HNS Newsletter
Issue 48 - 29.01.2001
http://net-security.org
 
This is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. Visit Help 
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter

Current subscriber count to this digest : 1855

Table of contents:
 
1) General security news
2) Security issues
3) Security world
4) Featured books
5) Security software
6) Defaced archives


================================================= 
Help Net Security has organized a contest in which participants 
have to write an opinion on the "most secure OS". The best five 
opinions will be published on the site and their authors will get a 
free copy of "The FreeBSD Corporate Networker's Guide."

For more information use the following URL:
http://www.net-security.org/various/bookstore/ted/
================================================= 


General security news
---------------------
 
----------------------------------------------------------------------------

UK GOVERNMENT SITE DOUBLE ATTACKED
Swindon Borough Council's website was defaced twice by two different hacker 
groups at the weekend. The site, www.swindon.gov.uk, was one of many 
government and military websites around the world to be defaced on Saturday 
by a hacking group called Pentaguard, which has been responsible for around 
40 hacks over the last year. Other sites attacked were UK government website 
www.bseinquiry.gov.uk and Australian government website 
www.brighton.tas.gov.au. Swindon's site was then hacked again on Sunday 
by a group or individuals known as "Krab".
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1116663


CLINTON APPOINTS 21 TO INFO SECURITY ADVISORY GROUP
On his last full day in office, former President Clinton appointed 21 members to 
a newly established council that will advise President George W. Bush on ways 
to protect the nation's most critical computer systems from cyber attack. The 
new group to which the appointments were made - the National Infrastructure 
Assurance Council (NIAC) - was conceived of in 1997 as a group of CEOs from 
the nation's leading companies in virtually every major infrastructure sector, 
including energy, telecommunications, transportation, and banking that would 
advise the president in the event of a cyber attack on one or more of these 
critical sectors.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/160831.html


IBM DEVELOPS SECURE MUSIC SOFTWARE
With the music industry seeking safe ways to sell songs online, International 
Business Machines Corp. said Monday it has developed software that prevents 
consumers from making unauthorized copies of music downloaded from the 
Internet. The Electronic Media Management System, which will be made 
available sometime this quarter, allows music companies to define the terms 
by which retailers and Internet users can swap songs over so-called peer-to-
peer networks, a distribution technology popularized by online music company 
Napster Inc.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nandotimes.com/technology/story/0,1643,500302547-500483965-503331765-0,00.html


MACWORLD SF 2001 TREND: PERSONAL FIREWALLS
The rise in permanent Internet connections via cable modems and DSL has 
raised fears of crackers breaking into individual computers and wreaking havoc. 
For Windows users, those fears are real, since most of the automated attacks 
look specifically for security holes in Windows network services. Macs are 
significantly less vulnerable to such problems, especially if Personal Web 
Sharing and Personal File Sharing via TCP/IP are turned off or properly secured, 
but a number of companies are now producing personal firewall products for 
Mac users who want additional peace of mind or who want to know precisely 
what's happening. Intego's NetBarrier and Open Door Networks' DoorStop (now 
the foundation of Norton Personal Firewall) were first on the scene, and they've 
just been joined by IPNetSentry from Sustainable Softworks, the network 
wizards who brought us IPNetRouter.
Link: http://db.tidbits.com/getbits.acgi?tbart=06281


COMPUTER CRIME INVESTIGATOR'S TOOLKIT: PART IV
Slack space occurs on a hard drive or floppy when a file gets partially 
overwritten after deletion. The new file does not completely fill in the space 
created by the old file's data. So, a slack space of residual data remains in 
the area between the end of file (EOF) boundary of the new file and the end 
of the cluster. On a given disk, then, large amounts of "hidden data" exist. 
These fragments may offer considerable evidence about what was deleted 
from the disk.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/toolkit20010123.html


PRESIDENT OFFERS JOB TO THE DEFACER OF HIS WEBSITE
A Bulgarian youth has been offered a job by his country's president after 
criticising the government in a web attack. The attacker - who is known 
only by the pseudonym 'Kabaka' - brought down the presidential homepage 
last week, leaving a message railing against the president for failing Bulgaria's 
youth. President Petar Stoyanov said that he would employ him without 
hesitation, because the ingenuity he showed in cracking government security 
without leaving a trace.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ananova.com/news/story/sm_182455.html


MICROSOFT'S NEW ZEALAND WEBSITE ATTACKED
Microsoft has had another of its international websites broken into and defaced. 
The Prime Suspectz group broke into Microsoft's New Zealand website overnight, 
replacing the front page with text like this: "Oh!!! what's hapened!! Another 
Micro$oft was hacked? !!Yes!! 'The vulnerability is completely teorical' !! I don't 
think so !! security wuz broke'n !".
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1116687


TOSHIBA MAKES FINGERPRINT READER FOR NOTEBOOKS
Toshiba America has released the PC Card Fingerprint Reader, a product that 
provides security for notebook computers. The fingerprint reader attaches to 
a standard PC card and uses Biometrics technology to provide convenient and 
reliable security. The device stores the prints of one or more fingers of a user, 
then allows access to the notebook system when those fingers are scanned 
into the reader.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.telekomnet.com/writer_telekomnet/1-23-01_toshiba.asp


ANTI-FUR PROTESTERS HACK CHANEL’S SITE
Animal rights activists hacked into French fashion house Chanel’s Web site and 
posted a protest against fur clothes only hours before the label presented its 
latest haute couture collection Tuesday.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/520407.asp


REVERSE ENGINEERING
A key ruling last October by the 9th U.S. Circuit Court of Appeals, located in 
San Mateo, affecting the home video game sector is having a direct impact on 
the entire software industry. The ruling, which upholds engineers' rights to 
reverse-engineer other companies' proprietary hardware for purposes of 
research, flies in the face of federal legislation passed two years ago banning 
most forms of reverse engineering. The congressional ban - part of the Digital 
Millennium Copyright Act of 1998 - was intended as a measure to extend 
existing copyright law into the realm of software. But the Sony vs. Connectix 
ruling may present the legal loophole that software engineers need to justify 
other forms of reverse-engineering research, such as dissecting operating 
systems to enable anti-virus programs to detect irregular behavior by other 
programs.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.planetit.com/techcenters/docs/security/news/PIT20010123S0001


NFS AND NIS SECURITY
Security problems seem to be inherent in NFS and NIS; however, there are 
methods and precautions that can be taken to make them more secure than 
their plain-vanilla implementations. This article by SecurityFocus.com writer 
Kristy Westphal, will examine some on the ways in which security for NFS 
and NIS can be enhanced.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/sun/articles/nfsnis.html


MORE PROBLEMS FOR NETWORK ASSOCIATES
As is company policy, Internet security firm Network Associates, Inc. declined 
to comment on any legal matter. However, as many as six separate class 
action suits have been filed on behalf of shareholders who say Santa Clara
based Network Associates filed "positive but false statements about current 
business and future prospects throughout the second half of 2000."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://siliconvalley.internet.com/news/article/0,2198,3531_568281,00.html


WHY FIREWALLS?
Firewalls are usually seen as a requirement if you are going to attach your 
network to other networks, especially the Internet. Unfortunately, some 
network administrators and managers do not understand the strengths a 
firewall can offer, resulting in poor product choice, deployment, configuration 
and management. Like any security technology, firewalls are only effective if 
the implementation is done properly and there is proper maintenance and 
response to security events.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010124.html


SECOND ATTEMPT
ABC Enterprises, Australia's national broadcaster, was forced to thwart a 
second attempt to deface its e-commerce website within minutes of an 
attacker bypassing the server's security yesterday.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theage.com.au/frontpage/2001/01/23/FFXEI9AGAIC.html


MICROSOFT DEFACEMENT: UPDATE
Microsoft Corp. has played down a defacement of its New Zealand Web site 
on Tuesday, saying it already knew about the security issue that led to the 
site's vandalism.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/160947.html


HP DISTRIBUTES VIRUS INFECTED DRIVERS
Hewlett-Packard has distributed printer drivers corrupted by a computer virus. 
The infected drivers were inadvertently uploaded onto the hardware giant's 
Web site, according to a report by Japanese news service Nikkei. The plague 
drivers, which were distributed between 17 and 19 December 2000, contained 
the Funlove virus. The issue only came to light after complaints from HP users, 
and subsequent checks in Japan revealed that 51 program files for printer and 
BIOS drivers for servers had become infected.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/4/16335.html


SSL - RUMOURS AND REALITY
You may have connected to a web page every now and then and noticed a 
small padlock icon at the bottom of your, browser window. What does this 
padlock signify? It means that the web-site is protected by SSL. SSL stands 
for 'Secure Sockets Layer' and refers to a protocol (or technique) that ensures 
a secure connection to a web-site. This article by Charl Van Der Walt will 
discuss the ways in which SSL provides safe, secure Internet transactions, 
including: how SSL works, why it is an effective weapon against hackers 
and how hackers can sometimes use it to their advantage.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/basics/articles/ssl.html


CAR MAKERS WEB SITES DEFACED
The UK web sites of car makers Mitsubishi and Fiat are the latest to fall victim 
to a vandal who exploits vulnerabilities with Microsoft's Internet Information 
Server. Like Microsoft's New Zealand site, which fell victim to defacement 
yesterday, the car sites were defaced by Prime Suspectz with a message 
mocking the security of Microsoft's software.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/16345.html


OPENING OF INDUSTRY LINUX LAB
The industry's first independent, non-profit lab designed for developers who are 
adding new business-oriented capabilities to Linux and Linux-based software 
opened today with the support of 19 sponsor companies and more than $24 
million in funding.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.intel.com/pressroom/archive/releases/20010124comp.htm


VATICAN RADIO SITE ATTACKED
Italian daily newspaper "Il Messaggero", reported that the web site of Vatican 
Radio, the official radio broadcaster of the Vatican, has been attacked by 
"hackers". The article is mentioning DDoS attacks, but it looks like it was 
defaced. InfoGuerra's Editor contributed that Alldas.de has the mirror.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/161109.html
Link: http://defaced.alldas.de/mirror/2001/01/24/www.radiovaticano.com


MICROSOFT CONTACTS FBI
Ananova reports that Microsoft contacted the FBI after a DDoS attack, 
intermittently keeping Web surfers shut out from Microsoft Internet 
properties such as Microsoft.com and MSN.com.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ananova.com/news/story/sm_186169.html


DECSS ALLIES GANGING UP
A federal court decision that restricted a DVD-descrambling program ignores 
free speech rights and should be overturned, eight different coalitions claim.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wirednews.com/news/politics/0,1283,41441,00.html


REAL USER LAUNCHING 'REAL' SECURITY MONDAY
On Monday, Real User Corp. will publicly launch itself and its face-based 
Internet authentication technology. The group hopes to some day overcome 
cookies and passcodes as the methods of choice for surfers and e-commerce 
companies to verify identity and information. "What we're trying to do is 
provide an integral part of the security structure of the Internet that doesn't 
already exist," Real User Chief Executive Officer Paul Barrett said in an interview 
today. "That is, tackling usability and security at the same time."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/161145.html


LINUX SECURITY BASICS
How to achieve the goal of every system admin: boring, predictable computers. 
Here is a defensive driving course for the information superhighway. Learn to 
develop a threat model, to implement security measures, and to find out what 
the newest threats may be.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxworld.com/linuxworld/lw-2001-01/lw-01-security.html


SMC BARRICADE 4-PORT ROUTER AND PRINT SERVER
SMC has been around for the better of 25 years providing high-quality hubs, 
switches, adapters, USB hardware - heck, anything that has to do with 
networking, SMC has covered or had it covered at some point in the last 
25 years. The SMC Barricade is an interesting product that fills the 
aforementioned void quite well, while also adding in some extras like 
full print serving capabilities and great user control of port availability.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.awaremag.com/hardware/SMC/barricade/barricade_1.html


EPSON WEB SITE ATTACKED
"Some files were overwritten through the breach in Microsoft IIS, the software 
we're running. We host quite a large number of corporate websites but this is 
the first time we've had a breach like this," - Karim Hussona, chief executive 
officer at Compass Communications, the company that hosts the Epson website.
Link: http://www.nzherald.co.nz/storydisplay.cfm?storyID=169810&thesection=technology&thesubsection=general


HECKENKAMP PLEADS INNOCENT TO HACKING
Jerome Heckenkamp, who began working at Los Alamos last June, has said an 
unknown person broke into the companies' computers by working through his 
computer while he was a student at the University of Wisconsin. If you are 
interested in this story, please check the FREESK8.org web site. Read the 
excerpt from the mentioned site: "This web page is dedicated to public 
awareness concerning the case of Jerome Heckenkamp, a 21 year old Los 
Alamos National Laboratory employee who was arrested for allegedly 
committing several computer crimes under the alias of MagicFX. Hopefully 
as you browse through the resources below, you will come to the natural 
conclusion that this fine young individual has merely become the scapegoat 
of a restless and unrelenting Federal Bureau of Investigation, caught in the 
middle of a 21st century spin-off of McCarthyism."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/computing/01/26/hacking.arrest.ap/index.html


TOP TEN SECURE SHELL FAQS
SSH, the Secure Shell, is a set of protocols and software that provide secure, 
remote terminal sessions between networked computers. In addition to a simple 
remote command prompt, most SSH implementations also provide secure 
forwarding of X Window traffic as well as forwarding of connections to arbitrary 
TCP ports. These features can protect otherwise insecure protocols such as POP, 
IMAP, SMTP, and so on. An SSH session applies cryptographically assured privacy 
and integrity protection as well as mutual authentication to the data passing 
through it. Used properly, SSH is an extremely valuable tool that helps users 
more safely navigate today's Internet and helps system administrators secure 
their networks or perform remote administration.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://sysadmin.oreilly.com/news/sshtips_0101.html


SOME THOUGHTS ON THE NSA LINUX RELEASE
"There are two things I am sure of after all these years: there is a growing 
societal need for high assurance software, and market forces are never going 
to provide it. Superficially, I'm going to offer a few comments on the technology 
underlying the NSA release. My real intent is to induce the Open Source 
community into building on this release - so when society wakes up to the fact 
that this stuff is really, truly needed, something is actually there. You won't get 
rich working on high assurance technology, but you may end up feeling pretty 
good about how you spent your career."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www2.linuxjournal.com/articles/buzz/0043.html


WORLD BANK DEFACED
One of the servers of the World Bank got penetrated into and defaced. Message 
left on the site was - "I want to thank the WorldBank for its kind attitude to our 
country. We would have been long lost away even from Romania. This should be 
taken as a request for future help to Bulgaria. Dear Gentlemen as you can see, 
our country shows greater and positive economic condition. The crizies caused 
by the Communist party (a.k.a Socialistic party) seem to be through. I'd like to 
congratulate the govenment and the president of Bulgaria."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://net-security.org/misc/sites/sima-ext.worldbank.org/


TOP MALWARE OF 2000
The negative impacts of malware have escalated over the past few years as 
independent and corporate users have become more dependent upon networked 
computing solutions. The complexity and sheer bulk of code in software that 
accompanies such development has opened up a host of new vulnerabilities. 
The continued growth of Microsoft products across a large audience has also 
created an environment where one exploit within a Microsoft product may 
impact a large number of users worldwide.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/malware20010129.html


A HACKER'S NEED FOR QUBE3
I often hear fellow hackers say, that everything a Linux appliance does can be 
done with a 200$ PC and the right software. That is certainly right. Why should 
a hacker like me go out and buy a US$ 1,995 to store files and use it as a web 
server, ftp server, and mail server? This review recounts my experience as a 
Linux kernel hacker and driver developer, using the Linux-powered Qube3 in 
trying to make all above-mentioned functionality of a server appliance in my 
lab. My lab consists of about 25 Linux servers and assorted other Unix servers. 
The lab connects to the Internet by means of a DSL line.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.moelabs.com/reviews1.html

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

MULTIPLE VULNERABILITIES IN FASTREAM FTP++
FaSTream's embedded ftp-server can be flooded into unresponsiveness by 
sending a request of 2048 bytes or greater size to it.
Link: http://www.net-security.org/text/bugs/980261700,9485,.shtml


LOCALWEB2000 DIRECTORY TRAVERSAL VULNERABILITY
Adding the string "../" to an URL allows an attacker access to files outside of 
the webserver's publishing directory. This allows read access to any file on 
the server.
Link: http://www.net-security.org/text/bugs/980261718,95799,.shtml


WATCHGUARD FIREWALL VULNERABILITY
I have found that the embedded Linux-based Watchguard Firebox II Firewall 
product range is vulnerable to read-write access using only a read-only 
passphrase. This gives a read-only user the ability to make changes to the 
firewall remotely without either authorization or a read-write passphrase. The 
risk is remote firewall compromise.
Link: http://www.net-security.org/text/bugs/980261732,73378,.shtml


PROBLEMS WITH ORACLE JSP/SQLJSP HANDLERS
It is possible to view files outside the web root. Also possible is execution of 
.JSP files outside the web root in the same partiotion as the web server's root.
Link: http://www.net-security.org/text/bugs/980261749,15101,.shtml


BUFFER OVERFLOW IN LOTUS DOMINO SMTP SERVER
Lotus Domino/Notes server has a 'policy' feature, which is used to define 
relaying rules. However, improper bounds checking allow remote user to 
overflow the buffer and execute arbitrary code. If policy is enabled to 
check for domain name it is possible to trigger the overflow.
Link: http://www.net-security.org/text/bugs/980304915,69914,.shtml


PATCH FOR ORACLE XSQL SERVLET VULNERABILITY
Oracle has corrected this vulnerability in the new release of XSQL Servlet as 
well as provided more secure behavior by default. The new release of XSQL 
Servlet, Release 1.0.4.0, can be obtained from Oracle Technology Network, 
OTN, http://otn.oracle.com/tech/xml/xsql_servlet. A patch will also be 
available in the upcoming Oracle8i, Release 8.1.7.1, patch set and available 
for use with iAS Release 1.0.2.1.
Link: http://www.net-security.org/text/bugs/980304938,81797,.shtml


DEBIAN - NEW VERSION OF MYSQL RELEASED
Nicolas Gregoire has reported a buffer overflow in the mysql server that leads 
to a remote exploit. An attacker could gain mysqld privileges (and thus gaining 
access to all the databases). Upgrade immediately.
Link: http://www.net-security.org/text/bugs/980304969,2953,.shtml


DEBIAN - NEW VERSION OF MICQ RELEASED
PkC has reported that there is a buffer overflow in sprintf() in micq versions 
0.4.6, that allows to a remote attacker able to sniff packets to the ICQ server 
to execute arbitrary code on the victim system.We recommend you upgrade 
your micq package immediately.
Link: http://www.net-security.org/text/bugs/980304996,80556,.shtml


MAKE THE NETOPIA R9100 ROUTER TO CRASH
If you have the password of the router and if you are logged to it you will 
not be able to delete all the traces. The router logs the connection and the 
disconnection of telnet sessions. If you want to delete the connection from 
the logs you just have to delete them. But if you want to delete the 
disconnection log you can't. The only way to do that is to make it crash. 
Just use the telnet program which is inside the router. Try to make a 
connection from the IP of the router to the IP of the router. It will crash 
it, as a consequence, you will NOT be logged ! 
Link: http://www.net-security.org/text/bugs/980359282,81709,.shtml


BORDERWARE V6.1.2 PING DOS VULNERABILITY
Sending a ping to the broadcast on the network causes Borderware's ping 
server to continously send echo request to the entire network. It is possible 
that a Denial-of-Service attack (smurf attack) can be executed on the network 
using freely available exloit code. This can occur externally if broadcast packets 
aren't dropped at the router or on the local network if other machines aren't 
configured to deny directed broadcasts. Borderware has confirmed this problem. 
They upgraded the problem below to a bug and informed me that the pings can 
be stopped on-site by resetting the interfaces, which can be done from the 
Borderware client. Provided the exploit doesn't attempt to re-establish a 
connection when the network interface comes back up, this is a temporary fix.
Link: http://www.net-security.org/text/bugs/980613054,97813,.shtml


IBM WEBSPHERE SHOWCODE VULNERABILITY
When IBM WebSphere application server shares the same document root as 
Netscape Enterprise server it is possible for a malicious user to view to view 
the source of any JSP file in the document root.
Link: http://www.net-security.org/text/bugs/980613070,85509,.shtml


JRUN MALFORMED URI WEB-INF DIRECTORY
It is possible to get a directory listing of the WEB-INF directory when 
requesting pages from a JRun Web Server. It is also possible to display 
the contents of the web.xml file in WEB-INF.
Link: http://www.net-security.org/text/bugs/980613087,77841,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

PKI SOLUTION WITH ENHANCED PERFORMANCE - [23.01.2001]

Business security provider Cylink Corporation announced the general availability 
of NetAuthority 3.1, a next-generation public key infrastructure solution that 
provides advanced performance, functionality and ease of use. The PKI also is 
interoperable with solutions from a growing list of Cylink partners to enable an 
expanded set of applications.

Press release:
< http://www.net-security.org/text/press/980261192,95348,.shtml >

----------------------------------------------------------------------------

SECURE COMPUTING ANNOUNCES SMARTFILTER 3.0 - [23.01.2001]

Secure Computing announced SmartFilter 3.0, the latest release of the 
industry's first Internet access management application. SmartFilter 3.0 
provides unprecedented flexibility for managing employee productivity and 
reducing liability associated with the misuse of company-provided Internet 
resources. Now organizations can choose the simplest way to manage 
employee Internet access by selecting from a broad range of URL filtering 
options and categories, using a new policy-based management console. 
More importantly, simple, sophisticated management reporting makes it 
easy to understand and control Internet access.

Press release:
< http://www.net-security.org/text/press/980261322,64982,.shtml >

----------------------------------------------------------------------------

ANTI-VIRUS BETA-VERSION FOR NOVELL NETWARE - [24.01.2001]

Kaspersky Lab, an international data-security software-development company, 
announces the release of the KasperskyT Anti-Virus beta-version for Novell 
NetWare powered by a new Java-based management system. The program 
also contains a set of unique features that significantly extend a user's ability 
for the centralized management of a network's anti-virus defense, thus 
decreasing attending expenses and making the product the world's most 
technically improved anti-virus system.

Press release:
< http://www.net-security.org/text/press/980305376,54403,.shtml >

----------------------------------------------------------------------------

DEVICELOCK MILLENNIUM EDITION RELEASED - [24.01.2001]

SmartLine, Inc. announced the new release of DeviceLock Millennium Edition, 
a Windows service for restricting access to local devices running Windows 
95/98/Me. Preventing the introduction of inappropriate software and data is 
important when trying to protect and administer a company's computer 
network. The traditional solution has been a physical lock on the floppy 
drive. DeviceLock Me eliminates the need for physical locks and has a 
number of advantages. It is easy to install and administrators can have 
instant access from the remote computers when necessary.

Press release:
< http://www.net-security.org/text/press/980305435,13048,.shtml >

----------------------------------------------------------------------------

SECURE COMPUTING RECEIVES OPSEC CERTIFICATION - [25.01.2001]

Secure Computing announced that its SafeWord authentication and authorization 
system has received OPSEC (Open Platform for Security) certification from Check 
Point Software Technologies Ltd. for Check Point VPN-1/FireWall-1. OPSEC 
certification confirms that SafeWord is fully compatible with Check Point's 
authentication standards. Through this certification, end-users can select 
the security solutions that best meet their requirements and be assured 
that interoperability and central policy definitions are guaranteed.

Press release:
< http://www.net-security.org/text/press/980387499,3755,.shtml >

----------------------------------------------------------------------------

AMERICAN BANK'S NEW SECURITY FEATURES - [25.01.2001]

American Bank, a leading provider of Internet banking and financial services 
(www.pcbanker.com), announced the implementation of several new security 
features for online customers. These new features reinforce American Bank's 
commitment to maintaining the safety and security of their customers' 
financial information.

Press release:
< http://www.net-security.org/text/press/980387696,23828,.shtml >

----------------------------------------------------------------------------

DEPLOYING INTRUSION DETECTION SYSTEMS - [25.01.2001]

Learning Tree International, Inc. is announcing the release of a new Hands-On 
IT course, Deploying Intrusion Detection Systems, where participants learn to 
design, configure and deploy an Intrusion Detection System for their network.

Press release:
< http://www.net-security.org/text/press/980387775,96667,.shtml >

----------------------------------------------------------------------------

VIGILANTE AND MYCIO PARTNER - [27.01.2001]

VIGILANTe, the premier provider of automated security assessment services 
over the Internet, today announced a strategic technology alliance with myCIO, 
a leading provider of Internet security management solutions and a wholly owned 
subsidiary of Network Associates. SecureScan, VIGILANTe's flagship security 
service, integrates myCIO's CyberCop ASaP with open source, and other 
third-party proprietary scanners, as well as its own suite of software. This 
key industry alliance provides the SecureScan customer base with unmatched 
capabilities for identifying and addressing Internet perimeter vulnerabilities.

Press release:
< http://www.net-security.org/text/press/980616100,62526,.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

FREEBSD CORPORATE NETWORKER'S GUIDE (WITH CD-ROM)

This book is written for the beginning FreeBSD administrator who wants to take 
advantage of the power and cost savings afforded by use of this operating 
system on their organization's production network. FreeBSD is a UNIX-like 
operating system that takes its name from the Berkeley Software Distribution 
group. "FreeBSD has been the secret weapon of serious network administrators 
for many years now and this book should provide a welcome introduction to 
those who have yet to discover it for themselves." - Jordan Hubbard, 
Co-founder, The FreeBSD Project.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0201704811/netsecurity >

----------------------------------------------------------------------------

INSIDE LINUX

The author acknowledges that adequately teaching how to use Linux involves 
more than communicating a series of recipes. For that reason, he goes to 
considerable effort to explain what's going on when the user executes various 
commands. He uses procedures to expose facts about Linux's innards, rather 
than as mere strategies for achieving desired effects. Therefore, his prose - 
particularly his extended coverage of the bash shell - reads like a scientist's 
journal: If we do this, here's what happens (and by the way, here's why). The 
approach is more leisurely than that of many introductory Linux books, and it 
leads to a deeper understanding of what's going on under the shell. The author 
shows how to configure and use XFree86, the K Desktop Environment (KDE), 
and GNOME. These are handy skills to have, even if most distributions will more 
or less automate those processes and some readers may wish instead for 
information on more obscure aspects of the operating system. Coverage of 
network configuration, where an intimate knowledge of the command line and 
configuration files is critical, suits this book's experiment-and-observe format 
very well. The reader gets to see lots of important pieces of software in action.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0735709408/netsecurity >

----------------------------------------------------------------------------

PROFESSIONAL LINUX PROGRAMMING: DATABASES, POSTGRESQL, MYSQL, LDAP, 
SECURITY, DEVICE DRIVERS, GTK+, GNOME, GLADE, GUI, KDE, QT, PYTHON, PHP, 
RPC, DISKLESS SYSTEMS, MULTIMEDIA, INTERNATIONALIZATION, CORBA, PAM, 
RPM, CVS, FLEX, BISON, BEOWULF, CLUSTERING, ORBIT, MPI, PVM, AND XML

The book is framed as a case study for building a custom database program in 
Linux for a video rental store. After a tour of the requirements and a brief look 
at project management for creating this software, the various Linux packages 
that are needed to implement this system are described, along with sample 
code, most of which is written in C. Some packages, such as the CVS version
control package, come with most distributions of Linux; others will require 
downloading additional software over the Internet. In every case, you're 
provided with the actual command-line arguments that are needed to install, 
configure, and run each package. Besides a great exploration of CVS for 
version control, this title offers excellent coverage of the free PostgreSQL 
and MySQL databases, which are two very popular choices for Linux databases. 
The book also does a good job of explaining UI design under both the GTK+
GNOME and KDE (two popular Linux desktops), and how to extend the reach 
of the sample database application by using Remote Procedure Calls (RPCs) 
and CORBA. Of course, the finished application doesn't use every Linux API 
that's covered here, but the book does cast a wide net, and introduces 
features and tools that are available.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1861003013/netsecurity >

----------------------------------------------------------------------------

AD HOC NETWORKING

"Ad hoc" networks are wireless, mobile networks that can be set up anywhere 
and anytime - outside the Internet or another preexisting network infrastructure 
- whose time has come. The field has tremendous commercial and military 
potential, supporting applications, such as mobile conferencing outside the 
office, battlefield communications, and embedded sensor devices that 
automate household functions, among others. Ad Hoc Networking is a 
collection of algorithms, protocols, and innovative ideas from the leading 
practitioners and researchers that will propel the technology toward 
mainstream deployment. It discusses numerous potential applications, 
reviews relevant networking concepts, and examines the various 
approaches that define emerging ad hoc networking technologies.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0201309769/netsecurity >

----------------------------------------------------------------------------

HIGH AVAILABILITY NETWORKING WITH CISCO

This book explores and discusses a wide range of potential approaches to 
improving network availability, allowing you to choose those most appropriate 
for your organization and its unique needs and constraints. The goal is to show 
how to achieve higher network availability both in theory and in practice. In 
economic terms, this means pushing the design to the point where the cost 
of eliminating further unavailability exceeds the cost to the organization of the 
losses due to downtime. While the theoretical aspects apply to networks of all 
sizes and technologies, the example solutions provided focus on the needs of 
moderate sized extended corporate networks using IP version 4 and stable, 
moderate performance technologies such as frame relay, ISDN, and Ethernet - 
not because these technologies are fundamentally more or less reliable than 
others, but because these tend to be the networks which have grown to the 
point of being critical to the day-to-day operations of the organization without 
a staff of dedicated network designers and architects to provide optimization 
and support.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0201704552/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

SECURITY SETUP II LIGHT

Security SetUp II Light is an easy-to-use security application which allows you 
to protect your Windows configuration. The program lets you maintain your 
current Windows setup and protect your desktop, network, printer, modem, 
screen saver, and Internet settings from being modified. It enables you to 
limit other users' access by setting up control levels, hide selected drives, 
add password protection, disable access to the Control Panel, and more. 

Info/Download:
< http://www.net-security.org/various/software/979836656,78721,windows.shtml >

----------------------------------------------------------------------------

SECURITY DEPARTMENT 1.3.3.1

Security Department is a resident file system protector which can provide 
several levels of protection for different folders and files. You can prevent 
various actions for folders and files, including copying, moving, deleting, 
and renaming, and make selected folders and files read-only, fully-protected, 
or protected according to a custom protection level. Security Department also 
supports different access setups to various folders and files for each user group 
on a single computer, and includes administrator password-protection capability.

Info/Download:
< http://www.net-security.org/various/software/979836840,54669,windows.shtml >

----------------------------------------------------------------------------

ADVANCED NT SECURITY EXPLORER

Advanced NT Security Explorer helps NT system administrators find system 
security holes. It analyzes user password hashes, and tries to recover 
plain-text passwords. If it's possible to recover the password in a reasonable 
time, the password should be considered to be insecure, and so it's time to 
change it. Some users like simple and easy to remember passwords, 
unfortunately. This program is very applicable for NT workstations, where 
users can access a hard drive from another computer in the network and 
copy a SAM registry key, where password hashes are stored. Also, users 
can sniff a network and recover password hash from sniffer results. 
Advanced NT Security Explorer (ANTExp) will help you in your way to 
complete system security. In addition, ANTExp could be used for recovering 
lost passwords of particular users.

Info/Download:
< http://www.net-security.org/various/software/979837872,60459,windows.shtml >

----------------------------------------------------------------------------

MACLOCKSMITH 2.4.0

The MacLocksmith is an useful application to save your files from indiscreet 
eyes. It protects your files/folders quickly by using a very strong encryption 
method and a password. The MacLocksmith supplies also a second, soft and 
fast, protection system, you may use it in situations of already hig security 
level. The MacLocksmith allows you to create Cryptet. Cryptets are stand
alone autodecrypting applications containing one encrypted or protected file. 
A Cryptet may decrypt the contained file or simply save it on HD. Distribution 
of encrypted files is no longer a problem, now. You may create FAT, PPC or 
68k applications and choose a text file that will be used, by created Cryptet, 
as custom About box.

Info/Download:
< http://www.net-security.org/various/software/979838190,4213,mac.shtml >

----------------------------------------------------------------------------

POWERCRYPT

PowerCrypt implements the major cryptographic methods, standards and 
hash algorithms: DES, IDEA, RSA, DSA, PKCS, MD2, MD5. As well, PowerCrypt 
implements the major secure e-mail protocols: PEM, S/MIME. PowerCrypt 
handles standard X 400 certificates: It stores received new certificates both 
as a local password protected copy and a public copy in a central Certificat
Directory accessible to other users. It creates new keys and prototype 
certificates for certificate requests.

Info/Download:
< http://www.net-security.org/various/software/979840697,21005,mac.shtml >

----------------------------------------------------------------------------

ENSCRIPT 2.0

EnScrypt is an encryption tool for Macintosh based scripting environments. It 
gives Macintosh cryptographers and developers what they need to build digital 
signatures, secure passwords, and other security.

Info/Download:
< http://www.net-security.org/various/software/979841473,82473,mac.shtml >

----------------------------------------------------------------------------

SECUREPASS 2.01

This is a secure Macintosh archiving utility for passwords and other security 
keys. Designed for the user who accesses secure network services or who 
deals with multiple passkeys that are difficult to secure, memorize, use, 
change, or keep track of.

Info/Download:
< http://www.net-security.org/various/software/979841570,22014,mac.shtml >

----------------------------------------------------------------------------

PALMPASSWORD

PalmPassword is a dual application with a PC and Palm Connected Organizer 
module, which working together do exactly that - create the perfect way to 
keep your personal account and password information both secure and mobile.

Info/Download:
< http://www.net-security.org/various/software/979841841,68017,palm.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[22.01.2001] - Guardian Security Company
Original: http://www.guardian-security.net/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/22/www.guardian-security.net/

[22.01.2001] - Canon (Greece)
Original: http://www.canon.gr/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/22/www.canon.gr/

[22.01.2001] - ByteCom (Morocco)
Original: http://www.bytecom.net.ma/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/22/www.bytecom.net.ma/

[22.01.2001] - #2 U.S. Navy Electronic Commerce Homepage
Original: http://www.ec.navsup.navy.mil/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/22/www.ec.navsup.navy.mil/

[22.01.2001] - Chanel
Original: http://www.chanel.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/22/www.chanel.com/

[22.01.2001] - Ford Motor Company
Original: http://media.ford.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/22/media.ford.com/

[22.01.2001] - Microsoft Corporation (NZ)
Original: http://www.microsoft.co.nz/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/23/www.microsoft.co.nz/

[23.01.2001] - Ford Motors (Korea, south)
Original: http://www.ford.co.kr/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/23/www.ford.co.kr/

[23.01.2001] - EPSON New Zealand
Original: http://www.epson.co.nz/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/23/www.epson.co.nz/

[23.01.2001] - Fiat Auto (U.K.)
Original: http://www.fiat.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/23/www.fiat.co.uk/

[23.01.2001] - Mitsubishi
Original: http://www.mitsubishi.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/23/www.mitsubishi.co.uk/

[23.01.2001] - Toyota (CN)
Original: http://www.toyota.com.cn/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/24/www.toyota.com.cn/

[24.01.2001] - Compaq Computer Corporation
Original: http://www.millicent.digital.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/24/www.millicent.digital.com/

[24.01.2001] - Iranian Television
Original: http://www.irtv.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/24/www.irtv.com/

[24.01.2001] - Acer Computers (CN)
Original: http://www.acer.com.cn/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/24/www.acer.com.cn/

[24.01.2001] - EXCALIBUR Group, A Time Warner Company
Original: http://www.neo.rr.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/24/www.neo.rr.com/

[25.01.2001] - Coca-Cola (DK)
Original: http://www.coca-cola.dk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/25/www.coca-cola.dk/

[25.01.2001] - Inprise Korea
Original: http://www.borland.co.kr/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/25/www.borland.co.kr/

[25.01.2001] - U.S. Navy
Original: http://nif.navy.mil/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/25/nif.navy.mil/

[26.01.2001] - Homepage Central
Original: http://www.internationalhosting.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/26/www.internationalhosting.com/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
 
staff@net-security.org
http://net-security.org


---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org