Net-Sec newsletter Issue 32 - 02.10.2000 http://net-security.org Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured articles 5) Security books 6) Security software 7) Defaced archives ============================================================ In association with Kaspersky Lab (www.kasperskylabs.com), HNS staff created a new section of the site, with about 400 descriptions of well known and not so know viruses. Specially interesting part of that section are screenshots of 50 virus infections. All viruses are well categorized and easy to browse. Point your browser to this URL: http://www.net-security.org/text/viruses ============================================================ General security news --------------------- ---------------------------------------------------------------------------- RIJNDAEL CHOSEN BY US GOVERNMENT It took 23 years, 15 different algorithms, and two conferences, but the U.S. government has finally chosen a new encryption standard. The winner: Rijndael, a cipher created by a pair of Belgian cryptographers. Btw Rijndael web site is in the time of writing this item inaccessable. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wirednews.com/news/politics/0,1283,39194,00.html HK GOVERNMENT STRIVES TO ENSURE INTERNET SAFETY Hong Kong government is making a lot of efforts to creating a trustworthy environment and provide a secure infrastructure for the conduct of electronic transactions, a senior information technology official said Thursday. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://english.peopledaily.com.cn/200009/30/eng20000930_51594.html WHAT ARE DIGITAL SIGNATURES? When President Clinton signed a law that gives digital signatures the same legal force as handwritten ones, he said Americans would marvel one day that this was considered a big deal. This short articles describes what are digital signatures. Link: http://seattletimes.nwsource.com/cgi-bin/WebObjects/SeattleTimes.woa/wa/gotoArticle?text_only=0&slug=esighow30&document_id=134236049&zsection_id=268448455 HARDENING THE BIND DNS SERVER This paper presents the risks posed by an insecure DNS server and walks through compiling, installing, configuring and optionally, chroot'ing BIND 8. The test environment is Solaris 2.5, 2.6, 7 and 8. Many configuration and troubleshooting tips are provided, along with up-to-date references on BIND and alternatives for NT, Linux and Solaris. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/cover/coverstory20001002.html SECURITY WITHOUT SERVICES Cisco Systems Inc.'s new security blueprint, Safe, isn't an acronym, but it might as well stand for "Services Are Found Elsewhere." The Safe initiative, introduced here at NetWorld+Interop last week, is Cisco's overarching attempt to simplify its security architecture and message for net work security users, many of whom have turned to companies such as Internet Security Systems Inc. and Check Point Software Technologies Ltd. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2635351,00.html TWO VIEWS OF HACKING For different perspectives on hacking, CNN Interactive posed a series of questions via e-mail to two experts in the field, one a computer security expert for IBM, the other, editor of 2600, the Hackers' Quarterly. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/TECH/specials/hackers/qandas/ NEW TURN IN OLD WAR ON MACRO VIRUSES Personal firewalls have become all the rage to protect home computer systems against the Internet's vandals. Now, the concept is being adapted to protect those same computers from macro viruses. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://dailynews.yahoo.com/h/zd/20000929/tc/new_turn_in_old_war_on_macro_viruses_1.html MULTI-ATTACK VIRUS DISCOVERED BY NORMAN DATA DEFENSE Norman Data Defense said that it has discovered a new virus nnown as W32/MTX@mmin the wild that prevents virus patches from being downloaded. The IT security firm said that the program will attach itself to a second e-mail sent from a computer to a recipient and also block access to several major anti-virus companies' Web sites, blocking reporting e-mails to these sites as well. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.telekomnet.com/news/9-29-00_multiattackvirus_norman.asp HACKING IN SOUTH AFRICA During October, Ernst & Young aims to teach 60 people to break into Windows NT and Unix systems, and deface Web sites. A four-day Counterhack course, to be held in Cape Town and Johannesburg consecutively, will show corporate citizens with a responsibility for network security just how open their systems can be to attack. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://196.36.119.109/sections/computing/2000/0009290600.asp BT INTERNET SECURITY BREACH BBC reports that a serious internet security breach has been discovered at BT's free e-mail service Talk21. When following the link in the emails that users received, one person could easily see the refferer logs and enter their accounts. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.bbc.co.uk/hi/english/business/newsid_946000/946717.stm FBI CONSULTANT PLEADS GUILTY Max Butler aka 'Max Vision' on Monday pleaded guilty to one felony count of unauthorized access to protected computers and recklessly causing damage. The former FBI consultant on computer crime had been indicted by a federal grand jury in March and charged with fifteen counts of breaking into scores of US government computers as well as possessing the passwords of 477 customers of California ISP Aimnet. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/13582.html MITNICK TALKS CORPORATE SECURITY "Even though you've bought the best security products, some people will break through," he said, dressed in a dark suit, white shirt and tie. "There's no sure-fire way to protect yourself. You have to manage the risk. There's no way you can eliminate it." Link: http://www.crn.com/Sections/BreakingNews/dailyarchives.asp?ArticleID=20257 FREEBSD 4.1.1 Since 4.1-RELEASE was produced in August 2000, RSA released their code into the public domain and a number of other security enhancements were made possible through the FreeBSD project's permission to export cryptographic code from the United States. These changes are fully reflected in 4.1.1-RELEASE, making it one of the most secure "out of the box" releases of FreeBSD. Contributed by Apocalypse Dow Link: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+current/freebsd-announce HIPAA STANDARDS FOR SECURITY AND ELECTRONIC SIGNATURES This issue of HIPAA's Impact on Health Care and Other Industries outlines HIPAA mandates for Security and Electronic Signature Standards. Since robust security is a critical component of any successful business, HIPAA standards provide sound security practices that will benefit any organization that conducts business electronically. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.gigaweb.com/Content/Adhoc/RAH-092000-00020.html HACKERS NOT WANTED FOR HACK JOB A British IT company launched an anti-hacking unit Wednesday but said some of the best qualified candidates - the hackers - need not apply. The unit, which sees itself as capable as a hacker, is trying to tap the rapidly growing market for companies keen to protect themselves from cyber attacks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/business/0,1367,39093,00.html ATTACKED WEBSITES COULD FACE LIBEL THREAT Unsuspecting network managers could find themselves at the centre of libel action if their attacked websites publish slanderous statements. Despite not originating the offensive material, with software defences improving, ignorance may not be considered a defence in future. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1111742 LINUX VIRUSES: SCANNER PLACEMENT "A virus scanner doesn't do you any good if it's not somewhere along the path the virus takes to get into your network, onto your machine, and then executed. When deploying antivirus software, there are a number of factors to consider..." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/linuxvirus20000926.html CARNIVORE REVIEW TEAM EXPOSED! An embarrassing oversight by the Justice Department has revealed confidential information about the team of researchers hired to conduct the review. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,39102,00.html TRULOCK SUES FBI, CIA, DOE, STATE DEPT. & WHITE HOUSE Renowned former Energy Department Counter-Intelligence Director Notra Trulock filed two new lawsuits to protect his rights to speak freely about the gross negligence and coverup by the Clinton-Gore Administration over the historic breach of national security at the Los Alamos Nuclear Laboratory. Previously, when officials at the FBI illegally broke into his home and seized his computer, Mr. Trulock and his landlord, Linda Conrad, filed a civil rights lawsuit against FBI Director Louis Freeh, and others who were responsible. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cipherwar.com/news/00/notra_trulock_3.htm CISCOSECURE Cisco Systems will launch CiscoSecure Encyclopedia, a free online source of news and information about network security issues, in Q4 this year. The Encyclopedia will include advice on issues like how to defend websites against denial of service attacks, and information about new security threats as they arise. Cisco Security Associates such as Baltimore, Verisign, F-Secure, RSA, Entrust and Microsoft are expected to make an active contribution. Link: http://www.netimperative.com/technology/newsarticle.asp?ArticleID=5394&ChannelID=3&ArticleType=1 E*TRADE FIXES ONE SECURITY PROBLEM, ADMITS ANOTHER by LogError Wednesday 27 September 2000 on 12:26 AM The vulnerability came to light after the company rushed to fix another security problem over the weekend. On Friday, San Francisco computer programmer Jeff Baker reported on the Bugtraq security mailing list that programming problems at E*Trade had left individual customer accounts vulnerable to attacks. Baker identified at least two problems: vulnerability to cross-site scripting and an insecure cookie used to log into the popular online brokerage. E*Trade fixed its cookie problem Sunday, changing the algorithm by which it scrambled the cookie data. But the cross-site scripting vulnerability remains. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1007-200-2870712.html QUANTUM CRYPTO SECRETS FROM JAPAN Mitsubishi and Hokkaido University have completed a latest round of experiments in quantum cryptography over optical fibres. The two organisations say that their quantum cryptographic system is a success, and could have important implications for optical fibre networks already in use. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/5/13536.html NEW LINUX-CRYPTO MAILING LIST Marc Mutz announced a new mailing list intended to be a forum for all sorts of crypto topics concerning Linux. "Since this list is new, it will be low-volume. If that volume grows, we may split the list into -devel and -users, but as for now, everyone is welcomed with open arms to join the list - be it newbie, be it developer." Link: http://linuxtoday.com/news_story.php3?ltsn=2000-09-26-009-04-NW-CY RUSSIAN CARNIVORE TO SHUT DOWN? The Supreme Court of Russia nullified one of the articles of the Ministry of Communication Order No. 130, this year. The infamous Order would have forced telecom/datacom operators to install surveillance equipment on their networks. Being deployed such a system (the so called "SORM", Russian acronym for System of Research Operative Measures, much similar to the FBI’s Carnivore) would have enabled the ex-KGB to exercise effective technological circumvention of current legislation on privacy. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/ru-sormshut.htm ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- CONECTIVA LINUX SECURITY - IMP UPDATE There are several vulnerabilities in the horde and imp packages shipped with Conectiva Linux that allow an user to execute remote commands on the server as the user "nobody". Link: http://www.net-security.org/text/bugs/969921756,56833,.shtml NMAP DOS AGAINST OPENBSD IPSEC The protocol scanning option (-sO) in 2.54 Beta releases of nmap results in a remote denial of service against OpenBSD 2.7's IPSEC implementation due to its inability to handle tiny AH/ESP packets. Nmap protocol scans repeatedly cycle through IP protocol version numbers, attempting to elicit ICMP Protocol Unreachable messages in order to discover which IP protocols (ICMP,TCP,UDP, GRE,AH,ESP, etc.) are active on the target device. Link: http://www.net-security.org/text/bugs/969962574,40124,.shtml CALDERA SECURITY ADVISORY - FORMAT BUG IN LPRNG There is a format bug in the LPRng printer daemon that could possibly be exploited to obtain root privilege. This problem is particulary severe because it can be exercised remotely. Link: http://www.net-security.org/text/bugs/969962727,59437,.shtml NEW VARIANTS OF TRINITY AND STACHELDRAHT New versions of Stacheldraht and Trinity distributed denial of service attack tools have been found in the wild. The new versions of Stacheldrahtinclude "Stacheldraht 1.666+antigl+yps" and "Stacheldraht 1.666+smurf+yps". A variant of the Trinity tool called "entitee" has also been reported. Link: http://www.net-security.org/text/bugs/969963115,73435,.shtml MEDIA PLAYER 7 "OCX ATTACHMENT" VULNERABILITY The USSR Team has found a problem in the Windows Media Player 7 ActiveX control, which could be used in a denial of service attack against RTF-enabled e-mail clients such as Outlook 2000 and Outlook Express. If the affected control were programmatically embedded into an RTF mail and then sent to another user, the user's mail client would fail when he closed/moved the mail. Link: http://www.net-security.org/text/bugs/970053513,31576,.shtml The vulnerability has been patched. Link: http://www.net-security.org/text/bugs/970053598,21505,.shtml IE 5.5/OUTLOOK EXPRESS SECURITY VULNERABILITY Internet Explorer 5.5/Outlook Express/(probably Outlook if Active Scripting is enabled) under Windows 98/2000 (suppose all other versions are also vulnerable) allow reading local and UNC files. Link: http://www.net-security.org/text/bugs/970053772,30044,.shtml CISCO SECURE PIX FIREWALL MAILGUARD VULNERABILITY The behavior is a failure of the command "fixup protocol smtp [portnum]", which is enabled by default on the Cisco Secure PIX Firewall. If you do not have protected Mail hosts with the accompanying configuration you are not affected by this vulnerability. To exploit this vulnerability, attackers must be able to make connections to an SMTP mail server protected by the PIX Firewall. Link: http://www.net-security.org/text/bugs/970095462,66863,.shtml PALMOS PASSWORD RETRIEVAL AND DECODING PalmOS offers a built-in Security application which is used for the legitimate user to protect and hide records from unauthorized users by means of a password. In all basic built-in applications (Address, Date Book, Memo Pad, and To Do List), individual records can be marked as "Private" and will only be accessible if the correct password is entered. It is possible to obtain an encoded form of the password, determine the actual password due to a weak, reversable encoding scheme, and access a users private data. In order for this attack to be successful, the attacker must have physical access to the target Palm device. Link: http://www.net-security.org/text/bugs/970146391,76361,.shtml E*TRADE SECURITY CONCERNS - FORWARD #1 AND #2 "I wrote E-Trade expressing my concern about the security vulnerabilities that people are discussing on Bugtraq. Here's their response." Link: http://www.net-security.org/text/bugs/970162272,16928,.shtml Link: http://www.net-security.org/text/bugs/970165300,30855,.shtml NETSCAPE NAVIGATOR BUFFER OVERFLOW Netscape Navigator is vulnerable to trivial, remote buffer overflow attack when viewing prepared html: < form action=something method=something> < input type=password value=reallylongstring...> ....other form tags... < /form> Link: http://www.net-security.org/text/bugs/970185574,9095,.shtml SCP FILE TRANSFER HOLE This issue appears quite often - tar suffers from problem of this kind as well (using cute symlink tricks, you can create an archive, which, when unpacked, can overwrite or create specific files anywhere in your filesystem). This time, similar scp vulnerability has been found and acknowledged in sshd 1.2.xx releases (no information on 2.0.xx). When you are scp'ing files from remote machine to your local computer, modified scp service on the second endpoint can spoof legitimate scp data, overwriting arbitrary files. Link: http://www.net-security.org/text/bugs/970403620,35951,.shtml CONECTIVA LINUX - PROBLEM WITH TRACEROUTE Previous releases of traceroute contained some problems that could be exploited to gain local root access. All users should upgrade the traceroute package. Link: http://www.net-security.org/text/bugs/970406453,49781,.shtml CALDERA LINUX - PROBLEMS WITH TRACEROUTE There is a bug in the traceroute command that can possibly be used by local users to obtain super user privilege. There are no exploits available so far, but we encourage our customers to upgrade nevertheless. Link: http://www.net-security.org/text/bugs/970406605,5363,.shtml HOW SLASHDOT GOT PENTRATED INTO In prior versions of slash there are several issues that one must be aware of that are covered in the INSTALL. One must change the default admin user/passwd from God/Pete to something else. Proper setup of Slashcode depends on people reading the INSTALL. Because of the slash install and code not having something that forces the admin user to change the password, one may inadvertently be leaving themselves open to access from the outside by unauthorized users. Link: http://www.net-security.org/text/bugs/970407017,97688,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- INCORRECT AND MISLEADING NEWSPAPER CLAIMS - [25.09.2000] Fiserv, Inc. announced that a story in Sunday's Observer and Guardian newspapers in London alleging Internet banking security breaches involving Fiserv clients was incorrect and misleading. A British Internet banking customer quoted in the stories accessed only demonstration accounts at sites maintained for clients of a Fiserv servicing unit. The demonstration accounts contain only fictitious data used for training and sales purposes. Press release: < http://www.net-security.org/text/press/969896092,84365,.shtml > ---------------------------------------------------------------------------- 24/7 MEDIA SUPPORTS E-MAIL PRIVACY PROTECTION - [25.09.2000] 24/7 Media, one of the largest global Internet marketing and technology solutions companies, announced it intends to vigorously support the guidelines set forth this morning by the Responsible Electronic Communications Alliance (RECA), which call for industry-wide standards to protect consumer privacy. A draft of the new guidelines was announced at the DMA Net.Marketing event in Boston. Press release: < http://www.net-security.org/text/press/969896167,16298,.shtml > ---------------------------------------------------------------------------- INTRUSION.COM ANNOUNCES INVESTMENT BY SAIC - [25.09.2000] Intrusion.com, Inc. announced that SAIC Venture Capital Corporation exercised its second and final warrant to purchase 750,000 shares of Intrusion.com common stock for $10.50 per share. As a result of the exercise of this warrant, Intrusion.com received approximately $7.9 million. Press release: < http://www.net-security.org/text/press/969896225,42751,.shtml > ---------------------------------------------------------------------------- ESECURITY INNOVATION CENTRE - [26.09.2000] JAWS Technologies Inc., a leading provider of end-to-end information security solutions, announced TELUS Corporation has signed on as a founding sponsor of the eSecurity Innovation Centre. Launched jointly by the University of Calgary and JAWS, the eSecurity Innovation Centre is a facility that brings together the latest technology and the most skilled computer security professionals from around the globe to generate information security solutions. The first-of-its-kind facility will serve as a focal point for computer security training, certification, demonstrations, research and development, as well as cybercrime investigations. Press release: < http://www.net-security.org/text/press/969922167,45152,.shtml > ---------------------------------------------------------------------------- IKEY ENABLES LAPTOP AND WEB-SERVER SECURITY - [26.09.2000] Recent high-profile Web site hacks, headline-making system abuse and corporate laptop thefts have highlighted a growing need for the type of strong, two-factor authentication enabled by Rainbow Technologies' iKey workstation security solution. This small, lightweight token fits on a key ring and can be used to secure any USB-enabled computer, from the CEO's notebook to a company's Web server. Press release: < http://www.net-security.org/text/press/969922231,40909,.shtml > ---------------------------------------------------------------------------- VPN CONSORTIUM CERTIFIES CYLINK’S NETHAWK VPN - [26.09.2000] E-business security pioneer Cylink Corporation announced that its NetHawk VPN has received IPSec-standard conformance certification from the Virtual Private Network Consortium, the international trade association for manufacturers of appliances that create private networks to run over the public Internet to ensure user privacy. Press release: < http://www.net-security.org/text/press/969922458,83423,.shtml > ---------------------------------------------------------------------------- SECURECOM NET AND RAINBOW TECHNOLOGIES PARTNER - [27.09.2000] SecureCom Networks, Inc., a leading provider of Internet communications security appliances, and Rainbow Technologies Inc., a leading provider of high-performance security solutions for the Internet and eCommerce, announced an agreement to integrate Rainbow's CryptoSwift technology into SecureCom Networks' Secure Mail Router appliance family, the S/MX series. Press release: < http://www.net-security.org/text/press/970089462,96618,.shtml > ---------------------------------------------------------------------------- THE INDUSTRY FIGHTS BACK AGAINST DDOS - [27.09.2000] Top computer security executives discussed the latest requirements and technologies to provide early warnings of, mitigate the impact of, reduce production outages and system breakdowns from, and promote industry-wide communications regarding Denial of Service attacks through the Internet. The event, which included a public panel discussion and reception, was held at the Ritz Carlton Hotel in conjunction with NetWorld+Interop 2000 in Atlanta. Press release: < http://www.net-security.org/text/press/970089541,90808,.shtml > ---------------------------------------------------------------------------- E-SECURITY CONFERENCE & EXPOSITION - [27.09.2000] Intermedia Group and META Group announced that the E-Security Conference & Exposition has exceeded all expectations and garnered record industry support, establishing the event as the industry's leading forum for e-security education and solutions. The event is targeted at business and information technology managers that have direct or indirect responsibility for their organization's overall e-business security. The event will be held in Washington, DC November 30 - December 1, 2000. Press release: < http://www.net-security.org/text/press/970089662,64034,.shtml > ---------------------------------------------------------------------------- SEATTLE LAB ANNOUNCES REMOTENT-2000 V3.1 - [28.09.2000] RemoteNT-2000 version 3.1, offering comprehensive network administration and monitoring with Web-based access, was released by Seattle Lab. RemoteNT-2000 v3.1 enables system administrators to easily monitor their systems for security and NT events, download the event log and schedule tasks. One of the key features in the latest release of RemoteNT-2000 gives administrators the ability to monitor security audits and logon attempts based on an NT event from the event log and performance counters. Press release: < http://www.net-security.org/text/press/970161760,3573,.shtml > ---------------------------------------------------------------------------- ZTANGO CHOSES RSA FOR ITS WAP GATEWAY SOLUTION - [28.09.2000] Ztango, a Wireless Application Service Provider providing wireless extension and wireless application solutions to network operators, e-companies, and corporations, announced that it has licensed RSA BSAFE Crypto-C software from RSA Security Inc. for its WAP gateway product. By including RSA Security's software in its gateway solution, Ztango is able to deliver end-to-end secure communications for a wide variety of applications, commerce and financial services. Press release: < http://www.net-security.org/text/press/970161861,71920,.shtml > ---------------------------------------------------------------------------- SECURE COMPUTING HELPS 3COM IN EXTRANET SECURITY - [28.09.2000] Secure Computing announced that it is helping 3Com Corporation develop the next-generation of information technology security. The two companies are combining their expertise to address a segment of corporate information technology assets that is largely un-addressed today and where, according to recent US Federal Bureau of Investigation studies, the majority of security breeches occur - inside the perimeter of the firewalls. Press release: < http://www.net-security.org/text/press/970161964,54863,.shtml > ---------------------------------------------------------------------------- SAFEGUARD PERSONAL FIREWALL BY UTIMACO - [29.09.2000] SafeGuard Personal FireWall complements Utimaco Safeware AG´s range of Internet security products. The company now offers a seamless security concept for professional Internet workstations from smartcard-based authentication to encryption, digital signature and VPN to firewall systems. SafeGuard Personal FireWall protects Internet-connected PCs against attacks which firewalls and virus scanners are powerless to stop. Designed to enhance a company´s central firewall system, the new product can also provide genuine firewall protection to mobile and remote workstations (notebooks, telecommuter workstations). Press release: < http://www.net-security.org/text/press/970227951,73648,.shtml > ---------------------------------------------------------------------------- E&Y LAUNCHES ANTI-HACKING COURSE IN SOUTH AFRICA - [29.09.2000] True to the organisation's commitment to generating ideas and solutions that positively transform clients' businesses, Ernst & Young South Africa - part of the global network of Ernst & Young International - has announced the launch of the first definitive anti-hacking course in South Africa. Titled counterhack TM, the course is designed to familiarise approved participants with network based attack and penetration techniques that hackers may use against corporate networks. Being completely solutions driven and determined to deliver and share a superior knowledge base with clients, Ernst & Young will demonstrate to participants - in a detailed, methodical manner - how to compromise and ultimately how to protect a system and network from attack. Press release: < http://www.net-security.org/text/press/970256875,11930,.shtml > ---------------------------------------------------------------------------- ISS FORMS STRATEGIC BUSINESS UNITS - [29.09.2000] To accelerate the delivery of its market-leading security management solutions and continue to meet customers’ information protection needs in a growing market, Internet Security Systems announced its new corporate organizational structure. The company will form two strategic business units - Enterprise Solutions and Managed Security Services – each chartered to address unique customer needs and delivery requirements of ISS’ leading SAFEsuite enterprise security management products and outsourced security, consulting and education services. Press release: < http://www.net-security.org/text/press/970258423,96440,.shtml > ---------------------------------------------------------------------------- SECURE INTERNET MESSAGING SOLUTIONS FROM SENDMAIL - [02.10.2000] Sendmail, Inc., a leading provider of Internet messaging solutions, announced that several of its content management partners are ready to deliver their mail filter plug-ins for use with its product lines. Sendmail, Inc.'s partnerships with ActiveState, Brightmail and Trend Micro were developed to deliver secure Internet messaging solutions to enterprises and service providers who rank security and control of their Internet messaging systems as critical requirements. Press release: < http://www.net-security.org/text/press/970509916,41460,.shtml > ---------------------------------------------------------------------------- LINUXSOLVE INC. LAUNCHES THE LINUXSOLVE CACHE - [02.10.2000] LinuxSolve, the leading developer of secure server appliances for Internet infrastructure, announced that it is shipping the Cache secure server appliance, the industry's first secure internet caching appliance. The LinuxSolve Cache is the latest in a strong line of secure server appliance products introduced by LinuxSolve. The Cache product enables content consumer-side or content delivery-side companies to speed up the loading of frequently accessed Web pages, cache DNS information, IP and Web address filtering for content, and reduce overall latency times, freeing up network traffic. Press release: < http://www.net-security.org/text/press/970510011,37533,.shtml > ---------------------------------------------------------------------------- Featured articles ----------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org Listed below are some of the recently added articles. ---------------------------------------------------------------------------- SURFING BETWEEN THE FLAGS: SECURITY ON THE WEB by Catherine Allen This paper discusses security with respect to the World Wide Web. This paper is aimed to promote an awareness of security issues in general WWW users without resorting to scare tactics. Practical solutions and precautions for security problems are discussed. The concepts and issues described in this paper apply to all operating systems, servers and clients, although implementation differences may cause different specific vulnerabilities. Examples used throughout this paper assume a UNIX host. Article: < http://www.net-security.org/text/articles/surfing.shtml > ---------------------------------------------------------------------------- THE SIX HEADED SPAM MONSTER by Berislav Kucan aka BHZ Several days ago I visited an on-line forum of one of the Internet Presence Providers (IPP) in my country and found and topic dealing with spam. One user of the IPP in this topic, posted that by accessing his web site he receives the standard 403 forbidden message. He thought that it was some kind of a problem on the server, but the reality is that his account was shut down (and all files deleted?)... Article: < http://www.net-security.org/text/articles/spamrant.shtml > ---------------------------------------------------------------------------- SURVEY 2000 - SECURITY FOCUSED New research confirms that corporations are spending more and more money on securing their digital information, but cybersecurity breaches continue to climb anyway. According to a survey published this month in Information Security magazine, the number of companies spending more than $1 million annually on computer security nearly doubled in the past year, and is up by 188 percent over the last two years. Nevertheless, security breaches originating from both inside and outside the corporation continue to grow as the threat of outside hackers and deviant/careless employees increases. Survey: < http://www.net-security.org/text/articles/index-download.shtml#Survey > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- NETWORK SECURITY ESSENTIALS: APPLICATIONS AND STANDARDS Provides an integrated, comprehensive, up-to-date coverage of internet-based security tools and applications vital to any treatment of data communications or networking. Book: < http://www.amazon.com/exec/obidos/ASIN/0130160938/netsecurity > ---------------------------------------------------------------------------- SECURE ELECTRONIC COMMERCE: BUILDING THE INFRASTRUCTURE FOR DIGITAL SIGNATURES AND ENCRYPTION This book describes the technologies used to make electronic commerce secure, together with their business and legal implications. The book begins with an introduction to the underlying technologies and inherent risks of electronic commerce. It considers the role of computer networks, the Internet, EDI and electronic mail, as well as the problem of ensuring that electronic transactions are resistant to fraud, may be traced, and are legally binding in all jurisdictions. Book: < http://www.amazon.com/exec/obidos/ASIN/0134763424/netsecurity > ---------------------------------------------------------------------------- TANGLED WEB: TALES OF DIGITAL CRIME FROM THE SHADOWS OF CYBERSPACE With the intense growth of e-business, we hear about an increase in hacking and technology-based criminal incidents. Institutions such as Citibank and Ebay have faced intrusions that have cost them millions of dollars in damages. With the onset of these criminal attacks, there is an increase in demand for products and services that provide more information for people. Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace portrays the shadow side of cyberspace by taking you into the lairs of hackers, crackers, researchers, private investigators, law enforcement agents and intelligence officers. The book covers what kinds of cyber-crimes are going to affect business on the Internet, their cost, how they are investigated, and the motivation of hackers and virus writers. Also covered are the problems faced by law enforcement, corporate cyber security professionals, and real-world examples of cyber crimes and lessons learned. Book: < http://www.amazon.com/exec/obidos/ASIN/078972443X/netsecurity > ---------------------------------------------------------------------------- HIGH TECHNOLOGY CRIME INVESTIGATOR'S HANDBOOK This book is coming at a time when high technology crime is growing at a rapid pace, and private and public law enforcement are struggling to keep up. The book will inform readers about the potential of high tech crimes, in addition to the resources that are available to combat them. This book is unique in that it fully covers the management of a high tech investigation unit. Criminals today are often better equipped than the agencies responsible for stopping them. Federal, state, county, and local law enforcement agencies and civilian investigative organizations lag far behind in their procurement and use of high technology equipment, and methods of conducting technology-related investigations. Book: < http://www.amazon.com/exec/obidos/ASIN/075067086X/netsecurity > ---------------------------------------------------------------------------- SMART CARD SECURITY AND APPLICATIONS Smart cards are all around us, and their security features can be utilized to protect data in almost any computer system. In clear, comprehensible language, this book provides a solid overview of the benefits and limitations of smart cards for secure applications, and shows how to implement the procedures needed to make smart cards effective in protecting information. Book: < http://www.amazon.com/exec/obidos/ASIN/0890069530/netsecurity > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- SYSCRON 0.6.0 (LINUX) Syscron is a cron system which allows jobs to be run on many hosts using a central set of scripts. It uses a veriety of methods to ensure the security of the system and authenticity of the scripts before executing them. Link: < http://net-security.org/various/software/970438463,76833,.shtml > ---------------------------------------------------------------------------- LIDS-0.9.9-2.2.17 (LINUX) The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. Link: < http://net-security.org/various/software/970438717,65085,.shtml > ---------------------------------------------------------------------------- SNORT INTRUSION DETECTION SYSTEM (LINUX) SnortSnarf is a Perl program that takes files of alerts from the free Snort Intrusion Detection System, and produces HTML output intended for diagnostic inspection and tracking down problems. The model is that one is using a cron job or similar to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts. Link: < http://net-security.org/various/software/970438840,60948,.shtml > ---------------------------------------------------------------------------- PASSWORD PROTECTION 2.1 "Enable a login screen on your computer whenever you wish! Allows you the freedom to calmly leave big downloads running overnight, or keep co-workers out of your files. Comes with both picture and texture options; fully customizable." Link: < http://net-security.org/various/software/970439089,22181,.shtml > ---------------------------------------------------------------------------- DON'T PANIC V.1.2 Immediately clear cache, cookies, browser history, recently viewed documents, and other personal history lists without closing your browser or restarting your computer. Stop Internet Explorer pop-up windows without adjusting proxy settings, or adding sites to a list. Instantly hide or close any or all application/s with a mouse click or keystroke. Free up disk space and leave no telltale footprints behind. A network mode is included to alert and communicate between other Don't Panic users on a local network. Link: < http://net-security.org/various/software/970439170,83102,.shtml > ---------------------------------------------------------------------------- 4T PERSONAL V.1.4 (PALMOS) 4T Personal is a free, full-featured personal information storage application that is used to store valuable, yet varied information such as bank account information, credit card numbers, email, phone cards, and so on. 4T Personal is password protected and utilizes a 448-bit encryption scheme (Blowfish) for secure data. Pull-down menus are utilized throughout to make data entry simple. Other features include user-customizable categories, a customizable password generator, a quick lock icon, and login screen password protection. Link: < http://net-security.org/various/software/970439247,52341,.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [24.09.2000] - Washington Red Cross Original: http://www.washingtonredcross.org/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/24/www.washingtonredcross.org/ [24.09.2000] - Metropolitan Washington Airports Authority Original: http://www.metwashairports.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/24/www.metwashairports.com/ [24.09.2000] - Bureau of Medicine and Surgery, Naval Computer and Telecommunications Station Original: http://med01.nctsw.navy.mil/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/24/med01.nctsw.navy.mil/ [24.09.2000] - Hackers Haven Original: http://www.hackers.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/24/www.hackers.com/ [24.09.2000] - PalmComputing.com Original: http://www.palmcomputing.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/24/www.palmcomputing.com/ [25.09.2000] - DISA Information Systems Center Original: http://maestro.den.disa.mil/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/25/maestro.den.disa.mil/ [26.09.2000] - Sourceforge.Net Original: http://linuxplace.sourceforge.net/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/27/linuxplace.sourceforge.net/ [27.09.2000] - Committee for the National Institute for the Environment Original: http://www.cnie.org/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/27/www.cnie.org/ [28.09.2000] - Census 2000, New York State Government Original: http://www.census2000.state.ny.us/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/28/www.census2000.state..ny.us/ [28.09.2000] - Computer Networking Associates Original: http://www.cnanet.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/28/www.cnanet.com/ [28.09.2000] - #2 Slashdot Original: http://www.slashdot.org/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/28/www.slashdot.org/ [29.09.2000] - Mail Server for Vtay Technology Original: http://mail.vtay.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/29/mail.vtay.com/ [29.09.2000] - Aviation Systems Division, NASA Ames Research Center Original: http://www.aviationsystemsdivision.arc.nasa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/29/www.aviationsystemsdivision.arc.nasa.gov/ [29.09.2000] - Linux Ink Original: http://www.linux-ink.ru/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/29/www.linux-ink.ru/ [30.09.2000] - r00tz Original: http://www.r00tz.net/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/30/www.r00tz.net/ [30.09.2000] - National Oceanic and Atmospheric Admin Original: http://storms-dev.nos.noaa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/09/30/storms-dev.nos.noaa.gov/ ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org --------------------------------------------------------------------- To unsubscribe, e-mail: news-unsubscribe@net-security.org For additional commands, e-mail: news-help@net-security.org