCP port 524 to enumerate objects with 
public read access, disclosing such information as account names, server 
services, and other various objects. A remote attacker can gather the 
equivalent information provided by the console command "display servers" 
and the DOS client command "cx /t /a /r" without authentication.

Info/Download:
< http://net-security.org/various/software/974254520,53276,.shtml >

----------------------------------------------------------------------------

LINUX INTRUSION DETECTION SYSTEM [UPDATE]

The Linux Intrusion Detection System is a patch which enhances the kernel's 
security. When it's in effect, many system administration operations can be 
made impossible even for root. You can turn the security protection on or off 
on the fly and you can hide sensitive processes and prevent anyone from using 
ptrace or any other capability on your system. LIDS can also provide raw 
device and I/O access protection. Changes: Fixed umount filesystem bug, 
fixed NFSd and FTPd capability usages, and sys_sysctl() bugfixed.

Info/Download:
< http://net-security.org/various/software/974467282,92979,.shtml >

----------------------------------------------------------------------------

COOKIE PAL 1.6 BETA 3

Cookie Pal is a complete Internet cookie management system for Windows 95 
and NT 4.0. It lets you automatically accept or reject Internet cookies from 
all sites or just from sites you specify, without having to click on the Web 
browser's annoying "Cookie Alert" messages all the time. Cookie Pal also 
allows you to view and delete existing cookies on your system.

Info/Download:
< http://net-security.org/various/software/975086967,64299,.shtml >

----------------------------------------------------------------------------

EWALLET (PALM OS) 2.0

With eWallet you can store, protect, and back up your important information, 
and find it as soon as you need it. Have your most important personal 
information backed up for safekeeping, encrypted and password-protected 
for security on your Palm Powered handheld and desktop PC.

Info/Download:
< http://net-security.org/various/software/975087040,99608,.shtml >

----------------------------------------------------------------------------

CHAOS 2.04

The CHAOS data encryption system provides comprehensive and secure data 
storage and access control facilities. CHAOS data encryption offers protection 
against unauthorized data access. CHAOS is totally transparent for application 
programs.

Info/Download:
< http://net-security.org/various/software/975087395,68704,.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[21.11.2000] - Goodyear Indonesia
Original: http://www.goodyear-indonesia.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/21/www.goodyear-indonesia.com/

[21.11.2000] - Alcatel Alcanet International Italia
Original: http://www.alcatel.it/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/21/www.alcatel.it/

[22.11.2000] - Harley-Davidson Mexico
Original: http://www.harley-davidson.com.mx/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/22/www.harley-davidson.com.mx/

[22.11.2000] - AIWA (UK) Ltd
Original: http://www.aiwa.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/22/www.aiwa.co.uk/

[22.11.2000] - Government of Guam
Original: http://govt.gov.gu/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/22/govt.gov.gu/

[23.11.2000] - NEC Brasil
Original: http://www.nec.com.br/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www.nec.com.br/

[23.11.2000] - ADC Networks ISP Guadalajara, Mexico
Original: http://www.adc.net.mx/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www.adc.net.mx/

[23.11.2000] - Numazu Internetwork Council
Original: http://www2.numazu-net.or.jp/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www2.numazu-net.or.jp/

[23.11.2000] - Bulgarian Academy of Science
Original: http://www.imbm.bas.bg/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www.imbm.bas.bg/

[23.11.2000] - British Association of Web Professionals
Original: http://www.bawp.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www.bawp.co.uk/

[23.11.2000] - National Aeronautics and Space Administration Langley Research Center
Original: http://vabpcnt2.larc.nasa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/vabpcnt2.larc.nasa.gov/

[23.11.2000] - Nintendo Spain
Original: http://www.nintendo.es/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www.nintendo.es/

[23.11.2000] - NEC Colombia
Original: http://www.nec.com.co/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www.nec.com.co/

[23.11.2000] - Stanford University
Original: http://daily.stanford.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/daily.stanford.edu/

[23.11.2000] - UIS KG (YU)
Original: http://www.uis.kg.ac.yu/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www.uis.kg.ac.yu/

[23.11.2000] - TMF BG (YU)
Original: http://www.tmf.bg.ac.yu/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/23/www.tmf.bg.ac.yu/

[24.11.2000] - Naval School of Health Science, San Diego
Original: http://nshssd.med.navy.mil/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/24/nshssd.med.navy.mil/

[24.11.2000] - Information on Social Security
Original: http://www.socialsecurity.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/24/www.socialsecurity.com/

[24.11.2000] - MicroProse, Inc.
Original: http://www.microprose.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/24/www.microprose.com/

[25.11.2000] - Hyundai Motor Company
Original: http://www.hyundai-motor.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/25/www.hyundai-motor.com/

[25.11.2000] - Massachusetts Institute of Technology
Original: http://ac.mit.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/25/ac.mit.edu/

[25.11.2000] - California Department of Transportation
Original: http://www.dot.ca.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/11/25/www.dot.ca.gov/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
 
staff@net-security.org
http://net-security.org


---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org