HNS Newsletter
Issue 45 - 08.01.2001
http://net-security.org
 
This is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. Visit Help 
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter

Current subscriber count to this digest : 1676

Table of contents:
 
1) General security news
2) Security issues
3) Security world
4) Featured article
5) Featured books
6) Security software
7) Defaced archives



General security news
---------------------
 
----------------------------------------------------------------------------

COMPUTER SECURITY GETS A NEW TOUCH
City workers in Oceanside, Calif., were drowning in passwords. One to check 
e-mail, others to see water billing records or police reports, all on top of the 
codes and personal identification numbers they had to keep straight in their 
off-the-job lives. Time and money were wasted answering up to 30 calls a 
day from workers who forgot or lost passwords. Now, those calls are down 
to one or two a week. Two years ago, Oceanside began installing mouse 
size fingerprint scanners at city computers. So instead of fumbling for a 
password, city workers now need only to place finger to scanner to get 
onto the network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.denver-rmn.com/business/0101bio4.shtml


PARLIAMENT WEBSITE ATTACKED
The official website of Parliament has been attacked and all its information 
wiped out. The intruder - who called himself "topeira" had removed the website 
at http://www.parlimen.gov.my and replaced it with some foreign words and a 
Brazilian address on the rock group Garbage. This was the first time the 
Parliament website, which was put up earlier this year, had been penetrated.
Link: http://thestar.com.my/news/story.asp?file=/2000/12/31/nation/3101llha&sec=nation


TOP 10 SECURITY STORIES OF 2000
If 1999 was the year that Information Security began creeping into our 
collective consciousness like a dripping faucet, the year 2000 was when 
the water main burst. While the year began with a collective sigh of relief 
with the Y2K non-event, it was quickly followed by a yearlong procession 
of security headlines. I have a feeling that some people have kept their 
emergency shelters well stocked, lest some hacker figures out how to 
manipulate the power grid and their bank account. As with Y2K, the 
mainstream press has missed some of the real significance of 2000's 
information security news, so the staff at SecurityPortal has selected 
our top 10 list of security stories to further enlighten the masses and 
help you lead a better life.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/cover/coverstory20010101.html


TOP PRIVACY ISSUES OF Y2K
The phenomenal rise, and technological sophistication, of workplace surveillance 
leads the list of the Top 10 privacy stories of the year 2000, according to a 
Privacy Foundation analysis. Also in the Top 10 are proposed new medical 
privacy rules; the FBI’s controversial use of the Carnivore email wiretap; 
DoubleClick’s stalled plan to track consumers online; and the arrival of 
chief privacy officers in corporate boardrooms.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cipherwar.com/news/01/privacy_threats_2000.htm


COMP.OS.LINUX.SECURITY FAQ INTRODUCED
Daniel Swan's tireless efforts come to fruition after many months of development 
of the comp.os.linux.security FAQ. LinuxSecurity.com speaks with Daniel about 
his FAQ and Linux security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/interview-cols.html


COMPUTER CRIME INVESTIGATOR'S TOOLKIT: PART I
Computer crime investigators come from differing backgrounds. In the private 
sector a wide range of certifications exist: CISSP, MCSE, Internet Security 
Specialist, Computer Forensics Specialist, and the like. Developing a common 
body of knowledge is often a response to the particular examination program 
one wishes to pass through. Yet, professional practice often dictates the 
areas of an investigator's expertise. Those with an emphasis on forensic 
issues (such as police investigators) may concentrate on techniques 
pertaining to "black" or illegal email, illegal pornography, and common-law 
crimes committed using a computer. Those with an emphasis on security 
issues may deal with technologies related to combating hacking, denial of 
service (DoS), intrusion, and business espionage.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/articles/toolkit20010102.html


"THE FREEBSD CORPORATE NETWORKER'S GUIDE"
A new FreeBSD book from Addison Wesley is now on sale.The FreeBSD 
Corporate Networker's Guide is written for the beginning FreeBSD 
administrator who wants to take advantage of the power and cost 
savings afforded by use of this operating system on their organization's 
production network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/2001/January/News375.html


CRYPTO-POLITICS: DECODING THE NEW ENCRYPTION STANDARD
his fall the Department of Commerce announced its choice for the Advanced 
Encryption Standard (AES): the Rijndael algorithm. The first-of-its-kind 
international competition for the proposed new Federal Information Processing 
Standard included 15 entries by leading cryptographers from 12 countries. 
Sun Microsystems' Whitfield Diffie and Susan Landau, renowned authors 
and encryption experts, provide exclusive commentary on the AES, the 
political victory it represents, and why it heralds a new era in cryptography. 
They also discuss the government's new willingness to allow the export of 
strong encryption and the FBI's Internet surveillance program, Carnivore.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sun.com/research/features/encryption/


YEAR 2000 SECURITY ROUNDUP
The year 2000 highlighted the need for business to better co-ordinate internet 
security - as global losses due to network downtime looked likely to top the 
trillion dollar mark according to research. It was the year viruses such as the 
Love Bug alone caused billions of pounds of damage, customers credit card 
details were left exposed on the web and companies everywhere were 
embarrassed at home and overseas by hackers, crackers and more hardened 
cyber criminals. Even Microsoft was caught with its pants down, although the 
Redmond giant claimed the crown jewels of its software line up had not been 
exposed by the breach of the firm's network security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.uk.internet.com/Article/101126


HACKERS ASSASSINATE GAME CHARACTERS
Online gamers saw their champion characters mercilessly killed off by computer 
hackers who gained access to their players through a security hole in Blizzard 
Entertainment's games server. Last week infiltrators exploited a vulnerability in 
the sign-in system to gain access to numerous player accounts. At first they 
began to discard valuable items belonging to these players but later began 
disposing of some of the games top characters. According to some reports, 
eight out of the top ten players were assassinated.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/0/ns-19961.html
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.bbc.co.uk/hi/english/sci/tech/newsid_1097000/1097330.stm


CROSSING THE WIRELESS SECURITY GAP
Most organizations would prefer to support only a single security model for 
e-commerce, preferably the Internet model in use today, notes Jeff Reed, 
vice president of e-commerce consulting firm Logical. E-commerce in the 
wired world today relies primarily on SSL, which is used to transmit 
everything from personal identification numbers and passwords to 
credit card numbers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_340748_1794_9-10000.html


ECOMMERCE OUTFITS LEAVE SECURITY ON THE BACKBURNER
Security policies in large organisations are failing to cope with the rigours of 
ecommerce, leaving IT managers claiming ebusiness plans and security 
strategies are out of step. According to research by market analyst house 
Xephon, the host of high-profile security blunders that occurred last year 
knocked the confidence of consumers and made other companies think 
twice about developing their own ebusiness strategies.
Link: http://www.silicon.com/public/door?REQUNIQ=978478057&6004REQEVENT=&REQINT1=41756


CHINA PASSES INTERNET SECURITY LAW
The 19th Session of the Standing Committee of the Ninth National People's 
Congress (NPC) passed a resolution on maintaining the security of computer 
networks on Dec. 28. The resolution makes it a criminal offense to commit 
any of following actions, according to the China News Service: Entering 
computer information networks involved with national affairs, national 
defense or advanced technology...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://asia.internet.com/biz/2001/01/0102-COL.html


DENNIS MORAN AKA COOLIO PLEADS GUILTY
"Coolio", who was briefly linked to a highly publicized series of hacking attacks 
against major companies pleaded guilty to three misdemeanors. He broke into 
rsa.com, operated by Internet security company RSA Security Inc., and 
dare.com, an anti-drug site connected to the Los Angeles Police Department. 
If a judge approves a plea agreement, Moran will serve nine months to a year 
in jail and pay $5,000 in restitution to each of three victims.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.salon.com/tech/wire/2001/01/02/coolio/index.html


HACKER MELTDOWN FAILS TO MATERALISE
The widespread fear of a concerted distributed denial of service attack over 
the holiday season thankfully failed to materialise, but security experts are 
still at odds over how serious the threat was. Fears about an attack similar 
to that which swamped prestige internet sites such as Yahoo and eBay led 
the National Infrastructure Protection Center - the FBI's cyber crime busters 
- to issue an alert urging security administrators to bolt up their security 
hatches. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15766.html


COMMENTARY: ARE WE READY FOR A CYBER-UL?
Security expert Bruce Schneier takes a dim view of the Center for Internet 
Security's plan to emulate the example of Underwriters Laboratories (UL) 
when it comes to rating network security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/comment/0,5859,2669664,00.html


Y2K BUG BELATEDLY BITES NORWAY TRAINS
The Y2K computer bug bit Norway's national railroad company later than 
expected. The bug was discovered when none of the company's new 16 
airport express trains or 13 high-speed, long-distance Signatur trains would 
start early Dec. 31. The computers on board the trains apparently did not 
recognize the date, something not anticipated by experts who checked the 
systems thoroughly last year in anticipation of problems feared worldwide 
when the clocks rolled to Jan. 1, 2000, a spokesman said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nandotimes.com/technology/story/0,1643,500295238-500469842-503172996-0,00.html


INSIGHTS ON OPEN SOURCE RELEASE ENGINEERING
"NetBSD 1.5 was released a few weeks ago, and after the dust has settled a 
bit now, we were able to get hold of Todd Vierling to tell us more about the 
1.5 release engineering process. Todd was one of the release engineers who 
did most of the work in the "hot" phase of the 1.5 release cycle - here's an 
interview with him, and your chance to get some insight into the details of 
the release engineering process of a major Open Source project!"
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.daemonnews.org/200101/interview-tv.html


SECURITY'S HARD KNOCKS
"A few months ago, I learned a hard lesson about hiring practices. My 
colleagues and I found ourselves with a technician who just wasn't working 
out. The fellow was habitually late and didn't take responsibility seriously so 
we said goodbye. End of story. Or so we thought.Next thing we knew we got 
a call from a police officer who frequently works with us. "You know that guy 
who was working for you?" he asked. "Well, he's got a criminal record as long 
as my arm. Didn't you run a background check?" Whoops. Now that's a security 
problem, isn't it? Not quite as sexy as the latest IIS exploit, but bad enough."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nwc.com/1201/1201colfeldman.html


TEENAGE COMPUTER HACKERS HIRED AS CYBER COPS
The National Cyber Cop Committee, which has been set up by the software 
industry, is to be advised by a group of hackers between the ages of 14 and 
19. Dewang Mehta, president of India's National Association of Software and 
Service Companies, said only a hacker could enter the mind of another hacker. 
"They will tell us where our soft spots are - where government and industry 
websites are most vulnerable, thus helping us strengthen our e-security," 
Mr Mehta told BBC News Online.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/culture/0,1284,40951,00.html


OUT-OF-BAND SIGNALING
Well, it's the new millennium (for real this time) and we're still alive (what to 
do with all that canned food?). Much has changed in the last 10 years. The 
digital computer revolution finally happened, and we are now sticking computer 
chips in everything from children's toys and toasters to army trucks and body 
armor, to mention nothing of the spread of desktop, server and appliance 
computers. And as many of us know, computers are much more useful 
when networked together.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/closet/closet20010103.html


MCAFEE: NO VIRUSES REPORTED DURING HOLIDAYS
Because many businesses were closed between Christmas and New Year, 
viruses could have struck as offices went back online this morning. Nothing 
has happened so far, however. "There was absolutely no outbreak of viruses 
this morning. We did not get any problem reports at all from Europe or Asia. 
I expect it to stay quiet," said Marius van Oers, virus research engineer at 
McAfee, a division of Network Associates.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/computing/01/03/no.christmas.viruses.idg/index.html


EMULEX SCAMMER TO SEE SLAMMER
A 23-year-old college student faces almost four years in prison after pleading 
guilty to posting a fake news release which led to one of the Web's biggest-
ever stock manipulation frauds. Mark Simeon Jakob, admitted to perpetrating 
the hoax last August in a bid to avoid losing $97,000 in an investment in Emulex 
Corp. stock, according to a Reuters report today, which noted that the press 
release was designed to topple Emulex's share price, netting him more than 
$241,000 in profits while biting other investors to the tune of $110 million. 
The scheme caused Emulex to drop by 62 percent on the Nasdaq, plunging 
to $42 from $110 per share.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/01/03/news3.html


IDS EVASION WITH UNICODE
Recently, there has been much discussion of the Unicode problem with regard 
to intrusion detection. Some pundits have gone so far as to claim that Unicode 
will contribute to the demise of Intrusion Detection Systems (IDS). This article 
by Eric Hacker will explain what Unicode is, how it complicates IDS and provides 
opportunities for IDS evasion, and what can be done about it. This discussion 
will focus particularly on the role of UTF-8, a means by which Unicode code 
points are encoded, in circumventing IDSs.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/utf8.html


VIRUS INFECTION RATES SOAR
The number of email viruses soared last year to the point where one in 700 
emails was infected, according to a survey by a firm which scans electronic 
communications for malicious code. MessageLabs, which scans over 3 million 
emails per day, said it had detected and stopped an average of one email 
virus every three minutes during 2000. In some months, the number of 
viruses per email reached one in 700, up from one in 2000 at the start 
of the year.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/4/15751.html


NAVIDAD VIRUS AT LARGE AGAIN
A variation of the Navidad virus has been discovered in the wild according 
to anti-virus vendor Sophos. W32/Navidad-B is a variant of the original 
W32/Navidad email virus, which arrives in an email message containing an 
attachment called EMMANUEL.EXE. Once the attached program is launched, 
it attempts to read new email messages and to send itself to the senders' 
addresses.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.silicon.com/a41776


CYBER ATTACKS PROVE COSTLY
As the computer industry intensifies, so does the amount of cyber attacks. 
Many Web sites are open to all sorts of "web hacking." According to the 
Computer Security Institute and the FBI's joint survey, 90% of 643 computer 
security practitioners from government agencies, private corporations, and 
universities detected cyber attacks last year. Over $265,589,940 in financial 
losses were reported by 273 organizations. How do we limit the possibilities 
of being a victim of a cyber attack?
Link: http://www.linux.com/newsitem.phtml?sid=1&aid=11505


WATCH OUT FOR CYBER-TERRORISM AND VIRUS MUTATIONS
Cyber-terrorist activity and new delivery mechanisms for the transmission of 
virus mutations will be among the next wave of significant information security 
trends to affect businesses, organizations, and even individual users, according 
to Predictive Systems, a network infrastructure consulting firm. "Advances in 
technology, insider knowledge, inadequate security precautions - all are 
contributing to a new generation of criminal cyber behavior that could have 
a potentially devastating impact on companies and even individuals that fail 
to take steps to protect themselves," said Dr. Terry Gudaitis, a cyber crime 
profiler for Predictive Systems.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnetasia.com/news/dailynews/story/0,2000010021,20170094-1,00.htm


MACROMEDIA INVESTIGATES FLASH SECURITY
Software giant Macromedia is investigating reports that its Flash Player plugin 
for Internet browsers could allow malicious hackers access to computers 
connected to the Internet.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/0/ns-20009.html


THE SPAM-TASTIC YEAR 2000
Sadly, and despite the best efforts of a few dedicated spam fighters, unsolicited 
commercial e-mail seems to be getting worse. The average business e-mail user 
receives three spam messages a day, and in three years that number will swell 
to 40. According to Ferris Research, in 2003 we'll waste 15 hours deleting e-mail, 
compared to 2.2 hours in the year 2000. That will cost the average business in 
the future $400 per in-box, compared to $55 today. Spam can even threaten 
privacy or bring viruses to your system.
Link: http://www.pcworld.com/news/article.asp?aid=37402


FREEBSD IPSEC MINI-HOWTO
This document is intended to be a primer on how to get IPsec on FreeBSD up 
and running, interoperating both with another FreeBSD (or NetBSD or any other 
KAME-derived stack) machine, and a Windows 2000 machine. IPsec is a means 
to secure IP layer communications between hosts, and can secure both IPv4 
and IPv6 traffic. Only IPsec over IPv4 will be discussed here.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://ezine.daemonnews.org/200101/ipsec-howto.html


MALAYSIA PROBES HACKING
Malaysian police are investigating how hackers infiltrated parliament's website 
in an intrusion that was overlooked for days until the opposition pointed it out 
to the media. The break-in, as well as the delay in discovering it, has some 
Malaysians criticising what they believe is lax vigilance in a country seeking 
to be a regional high-tech centre.
Link: http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT382ZCTKHC&live=true&tagid=ZZZC19QUA0C&subheading=asia%20pacific


MICROSOFT HACKER FIRED
The hacker who made Microsoft look foolish in November by breaking into its 
servers through a known security hole has been fired by his company Getronics. 
He was fired after a court case. Getronics terminated Dimitri Van de Glessen's 
one-year contract but there is no Netherlands law that allows a company to 
fire members of staff for hacking in their private time, so both parties went 
to court to resolve the issue.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15802.html


TECH GIANTS, FBI JOIN FORCES TO COMBAT HACKERS
IBM and more than 500 other companies have joined forces with the FBI to 
fight cybercrime. The system, called InfraGard, lets the FBI and the companies 
alert each other and share information about attacks by intruders and how 
to protect against them.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1005-200-4388133.html


NASA NOT AMUSED BY WEB VANDALISM
NASA said Friday it nabbed an Internet vandal who allegedly broke into one 
of its Web sites and left a message urging the space agency to beef up security.
Link: http://www.zdii.com/industry_list.asp?mode=news&doc_id=ZD2671675


INSTALLING FIREWALL CAN KEEP THE PC BAD GUYS AT BAY
Ron Trepanier knew that the Internet could be a dangerous place, but it wasn't 
until he installed a personal firewall that he realized his home computer was 
coming under daily attack. The mechanical engineer, who lives outside Toronto, 
recently documented 30 attempts to gain access to his PC through his high
speed DSL connection during a single week. As broadband Internet access 
becomes more common, cyber-trespassers are increasingly taking advantage 
of the speedy, "always on" connections to probe for unprotected machines. 
"People can come in, they can steal, modify or put things on your computer," 
warns Sam Curry, security architect for McAfee.com, a provider of security 
software. "They can cause your system to reboot or not talk properly on 
the Internet."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www0.mercurycenter.com/svtech/news/indepth/docs/fire010701.htm


LINUX VENDORS BEGIN KICKING TIRES OF 2.4 KERNEL
Linus Torvalds and his merry Linux band released the 2.4 kernel - less than a 
week after posting one pre-release version but nearly a year behind schedule. 
The market has been anxiously awaiting the final release, which can be 
downloaded from kernel.org, even though some of the features found in 
the kernel have already made their way into vendors' current Linux offerings. 
However, vendors are being cautious about detailing exactly when the kernel 
itself will find its way into their lineups.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2671593,00.html


FIRST HYPERTEXT VIRUS FOUND
Central Command says it has uncovered the first script virus that can 
execute in a hypertext server environment. The good news is that the virus, 
PHP.NewWorld, has no payload and is not self-propagating. Steve Sundermeier, 
Central Command's product manager, told Newsbytes the appearance of the 
virus is worrisome, since it is a "proof of concept" virus for the hypertext 
preprocessor (PHP) scripting language. "If you look back at the development 
of scripting viruses, right through to Loveletter, you'll see that they all started 
with proof of concept versions," he said, adding that, once a proof of concept 
edition of a virus has been created, it is a few short steps for other hackers to 
add payloads and other destructive attributes to the program.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/160115.html


CRYPTO
Who can resist innovations like mobile phones and networked computers? They 
put anyone, anywhere, within earshot, and zip information - whether an 
unabashed declaration of love, a medical chart or a detailed plan for a 
product rollout - around the globe in a heartbeat. Unfortunately, it’s all 
too easy for corporate eavesdroppers, nosy neighbors with a nerdy streak 
or government snoops to snap up those messages and conversations en 
route to their legitimate recipients. We think we’re whispering, but we’re 
really broadcasting.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/511696.asp


COLLEGE STUDENT ARRESTED
Taiwan's Criminal Investigation Bureau (CIB) announced Friday that its computer 
crimes division had arrested a local college student for allegedly creating and 
spreading the island's first "trojan" program called BirdSPY.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.chinatimes.com.tw/english/esociety/90010501.htm


NEW CONGRESS TO PUSH PRIVACY
Though the 107th Congress is evenly split between the two major parties and 
has the potential to act as a house divided, legislators are confident that they 
will pass a series of tech bills including one protecting individuals' privacy online. 
A panel of senators and representatives speaking at the Consumer Electronics 
Show on Sunday discussed plans to rapidly introduce legislation concerning 
telemedicine, broadband regulation, the digital divide and encryption.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,40965,00.html


CPS-2 ENCRYPTION SCHEME BROKEN
Acheon writes at Slashdot: "The CPS-2 arcade board from Capcom uses some 
hard encryption scheme that has been a very hot issue in emulation for years. 
Yet finally the code was broken Final Burn, a quite recent arcade emulator, 
showed concrete results by running previously unsupported games such as 
Street Fighter Zero using decrypted ROM images. The CPS-2 Shock Team, 
who managed to reverse engineer the process for scratch, really outdone 
themselves and it is a very uncommon achievement."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://slashdot.org/articles/01/01/07/0246252.shtml


A ROUNDTABLE ON BSD, SECURITY, AND QUALITY
Contributing Editor Jack Woehr moderated a roundtable at the recent USENIX 
Security Symposium 2000. The participants, Theo deRaadt, Todd Miller, Angelos 
Keromytis, and Werner Losh, discussed several topics, including the evolving 
distinction between Linux and BSD and the notion that reliability and security 
are achieved through simplicity.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ddj.com/articles/2001/0165/0165a/0165a.htm


BUILD A FLOPPY FIREWALL
"Here's how I turned an unused PC into a packet-filtering firewall using a 
package called floppyfw. The firewall boots off a single floppy, runs completely 
in RAM, and uses ipchains for the filter rules. It also does IP masquerading, port 
forwarding, and can log to a remote host using syslog. All this in a machine with 
as little as 8 MB of RAM and no hard drive!"
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.samag.com/linux/articles/v10/i01/a10.shtml


DISTRIBUTED REAL-TIME SECURITY MONITORING
Programmers and software developers interested in security applications for 
component technology should keep tabs on work underway at Stanford 
Research Institute International (SRI). SRI has been tasked by the Defense 
Advanced Research Projects Agency (DARPA) to develop ways to use 
component technology to distribute real-time security monitoring throughout 
enterprise networks. According to Phillip Porras, program director of network 
security for SRI, the components emerging from DARPA's project, aptly named 
the Event Monitoring Enabling Responses to Anomalous Live Disturbances 
(EMERALD), are capable of providing anomaly and misuse detection for 
networks of all sizes.
Link: http://www-106.ibm.com/developerworks/library/co-emrld.html?dwzone=components

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

WINROUTE PRO MAIL SERVER
The problem is that the current version of the WinRoute mail server does not 
support any form of secure logon authentication. This means that user's 
Windows logon credentials are being sent to the mail server in plain text. 
Anyone placing a packet sniffer on the network could totally compromise 
domain and/or firewall security by capturing traffic destined to the mail 
server and extracting user logon names and passwords. The problem is 
even worse if the company is allowing roaming users to access their 
POP3 mailboxes from the Internet.
Link: http://www.net-security.org/text/bugs/978458586,12029,.shtml


MAC OS 9 VULNERABILITY
Mac OS 9.04 comes with a 'Multiple Users' Control Panel that allows an 
administrator (called 'Owner') to create user accounts (called 'Normal' 
users) with limited access to the computer. The problem is that the 
Owner password can be removed by a Normal user by moving the 
'Users & Groups Data File and logging back in using the Owner 
account, giving full access to the machine.
Link: http://www.net-security.org/text/bugs/978491537,95827,.shtml


WINDOWS MEDIA PLAYER 7 AND IE VULNERABILITY
There is a security vulnerability in Windows Media Player 7 exploitable thru IE 
which allows reading local files which in turn allows executing arbitratrary 
programs. This may lead to taking full control over user's computer.
Link: http://www.net-security.org/text/bugs/978491554,22622,.shtml


WINROUTE PRO AND MEMORY PROTECTION
I have discovered that the WinRoute installer disables memory write protection 
under Windows 2000. WinRoute refuses to run if memory write protection is 
enable. Memory write protection enabled is the default for Windows 2000. 
Link: http://www.net-security.org/text/bugs/978491829,39449,.shtml


IBM WEBSPHERE COMMERCE SUITE VULNERABILITY
IBM WCS is bussiness suite, after install it. A file named admin.config will be 
produced, The user name and password to access that suite connect database 
will be include in this file. and this file access right is -rwxr-xr-x, So local 
usercan access it, and run some aibitrary command to get root right.
Link: http://www.net-security.org/text/bugs/978634842,97432,.shtml


THE BAT! DIRECTORY TRAVERSAL VULNERABILITY
The Bat! doesn't allow filename of attached file to contain '\' symbol, if name is 
specified as clear text. The problem is, that this check isn't performed then 
filename specified as RFC's 2047 'encoded-word'.
Link: http://www.net-security.org/text/bugs/978700177,39196,.shtml


CONECTIVA LINUX - SLOCATE UPDATE
"slocate" is a program which catalogues existing files and allows for a quick 
lookup later. There is a vulnerability present in previous versions. By giving it 
a crafted database, an attacker could make slocate execute arbitrary code 
as the "slocate" user. Additionally, a bug which caused slocate to segfault 
with large pathnames was fixed.
Link: http://www.net-security.org/text/bugs/978700190,91550,.shtml


NEWS DESK 1.2 CGI VULNERBILITY
Adding the string "/../" to an URL allows an attacker to view any file on the 
server, and also list directories within the server which the owner of the 
vulnerable httpd has permissions to access.
Link: http://www.net-security.org/text/bugs/978700223,88942,.shtml


FRONTPAGE PUBLISHING DOS
Any current NT server running IIS with Frontpage server extensions (which are 
installed by default) is vulnerable a remote DoS (Denial of Service). The 
vulnerability stems from Frontpage improperly handling queries to Frontpage 
Authoring (author.dll) modules as well as shtml calls. It is possible for a 
remote attacker to send a malformed query to those modules which will 
cause Frontpage to crash which will then in turn bring down inetinfo.exe 
on Windows NT 4.0 systems.
Link: http://www.net-security.org/text/bugs/978700238,93337,.shtml


VULNERABILITY IN FASTGRAF WHOIS.CGI
The whois.cgi script of Fastgraf has almost no metacharcterchecking which 
enables attackers to execute commands as uid of the webserver.
Link: http://www.net-security.org/text/bugs/978806584,91924,.shtml


LOTUS DOMINO 5.0.5 WEB SERVER VULNERABILITY
Lotus Domino Web Server under Windows 2000 (have not tested other 
versions) allows reading files outside the web root. The problem are URLs like:
http://TARGETDOMINO/.nsf/../winnt/win.ini
which read c:\winnt\win.ini.
Note that above URL does not work in IE - for some strange reasons IE 
strips .nsf/../ so try it from Netscape or direct HTTP request.
Link: http://www.net-security.org/text/bugs/978806599,44296,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

WRAP-UP OF THE DATA SECURITY YEAR - [02.01.2001]

F-Secure, a leader in centrally managed security solutions for the mobile, 
distributed enterprise, today summarised that the year 2000 was the year 
when computer safety became a household word. Viruses, worms, trojans 
and hacking and denial-of-service attacks, not to mention the Y2K scare, 
induced a state of dread to savvy and novice computer users alike and 
kept computer security companies on their toes. Unfortunately, the future 
looks no brighter, says Mikko Hypponen, Manager of Anti-Virus Research 
at F-Secure Corporation. The "bad guys" and their tricks are here to stay.

Press release:
< http://www.net-security.org/text/press/978406440,3287,.shtml >

----------------------------------------------------------------------------

CONFERENCE ON E-LAW AND RULES OF CYBERSPACE - [02.01.2001]

Michigan Attorney General Jennifer Granholm will keynote Michigan's first ever 
conference on e-law and the emerging rules of cyberspace, Tuesday, February 
6, 2001, at the Kellogg Center at Michigan State University in East Lansing. 
Granholm, one of the nation's leaders in cyber-law is aggressively enforcing 
cyber-law violations and is dramatically affecting how business is conducted 
on the web.

Press release:
< http://www.net-security.org/text/press/978406520,2839,.shtml >

----------------------------------------------------------------------------

NO CAUSE FOR ALARM - [02.01.2001]

Despite recent publicity about computer security breaches, most chief 
information officers (CIOs) believe their enterprises are relatively safe 
from internal and external security violations. In a recent survey, 91 
percent of CIOs polled said they are confident about the security of 
their corporate networks.

Press release:
< http://www.net-security.org/text/press/978406674,54729,.shtml >

----------------------------------------------------------------------------

PNC BANK SELECTS XCERT PKI TECHNOLOGY - [03.01.2001]

Xcert, a leading provider of software products for securing business-to-
business transactions and communications over the Internet, announced that 
PNC Bank, a member of the PNC Financial Services Group, has selected Xcert 
Sentry Public Key Infrastructure (PKI) and digital certificate technology to 
enable a secure Web interface for 25,000 employees.

Press release:
< http://www.net-security.org/text/press/978491939,13466,.shtml >

----------------------------------------------------------------------------

ZIXMAIL WINS PC MAG EDITORS' CHOICE AWARD - [03.01.2001]

ZixIt Corporation, premier provider of products and services that bring privacy 
and security to Internet communications, today announced that its flagship 
product, ZixMail, has won PC Magazine's Editors' Choice award in the email 
security category.

Press release:
< http://www.net-security.org/text/press/978491978,24290,.shtml >

----------------------------------------------------------------------------

TOP TEN VIRUSES IN DECEMBER 2000 - [05.01.2001]

This is the latest in a series of monthly charts counting down the ten most 
frequently occurring viruses as compiled by Sophos, a world leader in 
corporate anti-virus protection.

Press release:
< http://www.net-security.org/text/press/978699334,25908,.shtml >

----------------------------------------------------------------------------

NETWORK-1 ALLIANCE AGREEMENT WITH EDS - [05.01.2001]

Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention 
solutions for e-Business networks, announced an alliance agreement with EDS, 
the leading pure-play global services company that offers corporations and 
government clients a scalable, safe, secure extranet for their growing 
e-Business strategies.

Press release:
< http://www.net-security.org/text/press/978699510,3594,.shtml >

----------------------------------------------------------------------------

SECURIFY RECEIVES INVESTMENT FROM ISS - [05.01.2001]

Securify, Inc., a leading provider of security services for interconnected 
businesses, publicly announced an investment from Internet Security Systems 
(ISS). The investment is part of Securify's $34 million Series "A" private equity 
financing which closed in October 2000. Other investors include Spectrum Equity 
Investors, Pequot Capital, GemVentures, the venture fund arm of the smart card 
solutions provider Gemplus, and Bayview Investors, an affiliate of Robertson 
Stephens.

Press release:
< http://www.net-security.org/text/press/978699611,90829,.shtml >

----------------------------------------------------------------------------

RSA KEON CERTIFICATE SERVER AND OPSEC - [05.01.2001]

RSA Security Inc., the most trusted name in e-security, announced that RSA 
Keon Certificate Server 5.5 -- RSA Security's digital certificate management 
system designed to add trust to e-business applications -- has been certified 
by Check Point Software Technologies' Open Platform for Security (OPSEC) 
Alliance. OPSEC certification testifies that RSA Security's Keon Certificate 
Server is interoperable with Check Point's Secure Virtual Network (SVN) 
architecture and a wide number of other security components available 
today.

Press release:
< http://www.net-security.org/text/press/978699729,61387,.shtml >

----------------------------------------------------------------------------

BIG INTEREST IN MCAFEE.COM .NET SERVICES - [08.01.2001]

McAfee.com a leading security Application Service Provider (ASP), announced 
that over 1,000 companies worldwide have registered to evaluate McAfee.com's 
.NET services for businesses. Launched in November during the Fall COMDEX 
show, McAfee.com's .NET Initiative provides corporations a managed application 
service delivering industrial-strength desktop security, helpdesk and productivity 
services over the Internet. As a result, McAfee.com became the first company 
to deliver a comprehensive set of IT-centric application services that allow 
businesses to effortlessly secure, support and enhance their desktop and 
mobile computing platforms.

Press release:
< http://www.net-security.org/text/press/978916365,87133,.shtml >

----------------------------------------------------------------------------




Featured article
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

----------------------------------------------------------------------------

ACTIVISM, HACKTIVISM, AND CYBERTERRORISM: THE INTERNET AS A TOOL 
FOR INFLUENCING FOREIGN POLICY by Dorothy E. Denning

The purpose of this paper is to explore how the Internet is altering the 
landscape of political discourse and advocacy, with particular emphasis 
on how it is used by those wishing to influence foreign policy. Emphasis 
is on actions taken by nonstate actors, including both individuals and 
organizations, but state actions are discussed where they reflect foreign 
policy decisions triggered by the Internet. The primary sources used in the 
analysis are news reports of incidents and events. These are augmented 
with interviews and survey data where available.

Read more:
< http://www.net-security.org/text/articles/tool.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

INTEGRATE LINUX SOLUTIONS INTO YOUR WINDOWS NETWORK

In this day of ever-evolving technology, people are looking to migrate and 
integrate from what they have to something better, faster, and cheaper. 
These technological advances also make it easier for network administrators 
to integrate various Linux solutions that best fit their particular situation. For 
that reason, Integrate Linux Solutions into Your Windows Network offers many 
ways to use Linux technology to increase the reliability and cost-effectiveness 
of a network. Inside you will find what you need to know to upgrade gradually 
so that the process is invisible to the end user. Administrators at all levels will 
find this book focuses on the issues that face them and is full of sound solutions 
to make Linux operational in their networks.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0761527915/netsecurity >

----------------------------------------------------------------------------

LINUX FOR WINDOWS NT/2000 ADMINISTRATORS: THE SECRET DECODER RING

In large part, this book comes across as Linux for the Reader Who Has a Clue. 
Minasi enumerates the tasks that system administrators typically have to 
carry out. Examples of these include installing software and manipulating 
the privileges of users and groups. He explains how to do those jobs in 
various Linux environments, and addresses himself to Windows experts 
who'll need a bit of background, but don't require babying. Minasi doesn't 
explain why you'd want to install applications, but rather explicitly the 
mechanics of installing RPM packages and tarballed source code. He 
states flatly that most people will be happy with a precompiled kernel - 
that's what works for Windows, after all - but shows how to build your 
own, anyway. Topics covered: Linux 2.2, explained in terms that Windows 
adepts can understand easily. Staying rather distribution-neutral, the book 
explains how to install Linux, use it in single-user workstation mode, and 
configure it as a network operating system. System administration tasks--
software maintenance, user management, network troubleshooting, and 
so on - get top billing, although an ongoing comparison of Linux and the 
Wintel platform is important, too.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0782127304/netsecurity >

----------------------------------------------------------------------------

LINUX SYSTEM ADMINISTRATION BLACK BOOK

Linux Administration Black Book provides immediate solutions to the most common 
Linux installation and configuration tasks. The book presents strong coverage of 
kernel configuration, networking, system security, Internet services, LAN services, 
file systems, and much more. It also explains the complexities of upgrading an 
existing Linux installation and rebuilding from source. This book covers use of the 
most common major Linux servers and utilities, including Apache, Sendmail, 
majordomo, DHCP, Samba, ISC BIND, and Coda.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1576104192/netsecurity >

----------------------------------------------------------------------------

MANAGING CISCO NETWORK SECURITY

Don't wait until it's too late to find out you have security holes in your Cisco 
network. As security threats to enterprise networks continue to mount, it is 
critical that network managers know how to properly deploy and configure the 
Cisco Secure family of products. This book describes in detail how to detect 
network security incidents, measure vulnerability and policy compliance, and 
manage security policy across an extended organization. Readers will find 
coverage of the following security products which make up the Cisco Secure 
line: Cisco Secure PIX Firewall, Cisco Secure Access Control Server, Cisco 
Secure Integrated Software, Cisco Secure Scanner, Cisco Secure Integrated 
VPN Software.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1928994172/netsecurity >

----------------------------------------------------------------------------

THE CONCISE GUIDE TO XFREE86 FOR LINUX

The Concise Guide to Xfree86 for Linux is the first book on the market that 
gives you the expert-level information you need to understand, configure and 
administer Xfree86 (also referred to as "X"). X provides the infrastructure for 
graphical environments like KDE and Gnome. This book addresses the high-
level information need that has arisen as support personnel are required to 
troubleshoot and support all facets of Linux. Topics covered: All aspects of 
XFree86 for Linux, including elementary installation and configuration but with 
emphasis on advanced capabilities and little-known features. Special attention 
goes to hardware configuration (keyboard, mouse, and video display), the X 
way of thinking about fonts and colors, and the relationships between XFree86 
and various software that runs on top of it.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0789721821/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

TROJAN SECURITY 1.5

Trojan Security monitors 12 different ports where Trojans are known to be 
installed. When an intruder attempts to connect to the port, Trojan Security 
alerts you and relays information about the attack and the attacker. It also 
disconnects the intruder.

Info/Download:
< http://net-security.org/various/software/978188506,40891,.shtml >

----------------------------------------------------------------------------

POWER CRYPTO 1.3

>From the developer: "Use Power Crypto to secure sensitive files and text 
messages. It's fast and easily mastered, and it handles even very large text 
files with grace and ease. Power Crypto provides two basic options -- you 
can browse for one or more files to encrypt, or paste in a text message. In 
the first instance, you'll need to select a destination for the encrypted file 
(you can also choose to overwrite the original), while in the second, you 
can simply copy and paste the encrypted message as needed, for example 
into emails. Power Crypto uses keys up to over 130.000 in bit length and 
gives you a great deal of control over the particulars. A key generator 
supplies you with superior suggestions for long and complicated keys, 
which are referenced to by easy-to-remember nicknames. Much is done 
to optimize the security levels, and you are also encouraged by the "help" 
to think about what are needed to maintain a high level of security."

Info/Download:
< http://net-security.org/various/software/978188614,38610,.shtml >

----------------------------------------------------------------------------

DELETING COOKIES 1.00

>From the developer: "This program will find all cookies from your hard drive and 
give you option to delete all with onw click or you can select the cookies you 
want to delete. It can delete all temporary internet files It will work on Windows 
95/98/NT and Windows 2000 in Windows 2000 it will not give you all options. 
But it works just fine."

Info/Download:
< http://net-security.org/various/software/978188687,91379,.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[01.01.2001] - Ministerio de Agricultura y Ganadería del Ecuador
Original: http://www.mag.gov.ec/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.mag.gov.ec/

[01.01.2001] - JVC (UK) Ltd
Original: http://www.jvc.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.jvc.co.uk/

[01.01.2001] - Committee of Safety for the USA
Original: http://www.committee.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.committee.org/

[01.01.2001] - University of Technology, Sydney
Original: http://groundwater.ncgm.uts.edu.au/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/groundwater.ncgm.uts.edu.au/

[01.01.2001] - Sony Electronicos de Mexico
Original: http://www.sonystyle.com.mx/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.sonystyle.com.mx/

[01.01.2001] - EgyptAir
Original: http://www.egyptair.com.eg/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.egyptair.com.eg/

[02.01.2001] - Indra Gandhi Centre for Atomic Research
Original: http://igcar.ernet.in/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/02/igcar.ernet.in/

[03.01.2001] - Pepsi Cola UK
Original: http://www.pepsi.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/03/www.pepsi.co.uk/

[03.01.2001] - SFOR
Original: http://www.sfor.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/03/www.sfor.org/

[04.01.2001] - Game News Network - Switzerland
Original: http://www.gnn.ch/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.gnn.ch/

[04.01.2001] - Faculty od Economics Skopje, Macedonia
Original: http://www.eccf.ukim.edu.mk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.eccf.ukim.edu.mk/

[04.01.2001] - Belgium State Archives
Original: http://www.arch.be/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.arch.be/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
 
staff@net-security.org
http://net-security.org


---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org