Copy Link
Add to Bookmark
Report
Net-Sec Issue 034
Net-Sec newsletter
Issue 34 - 16.10.2000
http://net-security.org
This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security books
6) Security software
7) Defaced archives
==========================================================
Sponsored by Kaspersky Lab - You Personal Anti-Virus Guard
==========================================================
The Breakthrough Technology Protecting Your Computers From Viruses!
Subscribe to Kaspersky Lab's FREE newsletter delivering you
the latest and trustworthy information source on computer
viruses and their counter measures. You will always be up
to date when securing your computer!
Join now! http://www.kasperskylab.ru/eng/news/maillist.asp
==========================================================
General security news
---------------------
----------------------------------------------------------------------------
SMALL BUSINESSES, BIG SECURITY RISKS
According to a survey released by analyst GartnerGroup smaller companies
particularly lack the security expertise necessary to fend off computer
attackers. Its research suggests that, without taking immediate steps
to remedy the situation, 50 percent of these businesses will be the victim
of a successful hack or a damaging virus outbreak in the next couple of years.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2640674,00.html
SECURITY BREACH AT BUY.COM
A security hole on buy.com's website exposed the personal information
of customers who returned products to the company. For several hours
on Thursday, the buy.com website allowed determined visitors to peruse
the names, addresses, and phone numbers of customers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://wired.com/news/technology/0,1282,39438,00.html
ATTACKING EAGLE NETWORK
A Nederland-based Internet company was back online Wednesday after
11 days during which executives say their service was held hostage by
a European hacker making political and monetary demands.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.denverpost.com/business/biz1012d.htm
ISS UNLEASHES SERVER SECURITY
Security management solutions company, Internet Security Systems has
released its RealSecure Server Sensor software, which enables organisations
to protect their servers by detecting attacks, and preventing system misuse.
Link: http://www.netimperative.com/technology/newsarticle.asp?ArticleID=5780
WATCH OUT FOR MALICIOUS HTML PAGES
Recently discovered security hole in Internet Explorer 5 (allowing for not
signed ActiveX components to perform malicious actions on PC) led to
invention of new virus callec GODMESSAGE. The computer can be infected
by simply viewing the web page, containing the Active X applet. Message
from the creators : "godmessageIV.html - view, get rooted. It is a modified
tHing 1..6 server without ICQ notification, without hide process (so it will
run on NT/w2k). A fellow named splyc took out the ICQ notification which
I got from blade's forums. I took out the hide process function because it
was not allowing the tHing to run on NT or 2k. The tHing listens on port
7777 and the password is pass."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.astonsoft.com/ntrojan.html
BYPASSING EMAIL SERVERS WITH FTPMAIL
FTPMail is a secure communication platform that uses the Point to Point
File Transfer Protocol as its exclusive means of information transfer
instead of Simple Mail Transport Protocol (SMTP). Some of its features
are: Guaranteed Online Privacy, Secure Data Transmissions, Untraceable
through SMTP or POP, Does not utilize conventional ports, Password
protected interface, Encrypted Message Database...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ftpmail.net/
FINAL CIPHER FROM "THE CODE BOOK" CRACKED
A team of researchers in Sweden has cracked the final cipher set by
Simon Singh in "The Code Book" and claimed the L10,000 prize. It took a
year and month between publication of the challenge and its completion
without the use of a super computer.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/13929.html
HACKERS GOING LEGIT
Hackers from Shanghai Internet Security Base Co. (www.ISBase.com),
the largesthacker organization in China, have begun looking for jobs
assisting customers with network security work, reported the Qingnian
Bao newspaper last month. It looks like many Chinese hackers are giving
up the racket and going legit.
Link: http://www.insidechina.com/localpress/chonline.php3?id=208769
FIREWALLS
"Simply put, a Firewall is a system that prevents unauthorized access to
or from a private network by examining the incoming packets and/or
requests coming from (in this case) the Internet. Heres an analogy, lets
say a firewall is like a bouncer at a 21 and over bar called MyNetworkRocks,
and the unauthorized InternetGuru is under 21. Well, because InternetGuru
is under 21 hes not getting past the firewall (bouncer) into MyNetworkRocks,
at least not easily. Firewalls can be setup with software, hardware, or both,
depending on how paranoid, I mean secure, you want to be."
Link: http://www.techextreme.com/display.asp?ID=228&Page=1
INTERPOL ORDERS IMMEDIATE CYBERCRIME ACTION
The head of Interpol has warned nations, law enforcement groups and
companies to act swiftly if they are to stand any chance of beating
cybercrime. Speaking at a conference in London Wednesday, Raymond
Kendall, secretary general of Interpol said his organisation is concerned
that unlawful computer techniques are developing at such a rate that
they represent a "new phenomenon" for international law enforcers. Kendall
urged international organisations not to wait for conventions to be passed
before drawing up guidelines for an allied response to the threat of cybercrime.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/40/ns-18393.html
FORMER BELLCORE CEO SEES LOOMING NETWORK SECURITY ISSUES
"Network security will be a bigger problem than data security," according
to former Bellcore CEO George Heilmeier. Heilmeier offered 10 predictions
for the IT and telecom industries at a forum this week at Columbia University.
Heilmeier explained that third parties who intentionally block access to e-mail
pose a greater danger than the risk the information will be read.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.telekomnet.com/writer_telekomnet/10-11-00_sidebar.asp
ANDY MUELLER-MAGUHN ELECTED TO ICANN BOARD
The five new grass-roots members, each representing a major region of
the globe, will be a part of a 19-member board elected to run the Internet
Corporation for Assigned Names and Numbers, the group charged with
overseeing the technical functions of the global Internet. One of the five
regional directors is Chaos Club member Andy Mueller-Maguhn.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2639191,00.html
DEVELOPER TACKLES WAP SECURITY GLITCH
A Swedish company claims that it can solve the security problems related
to Wap by doing away with the Wap gateway. Mi4e, developer of mobile
internet infrastructure software, has unveiled its ThunderWap software
series, which allows businesses to offer instant Wap capabilities to users
without employing a portal.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1112381
GATES PENETRATING TO NASA
The Orange County Register said its Web site was infiltrated Sept. 29 and
an article was changed to say Microsoft Corp. Chairman Bill Gates had
been arrested for breaking into NASA computers. Original one for sure...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.denver-rmn.com/business/1011msft8.shtml
HARDWARE FIREWALL RUNS ON NSA TECHNOLOGY
A relationship with the National Security Agency has netted Marconi
Communications the technology to produce a firewall that is said to run
at OC-12 speeds (622 Mbits/second) and to be undetectable to potential
intruders. The technology, licensed from the NSA and sold back to the
agency in product form, is part of a longstanding relationship between
government agencies and Fore Systems Inc., which Marconi (Pittsburgh)
acquired last year.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.electronicstimes.com/story/OEG20001009S0056
SECURE VPN
Dynarc is signing a purchase agreement worth $1.2 million over the next
12 months with Sonet Communications. Dynarc's auto-provisioning routers
will contribute to Sonet's initial 10-city network development plan, which
will provide business SOHO customers with a high-speed, secure virtual
private network (VPN) delivering gigabit data transfer speeds, video and
voice over a fiber-optic IP network.
Link: http://www.fiberopticsonline.com/content/news/article.asp?DocID={C6B5488D-9E9D-11D4-8C6C-009027DE0829}
LIB DEM EMAILS PENETRATED
A Labour party MP is alleged to have illegally penetrated into a Liberal
Democrat's email. Following the allegations, House of Commons officials
have been asked to launch an investigation, and a memo has been circulated
in the Lib Dem party, warning members to take precautions to protect their
emails.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/13864.html
CYBERWAR
Chinese "hackers" have threatened to destroy rival Taiwan's websites as
the island state prepares to celebrate national day on Tuesday, television
reports said. The Chinese "hackers" may penetrate major government websites
as well as some civil websites close to President Chen Shui-bian, the cable
television TVBS said Monday.
Link: http://www.insidechina.com/news.php3?id=207812
RED HAT RESPONDS TO QUALITY ALLEGATIONS
This a summary of the events that occured after the release of Red Hat 7
and it contains a response from the Red Hat people. It also includes some
embarassing comments regarding Slashdot's Red Hat story in which they
published that the distribution had over 2,500 bugs.
Link: http://linuxtoday.com/news_story.php3?ltsn=2000-10-09-005-21-NW-CY-RH
FBI PUSHES FOR CYBER ETHICS EDUCATION
FBI agents are spreading a new gospel to parents and teachers, hoping
they'll better educate youths that vandalism in cyberspace can be economically
costly and just as criminal as mailbox bashing and graffiti spraying. The Justice
Department and the Information Technology Association of America, a trade
group, has launched the Cybercitizen Partnership to encourage educators and
parents to talk to children in ways that equate computer crimes with
old-fashioned wrongdoing.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/10/09/ethics.in.cyberspace.ap/index.html
ENIGMA TO BE RETURNED?
The head of Bletchley Park spy museum is confident that the stolen Enigma
code machine will be returned after she spoke directly to one of the mystery
men demanding L25,000 for the encrypter.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ananova.com/news/story/sm_79029.html
WEB-BASED E-MAIL ISN'T SAFE FROM CORPORATE EYES
Slashdot has a big discussion related to the October 3rd CNET article -
"Unfortunately, security experts say many employees would be surprised to
know that Web-based email services also offer little privacy. Messages sent
via a Yahoo or Hotmail account, or through instant messaging products, such
as ICQ or America Online's Instant Messenger (AIM), are just as accessible
to nosy employers."
Link: http://slashdot.org/article.pl?sid=00/10/08/2048204
CYBERCRIME TREATY
The new, improved draft of the international Cybercrime treaty is out, and
David Banisar says it's bigger and badder than ever.
Link: http://www.securityfocus.com/commentary/98
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
MASTER INDEX TRAVERSE ADVISORY
Synnergy Labs has found a flaw within Master Index that allows a user to
successfully traverse the filesystem on a remote host, allowing arbitary
files/folders to be read.
Link: http://www.net-security.org/text/bugs/971179170,91401,.shtml
DEBIAN LINUX - NEW VERSIONS OF BOA PACKAGES
In versions of boa before 0.94.8.3, it is possible to access files outside of the
server's document root by the use of properly constructed URL requests.
This problem is fixed in version 0.94.8.3-1, uploaded to Debian's unstable
distribution on October 3, 2000. Fixed packages are also available in proposed
updates and will be included in the next revision of Debian/2.2 (potato).
Link: http://www.net-security.org/text/bugs/971179295,4133,.shtml
DEBIAN LINUX - ESOUND PACKAGE IS NOT AFFECTED
Linux-Mandrake has recently released a Security Advisory covering a race
condition in the esound.
Link: http://www.net-security.org/text/bugs/971179403,38597,.shtml
CONNECTIVA LINUX - TMPWATCH LOCAL DOS
Versions of the tmpwatch package as shipped with Conectiva Linux contain a
vulnerability which could lead to a local DoS. These versions, though, are not
vulnerable to the local root exploit published earlier because they do not have
the fuser option, which appeared only in later versions.
Link: http://www.net-security.org/text/bugs/971179510,7441,.shtml
SUSE LINUX - NOT AFFECTED TO TMPWATCH PROBLEM
"The tmpwatch packages as shipped with SuSE distributions are not vulnerable
to the attacks as discussed on security forums, initiated and discovered by
zenith parsec. The version of tmpwatch that we ship is a bit older than the
bleeding edge, but it has proven to do what it says, which is just as important.
We did not (silently) fix the problems in the package - the version that we use
does not have the features that cause the security problems."
Link: http://www.net-security.org/text/bugs/971179586,22555,.shtml
TRUSTIX SECURE LINUX - TMPWATCH PROBLEMS
All versions of Trustix Secure Linux have hitherto been shipped with a version
of tmpwatch that can be tricked into excessive fork()ing filling up the process
table, requiring the box to be rebooted. The version of tmpwatch can also, in
certain cases, be tricked into giving local users a root shell.
Link: http://www.net-security.org/text/bugs/971179653,98073,.shtml
EXTROPIA WEBSTORE DIR TRAVERSAL VULNERABILITY
The Web Store is a shopping cart product by eXtropia. This script merges
Selena Sol's Electronic Outlet HTML and Database shopping cart apps and
adds all new routines for error handling, order processing, encrypted mailing,
frames, Javascript and VBscript.
Link: http://www.net-security.org/text/bugs/971179782,82714,.shtml
INTERACTIVE'S WEB SHOPPER DIR TRAVERSAL VULNERABILITY
shopper.cgi allows users to switch between product pages using the
$VALUES{'newpage'} variable. This would make
http://example.com/cgi-bin/shopper.cgi?newpage=product1.htm display product1.htm.
Although this script has regex statements that single out the double dot (..),
it does not perform these checks by default.
Link: http://www.net-security.org/text/bugs/971179934,13930,.shtml
MICROSOFT SECURITY - "SHARE LEVEL PASSWORD" PATCH
Microsoft has released a patch that eliminates a security vulnerability in
Microsoft Windows 95, 98, 98SE, and Windows Me. The vulnerability could
allow a malicious user to programmatically access a Windows 9x/ME file
share without knowing the entire password assigned to that share.
Link: http://www.net-security.org/text/bugs/971265164,93554,.shtml
MANDRAKE LINUX - OPENSSH UPDATE
A problem exists with openssh's scp program. If a user uses scp to move
files from a server that has been compromised, the operation can be used
to replace arbitrary files on the user's system. The problem is made more
serious by setuid versions of ssh which allow overwriting any file on the
local user's system.
Link: http://www.net-security.org/text/bugs/971265294,96285,.shtml
SHRED 1.0 BUG REPORT
Ran a test with Shred v1.0 and found some unexpected results. This utility is
supposed to overwrite a file with several passes of different bit patterns followed
by one random pattern. The file is then unlinked. This is supposed to make the
file unrecoverable with utilities which read raw disk blocks. Using the icat utility
from Dan Farmer and Wietze Venema's TCT Toolkit it appears that the data is
not overwritten. This test was done on two different RedHat 6.0 systems.
Link: http://www.net-security.org/text/bugs/971265364,54158,.shtml
HP JETDIRECT MULTIPLE DOS
The firmware in the HP JetDirect card contain multiple vulnerabilities that can
have effects ranging from the service crashing to the printer initiating a
firmware upgrade based on random garbage in the memory, and in the last
case powercycling won't fix the crash. It requires a new firmware burn by
eg. HP to restore the Jetdirect card.
Link: http://www.net-security.org/text/bugs/971265417,19017,.shtml
MS - WEBTV FOR WINDOWS DENIAL OF SERVICE
There is a denial of service vulnerability in WebTV for Windows that may allow
a malicious user to remotely crash either the WebTV for Windows application
and/or the computer system running WebTV for Windows. Restarting the
application and/or system will return the system to its normal state. Microsoft
has released a patch that eliminates this security vulnerability.
Link: http://www.net-security.org/text/bugs/971375310,5567,.shtml
MANDRAKE LINUX - APACHE UPDATE
The Apache web server comes with a module called mod_rewrite which is used
to rewrite URLs presented by the client prior to further processing. There is a
flaw in the mod_rewrite logic that allows an attacker to view arbitrary files on
the server system if they contain regular expression references.
Link: http://www.net-security.org/text/bugs/971375814,81283,.shtml
PHP REMOTE FORMAT STRING VULNERABILITIES
Format string vulnerabilities exist in the error logging routines of PHP versions 3
and 4, allowing remote users to execute arbitrary code under the web server's
user id. A web server having PHP installed and one or more PHP scripts is
vulnerable to the problem if error logging is enabled in php.ini. Also any PHP
script using the "syslog" command of PHP may be vulnerable, regardless of
error logging.
Link: http://www.net-security.org/text/bugs/971375894,65809,.shtml
PROBLEM WITH NETSCAPE MESSAGING SERVER 4.15
The problem is that the POP3 server displays a different message for an
authentication error due to an invalid password then for one due to an invalid
username. This could be used to "harvest" email addresses for spam lists.
Link: http://www.net-security.org/text/bugs/971439529,51461,.shtml
APACHE 1.3.14 RELEASED
The Apache Software Foundation and The Apache Server Project are pleased
to announce the release of version 1.3.14 of the Apache HTTP server. Version
1.3.13 was never released. This version of Apache is primarily a security fix and
bug fix release, but there are a few new features and improvements.
Link: http://www.net-security.org/text/bugs/971484402,83017,.shtml
DEBIAN LINUX - CURL AND CURL-SSL UPDATE
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the
error logging code: when it created an error message it failed to check the size
of the buffer allocated for storing the message. This could be exploited by the
remote machine by returning an invalid response to a request from curl which
overflows the error buffer and trick curl into executing arbitrary code.
Link: http://www.net-security.org/text/bugs/971559341,76634,.shtml
REMOTE RETRIEVAL OF AUTHENTICATION DATA FROM IE
"We will show that it could be possible to retrieve the cached authentication
data from your user's web browser with little or no user's cooperation, even
when due care was taken to protect the communication between browser
and server with SSL."
Link: http://www.net-security.org/text/bugs/971559586,2881,.shtml
MS - "CACHED WEB CREDENTIALS" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability in
Microsoft Internet Explorer. Under a daunting set of conditions, the
vulnerability could enable a malicious user to obtain another user's userid
and password to a web site.
Link: http://www.net-security.org/text/bugs/971559684,92219,.shtml
MANDRAKE LINUX - MOD_PHP3 UPDATE
PHP version 3 which ships with Linux-Mandrake are vulnerable to format string
attacks due to logging functions that make improper use of the syslog() and
vsnprintf() functions. This renders PHP3-enabled servers vulnerable to
compromise by remote attackers. This attack is only effective on PHP
installations that log errors and warnings while those servers that do
not are not affected. By default, Linux-Mandrake systems do not have
logging enabled.
Link: http://www.net-security.org/text/bugs/971559791,26568,.shtml
ANACONDA FOUNDATION DIRECTORY VULNERABILITY
Synnergy Labs has found a flaw within Anaconda Foundation Directory that
allows a user to successfully traverse the filesystem on a remote host,
allowing arbitary files/folders to be read
Link: http://www.net-security.org/text/bugs/971559891,18741,.shtml
CALDERA SECURITY UPDATE: FORMAT BUG IN PHP
There's a format bug in the logging code of the mod_php3 module. It uses
apache's aplog_error function, passing user-specified input as the format
string. This can be exploited by a remote attacker to execute arbitrary shell
commands under the HTTP server account (user httpd). In order for this bug
to be exploitable, the PHP error logging must be enabled. By default, error
logging is off.
Link: http://www.net-security.org/text/bugs/971690142,53185,.shtml
WINU 1.0-5.1 BACKDOOR PASSWORDS
"After downloading WinU 5.1 I noticed the built-in "emergency password"
capability, mentioned in the help file. I decided to take a look around.
AND WOW! GOT 'EM ALL!"
Link: http://www.net-security.org/text/bugs/971690328,13624,.shtml
DEBIAN LINUX - LOCAL EXPLOIT IN NIS PACKAGE
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains an
ypbind package with a security problem. ypbind is used to request information
from a nis server which is then used by the local machine. The logging code in
ypbind was vulnerable to a printf formating attack which can be exploited by
passing ypbind a carefully crafted request. This way ypbind can be made to
run arbitrary code as root.
Link: http://www.net-security.org/text/bugs/971690367,54647,.shtml
MS - "NETMEETING DESKTOP SHARING" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability in
NetMeeting, an application that ships with Microsoft Windows 2000 and is
also available as a separate download for Windows NT 4.0. The vulnerability
could allow a malicious user to temporarily prevent an affected machine from
providing any NetMeeting services and possibly consume 100% CPU utilization
during an attack.
Link: http://www.net-security.org/text/bugs/971690405,3329,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
SITEARMOR SUITE OF ADVANCED SECURITY OPTIONS - [10.10.2000]
To protect e-businesses from hacker intrusion and denial of service attacks,
Space4rent.com announced the launch of its SiteArmor suite of security services,
a comprehensive compilation offering customers complete, scalable security
services designed to protect Internet-based applications, data and
e-commerce activities.
Press release:
< http://www.net-security.org/text/press/971180165,61814,.shtml >
----------------------------------------------------------------------------
INVENTORS OF PKI CRYPTOGRAPHY AWARDED BY MARCONI - [11.10.2000]
Two innovators whose mathematical formulations developed nearly 25 years
ago unleashed the key to private communications and secure transactions on
the Internet will receive the 26th annual Marconi International Fellowship
award October 10 for their breakthrough invention and activism in the cause
of privacy rights. Whitfield Diffie and Martin Hellman will share the $100,000
fellowship prize honoring advances in telecommunications for humanitarian
benefit, to be presented at Columbia University in New York City, the
academic home of the Marconi International Fellowship Foundation.
Press release:
< http://www.net-security.org/text/press/971265008,5331,.shtml >
----------------------------------------------------------------------------
COM21 LICENSES SONICWALL TECHNOLOGY - [13.10.2000]
SonicWALL, Inc., a leading provider of Internet security solutions, announced a
license agreement with Com21 to embed its high performance Internet security
technology into Com21's Internet access products. Under the terms of the
agreement, SonicWALL will embed its security technology into consumer cable
modems manufactured by Com21, enabling service providers to deliver secure
access and other value added services to their broadband subscribers.
Press release:
< http://www.net-security.org/text/press/971439887,80256,.shtml >
----------------------------------------------------------------------------
ALADDIN SECURES HONG KONG'S ESDLIFE PORTAL - [14.10.2000]
Aladdin Knowledge Systems, a global leader in the field of Internet content and
software security, announced that Hong Kong's high-profile Electronic Service
Delivery (ESD) Scheme uses Aladdin's eSafe for proactive and comprehensive
Internet security.
Press release:
< http://www.net-security.org/text/press/971528523,49326,.shtml >
----------------------------------------------------------------------------
CO-OPERATION ON SMART CARD PKI - [16.10.2000]
Fingerprint Cards AB and Litronic Inc. have signed a Memorandum of
Understanding that they will co-operate on the development of a new,
strong authentication solution combining fingerprint biometrics and smart
card based digital signatures on the Microsoft Windows Powered Smart
Card platform.
Press release:
< http://www.net-security.org/text/press/971690462,22362,.shtml >
----------------------------------------------------------------------------
NETWORK-1 SECURITY SOLUTIONS AND RIPPLE PARTNER - [16.10.2000]
Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention
solutions for e-Business networks, announced a strategic technology alliance
with Ripple Technologies, Inc., a leading developer of enterprise-wide,
management system solutions. Network-1 has entered into an agreement to
include RippleTech LogCaster, a Windows NT and Windows 2000 systems and
applications management software, in its CyberwallPLUS family of distributed
firewalls.
Press release:
< http://www.net-security.org/text/press/971708821,6720,.shtml >
----------------------------------------------------------------------------
Featured articles
-----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
Listed below are some of the recently added articles.
----------------------------------------------------------------------------
UNVERIFIED FIELDS - A PROBLEM WITH FIREWALLS & FIREWALL TECHNOLOGY TODAY
by Ofir Arkin
The following problem (as discussed in this paper) has not yet been identified.
Certain firewalls today, will not authenticate the validity of certain protocol fields,
within the packet they are processing. The risk is exposure of information. What
kind of information can be exposed? Mainly it will be unique patterns of behavior
produced by the probed machines answering our crafted queries (or other kind of
network traffic initiated in order to elicit a reply). Those patterns will help a
malicious computer attacker to identify the operating systems in use.
Paper:
< http://www.net-security.org/text/articles/index-download.shtml#Firewalls >
----------------------------------------------------------------------------
SUID PROGRAMS, GETTING TO THE ROOT OF THE PROBLEM
by Aleksandar Stancin aka D'Pressed
Here we go again. There are still some little touches left to make your linux
even a bit more secure, involving suid, nouser, sudo and etc. Now, this article
is also newbie friendly, but also it requires some small amount of knowledge.
Article:
< http://www.net-security.org/text/articles/suid.shtml >
----------------------------------------------------------------------------
TESTING TIMES FOR TROJANS by Ian Whalley
In the field of computing, Trojan horses have been around for even longer
than computer viruses but traditionally have been less of a cause for
concern amongst the community of PC users. In recent years, however,
they have been the focus of increased attention from anti-virus companies
and heightened levels of user concern. This paper aims to investigate the
Trojan phenomenon; particular attention will be paid to the claims made in
the field of NVM detection and those made by those who aim to test the
vendors claims.
Paper:
< http://www.net-security.org/text/articles/index-download.shtml#Trojans >
----------------------------------------------------------------------------
A STUDY-GUIDE ON HOW TO DETECT A VIRUS HOAX YOURSELF by Kaspersky Lab
It is difficult to imagine anybody today who does not treat computer viruses as
a real threat to a regularly functioning computer system. However, contiguously
with the virus spreading has occurred another syndrome, which is not any less
dangerous virus hoaxes.
Article:
< http://www.net-security.org/text/articles/viruses/hoax.shtml >
----------------------------------------------------------------------------
Featured books
----------------
The HNS bookstore is located at:
http://net-security.org/various/bookstore
Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org
----------------------------------------------------------------------------
THINK UNIX
The many variants of the Unix operating system require use of a mode of
thought that's significantly different from the one that's required by simpler
operating systems. Think Unix introduces readers to important fundamental
and intermediate Unix commands and, in the process, inculcates them in the
Unix way of thinking. It's a worthy goal in a world with more Linux users than
ever, and author Jon Lasser accomplishes it. He's both a capable writer and a
knowledgeable user of Unix shell commands. Lasser uses bash under Red Hat
Linux in most examples, which usually apply equally well to other Unix variants,
and makes asides about other shells and environments, as needed.
Book:
< http://www.amazon.com/exec/obidos/ASIN/078972376X/netsecurity >
----------------------------------------------------------------------------
SOLARIS 8: THE COMPLETE REFERENCE
This book shows you what you need to understand if you want to make a
living as administrator of a modern Sun workstation. Of course, this book is
not absolutely complete - no technical book about a subject as large as
Solaris 8 could hope to be - but it should be more than adequate for most
readers' purposes. Whether you have experience with another enterprise
operating system and have recently been charged with figuring out Solaris,
or you're a long-time Solaris jock and need a handy reference to guide you
through procedures that you don't follow every day, this book has your
number.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0072121432/netsecurity >
----------------------------------------------------------------------------
STEAL THIS COMPUTER BOOK: WHAT THEY WON'T TELL YOU ABOUT THE INTERNET
Viruses, e-mail bombings, ANSI bombings, keystroke monitors, scams - just
what are these phenomena? Steal This Computer Book answers this question
and discusses the ethical issues surrounding hacking. This thoroughly updated
new edition incorporates the latest on: Trojan Horse programs how they work,
where to find them, and what kind of damage they can cause; the illegal copying
of MP3 music files and DVD-encrypted movie disks; computer forensics used for
recovering deleted data; security issues accompanying broadband Internet
technologies; and more. A gallery of hacker's tools and a CD-ROM with various
antihacker and security tools are included.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1886411425/netsecurity >
----------------------------------------------------------------------------
THE HUNDREDTH WINDOW: PROTECTING YOUR PRIVACY AND SECURITY IN
THE AGE OF THE INTERNET
The proverbial hundredth window represents the most vulnerable link in a system.
It derives from an allegory relating castle windows to potential security holes. If
even one out of a hundred windows is left open, security becomes compromised.
Since the Internet maximizes information sharing (admittedly a largely beneficial
enterprise) would-be big-time marketers and shady characters can - without
trying all that hard--spy on your Web clicking habits, read your e-mail, and even
see files on your hard disk drive. This means you may receive spam from
marketers who think they know what kind of stuff you like to buy--e-mail that
can be helpful to some and aggravating to others. Sharing your name and other
identifying personal information can cause you more serious problems: someone
else could use that information to commit fraud or other crimes--and you would
be responsible.
Book:
< http://www.amazon.com/exec/obidos/ASIN/068483944X/netsecurity >
----------------------------------------------------------------------------
WINDOWS: SYSTEM POLICY EDITOR
Considering that most administrators could figure out the System Policy Editor
through experimentation and some study of its documentation - this book
includes lots of advice on proper use of the utility. Case studies are most
helpful; a typical one explains how to set up system policies for a machine
that will live in a university computer lab that's accessible to the public.
Topics covered: How and why to use the Windows System Policy Editor to
set user, group, and computer access privileges on computers that run
Windows 9x and Windows NT. The user interface is fully documented, as
are the structure and syntax of policy files and templates.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1565926498/netsecurity >
----------------------------------------------------------------------------
Security Software
-------------------
All programs are located at:
http://net-security.org/various/software
----------------------------------------------------------------------------
ADVANCED PASSWORD GENERATOR 2.7
Advanced Password Generator is a application designed to generate passwords
of any length and character content. Advanced Password Generator allow users
to do choice random number generator, which built into this application.This
feature is used to generate an extremely random seed value.
Link:
< http://net-security.org/various/software/971265936,63201,.shtml >
----------------------------------------------------------------------------
SYBERGEN SECURE DESKTOP 2.1
Sybergen Secure Desktop is a personal firewall software that protects a single
computer from malicious intruders and Trojan horse applications. Unlike standard
network firewalls, Secure Desktop guards against these attempts while users
are not connected to a corporate network.
Link:
< http://net-security.org/various/software/971265985,41824,.shtml >
----------------------------------------------------------------------------
WEB CONFIDENTIAL 2.1 (SYSTEM 7)
Web Confidential is a security program that manages passwords with an intuitive
card-file metaphor. The program is fully configurable and integrates easily into
Netscape Navigator, Internet Explorer, and other similar applications. Web
Confidential also lets you encrypt your password files with a key of up to 448
bits in length.
Link:
< http://net-security.org/various/software/971266080,20694,.shtml >
----------------------------------------------------------------------------
POLAR CRYPTO COMPONENT 1.0
This ActiveX component allows you to easily include powerful encryption and
decryption features in your applications. It uses the strong SHS hash algorithm
and the formidable Twofish encrypting algorithm with a 128-, 192-, and 256-bit
key, thus ensuring maximum level security for the encrypted data.
Link:
< http://net-security.org/various/software/971266181,17759,.shtml >
----------------------------------------------------------------------------
Defaced archives
------------------------
[08.10.2000] - Ohio State Government
Original: http://www.oy2k.state.oh.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/08/www.oy2k.state.oh.us/
[08.10.2000] - Southern New England Telecommunications
Original: http://www.tsac.snet.net/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/08/www.tsac.snet.net/
[08.10.2000] - The Centre for Electronics Design and Technology
Original: http://www.cedt.iisc.ernet.in/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/08/www.cedt.iisc.ernet.in/
[08.10.2000] - Naperville File Exchange
Original: http://www.nfe.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/08/www.nfe.com/
[09.10.2000] - Scania Slovenija, d.o.o.
Original: http://www.scania.si/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/09/www.scania.si/
[09.10.2000] - Arpao Servicos de Informatica Ltda
Original: http://www.arpao.com.br/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/09/www.arpao.com.br/
[10.10.2000] - Dalian Software Park Development
Original: http://www.dlsoftwarepark.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/10/www.dlsoftwarepark.com/
[10.10.2000] - LARC NASA
Original: http://se-pc7.larc.nasa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/10/se-pc7.larc.nasa.gov/
[10.10.2000] - Net Deamon
Original: http://www.netdeamon.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/10/www.netdeamon.org/
[12.10.2000] - Mississippi State Board of Contractors
Original: http://www.msboc.state.ms.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/12/www.msboc.state.ms.us/
[12.10.2000] - Portland Communications Ltd
Original: http://ksusha.port5.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/10/12/ksusha.port5.com/
----------------------------------------------------------------------------
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org