HNS Newsletter
Issue 41 - 11.12.2000
http://net-security.org
 
This is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. Visit Help 
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
 
Table of contents:
 
1) General security news
2) Security issues
3) Security world
4) Featured books
5) Security software
6) Defaced archives




General security news
---------------------
 
----------------------------------------------------------------------------

TURKISH PM WEBSITE DEFACED
BBC reports that the website of the Turkish Prime Minister's office was defaced 
in protest against the government's economic policies. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.bbc.co.uk/hi/english/world/europe/newsid_1053000/1053031.stm


SNOOP POWERS
Civil liberty campaigners yesterday warned Home Secretary Jack Straw not to 
grant police and the secret services new "snoop" powers. A proposal, which 
would create a database of every phone call, e-mail and Internet connection 
made in the UK, could see Britain hauled up before the European Court of 
Human Rights, warned Liberty.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.record-mail.co.uk/shtml/NEWS/P2S2.shtml


JOHNS HOPKINS TO LAUNCH IT SECURITY CENTER
Johns Hopkins University announced Monday that, thanks to a $10 million gift 
from an anonymous donor, it would open a center to study computer and 
information security issues.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/12/04/001204hnjohnshopkins.xml


SECURITY MARKET
The worldwide market for security consulting, implementation, management 
and training services will increase at a compound annual growth rate of 26 
percent, from $5.5 billion in 1999, to $17.2 billion in 2004, according to a 
new study from IDC.
Link: http://www.esj.com/breaknewsdisp.asp?ID=3761


YET ANOTHER DoS ALERT
The FBI's cybercrime unit has warned web users to be vigilant during the 
Christmas holidays. Yes, as you guessed, they are alerting on Denial of 
Service attacks...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ananova.com/news/story/sm_134941.html


KURT SEIFRIED INTERVIEW
LinuxSecurity Brasil did an interview with Kurt Seifried from SecurityPortal. Kurt 
is the author of the well known Linux Administrator's Security Guide (LASG) and 
is working now at SecurityPortal.com...
English version: http://www.linuxsecurity.com.br/sections.php?op=viewarticle&artid=2
Portuguese version: http://www.linuxsecurity.com.br/sections.php?op=viewarticle&artid=1


ATTRITION STAFFERS FEATURED AT IDG
IDG interviewed Cancer Omega, Jericho and Null - Attrition staffers. Questions 
go from "What made you decide to take a legitimate job in computer security?" 
to "How easy is it to break into the typical Fortune 500 company site?"
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_302972_1794_9-10000.html


PRIVACY SITUATION AND MORE
Marketing companies have begun to embed invisible HTML "beacons" in their 
e-mail. Because these tiny one-pixel images must be retrieved from the 
sender's server when the message is opened, they can tell the sender 
when and how often a recipient looks at a message.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/12/05/001205hnwebbug.xml


FROM CISCO WITH LOVE
Cisco has advised users to update the software used in its 600 family of routers 
following the identification of what it admits are multiple security vulnerabilities.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/5/15246.html


PROLIN DOES LITTLE HARM
IDG.net reports that the newly discovered Prolin worm appears to be doing 
less damage than originally feared.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_304085_1794_9-10000.html


LAST LINE OF PREVENTION
The Israel Land Administration (ILA) was forced to close most of its Internet 
site last Fridey, due to damage caused by hostile cyber attacks.
Link: http://new.globes.co.il/serveEN/globes/docView.asp?did=454769&fid=947


UPDATE ON MAFIABOY CASE
Nearly a year after all those DDoS attacks, prosecutors and lawyers 
representing a defendant known as "Mafiaboy" are locked in a high 
stakes game of chicken over whether the case will go to trial.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.usatoday.com/usatonline/20001205/2888098s.htm


ENCRYPTION EXPERTS SET TO BUST RIP RULES
Mathematician Peter Fairbrother has launched a project called M-o-o-t, which 
would make it physically impossible to surrender encryption keys - or for 
security services to track e-mails.
Link: http://www.computerweekly.com/cwarchive/daily/20001206/cwcontainer.asp?name=C5.HTML&SubSection=6&ct=daily


SCHWAB SITE VULNERABLE
Charles Schwab & Co.'s Web site is vulnerable to a well-known attack that 
could allow anyone to gain access to sensitive account information, the 
financial services company acknowledged yesterday. More information 
about the problem could be found here (http://www.net-security.org/text/bugs/976159213,50588,.shtml)
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2662137,00.html


COMPUTER CRIME LAWS
Criminal laws in most countries have not been extended into cyberspace yet, 
potentially making prosecution difficult on computer-related crimes such as 
hacking and distributing viruses on the Internet, a 52-country survey says.
Link: http://thestar.com.my/tech/story.asp?file=/2000/12/7/technology/07nolaws&sec=technology


HOSPITAL RECORDS HACKED HARD
A sophisticated hacker took command of large portions of the University of 
Washington Medical Centre's internal network earlier this year and downloaded 
computerized admissions records for four thousand heart patients, 
SecurityFocus has learned.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15285.html


HV2K MEMBER SENTENCED
A high school senior who allegedly co-founded an international computer 
hacking group was sentenced to five years' probation after he pleaded guilty 
to defacing several government Web sites.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www0.mercurycenter.com/svtech/news/breaking/merc/docs/064296.htm


CZECH GOVERNMENT WEBSITE ATTACKED
Czech interior ministry's website got defaced on Wednesday by inserting a 
modified picture of Interior Minister Stanislav Gross, a spokesman said.
Link: http://thestar.com.my/tech/story.asp?file=/2000/12/7/technology/07hack&sec=technology


PERSONAL FIREWALLS FAIL THE LEAK TEST
In an attempt to show that personal firewalls may afford their users little 
protection against serious threats, a respected PC security expert Steve 
Gibson has released a new software tool that pokes holes in many of the 
leading desktop security packages.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.internetnews.com/intra-news/article/0,,7_529661,00.html


SAFENET 2000
Bill Gates kicked off the company's first-ever security summit in Redmond, 
dubbed SafeNet 2000, calling for industry-wide involvement and hinting at 
some of the security features the company is developing.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://abcnews.go.com/sections/tech/DailyNews/microsoft_summit001207.html


FTSE WEB SITE DEFACED
The FTSE web site at FT-SE.co.uk has been hacked by a group calling 
themselves "kat krew." The FTSE confirmed that the front page had been 
hacked in the early hours of this morning, at around four AM.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15345.html


IDENTIFYING ICMP HACKERY TOOLS USED IN THE WILD TODAY
Several tools exist in the wild today that allow a malicious computer attacker to 
send crafted ICMP datagrams. Those datagrams can be used for various tasks: 
host detection, advanced host detection, Operating System Fingerprinting and 
more. This article by Ofir Arkin will examine whether we can identify the different 
tools used for ICMP hackery that are available in the wild today. If we can 
identify the tool, we may be able to identify the underlying operating system 
or a number of operating systems that this tool might be running on top of.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/icmptools.html


HOLIDAY ALERT: PART 4
Yet another "alert" about Christmas attacks - this time a leading Scottish 
internet security company Buchanan International, has predicted that a 
major online retailer will be shut down by hackers in the run up to Christmas...
Link: http://www.thescotsman.co.uk/business.cfm?id=28490&keyword=the


VERIZON SPAMMED
Verizon Communications worked Saturday to clear a backlog of millions of 
junk messages that slowed email for as many as 200,000 of its Internet 
customers on the East Coast.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1004-200-4076405.html


ENTRANCE TO FBI AND FTC WEB SITES
One of the HIT2000 members says that he discovered a potential security 
hazard in two U.S. government Web sites that use Netscape Communications 
Enterprise Server, including the online home of the U.S. Federal Bureau of 
Investigation (FBI).
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/12/08/001208hnfbiftc.xml


PERSONAL FIREWALLS NOT SO SAFE
It's one thing to rush an application to market without thinking about security. 
It's another to rush a security application to market. But that's what's happened 
with several personal firewalls - a product category that was a virtual nonentity 
a year ago but is now standard fare for anyone on a broadband connection, 
including telecommuters.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2663028,00.html


SECURING YOUR BUSINESS IN THE AGE OF THE INTERNET
Information technology is permeating all aspects of modern life and business. 
The growth of the Internet and in particular of the World Wide Web presents 
increasing challenges to information technology and business managers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/cover/coverstory20001204.html


INSIDE THE STAGES WORM
Recent e-mail worm incidents have attracted so much media coverage that one 
might expect users to be more wary of running emailed attachments. However, 
the June 2000 in-the-wild appearance of Argentinian virus writer Zulu's 
VBS.Stages worm demonstrated the folly of this assumption. In this article in 
SecurityFocus's Virus Focus Area, Szappanos Gabor gives an interesting 
overview of the Stages worm. The article discusses a variety of aspects 
of the threat, including its activation and propagation, and the role of shell 
scraps in its life cycle. The author also touches on additional concerns such 
as polymorphism and hidden extensions, and how they affect the Stages worm.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/virus/articles/stages/stages.html


LINUX NETWORK SECURITY
There are several methods remote attackers can use to break into your machine. 
Usually they are exploiting problems with existing programs. The Linux community 
always quickly spots these 'exploits' and releases a fix. Linux fixes are usually out 
long before the equivalent programs in other operating systems are mended. The 
issue here though is how to prevent your machine from suffering any sort of 
problem of this sort.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxplanet.com/linuxplanet/tutorials/211/1


THE FIFTH ESTATE
In its investigative documentary, Hackers, the fifth estate explores the inherent 
tension between the convenience and speed with which people conduct their 
personal, social and corporate affairs via the internet, and the high price in 
personal security exacted by the technology they use. The internet is a global 
web of interconnected computers which make it possible for people and 
companies to complete transactions at the speed of light. But it is the very 
interconnectedness of the web that leaves virtually every machine attached 
to it vulnerable to unwanted intrusions.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cbc.ca/news/indepth/hackers/

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------
BYPASSING ADMIN AUTHENTICATION IN PHPWEBLOG
In common.inc.php, $CONF is not properly initialized as an array, thus allowing 
users to alter the contents in it, wich can leed to bypass administrator 
authentication.
Link: http://www.net-security.org/text/bugs/976014942,58296,.shtml


XITAMI WEBSERVER MULTIPLE VULNERABILITES
Xitami Webservers default installation /Cgi-Bin directory has a Vulnerability 
that allows remote users to View information regarding your system and 
Webserver's Directory by executing TestCgi.exe using your browser sample: 
http://www.Target.com/cgi-bin/testcgi 
Link: http://www.net-security.org/text/bugs/976016727,49445,.shtml


IIS 4.0/5.0 PHONE BOOK SERVER BUFFER OVERRUN
The Phone Book Service was created by Microsoft to help provide dial in 
services to the corporation and ISPs. As part of the functionality of the 
service when users dial in their client software can be configured to download 
phone book updates from a web server. The ISAPI application that serves the 
update is pbserver.dll. This DLL contains a buffer overrun vulnerability that can 
allow the execution of arbitrary code or at best crash the Interner Information 
Server process, inetinfo.exe.
Link: http://www.net-security.org/text/bugs/976067413,42776,.shtml


PHONE BOOK SERVER BUG PATCHED
Microsoft has released a patch that eliminates a security vulnerability in an 
optional service that ships with Microsoft Windows NT 4.0 and Windows 2000 
Servers. The vulnerability could allow a malicious user to execute hostile code 
on a remote server that is running the service.
Link: http://www.net-security.org/text/bugs/976067428,968,.shtml


CHARLES SCHWAB ONLINE TRADING BUGS
Through cross-site scripting, an attacker can gain control of the account of a 
Charles Schwab customer who uses the online trading service. The attacker 
can choose to either gain interactive use of the service, or to cause the 
account holder to perform inadvertent unwanted actions on the attacker's 
behalf.
Link: http://www.net-security.org/text/bugs/976159213,50588,.shtml


APCUPSD 3.7.2 DENIAL OF SERVICE
During startup apcupsd creates a PID-file named "apcupsd.pid" in /var/run 
(system specific, maybe other directory) with the ID of the daemon process, 
this PID-file is used by the shutdown-script to kill the daemon process. 
Unfortunatly this PID-file ist world-writeable (Mode 666, -rw-rw-rw). A 
malicious user can overwrite the file with arbitrary process ID's, these 
processes will be killed instead of the apcupsd process during restart or 
stop of the apcupsd daemon and during system shutdown or restart, the 
whole system can be crashed this way.
Link: http://www.net-security.org/text/bugs/976208482,77278,.shtml


PHP AND APACHE VULNERABILITY
CHINANSL security team has found a security problem in Apache web server 
where using php3. Exploitation of this vulnerability, A malicious user can 
access the content of file in the machine where Apache web server is runing.
Link: http://www.net-security.org/text/bugs/976208520,99957,.shtml


ULTRASEEK SERVER 3.0 VULNERABILITY
CHINANLS security team has found a security problem in Ultraseek Server 3.0. 
Exploitation of this vulnerability, It is possible that a malicious user can get the 
absolute path and source code of Ultraseek Server addons. 
Link: http://www.net-security.org/text/bugs/976208502,82387,.shtml

----------------------------------------------------------------------------
PHPGROUPWARE VULNERABILITIES
phpGroupWare makes insecure calls to the include() function of PHP which can 
allow the inclusion of remote files, and thereby the execution of arbitrary 
commands on the remote web server with the permissions of the web 
server user, usually 'nobody' 
Link: http://www.net-security.org/text/bugs/976208568,21880,.shtml


IBM DB2 SQL DOS
DB2 Universal Database (UDB) is IBM's relational database server solution for 
the UNIX, OS/2 and Windows NT/2000 operating environments.And More than 
70% of the world's major companies rely on DB2 to manage their mission-critical 
business applications. There is a bug when you excute a special sql include time 
and varchar ,which will make the database crash.
Link: http://www.net-security.org/text/bugs/976208595,66917,.shtml


LEXMARK MARKVISION DRIVERS ROOT COMPROMISE
Several of the utilities that make up the Unix printer drivers contain command 
line buffer overflows. As some of these utilities are installed setuid root, a local 
attacker can trivially exploit the vulnerabilities to execute arbitrary code as root.
Link: http://www.net-security.org/text/bugs/976306427,15975,.shtml


HOMESEER DIRECTORY TRAVERSAL VULNERABILITY
Adding the string "../" to an URL allows an attacker to files outside of the 
webserver's publishing directory. This allows read access to any file on the 
server. Example: http://localhost:80/../../../autoexec.bat reads the file 
"autoexec.bat" from the partition's root dir.
Link: http://www.net-security.org/text/bugs/976306486,83751,.shtml


BROADVISION ONE-TO-ONE ENTERPRISE BUG
BroadVision One-To-One Enterprise contains a vulnerability which reveals 
server information . Requesting a non-existent file,the server will reveal the 
physical path of server files as following: 
"Script /appl/bv1to1/bv1to1_var/script-root/login/benjurry.jsp failed, reason unknown "
Link: http://www.net-security.org/text/bugs/976306619,90744,.shtml


ADMINISTRATION REGISTRY KEY VULNERABILITY
The registry key in Windows NT 4.0 that handles the administration of Remote 
Access Service (RAS) third-party tools is not properly configured to deny write 
access to unprivileged users. Such lenient permissions assigned to this particular 
registry key would allow any user that could log on locally to a system with a 
RAS server installed to modify the value of the key to an arbitrary DLL file that 
would be executed upon startup of RAS. The DLL in the RAS registry key is run 
under LocalSystem privileges. Therefore, the malicious user would be able to 
perform any action under the LocalSystem security context which would 
basically yield full control over the local machine. The location of the RAS r
egistry key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS.
Link: http://www.net-security.org/text/bugs/976306634,8269,.shtml


VULNERABILITIES IN KTH KERBEROS IV
The KTH Kerberos IV implementation (http://www.pdc.kth.se/kth-krb/) contains 
the following vulnerabilities:
1) Honoring certain environment variables
2) Buffer overflow in protocol parsing code
3) File system race when writing ticket files
The vulnerabilities may lead to local and remote root compromise if the system 
supports Kerberos authentication and uses the KTH implementation (as is the 
case with e.g. OpenBSD per default). The system needn't be specifically 
configured to use Kerberos for all of the issues to be exploitable; some of 
the vulnerabilities are exploitable even if Kerberos is disabled by commenting 
out the realm name in the "krb.conf" file.
Link: http://www.net-security.org/text/bugs/976410064,99928,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

ARGANTE PROJECT ANNOUNCED - [03.12.2000]

We - a small group of computer security and programming enthusiasts - are 
proud to present a result of our hard work on making secure, functional, 
portable and effective environment, called "Argante". Although Argante is 
introducing completely new standards, architecture concepts and design 
basis, we believe it can find its place, both in dedicated and hybrid solutions, 
where Argante code is mixed with traditional components - especially in 
server software, secure distributed solutions / network monitoring and 
analysis software, distributed self-organizing clusters (at management / 
request propagation layer), virtual routers (for easy building of complex, 
fault-tolerant private networks from scratch) and so on, making such 
solutions simpler, more secure and stable - and, very often, more effective.

Press release:
< http://www.net-security.org/text/press/975813054,97593,.shtml >

----------------------------------------------------------------------------

CONEXANT CHIPSET OFFERS WATCHGUARD PROTECTION - [04.12.2000]

WatchGuard Technologies, Inc. announced that Conexant Systems, Inc. will be 
the first semiconductor company to offer WatchGuard's firewall and LiveSecurity 
Services with their new CX82100 home networking processor for Internet 
enabled devices. The Conexant CX82100 will offer a reference design with a 
built-in WatchGuard firewall and access to WatchGuard's suite of LiveSecurity 
Services where end users can enhance their protection by subscribing to 
additional services, such as WatchGuard's IPSec VPN (Virtual Private Network).

Press release:
< http://www.net-security.org/text/press/975948103,25179,.shtml >

----------------------------------------------------------------------------

NETWORK-1 CITED IN RECENT IDC AND GARTNER REPORTS - [04.12.2000]

Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention 
solutions for e-Business networks, announced that it continues to gain in 
awareness and market recognition among industry analysts that follow the 
network security industry. In October, the company was cited as one of the 
original manufacturers of Distributed Firewalls, a market segment IDC 
characterizes as "hot." A subsequent report issued in November by the 
Gartner Group, "Firewall Market Magic Quadrant Update 2000," now includes 
Network-1 within the quadrant and refers to the company under the "New 
Entrants" section.

Press release:
< http://www.net-security.org/text/press/975949007,19004,.shtml >

----------------------------------------------------------------------------

"NAPTHA" SECURITY VULNERABILITY UNCOVERED - [04.12.2000]

BindView Corporation, a leading provider of IT security management solutions, 
announced that it has identified Naptha, a cluster of new security vulnerabilities 
that threatens at least seven major operating systems including Microsoft, 
Novell, Solaris and Linux. Naptha is comprised of a variety of denial-of-service 
vulnerabilities that exploit the TCP protocol and cause a variety of service 
degradation effects. Results could range from a slow down or disruption of 
services to total operating system failure. Applications including DNS servers, 
Web servers, and e-mail servers as well as entire operating systems are at 
risk of attack from Naptha.

Press release:
< http://www.net-security.org/text/press/975949798,67328,.shtml >

----------------------------------------------------------------------------

NETSCREEN INTRODUCES GIGABIT SECURITY SYSTEM - [05.12.2000]

NetScreen Technologies, Inc., a leading developer of ASIC-based Internet 
security systems and appliances, announced a new version of the NetScreen
1000 Gigabit Security System. The NetScreen-1000ES (Enterprise System) is 
a gigabit speed firewall/VPN security system specially configured to meet the 
high-bandwidth security needs of enterprise intranets, e-business operations, 
and broadband Internet access.

Press release:
< http://www.net-security.org/text/press/976015420,90988,.shtml >

----------------------------------------------------------------------------

I-WORM.XTC TARGETS NEW YEAR'S DAY - [06.12.2000]

Central Command, a leading provider of PC anti-virus software and computer s
ecurity services, and its partners' announced the discovery of I-Worm.XTC, a 
new Internet worm that infects Windows 95/98/Me/NT/2000 computers and 
masquerades itself as a virus protection update. This new worm uses a new 
technique for replication, and can be remotely controlled through the Internet.

Press release:
< http://www.net-security.org/text/press/976066755,63640,.shtml >

----------------------------------------------------------------------------

DON'T LET A DOT.COM BECOME A DOT.CON - [06.12.2000]

Little compares with the convenience of pointing and clicking through holiday 
shopping lists, but consumers could pay a steep price for cyber shopping if 
they don't protect personal data. Experts estimate that 55 million Americans 
will spend $12.5 billion online this holiday season, nearly double last year's 
total and a record for any year.

Press release:
< http://www.net-security.org/text/press/976066825,98721,.shtml >

----------------------------------------------------------------------------

JAWZ announced Cyber Crime Response Unit - [06.12.2000]

JAWZ Inc. announced details of its newly formed Cyber Crime Response Unit. 
This group will be part of JAWZ's Professional Security Services division, and 
will focus on providing JAWZ's clients with Computer Incident Response Team 
(CIRT) capabilities, Computer Crime Investigation and Forensic Analysis, and 
Forensic Training and Certification.

Press release:
< http://www.net-security.org/text/press/976066908,92668,.shtml >

----------------------------------------------------------------------------

RAINBOW ANNOUNCES 2001 EXPANSION - [06.12.2000]

Rainbow Technologies, Inc. announced an aggressive growth strategy, 
commencing in January 2001, which places Rainbow's core competencies into 
four business units. This move includes the creation of IVEA Technologies for 
products in eCommerce acceleration and performance enhancement, and the 
Digital Rights Management Group that focuses on hardware and software 
authentication and security products.

Press release:
< http://www.net-security.org/text/press/976122378,87105,.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

FROM ACCESS TO SQL SERVER

The book begins by discussing SQL Server and by carefully explaining the areas 
in which it differs from Access. Sinclair reviews the SQL Server technology, 
including its architecture and application environment. He also provides 
coverage of key topics, including security; data storage; system databases; 
database objects such as tables, views, and stored procedures; and, of course, 
how to query and view the data in the database. After reviewing SQL Server, 
Sinclair discusses the potential reasons for an upgrade and the planning process 
necessary to complete a successful migration. He covers core migration issues 
and helps to provide a framework for decisionmaking. The author then turns to 
the working issues of the migration process itself. Among the topics covered: 
Microsoft's Upsizing Wizards, use of SQL Server's Data Transformation Services, 
options for connecting Access databases directly to SQL Server, differences and 
similarities between Tables and Views in Access and in SQL Server, how to write 
SQL Server stored procedures, and even how to convert existing Access reports 
to stored procedures.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1893115240/netsecurity >

----------------------------------------------------------------------------

LINUX PROGRAMMING: A BEGINNER'S GUIDE

Learn the fundamentals of Linux programming by following the steps and 
examples in this easy-to-use guide. Linux expert Richard Petersen uses 
hands-on exercises to teach you how to program the BASH and TCSH 
shells, customize Linux using Perl, Tcl, and Gawk, and write GUI programs 
in Tk. You'll also learn GUI programming techniques for interfaces such as 
the Gnome and KDE desktop environments.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0072127430/netsecurity >

----------------------------------------------------------------------------

A BRIEF HISTORY OF THE FUTURE: ORIGINS OF THE INTERNET

This book is Naughton's attempt to educate the uninitiated in how the Internet 
came to be. Although its development occurred in starts and stops over a half-
century, the Internet came into its own only in the 1990s, with the arrival of 
the World Wide Web and widely available software to negotiate it. Each of 
those innovations, though, drew on work that sometimes extends deep into 
the past, and Naughton does a good job of tracing technical lineages. Though 
studded with geekspeak, his narrative doesn't presuppose much background 
knowledge on his readers' part, unlike Stephen Segaller's worthy Nerds 2.0.1., 
which covers some of the same ground. Naughton's cast of characters includes 
such scientific and administrative luminaries as Norbert Wiener, Vannevar Bush, 
Paul Baran, Bill Gates, Linus Torvalds, and Tim Berners-Lee (but, sad to say, 
not Al Gore), each of whom made contributions large and small to what 
Naughton insists is a technological revolution with endless possibilities 
for the common good.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1585670324/netsecurity >

----------------------------------------------------------------------------

DEBUGGING ASP: TROUBLESHOOTING FOR PROGRAMMERS

Author Derek Ferguson has compiled a list of bugs from his work at a regional 
ISP, a perfect laboratory for uncovering the most common problems that ASP 
developers face every day. First and foremost are his suggestions for 
configuring Internet Information Server (IIS) for development systems. A 
number of valuable tips help you improve the feedback that you get from Web 
server logs. You also learn about several options that will simplify debugging of 
new scripts and components over old ones. (In short, Debugging ASP will help 
you make sure, when you deploy a new script or component, that it gets 
displayed in your Web page, instead of the out-of-date version.) A really 
useful section points out common gotchas in ASP development, and there 
are tips on the right ways to include other files in ASPs and how to redirect 
HTTP requests correctly. The book also explains how to maintain state with 
Session objects, while balancing performance and security considerations.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0072125349/netsecurity >

----------------------------------------------------------------------------

REMOVING THE SPAM: EMAIL PROCESSING AND FILTERING

No one likes unsolicited electronic mail. Even though you can easily delete 
messages describing ways to MAKE MONEY FAST, they take a toll on network 
bandwidth and reduce your productivity. The key to gaining the upper hand in 
the battle against spam is to understand the tools at your disposal. In Removing 
the Spam, Geoff Mulligan names those tools and then describes how to use 
several of them. Mulligan begins explaining the operation and management of 
two widely distributed Unix e-mail tools: Sendmail and Procmail. In his section 
on Sendmail, the author answers the question asked by everyone who's ever 
been harassed on e-mail: How do I automatically trash mail from X? He shows 
you how to block mail based on mail attributes like sender, subject line, message 
size and several other parameters. Coverage of Procmail in Removing the Spam 
includes the essentials of recipe files, but more ready-to-use mail-management 
recipes would be welcome. In addition to covering Sendmail and Procmail, the 
author addresses mailing lists under Majordomo and SmartList. He also provides 
a handy guide to the user and administrator commands that control these 
popular programs--just the thing you need the next time you're on a list and 
want to unsubscribe.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0201379570/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

LIBMIX (LINUX)

LibMix is a library that provides an API for various useful functions, including an 
AES encryption interface, various network front-ends and low level datagram 
functions, as well as functions for string manipulations and other miscellaneous 
utility functions. It also includes functions to transmit encrypted data via 
stateless spoofed datagrams (tfntransmit/tfnread).

Info/Download:
< http://net-security.org/various/software/976015993,7246,.shtml >

----------------------------------------------------------------------------

NETWATCH V.0.9

Netwatch allows monitoring of an Ethernet segment or PPP line and examine 
activity on the network, highlighting hostnames in colors to indicate activity 
on the bus network based on time. The monitor includes packet statistics 
and a TOP mode which allows a sorted list of hosts based on IP usage. All 
info is updated on a per second basis. 

Info/Download:
< http://net-security.org/various/software/976016083,31197,.shtml >

----------------------------------------------------------------------------

FORMS 2.0 CONTROL SECURITY PATCH

This patch addresses a vulnerability that occurs when the Forms 2.0 Control 
(Fm20*.dll) is available on a user's system. Forms 2.0 is an ActiveX control 
that allows users to create customized dialog boxes. A malicious hacker could 
use the Forms 2.0 Control to read or export text on a user's Clipboard when 
that user visits a Web site set up by the malicious hacker or opens an email 
created by the hacker. The Forms 2.0 Control Security Patch prevents a 
hacker from exploiting this vulnerability.

Info/Download:
< http://net-security.org/various/software/976411977,7441,.shtml >

----------------------------------------------------------------------------

BIG CROCODILE 1.4

Big Crocodile is a powerful, secure password manager. It provides storage 
for all your passwords, logins, and hyperlinks in a securely encrypted file. 
It enables generation of new, random passwords. It has a multi-file interface, 
a hierarchical database, and several other features. It also has command-line 
and file-association support and export to spreadsheet files, support of local 
(2GB) and network drives, and small improvements (two dialogs).

Info/Download:
< http://net-security.org/various/software/976412174,64936,.shtml >

----------------------------------------------------------------------------

FOLDER GUARD 4.14

Folder Guard allows the user to selectively hide folders and restrict user 
access to system resources. It makes folders invisible or read-only in 
applications, including Explorer, MS Office, and MS-DOS, as well as in 
common dialogs. It also provides password protection, user-dependent 
configurations, and user validation at login. Protect individual files within 
folders. Separate passwords may be set up for each file or folder, letting 
you unlock only the password-protected items, leaving the rest of the 
system protected. Folder Guard also lets you restrict access to whole 
classes of files according to the file names, folders they are located in, 
and modules by which they are accessed.

Info/Download:
< http://net-security.org/various/software/976412419,54644,.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[04.12.2000] - Tokyo Metropolitan Institute of Technology
Original: http://buofu7.tmit.ac.jp/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/04/buofu7.tmit.ac.jp/

[05.12.2000] - Lebanese Armed Forces
Original: http://www.lebarmy.gov.lb/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/05/www.lebarmy.gov.lb/

[06.12.2000] - www.elortondo.gov.ar
Original: http://www.elortondo.gov.ar/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.elortondo.gov.ar/

[06.12.2000] - www.chabas.gov.ar
Original: http://www.chabas.gov.ar/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.chabas.gov.ar/

[06.12.2000] - www.firmat.gov.ar
Original: http://www.firmat.gov.ar/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.firmat.gov.ar/

[06.12.2000] - NLP Gov (PK)
Original: http://www.nlp.gov.pk/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.nlp.gov.pk/

[06.12.2000] - Geeknews
Original: http://www.geeknews.net/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.geeknews.net/

[06.12.2000] - University of Oklahoma Health Sciences Center
Original: http://admin-scb.ouhsc.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/admin-scb.ouhsc.edu/

[07.12.2000] - The Ministry of Foreign Affairs, Republic of Macedonia
Original: http://www.mnr.gov.mk/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/07/www.mnr.gov.mk/

[08.12.2000] - Exchange Bank
Original: http://www.exchangebank.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/08/www.exchangebank.com/

[08.12.2000] - D-Link Systems, Inc.
Original: http://www.dlink.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/08/www.dlink.com/

[10.12.2000] - Department of Civil Aviation, United Arab Emirates
Original: http://www.dcaauh.gov.ae/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/10/www.dcaauh.gov.ae/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
 
staff@net-security.org
http://net-security.org



---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org