Net-Sec newsletter Issue 22 - 17.07.2000 http://net-security.org Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured articles 5) Security books 6) Defaced archives ============================================================ Sponsored by Kaspersky Lab - You Personal Anti-Virus Guard ============================================================ The Breakthrough Technology Protecting Your Computers From Viruses! Subscribe to Kaspersky Lab's FREE newsletter delivering you the latest and trustworthy information source on computer viruses and their counter measures. You will always be up to date when securing your computer! Join now! http://www.kasperskylab.ru/eng/news/maillist.asp ============================================================ General security news --------------------- ---------------------------------------------------------------------------- US MAY ANNOUNCE NEW ENCRYPTION RULES Following closely on the heels of the European Union's relaxing of export and encryption controls, William Reinsch, head of the Commerce Department's Bureau of Export Administration said today that the US was prepared to announce similar regulations in an effort to keep US companies competitive with foreign manufacturers. Link: http://www.computeruser.com/news/00/07/11/news13.html DEFEATING OPENHACK Austrian hacker Alexander Lazic received $500 award for exploiting MiniVend, e-commerce storefront package on OpenHack.com. BTW MiniVend had about million downloads, so there are lot of vulnerable e-commerce sites out there. ZDNet's article describes the hack. Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html FBI SYSTEM COVERTLY SEARCHES E-MAIL The U.S. Federal Bureau of Investigation is using a superfast system called Carnivore to covertly search e-mails for messages from criminal suspects. Contributed by Jonathan. Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2601502,00.html AN INTRODUCTION TO PGP In today's busy world of online communication and transaction thousands of messages consisting of sensitive data are sent across the Internet daily. Do you want everyone looking at your email? Is the encryption of email really necessary? Undoubtedly. Link: http://www.ironboxtech.com/articles/neurality/intropgp.shtml MICROSOFT FIXING NEW EXCEL BUG Microsoft said it is working to close a security hole in its Excel spreadsheet program that could open computers to attack while bypassing warning systems. Link: http://www.net-security.org/text/bugs/963357077,83705,.shtml Link: http://news.cnet.com/news/0-1005-200-2247443.html?dtn.head MAN ARRESTED FOR PENETRATING INTO NASA SERVERS A 20-year-old man was arrested Wednesday for allegedly breaking into two computers owned by NASA's Jet Propulsion Laboratory, and different counts of stealing credit card and penetrating other systems. Link: http://dailynews.yahoo.com/h/nm/20000712/tc/crime_hacker_dc_1.html ISPS BITE BACK AT CARNIVORE Internet-service providers and privacy advocates are concerned about the implications of a new electronic surveillance system devised by the Federal Bureau of Investigation, with some providers vowing to resist if they are asked to install it on their networks. Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2602200,00.html KEVIN MITNICK ALLOWED BACK ONLINE Mitnick's federal probation officer informed him this week that he could pursue some computer-related work. Among the jobs approved: writing for Steven Brill's online magazine Contentville, speaking in Los Angeles on computer security, consulting on computer security, and consulting for a computer-related TV show. Link: http://news.cnet.com/news/0-1005-200-2250843.html KASPERSKY LAB WARNS OVER JULY 14 SMASH VIRUS The Russian antivirus specialist, says that the Win95 Smash virus, which first surfaced in late April, could cause problems for PC Windows users when it triggers on July 14. Link: http://www.computeruser.com/news/00/07/14/news20.html NMAPNT FROM EEYE DIGITAL SECURITY "nmap has various options to perform stealth scans, ping scans, UDP scans, as well as a whole handful of other scan types. nmap also has the ability to remotely fingerprint an IP address. Basically what that means is by sending various queries to a remote IP address, and reading the responses, nmap can determine if the remote IP address is running a certain operating system or maybe it is a router or network printer. Infact, nmap's datebase of fingerprints has over 500 unique finger prints in it." Link: http://www.eeye.com/html/Databases/Software/nmapnt.html EXCITE USER BLOCKED FROM JPL WEB SITES After several attempted breakins from Excite @ Home subscribers, technicians at the Jet Propulsion Lab quietly blocked access to some of its Web sites to all Excite subscribers. Link: http://www.msnbc.com/news/432831.asp?cp1=1 E-SECURITY CHALLENGE From Secure Computing: "We are launching Secure's e-Security Challenge at Blackhat and will run it for the duration of 60 days thereafter. Secure's e-Security Challenge lets you test your wit and skills...and if you're good enough, you might even win $10,000 US Dollars!" Link: http://www.net-security.org/phorum/read.php?f=2&i=11&t=11 ANTI-MILOSEVIC DEFACEMENT Three days ago, web site of Serbian pro-government magazine "Politika" was defaced with a false message that Serbian president Slobodan Milosevic was killed by a bomb detonation. Link: http://www.active-security.org/images/1207_b_politika.gif EFF BRIEFING EFF in conjunction with H2K Conference, held a briefing about the latest information on the case, and an in-depth look at the issues surrounding the first trial brought under the controversial DMCA. Link: http://www.eff.org/pub/Intellectual_property/Video/dvd_briefing_release.html CDC AT HOPE2K Oxblood Ruffin announced that he had personally recruiting a group of six programmers (Mixter and BroncBuster were mentioned in the article) to work on a project to stop censored Internet in some countries. Link: http://dailynews.yahoo.com/h/zd/20000716/tc/cult_of_the_dead_cow_s_bizarre_theater_1.html PENENBERG IS LEAVING FORBES Adam Penenberg, who always did great articles on computer underground, says he's leaving his job because Forbes magazine won't support his refusal to testify before a federal grand jury. Link: http://www.washingtonpost.com/wp-dyn/style/columns/medianotes/A54672-2000Jul16.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- EXCEL 2000 VULNERABILITY - EXECUTING PROGRAMS Excel 2000/Windows 98 (suppose other versions are also vulnerable, have not tested) allows executing programs when opening an Excel Workbook (.xls file). This may be also be exploited thru IE or Outlook. This may lead to taking full control over user's computer. Link: http://www.net-security.org/text/bugs/963357077,83705,.shtml APACHE::ASP HOLE FIXED Apache::ASP had a security hole in its ./site/eg/source.asp distribution examples file, allowing a malicious hacker to potentially write to files in the directory local to the source.asp example script. Link: http://www.net-security.org/text/bugs/963357248,90975,.shtml BIG BROTHER VULNERABILITY The problem exists in the code where $HOSTSVC does not do authenticity checking for its assigned variable. All files could be snatched just with a browser. Link: http://www.net-security.org/text/bugs/963357356,65475,.shtml NETSCAPE ADMINISTRATION SERVER PASSWORD DISCLOSURE The administration server is installed when you first install SuiteSpot server. For remote logon, it authenticates by validating the password prompt input with the administration server password file. This password file is kept in a local directory within the SuiteSpot server. Link: http://www.net-security.org/text/bugs/963135822,65666,.shtml FEARTECH FTP BROWSER PROBLEM FTP Browser allows you to display a html enhanced directory listing, which is great for managing your ftp files. FTP Browser can also be used for downloading password files. Link: http://www.net-security.org/text/bugs/963578519,23215,.shtml "ABSENT DIRECTORY BROWSER ARGUMENT" PROBLEM PATCHED Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft Internet Information Server. In sum, the vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it. Link: http://www.net-security.org/text/bugs/963664473,69872,.shtml "THE IE SCRIPT" VULNERABILITY PATCHED Microsoft has released a patch that eliminates a security vulnerability in Microsoft Office 2000 (Excel and PowerPoint) and in PowerPoint 97. Microsoft has also documented a workaround that prevents the use of Microsoft Access to exploit a vulnerability in Internet Explorer. A patch for the latter vulnerability will be available soon and we will have an update to this bulletin. Link: http://www.net-security.org/text/bugs/963664619,71371,.shtml [MANDRAKE] CVSWEB UPDATE Cvsweb contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell. In addition, anyone with write access to a cvs repository that is viewable with cvsweb can get access to whatever user the cvsweb cgi script runs as (typically nobody or www-data, etc.). This update closes all of these possibly exploited pipe-opens. Link: http://www.net-security.org/text/bugs/963664736,92640,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- AGREEMENT ON DEBIT CARD FRAUD PROTECTION SERVICE - [10.07.2000] NYCE Corporation and MasterCard International have signed an agreement to bring enhanced neural network fraud prediction services to MasterMoney issuers that are processed by NYCE. The service, called RiskFinder , is a neural network system developed by MasterCard and HNC Software. RiskFinder uses HNC's patented neural network modeling technology while leveraging the MasterCard Banknet global transaction processing network to predict and, ultimately, help to reduce fraud losses associated with credit and offline debit cards. Press release: < http://www.net-security.org/text/press/963246513,23242,.shtml > ---------------------------------------------------------------------------- ENTRUST/TRUEPASS WEB SECURITY SOLUTION AVAILABLE - [10.07.2000] Entrust Technologies Inc. (NASDAQ: ENTU), a global leader in solutions that bring trust to e-business, announced today the commercial availability of Entrust/TruePass, web security solution, a new product to enhance its market-leading public-key infrastructure (PKI) portfolio of solutions, which began shipping to customers during the last week in June. Press release: < http://www.net-security.org/text/press/963246890,86727,.shtml > ---------------------------------------------------------------------------- RAINBOW ADDS NEW FEATURES TO SENTINELSUPERPRO 6.0 - [10.07.2000] Rainbow Technologies, a leading provider of high-performance security solutions for the Internet, eCommerce and software protection, today announced new upgrades to the company's flagship Sentinel software protection product family. The new SentinelSuperPro 6.0 significantly improves the ease-of-use and rapid deployment while maintaining powerful levels of security and software protection. SentinelSuperPro 6.0 provides users with a new graphical user interface, which is more intuitive and instructional. This makes implementing security into a customer's software application as simple as possible. Press release: < http://www.net-security.org/text/press/963247005,78506,.shtml > ---------------------------------------------------------------------------- INSURANCE FOR E-COMMERCE AND INTERNET SECURITY - [10.07.2000] Counterpane Internet Security today announced that its clients and their customers will be able to purchase insurance policies to protect against loss of revenues and information assets caused by Internet and e-commerce security breaches. The first of its kind, this new insurance program from Lloyd's of London was arranged by leading insurance brokers Frank Crystal & Co. and SafeOnline and offers up to $100 million in coverage. Press release: < http://www.net-security.org/text/press/963247191,59797,.shtml > ---------------------------------------------------------------------------- AXENT'S NETPROWLER WINS AT NETWORKS TELECOM 2000 - [10.07.2000] AXENT Technologies, Inc., one of the world's leading Internet security solutions providers for e-business, announced today that its network-based intrusion detection solution, NetProwler, part of its ProwlerIDS Series, won Network Telecom 2000's "Security Monitoring Product of the Year" award, presented by Network News magazine. To win the award, NetProwler defeated competitors such as Network Associates, Inc.'s CyberCop Scanner, and Internet Security System, Inc.'s Real Secure, among others. Press release: < http://www.net-security.org/text/press/963247286,56322,.shtml > ---------------------------------------------------------------------------- IDENTIX LAUNCHES WIRELESS INTERNET SECURITY BUSINESS - [12.07.2000] Identix Inc. announced the launch of a new secure-transaction service, itrust, which will operate as a new division of Identix. In conjunction with the launch, Motorola announced that it has invested $3.75 million in Identix through the company's global, strategic venture capital investment arm, One Motorola Ventures. itrust is one of the first security service solutions designed to offer secure biometric authenticated transaction services for the Internet and wireless Web e-commerce marketplace through a server-based security infrastructure. Press release: < http://www.net-security.org/text/press/963358016,72875,.shtml > ---------------------------------------------------------------------------- VIREX RECEIVES HIGH RATINGS FROM MACWORLD - [12.07.2000] McAfee Retail Software, a division of Network Associates, today announced that its Dr. Solomon's Virex software received a four out of five rating in a recent review by Macworld. The rating is higher than any other anti-virus software product, including Norton AntiVirus, which received a three out of five rating. The Virex product was commended for its sophisticated virus update and scheduling features as well as its new, streamlined interface. Press release: < http://www.net-security.org/text/press/963437149,41361,.shtml > ---------------------------------------------------------------------------- SECURE ONLINE ELECTRONIC DOCUMENT DELIVERY - [12.07.2000] CertifiedMail.com, the premier provider of secure Internet and wireless document delivery and BizProLink.com, an Internet Business Service Provider Network supporting the daily needs of businesses within 124 industry sectors, today announced that they have signed a strategic partner agreement. Together, BizProLink.com and CertifiedMail.com will offer businesses direct access to secure electronic document delivery solutions without the need to download any special software. Press release: < http://www.net-security.org/text/press/963437517,84790,.shtml > ---------------------------------------------------------------------------- SECURE EPAYMENT SOLUTIONS FOR WIRELESS E-COMMERCE - [12.07.2000] Trintech Group PLC, a leading provider of secure electronic payment infrastructure solutions, and Visa International, today announced a strategic partnership to jointly develop the next generation of ePayment solutions to speed the global adoption of secure mobile commerce. The alliance follows Trintech's announcement today of the launch of PayWare mAccess, the company's secure payment solution designed specifically for mobile devices, as well as a strategic collaboration with Phone.com. PayWare mAccess allows for "one touch" payment and real time authentication of user while shopping using mobile phones and other non-PC devices. Press release: < http://www.net-security.org/text/press/963437700,17134,.shtml > ---------------------------------------------------------------------------- BLUE LANCE RELEASES LT AUDITOR+ 7.0 - [14.07.2000] Blue Lance Inc., one of the leading network security software companies in the country, has announced the newest release of its popular program designed especially for use on the Microsoft NT and Windows 2000 platforms, LT Auditor+ 7.0 for NT. The program is significantly more robust in its features and functionality than any of its predecessors. It gives users greater flexibility in structuring security alerts, increases options and control of rights and access and, in general, provides a greater level of security for all assets managed and protected by computers. Press release: < http://www.net-security.org/text/press/963578674,72424,.shtml > ---------------------------------------------------------------------------- Featured articles ----------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org Listed below are some of the recently added articles. ---------------------------------------------------------------------------- KNOW YOUR ENEMY by Lance Spitzner The tools and methodology of the most common black-hat threat on the Internet, the Script Kiddie. By understanding how they attack and what they are looking for, you can better protect your systems and network. Article: < http://www.net-security.org/text/articles/spitzner/kye1.shtml > ---------------------------------------------------------------------------- KNOW YOUR ENEMY II by Lance Spitzner How to determine what the enemy is doing by analyzing your system log files. Includes examples based on two commonly used scanning tools, sscan and nmap. Article: < http://www.net-security.org/text/articles/spitzner/kye2.shtml > ---------------------------------------------------------------------------- KNOW YOUR ENEMY III by Lance Spitzner What happens after the script kiddie gains root. Specifically, how they cover their tracks while they monitor your system. The paper goes through step by step on a system that was recently compromised, with system logs and keystrokes to verify each step. Article: < http://www.net-security.org/text/articles/spitzner/kye3.shtml > ---------------------------------------------------------------------------- KNOW YOUR ENEMY: A FORENSICS ANALYSIS by Lance Spitzner This paper, the fourth of the series, studies step by step a successful attack of a system. However, instead of focusing on the tools and tactics used, we will focus on how we learned what happened and pieced the information together. The purpose is to give you the forensic skills necessary to analyze and learn on your own the threats your organization faces. Article: < http://www.net-security.org/text/articles/spitzner/kye_f.shtml > ---------------------------------------------------------------------------- KNOW YOUR ENEMY: MOTIVES by the Honeynet Project This paper, a continuation of the series, studies the motives and psychology of the black-hat community, in their own words. Article: < http://www.net-security.org/text/articles/spitzner/kye_m.shtml > ---------------------------------------------------------------------------- ARMORING LINUX by Lance Spitzner How to armor the Linux operating system. This article presents a systematic method to prepare your system for the Internet. The article is based on Redhat 6.0, but should apply to most distributions of Linux. Article: < http://www.net-security.org/text/articles/spitzner/armoring_linux.shtml > ---------------------------------------------------------------------------- ARMORING SOLARIS by Lance Spitzner How to armor the Solaris operating system. This article presents a systematic method to prepare for a firewall installation. Also included is a downloadable s hell script that will armor your system. Article: < http://www.net-security.org/text/articles/spitzner/armoring_solaris.shtml ---------------------------------------------------------------------------- ARMORING NT by Lance Spitzner How to armor the NT 4.0 operating system. This article presents a systematic method to prepare for a firewall installation, specifically Check Point Firewall 1. Article: < http://www.net-security.org/text/articles/spitzner/armoring_nt.shtml > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- CISCO ROUTER INTERNETWORKING Topics covered: Cisco hardware and software technologies for connecting computer networks across geographic space. The book focuses on the OSI reference model, the TCP/IP stack, the basics of using Cisco IOS, and the details of implementing various network and routing protocols in the Cisco environment. It also addresses the Inter-Gateway Routing Protocol (IGRP) and Enhanced IGRP (EIGRP), plus IPX, AppleTalk, X.25, and various WAN connectivity solutions. Book: < http://www.amazon.com/exec/obidos/ASIN/0071356274/netsecurity > ---------------------------------------------------------------------------- LINUX NETWORK ADMINISTRATOR'S GUIDE Olaf Kirch wrote Linux Network Administrator's Guide as part of the Linux Documentation Project to cover just such information. Although you can download the book for free, the O'Reilly version of the book looks (better layout and graphics) and feels better than the online version and has a superlative index. This book details the tasks associated with e-mail setup and maintenance, news group setup, and essential network applications such as rcp and rlogin. In some cases you may find the level of detail not sufficient to complete the task. In those cases, Kirch tells you where to find more detailed information on the Internet. This methodology has kept the book to a very handy size, which makes it an easy-to-use, versatile resource for anyone managing a Linux network. Book: < http://www.amazon.com/exec/obidos/ASIN/1565924002/netsecurity > ---------------------------------------------------------------------------- MICROSOFT WINDOWS 2000 SERVER ADMINISTRATOR'S COMPANION This book brings network administrators, systems engineers, and other MIS professionals up to speed on the latest features of Windows 2000 Server, including Active Directory services, Microsoft Internet Information Server 4.0, the new, integrated console for administrative tools, and more. It's the perfect handbook for those who need to deploy, install, and configure installations, upgrade from previous versions, understand network addresses, manage day-to-day operations, configure storage, manage users and groups, implement security measures, configure mail services, troubleshoot, and perform other vital administrative tasks. Book: < http://www.amazon.com/exec/obidos/ASIN/1572318198/netsecurity > ---------------------------------------------------------------------------- RED HAT LINUX NETWORK MANAGEMENT TOOLS The book looks at the considerable networking capabilities of Linux 2.2.x from the perspective of a network administrator responsible for fitting the operating system into a large, heterogeneous computer network. Despite the title of the book, it doesn't limit itself to Red Hat Linux. The book is also careful to explain key networking technologies such as the TCP/IP protocol stack and Simple Network Management Protocol. The book approaches network-management matters one at a time with Linux tools. In explaining Ethernet monitoring, for example, the text introduces the tcpdump and ethereal tools, and then explains their functions. Book: < http://www.amazon.com/exec/obidos/ASIN/0072122625/netsecurity > ---------------------------------------------------------------------------- A PRACTICAL GUIDE TO SOLARIS A broad range of topics, from creating passwords and working with files to shell programs, are covered in this thick volume. Each one is given the same highly effective treatment of illustrative screen shots and commands, which should prevent readers from getting too lost in the OS. There are also warnings and tips about specific functions and utilities, such as the which and whereis that are used to help located commands and files, throughout the chapters. For greater detail on specific utilities, the book includes a massive section devoted exclusively to the utilities within Solaris. Book: < http://www.amazon.com/exec/obidos/ASIN/020189548X/netsecurity > ---------------------------------------------------------------------------- SAMBA: UNIX AND NT INTERNETWORKING Samba allows Windows NT machines to interact with Unix machines by handling Windows Server Message Block calls. This book takes a platform-neutral approach to Samba that is suitable for any reader, regardless of greater familiarity with either Windows or Unix. This book will help you get Samba running, but lots of books will do that. This is the one to read if you have a strange Samba problem or you just want to know more about how the server and its clients work. There is a copy of Samba 2.0.5.a on the companion CD-ROM, complete with source code and some additional documentation. Book: < http://www.amazon.com/exec/obidos/ASIN/0071351043/netsecurity > ---------------------------------------------------------------------------- WINDOWS NT/2000 ADSI SCRIPTING FOR SYSTEM ADMINISTRATION This book documents the Active Directory Service Interfaces as they apply to systems administrators interested in using Component Object Model objects written in Visual Basic to automate administrative tasks. Because this book is backed by such a considerable development effort, administrators of large Windows NT and Windows 2000 networks will be able to put its ADSI solutions to profitable use immediately. Book: < http://www.amazon.com/exec/obidos/ASIN/1578702194/netsecurity > ---------------------------------------------------------------------------- Defaced archives ------------------------ [10.07.2000] - Ministerio Do Meio Ambiente Original: http://www2.mma.gov.br/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/10/www2.mma.gov.br/ [10.07.2000] - Covenant Health Original: http://www.covenanthealth.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/10/www.covenanthealth.com/ [11.07.2000] - Fermi National Accelerator Laboratory 'cdsun2' Server Original: http://cdsun2.fnal.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/11/cdsun2.fnal.gov/ [11.07.2000] - Ejército de Guatemala Original: http://www.mindef.mil.gt/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/11/www.mindef.mil.gt/ [13.07.2000] - Maritime Telecommunications Network Original: http://www.mtnsat.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/13/www.mtnsat.com/ [14.07.2000] - National Oceanic and Atmospheric Administration Original: http://hpcs.fsl.noaa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/14/hpcs.fsl.noaa.gov/ [14.07.2000] - National Renewable Energy Laboratory Original: http://isdevlab.nrel.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/14/isdevlab.nrel.gov/ Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org --------------------------------------------------------------------- To unsubscribe, e-mail: news-unsubscribe@net-security.org For additional commands, e-mail: news-help@net-security.org