Net-Sec newsletter Issue 23 - 24.07.2000 http://net-security.org Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured articles 5) Security books 6) Defaced archives ============================================================ Sponsored by VeriSign - The Internet Trust Company ============================================================ Upgrade your server security to 128-bit SSL encryption! Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions for serious online security. Click here! http://www.verisign.com/cgi-bin/go.cgi?a=n046610570016000 ============================================================ General security news --------------------- ---------------------------------------------------------------------------- NEW ENCRYPTION REGULATIONS The Clinton administration today said it plans to change laws governing the export of powerful encryption technologies to allow export of all information-scrambling products to any end user in the European Union and to eight other trading partners. Link: http://www.computeruser.com/news/00/07/18/news12.html Link: http://www.wired.com/news/politics/0,1283,37617,00.html WHEN HACKING IS GUESSING A survey by credit card giant Visa has found that 67% of passwords chosen to protect information are easy to guess names or numbers. It revealed that the majority of people choose their birth date, nickname or favourite sports team as a password. Link: http://news.bbc.co.uk/hi/english/sci/tech/newsid_837000/837802.stm THE BIOMETRIC CONSORTIUM 2000 CONFERENCE "In addition to the speakers and panel sessions, over fifteen Supporting Organizations will have exhibits and demonstrations available. The Conference is open to the Biometric Consortium members and to the general public. We are very pleased to announce that Stephen Walker, a widely recognized expert and leader in information security technology and policy, is scheduled to deliver the opening address." Link: http://www.nist.gov/itl/div895/isis/bc/bc2000/ "CARNIVORE" AND OTHER CYBERSNOOP PROGRAMS In what may be the first request of its kind, the American Civil Liberties Union is asking the Federal Bureau of Investigation to disclose the computer source code and other technical details about its new Internet wiretapping programs. In a Freedom of Information Act (FOIA) request sent today to the FBI, the ACLU is seeking all agency records related to the government e-mail "cybersnoop" programs dubbed Carnivore, Omnivore and Etherpeek, including "letters, correspondence, tape recordings, notes, data, memoranda, email, computer source and object code, technical manuals, [and] technical specifications." Link: http://www.aclu.org/news/2000/n071400a.html ERIC CORLEY FACES PIRACY TEST CASE A court case pitting Hollywood against Eric Corley has started in the US, in what is being seen as a test case against alleged digital piracy. Movie giants including Disney, Universal and Paramount, accuse Eric Corley (aka Emmanuel Goldstein) of posting links to software on his website, allowing users to break the copy protection system on digital video discs. Link: http://news.bbc.co.uk/hi/english/sci/tech/newsid_839000/839609.stm POWERGEN IN SECURITY SCANDAL UK utility, Powergen, has admitted to a massive security breach that left the debit card details of thousands of customers open to a potential multimillion pound fraud. The security hole was discovered by a Powergen customer and silicon.com viewer, John Chamberlain, when he went to the company's site to pay his bill online. Chamberlain - an IT manager - said he was surprised to discover three files on the web server, containing the names, addresses and card details of more than 7,000 home and business users, including his own. Link: http://www.silicon.com/public/door?REQUNIQ=963958275&6004REQEVENT=&REQINT1=38650&REQSTR1 BUREAU NAMES NEW eFBI CHIEF The FBI has named a new assistant director to oversee the design and launch of eFBI, a recently renamed and resurrected program that will give bureau agents the ability to share and sift through information via the World Wide Web. Link: http://www.fcw.com/fcw/articles/2000/0717/web-efbi-07-18-00.asp STAGES IS YET UNKNOWN? NOT. Malaysian The Star magazine has an article on viruses that were sent trough State Department's office of public mailing list. Reporter writes that e-mails have "life stages" written in the subject line, and to him it is "yet unknown virus which can destroy a computer's hard drive". Of course Stages worm is known to all of us for a while. Link:http://thestar.com.my/tech/story.asp?file=/2000/7/18/technology/hacksum18&sec=technology Link:http://net-security.org/text/viruses/962240637,93160,.shtml MY EXPERIENCE WITH BEING CRACKED "I emailed my findings to the systems admin and the owner of the ISP, including the backdoor password and how to use it, with the suggestion that they should backup everything, wipe the machine, and load a current version of Red Hat (6.0 at the time) with the latest patches. They replied that they would look into it." Link: http://www.rootprompt.org/article.php3?article=678 PENENBERG'S LETTER Black Market Enterprises published a copy of Adam Penenberg's letter of resignation to Forbes' owner, Tim Forbes. Link: http://www.b-m-e.com/features.411.forbes_penenberg_doj.html#letter ANOTHER BRICK IN THE WALL Brian Martin from Attrition did another great article entitled "Another brick in the wall - Fighting a losing battle on the front lines of security". Link: http://www-4.ibm.com/software/developer/library/su-wall.html FIRST AUTOCAD VIRUS FOUND Kaspersky Lab, an international anti-virus software development company, announces the discovery of a first computer virus that affects the world's most popular PC-based design software AutoCAD. Link: http://www.net-security.org/text/viruses/autocad.shtml BT UNDER DoS ATTACKS "This is my payback to BT for ripping this country off. I'm tired of being cut off the net at 12 just because I have a cable line heres my payback :\," - said someone in an e-mail message sent to The Register staff. Link: http://www.theregister.co.uk/content/6/12097.html MESSAGING RIVALS CALL AOL ON PRIVACY, SECURITY ISSUES A group of America Online's instant messaging rivals accused the Internet giant of using inflated security and privacy concerns to stall progress on technology standards that would allow its services to work with those of competitors. Link: http://news.cnet.com/news/0-1005-200-2312096.html 'NEW BREED' DROWNING OUT HACKER CULTURE? Weld Pond, a research scientist working with the security firm @Stake Inc., talks about script kiddies and their numbers compared to those who actually have the hacking skills to find the vulnerabilities in a supposedly secure system. Link: http://www.zdnet.com/zdnn/stories/comment/0,5859,2605327,00.html MORE ON SPAM This time, Louis Trager from Inter@ctive Week, did yet another rant on spam entitled "Spam, Spam, Baloney And Spam". Link: http://mcafee.snap.com/main/page/pcp/cd/0,85,-1713-1517323-413516,00.html LINUX DISTRIBUTION SECURITY REPORT How are the various Linux distributions doing in terms of general security? Link: http://www.securityportal.com/cover/coverstory20000724.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- ROXEN SECURITY ALERT Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs containing null characters can gain the browser access to information he is not authorized to. Link: http://www.net-security.org/text/bugs/964399028,33871,.shtml [MANDRAKE] INN UPDATE A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made as well. Link: http://www.net-security.org/text/bugs/964398854,44315,.shtml "PERSISTENT MAIL-BROWSER LINK" VULNERABILITY Microsoft has released a patch that eliminates a security vulnerability affecting Microsoft Outlook Express. The vulnerability could allow a malicious user to send an email that would "read over the shoulder" of the recipient as he previews subsequent emails in Outlook Express Link: http://www.net-security.org/text/bugs/964176207,44621,.shtml UPDATED PATCH FOR FOR "MALFORMED E-MAIL HEADER" PROBLEM On July 18, 2000, Microsoft released the original version of this bulletin, to advise customers of the issue and recommend that they install either of the two service packs that will eliminate the vulnerability. On July 20, 2000, the bulletin was updated to announce the availability of patches that eliminate the vulnerability. Link: http://www.net-security.org/text/bugs/964176103,14653,.shtml O'REILLY WEBSITE PROFESSIONAL OVERFLOW The indexing utility webfind.exe distributed with O'Reilly WebSite Professional contains an unchecked buffer allowing for the remote execution of arbitrary code on vulnerable hosts. Link: http://www.net-security.org/text/bugs/964141648,97231,.shtml [@STAKE] IKEY 1000 PROBLEMS Rainbow Technologies' iKey 1000 (http://ikey.rainbow.com) is a portable USB (Universal Serial Bus) smartcard-like device providing authentication and digital storage of passwords, cryptographic keys, credentials, or other data. Using the legitimate user's PIN number and the physical USB key, access to the public and private data within the key will be granted. The iKey also allows administrator access using the MKEY (Master Key) password. Administrator access to the iKey, normally used for initialization and configuration, will allow all private information stored on the key to be accessed. Link: http://www.net-security.org/text/bugs/964141537,67366,.shtml HP JETDIRECT - INVALID FTP COMMAND DOS If you connect to the ftp service on your HP printer and send it the following string: quote AAAAAAAAAAA < cr> The printer crashes. It may require that you turn the power off and on again to get the printer to work again. The display will show an error message similar to this: 86:0003 (the bit after the colon seems to vary a bit, we've also gotten :0004, :000B). Link: http://www.net-security.org/text/bugs/964103346,59356,.shtml REMOTELY EXPLOITABLE BUFFER OVERFLOW IN OUTLOOK The vulnerability could enable a malicious sender of an e-mail message with a malformed header to cause and exploit a buffer overrun on a user's machine. The buffer overrun could crash Outlook Express, Outlook e-mail client, or cause arbitrary code to run on the user's machine. Link: http://www.net-security.org/text/bugs/964100872,57148,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- SYMANTEC'S WEB SUPPORT NAMED ONE OF THE BEST - [17.07.2000] Symantec Corp. today announced that for the third consecutive year, the company's technical support Web site, has been selected as one of the year's ten best online Web support sites by the Association of Support Professionals, an international organization dedicated to the advancement of the technical support profession. Press release: < http://www.net-security.org/text/press/963845931,19665,.shtml > ---------------------------------------------------------------------------- AXENT TO SECURE NOKIA WAP SERVER - [17.07.2000] AXENT Technologies, Inc., one of the world's leading Internet security solutions providers for e-business, announced that customers worldwide can leverage Enterprise Security Manager, AXENT's market-leading security assessment solution, to help secure the Nokia wireless application protocol (WAP) server. Like all servers, the Nokia WAP server, which provides the content for wireless devices such as cell phones, personal data assistants, and laptops, can be compromised through vulnerabilities in their operating systems. Now with ESM, companies can find and secure these vulnerabilities, and be assured of the security and availability of the WAP server providing the wireless content. Press release: < http://www.net-security.org/text/press/963846068,8460,.shtml > ---------------------------------------------------------------------------- PC-CILLIN 2000 ACHIEVES ICSA CERTIFICATION FOR W2K - [17.07.2000] Trend Micro Inc., a leader in enterprise and personal antivirus and content security for the Internet age, today announced that its consumer desktop antivirus software, PC-cillin(R) 2000, has been granted ICSA Certification by the Anti-Virus Product Developers Consortium. Antivirus product certification testing was recently revised to include products that protect the Windows 2000 operating system. To achieve ICSA Anti-Virus Certification, products are tested for their ability to detect 100% of the "in the wild" viruses as they enter the system and also during periodic file and directory scans. Press release: < http://www.net-security.org/text/press/963846158,52053,.shtml > ---------------------------------------------------------------------------- ALADDIN SHIPS SECURE USB AUTHENTICATION TOKEN - [19.07.2000] Aladdin Knowledge Systems, a global leader in the field of Internet content and software security, has announced that its new USB security token, eToken R2, is now being shipped to customers worldwide. Aladdin also announced that Gecko Internet joined Aladdin's eToken Technology Partner Program. Press release: < http://www.net-security.org/text/press/964002572,83662,.shtml > ---------------------------------------------------------------------------- INTERSCAN VIRUSWALL CERTIFIED FOR ASP DEPLOYMENT - [19.07.2000] Trend Micro, a leading provider of enterprise antivirus and Internet content security products, today announced that its best-of-breed InterScan VirusWall Internet gateway virus protection software has become one of the first thirteen products and the only antivirus product to achieve Sun Microsystems' SunTone Application Certification for deployment in ASP environments. The SunTone Certification confirms Trend Micro's ability to deliver reliable and highly scalable Unix-based technology that can meet the demanding requirements of Service Providers. Press release: < http://www.net-security.org/text/press/964002786,39586,.shtml > ---------------------------------------------------------------------------- SYMANTEC CONTINUES PERSONAL FIREWALL LEADERSHIP - [19.07.2000] Symantec Corp. today announced that EarthLink, a leading broadband Internet Service Provider has selected Symantec's Norton Personal Firewall software to protect it's PC-using EarthLink DSL customers. EarthLink will offer Norton Personal Firewall free of charge to new and existing EarthLink DSL customers. Norton Personal Firewall will be delivered via a redeemable electronic coupon e-mailed to customers after their DSL service is installed. Norton Personal Firewall is then downloaded from co-branded Web site. Press release: < http://www.net-security.org/text/press/964002938,79452,.shtml > ---------------------------------------------------------------------------- SYMANTEC OFFICIALS WILL SPEAK AT ISACA CONFERENCE - [19.07.2000] Symantec Corp., a world leader in Internet security technology, announced today three executives have been invited to speak at the International 2000 Conference of the Information Systems Audit and Control Association, July 17-19 in Orlando, Florida. Mark Egan, chief information officer and vice president of Information Technology; Char Sample, principal researcher of the Core Technology Group; and Greg Adams, director of Development Enterprise Security Solutions, will each address separate sessions of the conference. Press release: < http://www.net-security.org/text/press/964003015,17911,.shtml > ---------------------------------------------------------------------------- RAINBOW RESPONDS TO @STAKE RL'S ADVISORY - [21.07.2000] Rainbow Technologies, Inc. responded to a Security Advisory issued by @stake Research Labs regarding potential weaknesses in the company's iKey 1000 entry-level workstation authentication device. @stake's Advisory, issued to several security mailing lists, confirmed in-house testing being performed at Rainbow which also uncovered potential weaknesses in the iKey 1000. The threat can exist in cases where an adversary is able to obtain a user's iKey. Rainbow has improved the iKey 1000's design to defend against this class of attack. Rainbow began a thorough internal testing of the iKey 1000 in May after @stake issued a Security Advisory on a competitive key token product. Press release: < http://www.net-security.org/text/press/964140967,15366,.shtml > ---------------------------------------------------------------------------- SECURE COMPUTING TO DELIVER SECURITY TO ASPS - [21.07.2000] Secure Computing announced that it has signed an OEM agreement with Hewlett-Packard Company. Under the terms of the agreement, Secure Computing's SafeWord authentication application is to be resold as a standard feature of HP's e-utilica instant e-service solution for Application Service Providers. HP's e-utilica is a pre-integrated solution that enables ASPs to offer businesses instant access to design collaboration applications and scalable compute capacity on a pay-per-use basis, keeping the information technology overhead low and providing a secure platform for e-business. Press release: < http://www.net-security.org/text/press/964141092,13277,.shtml > ---------------------------------------------------------------------------- Featured articles ----------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org Listed below are some of the recently added articles. ---------------------------------------------------------------------------- PASSIVE FINGERPRINTING by Lance Spitzner Building on the "Know Your Enemy" series, this paper details how to passively learn about the enemy, without them knowing about it. Specifically, how to determine the operating system of a remote host using passive sniffer traces only. Article: < http://www.net-security.org/text/articles/spitzner/fingerprinting.shtml > ---------------------------------------------------------------------------- TO BUILD A HONEYPOT by Lance Spitzner One method of building your own honeypot to learn more about the black-hat community. The tools and methods discussed are how I did my research for the "Know Your Enemy" series. Article: < http://www.net-security.org/text/articles/spitzner/honeypot.shtml > ---------------------------------------------------------------------------- AUDITING YOUR FIREWALL SETUP by Lance Spitzner How to audit your firewall setup. The purpose of this paper is to help you verify your firewall is correctly implemented and behaves as you expect it. Article: < http://www.net-security.org/text/articles/spitzner/auditing.shtml > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- LINUX NETWORK SERVERS 24 SEVEN Topics covered: Installing and maintaining reliable, high-performance network servers under the Linux 2.2 operating system. Servers include pppd for PPP service, Apache for Web operations, Berkeley Internet Name Domain 8 for Domain Name System service, sendmail for mail routing, Samba for integration of heterogeneous machines on a network, and the miscellaneous services of the Internet daemon. There's coverage of Network File System and Dynamic Host Configuration Protocol servers too. Book: < http://www.amazon.com/exec/obidos/ASIN/0782125069/netsecurity > ---------------------------------------------------------------------------- NETWORKING SERVICES DEVELOPER'S REFERENCE LIBRARY As most developers of Windows-based applications know, almost every important new feature and component of Microsoft Windows 2000 revolves around the network. This five-volume book provides a full set of well-conceived reference materials to help developers build better applications that take advantage of these features and components. Crammed full of useful material, this library provides timely information about networking technologies that are entirely new or largely revamped for Windows 2000. It also documents existing technologies that network-enabled applications use every day. All in all, it's the most focused source of printed reference materials available about Windows networking technologies. Book: < http://www.amazon.com/exec/obidos/ASIN/0735609934/netsecurity > ---------------------------------------------------------------------------- UNIX SHELL PROGRAMMING (HAYDEN BOOKS UNIX SYSTEM LIBRARY) A complete overview of "shell" programming. This classic deals specifically with the techniques of shell programming. Presents information in a step-by-step fashion; covers all features of the standard shell, with additional instructions for the Korn Shell; and teaches how to use the shell to tailor the UNIX environment. Book: < http://www.amazon.com/exec/obidos/ASIN/067248448X/netsecurity > ---------------------------------------------------------------------------- ADMINISTRATING WEB SERVERS, SECURITY AND MAINTENANCE The goal of this book is to give you a solid understanding of what is going on behind the scenes of a Web site. We try to give you the tools and skills you need to start your own Web site and keep things running smoothly. This book is broken down into two parts: Web server administration and Web security. Although the book is written for new webmasters, there is plenty of information here to satisfy even seasoned Web veterans. Book: < http://www.amazon.com/exec/obidos/ASIN/0130225347/netsecurity > ---------------------------------------------------------------------------- DESIGNING NETWORK SECURITY Excellent coverage of AAA, TACACS+, RADIUS, PIX, 3DES, DMZ as well as IPSEC and CBAC. This is alot of material to be discussed in one book. Cisco provides a CD ROM with this same material for $250.00, this is a much better deal. If you want to enhance your knowledge of access-lists, reflexive access-lists etc. this is the book for you. Book: < http://www.amazon.com/exec/obidos/ASIN/1578700434/netsecurity > ---------------------------------------------------------------------------- DIGITAL CERTIFICATES: APPLIED INTERNET SECURITY The authors spend a fair amount of time explaining the problem of network security and the broad technologies (public-key encryption, key length considerations, authentication, and so on). Having explained the universe in which a security system must work, they then show how to acquire a digital certificate from a certification authority. Of more interest to administrators and developers are code snippets that show how to request and process digital certificates in a variety of environments, including ASP and Java. There's background information on the newly standardized PKI with X.509 and the Secure Electronic Transaction standard for financial operations too. Coverage of Microsoft Certificate Server includes a lot of programming information, including coverage of the Policy and Exit Modules Book: < http://www.amazon.com/exec/obidos/ASIN/0201309807/netsecurity > ---------------------------------------------------------------------------- WINDOWS 2000 SYSTEMS PROGRAMMING BLACK BOOK This book will help you: - Take advantage of processes, threads, and fibers. - Synchronize your programs using semaphores, mutexes, and critical sections. - Communicate between processes using pipes, RPC, mailslots and more. - Use overlapped I/O to prevent programmed I/O waits. - Use advanced memory management. - Master the Registry, event logging, error messaging, and security. - Create services to take control of the system even when no users are logged on. Book: < http://www.amazon.com/exec/obidos/ASIN/1576102807/netsecurity > ---------------------------------------------------------------------------- Defaced archives ------------------------ [16.07.2000] - Oregon Coast Aquarium Original: http://www.aquarium.org/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/16/www.aquarium.org/ [16.07.2000] - Display 3D Project, NOAA Forecast Systems Lab Original: http://d3d.fsl.noaa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/16/d3d.fsl.noaa.gov/ [16.07.2000] - Regional Observation Cooperative, NOAA Forecast Systems Lab Original: http://rocpage.fsl.noaa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/16/rocpage.fsl.noaa.gov/ [16.07.2000] - Weather Research and Prediction, NOAA Forecast Systems Lab Original: http://wrf.fsl.noaa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/16/wrf.fsl.noaa.gov/ [16.07.2000] - National Oceanic and Atmospheric Administration Original: http://pinky.fsl.noaa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/16/pinky.fsl.noaa.gov/ [18.07.2000] - University of Texas Medical Branch, Office of Academic Computing Original: http://stem.utmb.edu/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/18/stem.utmb.edu/ [19.07.2000] - Washington Department of Radiology Diagnostic Imaging Science Center Original: http://fibonacci.rad.washington.edu/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/19/fibonacci.rad.washington.edu/ [19.07.2000] - Hong Kong Export Credit Insurance Corp. Original: http://www.hkecic.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/19/www.hkecic.com/ [19.07.2000] - Oakland County, Michigan Original: http://www3.co.oakland.mi.us/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/19/www3.co.oakland.mi.us/ [19.07.2000] - Jet Propulsion Labs NASA Original: http://dustbunny.jpl.nasa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/19/dustbunny.jpl.nasa.gov/ [21.07.2000] - The Foundation for Knowledge in Development Original: http://www.sinetwork.org/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/21/www.sinetwork.org/ [22.07.2000] - Sawaal Network Original: http://www.sawaal.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/07/22/www.sawaal.com/ Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org --------------------------------------------------------------------- To unsubscribe, e-mail: news-unsubscribe@net-security.org For additional commands, e-mail: news-help@net-security.org