Copy Link
Add to Bookmark
Report
Net-Sec Issue 022
Net-Sec newsletter
Issue 22 - 17.07.2000
http://net-security.org
Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week.
Visit Help Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security books
6) Defaced archives
============================================================
Sponsored by Kaspersky Lab - You Personal Anti-Virus Guard
============================================================
The Breakthrough Technology Protecting Your Computers From Viruses!
Subscribe to Kaspersky Lab's FREE newsletter delivering you
the latest and trustworthy information source on computer
viruses and their counter measures. You will always be up
to date when securing your computer!
Join now! http://www.kasperskylab.ru/eng/news/maillist.asp
============================================================
General security news
---------------------
----------------------------------------------------------------------------
US MAY ANNOUNCE NEW ENCRYPTION RULES
Following closely on the heels of the European Union's relaxing of export and
encryption controls, William Reinsch, head of the Commerce Department's Bureau
of Export Administration said today that the US was prepared to announce similar
regulations in an effort to keep US companies competitive with foreign manufacturers.
Link: http://www.computeruser.com/news/00/07/11/news13.html
DEFEATING OPENHACK
Austrian hacker Alexander Lazic received $500 award for exploiting MiniVend,
e-commerce storefront package on OpenHack.com. BTW MiniVend had about million
downloads, so there are lot of vulnerable e-commerce sites out there. ZDNet's article
describes the hack.
Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
FBI SYSTEM COVERTLY SEARCHES E-MAIL
The U.S. Federal Bureau of Investigation is using a superfast system called
Carnivore to covertly search e-mails for messages from criminal suspects.
Contributed by Jonathan.
Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2601502,00.html
AN INTRODUCTION TO PGP
In today's busy world of online communication and transaction thousands of
messages consisting of sensitive data are sent across the Internet daily. Do
you want everyone looking at your email? Is the encryption of email really
necessary? Undoubtedly.
Link: http://www.ironboxtech.com/articles/neurality/intropgp.shtml
MICROSOFT FIXING NEW EXCEL BUG
Microsoft said it is working to close a security hole in its Excel spreadsheet
program that could open computers to attack while bypassing warning systems.
Link: http://www.net-security.org/text/bugs/963357077,83705,.shtml
Link: http://news.cnet.com/news/0-1005-200-2247443.html?dtn.head
MAN ARRESTED FOR PENETRATING INTO NASA SERVERS
A 20-year-old man was arrested Wednesday for allegedly breaking into
two computers owned by NASA's Jet Propulsion Laboratory, and different
counts of stealing credit card and penetrating other systems.
Link: http://dailynews.yahoo.com/h/nm/20000712/tc/crime_hacker_dc_1.html
ISPS BITE BACK AT CARNIVORE
Internet-service providers and privacy advocates are concerned about the
implications of a new electronic surveillance system devised by the Federal
Bureau of Investigation, with some providers vowing to resist if they are
asked to install it on their networks.
Link: http://www.zdnet.com/zdnn/stories/news/0,4586,2602200,00.html
KEVIN MITNICK ALLOWED BACK ONLINE
Mitnick's federal probation officer informed him this week that he could
pursue some computer-related work. Among the jobs approved: writing
for Steven Brill's online magazine Contentville, speaking in Los Angeles on
computer security, consulting on computer security, and consulting for a
computer-related TV show.
Link: http://news.cnet.com/news/0-1005-200-2250843.html
KASPERSKY LAB WARNS OVER JULY 14 SMASH VIRUS
The Russian antivirus specialist, says that the Win95 Smash virus, which
first surfaced in late April, could cause problems for PC Windows users
when it triggers on July 14.
Link: http://www.computeruser.com/news/00/07/14/news20.html
NMAPNT FROM EEYE DIGITAL SECURITY
"nmap has various options to perform stealth scans, ping scans, UDP
scans, as well as a whole handful of other scan types. nmap also has
the ability to remotely fingerprint an IP address. Basically what that
means is by sending various queries to a remote IP address, and reading
the responses, nmap can determine if the remote IP address is running
a certain operating system or maybe it is a router or network printer.
Infact, nmap's datebase of fingerprints has over 500 unique finger prints
in it."
Link: http://www.eeye.com/html/Databases/Software/nmapnt.html
EXCITE USER BLOCKED FROM JPL WEB SITES
After several attempted breakins from Excite @ Home subscribers,
technicians at the Jet Propulsion Lab quietly blocked access to some
of its Web sites to all Excite subscribers.
Link: http://www.msnbc.com/news/432831.asp?cp1=1
E-SECURITY CHALLENGE
>From Secure Computing: "We are launching Secure's e-Security
Challenge at Blackhat and will run it for the duration of 60 days
thereafter. Secure's e-Security Challenge lets you test your wit
and skills...and if you're good enough, you might even win $10,000
US Dollars!"
Link: http://www.net-security.org/phorum/read.php?f=2&i=11&t=11
ANTI-MILOSEVIC DEFACEMENT
Three days ago, web site of Serbian pro-government magazine "Politika"
was defaced with a false message that Serbian president Slobodan
Milosevic was killed by a bomb detonation.
Link: http://www.active-security.org/images/1207_b_politika.gif
EFF BRIEFING
EFF in conjunction with H2K Conference, held a briefing about the
latest information on the case, and an in-depth look at the issues
surrounding the first trial brought under the controversial DMCA.
Link: http://www.eff.org/pub/Intellectual_property/Video/dvd_briefing_release.html
CDC AT HOPE2K
Oxblood Ruffin announced that he had personally recruiting a group
of six programmers (Mixter and BroncBuster were mentioned in the
article) to work on a project to stop censored Internet in some countries.
Link: http://dailynews.yahoo.com/h/zd/20000716/tc/cult_of_the_dead_cow_s_bizarre_theater_1.html
PENENBERG IS LEAVING FORBES
Adam Penenberg, who always did great articles on computer underground,
says he's leaving his job because Forbes magazine won't support his
refusal to testify before a federal grand jury.
Link: http://www.washingtonpost.com/wp-dyn/style/columns/medianotes/A54672-2000Jul16.html
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
EXCEL 2000 VULNERABILITY - EXECUTING PROGRAMS
Excel 2000/Windows 98 (suppose other versions are also vulnerable, have not
tested) allows executing programs when opening an Excel Workbook (.xls file).
This may be also be exploited thru IE or Outlook. This may lead to taking full
control over user's computer.
Link: http://www.net-security.org/text/bugs/963357077,83705,.shtml
APACHE::ASP HOLE FIXED
Apache::ASP had a security hole in its ./site/eg/source.asp distribution
examples file, allowing a malicious hacker to potentially write to files in the
directory local to the source.asp example script.
Link: http://www.net-security.org/text/bugs/963357248,90975,.shtml
BIG BROTHER VULNERABILITY
The problem exists in the code where $HOSTSVC does not do authenticity
checking for its assigned variable. All files could be snatched just with a browser.
Link: http://www.net-security.org/text/bugs/963357356,65475,.shtml
NETSCAPE ADMINISTRATION SERVER PASSWORD DISCLOSURE
The administration server is installed when you first install SuiteSpot server.
For remote logon, it authenticates by validating the password prompt input
with the administration server password file. This password file is kept in
a local directory within the SuiteSpot server.
Link: http://www.net-security.org/text/bugs/963135822,65666,.shtml
FEARTECH FTP BROWSER PROBLEM
FTP Browser allows you to display a html enhanced directory listing, which
is great for managing your ftp files. FTP Browser can also be used for
downloading password files.
Link: http://www.net-security.org/text/bugs/963578519,23215,.shtml
"ABSENT DIRECTORY BROWSER ARGUMENT" PROBLEM PATCHED
Microsoft has released a patch that eliminates two security vulnerabilities
in Microsoft Internet Information Server. In sum, the vulnerabilities could
allow a malicious user to stop the web server from providing useful service,
or to extract certain types of information from it.
Link: http://www.net-security.org/text/bugs/963664473,69872,.shtml
"THE IE SCRIPT" VULNERABILITY PATCHED
Microsoft has released a patch that eliminates a security vulnerability
in Microsoft Office 2000 (Excel and PowerPoint) and in PowerPoint 97.
Microsoft has also documented a workaround that prevents the use of
Microsoft Access to exploit a vulnerability in Internet Explorer. A patch
for the latter vulnerability will be available soon and we will have an
update to this bulletin.
Link: http://www.net-security.org/text/bugs/963664619,71371,.shtml
[MANDRAKE] CVSWEB UPDATE
Cvsweb contains a hole that provides attackers who have write access
to a cvs repository with shell access. Thus, attackers who have write
access to a cvs repository but not shell access can obtain a shell. In
addition, anyone with write access to a cvs repository that is viewable
with cvsweb can get access to whatever user the cvsweb cgi script
runs as (typically nobody or www-data, etc.). This update closes all
of these possibly exploited pipe-opens.
Link: http://www.net-security.org/text/bugs/963664736,92640,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
AGREEMENT ON DEBIT CARD FRAUD PROTECTION SERVICE - [10.07.2000]
NYCE Corporation and MasterCard International have signed an agreement to
bring enhanced neural network fraud prediction services to MasterMoney issuers
that are processed by NYCE. The service, called RiskFinder , is a neural network
system developed by MasterCard and HNC Software. RiskFinder uses HNC's
patented neural network modeling technology while leveraging the MasterCard
Banknet global transaction processing network to predict and, ultimately, help to
reduce fraud losses associated with credit and offline debit cards.
Press release:
< http://www.net-security.org/text/press/963246513,23242,.shtml >
----------------------------------------------------------------------------
ENTRUST/TRUEPASS WEB SECURITY SOLUTION AVAILABLE - [10.07.2000]
Entrust Technologies Inc. (NASDAQ: ENTU), a global leader in solutions that
bring trust to e-business, announced today the commercial availability of
Entrust/TruePass, web security solution, a new product to enhance its
market-leading public-key infrastructure (PKI) portfolio of solutions, which
began shipping to customers during the last week in June.
Press release:
< http://www.net-security.org/text/press/963246890,86727,.shtml >
----------------------------------------------------------------------------
RAINBOW ADDS NEW FEATURES TO SENTINELSUPERPRO 6.0 - [10.07.2000]
Rainbow Technologies, a leading provider of high-performance security solutions
for the Internet, eCommerce and software protection, today announced new
upgrades to the company's flagship Sentinel software protection product family.
The new SentinelSuperPro 6.0 significantly improves the ease-of-use and rapid
deployment while maintaining powerful levels of security and software protection.
SentinelSuperPro 6.0 provides users with a new graphical user interface, which is
more intuitive and instructional. This makes implementing security into a
customer's software application as simple as possible.
Press release:
< http://www.net-security.org/text/press/963247005,78506,.shtml >
----------------------------------------------------------------------------
INSURANCE FOR E-COMMERCE AND INTERNET SECURITY - [10.07.2000]
Counterpane Internet Security today announced that its clients and their
customers will be able to purchase insurance policies to protect against loss of
revenues and information assets caused by Internet and e-commerce security
breaches. The first of its kind, this new insurance program from Lloyd's of London
was arranged by leading insurance brokers Frank Crystal & Co. and SafeOnline
and offers up to $100 million in coverage.
Press release:
< http://www.net-security.org/text/press/963247191,59797,.shtml >
----------------------------------------------------------------------------
AXENT'S NETPROWLER WINS AT NETWORKS TELECOM 2000 - [10.07.2000]
AXENT Technologies, Inc., one of the world's leading Internet security solutions
providers for e-business, announced today that its network-based intrusion
detection solution, NetProwler, part of its ProwlerIDS Series, won Network
Telecom 2000's "Security Monitoring Product of the Year" award, presented by
Network News magazine. To win the award, NetProwler defeated competitors
such as Network Associates, Inc.'s CyberCop Scanner, and Internet Security
System, Inc.'s Real Secure, among others.
Press release:
< http://www.net-security.org/text/press/963247286,56322,.shtml >
----------------------------------------------------------------------------
IDENTIX LAUNCHES WIRELESS INTERNET SECURITY BUSINESS - [12.07.2000]
Identix Inc. announced the launch of a new secure-transaction service, itrust,
which will operate as a new division of Identix. In conjunction with the launch,
Motorola announced that it has invested $3.75 million in Identix through the
company's global, strategic venture capital investment arm, One Motorola
Ventures. itrust is one of the first security service solutions designed to offer
secure biometric authenticated transaction services for the Internet and
wireless Web e-commerce marketplace through a server-based security
infrastructure.
Press release:
< http://www.net-security.org/text/press/963358016,72875,.shtml >
----------------------------------------------------------------------------
VIREX RECEIVES HIGH RATINGS FROM MACWORLD - [12.07.2000]
McAfee Retail Software, a division of Network Associates, today announced that
its Dr. Solomon's Virex software received a four out of five rating in a recent
review by Macworld. The rating is higher than any other anti-virus software
product, including Norton AntiVirus, which received a three out of five rating.
The Virex product was commended for its sophisticated virus update and
scheduling features as well as its new, streamlined interface.
Press release:
< http://www.net-security.org/text/press/963437149,41361,.shtml >
----------------------------------------------------------------------------
SECURE ONLINE ELECTRONIC DOCUMENT DELIVERY - [12.07.2000]
CertifiedMail.com, the premier provider of secure Internet and wireless
document delivery and BizProLink.com, an Internet Business Service Provider
Network supporting the daily needs of businesses within 124 industry sectors,
today announced that they have signed a strategic partner agreement.
Together, BizProLink.com and CertifiedMail.com will offer businesses direct
access to secure electronic document delivery solutions without the need to
download any special software.
Press release:
< http://www.net-security.org/text/press/963437517,84790,.shtml >
----------------------------------------------------------------------------
SECURE EPAYMENT SOLUTIONS FOR WIRELESS E-COMMERCE - [12.07.2000]
Trintech Group PLC, a leading provider of secure electronic payment infrastructure
solutions, and Visa International, today announced a strategic partnership to
jointly develop the next generation of ePayment solutions to speed the global
adoption of secure mobile commerce. The alliance follows Trintech's
announcement today of the launch of PayWare mAccess, the company's secure
payment solution designed specifically for mobile devices, as well as a strategic
collaboration with Phone.com. PayWare mAccess allows for "one touch" payment
and real time authentication of user while shopping using mobile phones and
other non-PC devices.
Press release:
< http://www.net-security.org/text/press/963437700,17134,.shtml >
----------------------------------------------------------------------------
BLUE LANCE RELEASES LT AUDITOR+ 7.0 - [14.07.2000]
Blue Lance Inc., one of the leading network security software companies in the
country, has announced the newest release of its popular program designed
especially for use on the Microsoft NT and Windows 2000 platforms, LT Auditor+
7.0 for NT. The program is significantly more robust in its features and
functionality than any of its predecessors. It gives users greater flexibility in
structuring security alerts, increases options and control of rights and access
and, in general, provides a greater level of security for all assets managed and
protected by computers.
Press release:
< http://www.net-security.org/text/press/963578674,72424,.shtml >
----------------------------------------------------------------------------
Featured articles
-----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
Listed below are some of the recently added articles.
----------------------------------------------------------------------------
KNOW YOUR ENEMY by Lance Spitzner
The tools and methodology of the most common black-hat threat on the
Internet, the Script Kiddie. By understanding how they attack and what they
are looking for, you can better protect your systems and network.
Article:
< http://www.net-security.org/text/articles/spitzner/kye1.shtml >
----------------------------------------------------------------------------
KNOW YOUR ENEMY II by Lance Spitzner
How to determine what the enemy is doing by analyzing your system log files.
Includes examples based on two commonly used scanning tools, sscan and nmap.
Article:
< http://www.net-security.org/text/articles/spitzner/kye2.shtml >
----------------------------------------------------------------------------
KNOW YOUR ENEMY III by Lance Spitzner
What happens after the script kiddie gains root. Specifically, how they cover
their tracks while they monitor your system. The paper goes through step by
step on a system that was recently compromised, with system logs and
keystrokes to verify each step.
Article:
< http://www.net-security.org/text/articles/spitzner/kye3.shtml >
----------------------------------------------------------------------------
KNOW YOUR ENEMY: A FORENSICS ANALYSIS by Lance Spitzner
This paper, the fourth of the series, studies step by step a successful attack
of a system. However, instead of focusing on the tools and tactics used, we
will focus on how we learned what happened and pieced the information
together. The purpose is to give you the forensic skills necessary to analyze
and learn on your own the threats your organization faces.
Article:
< http://www.net-security.org/text/articles/spitzner/kye_f.shtml >
----------------------------------------------------------------------------
KNOW YOUR ENEMY: MOTIVES by the Honeynet Project
This paper, a continuation of the series, studies the motives and psychology of
the black-hat community, in their own words.
Article:
< http://www.net-security.org/text/articles/spitzner/kye_m.shtml >
----------------------------------------------------------------------------
ARMORING LINUX by Lance Spitzner
How to armor the Linux operating system. This article presents a systematic
method to prepare your system for the Internet. The article is based on Redhat
6.0, but should apply to most distributions of Linux.
Article:
< http://www.net-security.org/text/articles/spitzner/armoring_linux.shtml >
----------------------------------------------------------------------------
ARMORING SOLARIS by Lance Spitzner
How to armor the Solaris operating system. This article presents a systematic
method to prepare for a firewall installation. Also included is a downloadable s
hell script that will armor your system.
Article:
< http://www.net-security.org/text/articles/spitzner/armoring_solaris.shtml
----------------------------------------------------------------------------
ARMORING NT by Lance Spitzner
How to armor the NT 4.0 operating system. This article presents a systematic
method to prepare for a firewall installation, specifically Check Point Firewall 1.
Article:
< http://www.net-security.org/text/articles/spitzner/armoring_nt.shtml >
----------------------------------------------------------------------------
Featured books
----------------
The HNS bookstore is located at:
http://net-security.org/various/bookstore
Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org
----------------------------------------------------------------------------
CISCO ROUTER INTERNETWORKING
Topics covered: Cisco hardware and software technologies for connecting
computer networks across geographic space. The book focuses on the OSI
reference model, the TCP/IP stack, the basics of using Cisco IOS, and the
details of implementing various network and routing protocols in the Cisco
environment. It also addresses the Inter-Gateway Routing Protocol (IGRP)
and Enhanced IGRP (EIGRP), plus IPX, AppleTalk, X.25, and various WAN
connectivity solutions.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0071356274/netsecurity >
----------------------------------------------------------------------------
LINUX NETWORK ADMINISTRATOR'S GUIDE
Olaf Kirch wrote Linux Network Administrator's Guide as part of the Linux
Documentation Project to cover just such information. Although you can
download the book for free, the O'Reilly version of the book looks (better layout
and graphics) and feels better than the online version and has a superlative
index. This book details the tasks associated with e-mail setup and maintenance,
news group setup, and essential network applications such as rcp and rlogin. In
some cases you may find the level of detail not sufficient to complete the task.
In those cases, Kirch tells you where to find more detailed information on the
Internet. This methodology has kept the book to a very handy size, which makes
it an easy-to-use, versatile resource for anyone managing a Linux network.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1565924002/netsecurity >
----------------------------------------------------------------------------
MICROSOFT WINDOWS 2000 SERVER ADMINISTRATOR'S COMPANION
This book brings network administrators, systems engineers, and other MIS
professionals up to speed on the latest features of Windows 2000 Server,
including Active Directory services, Microsoft Internet Information Server 4.0,
the new, integrated console for administrative tools, and more. It's the perfect
handbook for those who need to deploy, install, and configure installations,
upgrade from previous versions, understand network addresses, manage
day-to-day operations, configure storage, manage users and groups, implement
security measures, configure mail services, troubleshoot, and perform other vital
administrative tasks.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1572318198/netsecurity >
----------------------------------------------------------------------------
RED HAT LINUX NETWORK MANAGEMENT TOOLS
The book looks at the considerable networking capabilities of Linux 2.2.x from
the perspective of a network administrator responsible for fitting the operating
system into a large, heterogeneous computer network. Despite the title of the
book, it doesn't limit itself to Red Hat Linux. The book is also careful to explain
key networking technologies such as the TCP/IP protocol stack and Simple
Network Management Protocol. The book approaches network-management
matters one at a time with Linux tools. In explaining Ethernet monitoring, for
example, the text introduces the tcpdump and ethereal tools, and then
explains their functions.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0072122625/netsecurity >
----------------------------------------------------------------------------
A PRACTICAL GUIDE TO SOLARIS
A broad range of topics, from creating passwords and working with files to shell
programs, are covered in this thick volume. Each one is given the same highly
effective treatment of illustrative screen shots and commands, which should
prevent readers from getting too lost in the OS. There are also warnings and
tips about specific functions and utilities, such as the which and whereis that
are used to help located commands and files, throughout the chapters. For
greater detail on specific utilities, the book includes a massive section devoted
exclusively to the utilities within Solaris.
Book:
< http://www.amazon.com/exec/obidos/ASIN/020189548X/netsecurity >
----------------------------------------------------------------------------
SAMBA: UNIX AND NT INTERNETWORKING
Samba allows Windows NT machines to interact with Unix machines by handling
Windows Server Message Block calls. This book takes a platform-neutral approach
to Samba that is suitable for any reader, regardless of greater familiarity with
either Windows or Unix. This book will help you get Samba running, but lots of
books will do that. This is the one to read if you have a strange Samba problem
or you just want to know more about how the server and its clients work. There
is a copy of Samba 2.0.5.a on the companion CD-ROM, complete with source
code and some additional documentation.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0071351043/netsecurity >
----------------------------------------------------------------------------
WINDOWS NT/2000 ADSI SCRIPTING FOR SYSTEM ADMINISTRATION
This book documents the Active Directory Service Interfaces as they apply to
systems administrators interested in using Component Object Model objects
written in Visual Basic to automate administrative tasks. Because this book is
backed by such a considerable development effort, administrators of large
Windows NT and Windows 2000 networks will be able to put its ADSI solutions
to profitable use immediately.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1578702194/netsecurity >
----------------------------------------------------------------------------
Defaced archives
------------------------
[10.07.2000] - Ministerio Do Meio Ambiente
Original: http://www2.mma.gov.br/
Defaced: http://www.attrition.org/mirror/attrition/2000/07/10/www2.mma.gov.br/
[10.07.2000] - Covenant Health
Original: http://www.covenanthealth.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/07/10/www.covenanthealth.com/
[11.07.2000] - Fermi National Accelerator Laboratory 'cdsun2' Server
Original: http://cdsun2.fnal.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/07/11/cdsun2.fnal.gov/
[11.07.2000] - Ejército de Guatemala
Original: http://www.mindef.mil.gt/
Defaced: http://www.attrition.org/mirror/attrition/2000/07/11/www.mindef.mil.gt/
[13.07.2000] - Maritime Telecommunications Network
Original: http://www.mtnsat.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/07/13/www.mtnsat.com/
[14.07.2000] - National Oceanic and Atmospheric Administration
Original: http://hpcs.fsl.noaa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/07/14/hpcs.fsl.noaa.gov/
[14.07.2000] - National Renewable Energy Laboratory
Original: http://isdevlab.nrel.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/07/14/isdevlab.nrel.gov/
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org