Copy Link
Add to Bookmark
Report
Net-Sec Issue 051
HNS Newsletter
Issue 51 - 20.02.2001
http://net-security.org
This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter
Current subscriber count to this digest: 1925
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured books
5) Security software
6) Defaced archives
General security news
---------------------
----------------------------------------------------------------------------
HACKERS SAY ATTACK WAS EASY
Uncovering confidential data, such as passwords and credit card numbers, on
business and government leaders who attended an annual meeting in the Swiss
Alps was easy, computer hackers were quoted as saying Sunday. The Zurich
weekly SonntagsZeitung, which last Sunday disclosed the capture of data on
27,000 leaders, listed on the Internet the type of information that was
compromised for each leader. Former President Bill Clinton's forum password
and actor Dustin Hoffman's e-mail address were included. The newspaper
lists the names and titles, but withholds the confidential numbers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nandotimes.com/technology/story/0,1643,500308974-500496290-503480397-0,00.html
NEW LOVELETTER VARIANTS APPEAR
Two new Loveletter virus variants have appeared over the weekend, but
antivirus companies appear to be divided on what level of importance to
attach to their arrival. While F-Secure issued a high-level alert to subscribers
of its Radar IT security alerting service early this morning, Kaspersky Lab said
that the rash of warnings about Loveletter virus variants "are simply a form
of virus hysteria."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/161815.html
DAVOS HACK: "GOOD" SABOTAGE
A group called Virtual Monkeywrench has taken credit for the hack and said it
is an example of "good sabotage" that was intended to block "the operation of
this well-oiled machine." "The people from Monkeywrench said that the data
was not protected, that it was open and accessible. They say that the
information was just lying there, almost offering itself up to them," said
"Fillip," a computer systems specialist from Switzerland who said that he
has communicated with the crackers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,41760,00.html
ANNA VIRUS LOSES ITS SIZZLE
Variants of a virus capitalizing on the popularity of Anna Kournikova failed to
add momentum to the worm's spread Monday. "I think it is under control at
this point," said Vincent Gullotto, director of security software maker Network
Associates' antivirus emergency response team. "It had the potential to
become Love Letter-ish, but because we and others had protection, it
failed to spread too quickly."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2684871,00.html
FIREWALLS - IT'S TIME TO EVOLVE OR DIE
"Much may be said for the utility of network protection with firewalls, but too
often we forget about the vulnerable, pink, hairless underbelly of the firewall.
In this series of articles I will expose the weaknesses that are often ignored.
A disclaimer, however: Even though there are many problems with firewalls
and they are far from perfect, you are better off leaving them in. Firewalls
are better than nothing most of the time. They provide the only major line
of defense for many networks (more on this particular issue later), so please
do not remove your firewall unless you have given this some serious thought."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/firewalls20010212.html
E-SIGNATURES WITH USB CRYPTO-TOKENS
The recently enacted Electronic Signatures in Global and National Commerce
Act grants electronic signatures and contracts the same legal weight as
handwritten signatures on printed documents. While the new law will almost
certainly accelerate the use of digital signatures for all sorts of e-commerce
transactions, the law does not specify a single de facto standard technology
used to generate digital signatures. One option is the use of a Universal Serial
Bus (USB) cryptographic token to generate digital signatures. USB cryptographic
tokens offer an easy and secure way to generate, store and deploy digital
identities for a host of e-commerce applications and transactions. These
tokens also have the unique ability to plug the security gap found in many
digital signature schemes.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_421607_1794_9-10000.html
TRACKING DESPERADOES, DOCUMENTS, COMPUTER FILES...
Investigating computer crime can mean wading through vast amounts of
dissimilar evidence. Websites, paper documents, public records, computer
files, personnel records, and online databases all top the list. Understanding
where you are in an investigation may be akin to sorting out your position in
a South Pacific archipelago; a navigational chart becomes invaluable. The
elements in any investigation are people, places, things, documents, and,
nowadays, electronic records, whether local or in cyberspace. Yet, the key
operation is not just collecting them but understanding how they relate to
each other. So, linking analysis becomes a vital tool in the investigative
process.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/desperadoes20010213.html
THE ANNA VIRUS THE WORK OF "SCRIPT KIDDIES"?
Eric Chien, chief researcher at Symantec, explained that the virus was actually
created with a virus writing kit, known as Vbs Worms Generator 1.50b, which
is readily available on the internet.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1117639
WINDOWS XP CAN SECURE MUSIC
A new digital media security solution developed by Microsoft provides protection
for content owners while excluding other digital rights management systems.
The Secure Audio Path (SAP) adds "static" interference to media files that
require video and audio cards to authenticate themselves with Windows
software before they can be played. The company would be able to verify
that a media player isn't playing an "unsecured" file, which according to
Microsoft would eliminate much of the threat of piracy.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,41614,00.html
INTRUSION DETECTION SYSTEMS, PART IV: LOGCHECK
The last in this four part series on IDS, looks at Logcheck: a software package
that is designed to automatically run and check system log files for security
violations and unusual activity.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.freeos.com/articles/3540
RESTRICTANONYMOUS: ENUMERATION AND THE NULL USER
If you are an NT administrator, or if you provide security policies and audits for
clients, then you know all about the RestrictAnonymous value in the LSA key.
If not, you need to educate yourself about this setting- not so much because
of what it does, but more importantly, what it doesn't do. This article by
SecurityFocus.com writer Timothy M. Mullen will offer an overview of
RestrictAnonymous, the need for a RestrictAnonymous setting, some
inherent weaknesses in RestrictAnonymous and some developments
that aim to negate these weaknesses.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/microsoft/nt/restrict.html
ANDES ASICS BYPASS TCP LAYER TO SECURE TRANSACTIONS
Andes Networks Inc. has devised a way to dramatically accelerate Secure
Socket Layer transactions by bypassing the Layer 4 TCP session. The
company is aiming for nothing less than a radical revision of how secure
HTTP transactions are conducted.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.electronicstimes.com/story/OEG20010212S0109
INTERNET GATEWAY CONFIGURATION AND MORE
This article gives an overview of ways to use your DSL machine as gateway for
your home or office network, and goes through the basic steps to setup and
maintain security to machines connected directly to the Internet.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/2001/February/Features409.html
ANNA WORM WRITER TELLS ALL
A man from the Netherlands has admitted to writing and distributing the virulent
but short-lived "AnnaKournikova" e-mail worm. He also says he regrets it and
vows never to write another one again. He has put up a website where he
admits to authoring the worm, and also tells why he did it. The worm's writer,
who goes by the name "OnTheFly," writes on the site that he didn't create
the worm just "for fun." Instead, he says he did it to prove that people had
not learned anything from previous e-mail worms.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,41782,00.html
SECURE REMOTE LOG SERVERS USING SCP
Currently there are not many elegant ways to implement a secure, centralized
systemlog server. Centralizing system log files can have several important
advantages: efficient management of log files, maximized disk space usage,
easier access for auditing purposes and more secure retention. This article
by Kristy Westphal will discuss a solution that is secure, affordable and easy
to run, especially on a Solaris system.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/sun/articles/securelog.html
RECOGNIZING VIABLE PHYSICAL ATTACKS
When you talk to most IT managers about security, they will assure that they
have the latest firewall technology, 128 SSL encryption on their Websites, and
strong access controls. When you ask them about availability and redundancy,
they will talk about offsite backups, load-balancing their Web servers, and, if
they are really gung-ho, about the fact that they have a second data center
in San Jose. In most cases this is quite sufficient. However, there is a major
area that as of yet has gone unexplored by most non-governmental
organizations. This is the world of electromagnetic radiation, with exotic
technologies such as HERF, EMP and Tempest.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010213.html
INTEL DEFACED
A group known as the Sm0ked Crew managed to deface an Intel sub-domain
at talisman1.cps.intel.com leaving a short message. Intel pointed out that
the attackers failed to upload any HTML. The site is running Microsoft IIS4
on Windows NT4 - a combination that has been subjected to a raft of
exploits in recent weeks. Experts expressed surprise at the processor
giant's apparent lack of web security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1117695
Mirror: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.attrition.org/mirror/attrition/2001/02/13/talisman1.cps.intel.com/
KOURNIKOVA CORNUCOPIA
Vmyths.com's Rob Rosenberger did a great rant on the whole situation regarding
the Anna Kournikova worm.
Link: http://www.vmyths.com/rant.cfm?id=302&page=4
ONTHEFLY IDENTIFIED
Dutch privacy laws prevent local authorities from releasing the identity of the
author of the "Onthefly" email worm, but an investigation by InternetNews
Radio reveals all roads lead to the Anna Kournikova fan Web site of Jan Dewit.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.internetnews.com/wd-news/article/0,,10_589521,00.html
SERVER BASED COMPUTING IS TECHNICALLY SECURE
With over 140 million PCs, workstations and servers deployed worldwide,
armed with Internet on one side and new computing devices on the other,
the complexity and cost of delivering business critical applications is becoming
overwhelming. Server-based computing, a model in which applications are
deployed, managed, supported and executed completely on a server, is fast
catching up across the world. Alan Pettit, in a conversation with Sofia Tippoo
explains about this architecture spreading in Asia Pacific.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/15info15.htm
INTERNET SECURITY AND ACCELERATION SERVER
Microsoft unveiled another of its .Net array of servers when it released its
Internet Security and Acceleration server. The server is essentially a
beefed-up firewall, designed to defend networks from external attacks and
prevent unauthorized access. With this release, Microsoft, of Redmond, Wash.,
hopes to challenge companies such as Check Point Software Technologies for
supremacy in the enterprise firewall market. Microsoft has not traditionally
been noted for its products' security features, which may be a hindrance to
widespread adoption of the ISA Server.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2685764,00.html
OPENSSH: LET THE COMMUNITY DECIDE TRADEMARK FIGHT
Theo de Raadt, co-creator of OpenSSH, says he hopes the community, not the
courts, will decide a trademark skirmish in which SSH Communications Security
Corp. is demanding that the project stop using the name it's been using since
1995.
Link: http://www.newsforge.com/article.pl?sid=01/02/14/1838201
NETFILTER FOR IP MASQUERADE
As of 2.4, ipchains is a thing of the past. The replacement for ipchains is
Netfilter's iptables. What does this mean to the end user? Typically it means
little beyond the fact that suddenly their ipmasq script doesn't work. So, for
starters let's get into setting up ipmasq under 2.4.x kernels.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linux.com/tuneup/database.phtml/Networking/2188.html
PEDOS VOLUNTEERED SYSTEM PASSWORDS TO COPS
The investigation into the w0nderland paedophile ring could have been
scuppered at the last minute if the men had not given police their encryption
keys. A spokeswoman for the National Crime Squad told that "We were only
able to get into their systems when they voluntarily gave us their passwords."
If the same situation were to arise today, the suspect would be obliged, under
the RIP Act, to furnish the investigators with the key to decrypt their data.
However, the Operation Cathedral investigation predated the Act becoming law.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/16918.html
LINUX KERNEL 2.4 FIREWALLING MATURES: NETFILTER
In yet another set of advancements to the kernel IP packet filtering code,
netfilter allows users to set up, maintain, and inspect the packet filtering
rules in the new 2.4 kernel. This document explains those changes and
tips on how to get started.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html
SCHOOLBOY CRACKER CAUGHT BY DIALLING 1471
A UK computer security consultant has revealed how he snared a hapless
computer cracker who made blackmail threats to his company. Rather than
tracing him through the latest computer security technology, he used a
rather simpler methood - the telephone callback facility.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/6/ns-20991.html
SATANIK.CHILD VIRUS UNLEASHED
A Valentine's Day virus, called VBS.Satanik.Child, has been reported by Aladdin
Knowledge Systems. The statement described the bug as a VB Script vandal
embedded inside HTML formatted e-mail, which introduces a new type of
threat compared to the recently launched Anna Kournikova vandal.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/162014.html
WORM GENERATOR WENT OFFLINE
In the wake of the worldwide spread of the AnnaKournikova virus, an 18-year
old Argentinian claiming to be the creator of the Vbs Worm Generator - the
program used to create the Anna virus - has removed the application's files
from his Web site.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2686768,00.html
SPAIN: ATTACKS RISE 210%
Cyberguardian, the Spanish internet security bank, has voiced its concern at
the rise in web server attacks during the first month of this year. Javier Lorenzo,
General Manager of Cyberguardian, said that during the first six weeks, the
number of hacked web sites of their clients had risen by 210 per cent.
Link: http://www.europemedia.net/shownews.asp?ArticleID=1531
FRAUD BUSTERS
The Net makes it easy for con artists to set up scams. But it also makes it
easy for federal investigators to pursue the bad guys.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_429148_2058_1-1474.html
MONITORING UNIX LOGINS
"In today's article, I'd like to take a look at utmp, wtmp, and lastlog. These
three files are read and updated whenever a user logs in to your FreeBSD
system. However, you can't read these files directly, so we'll also look at
the various utilities you can use to garner the information contained within
these files. We'll then finish off the article with some utilities that deal with
logins and terminals."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.oreillynet.com/pub/a/bsd/2001/02/14/FreeBSD_Basics.html
JOB OFFER FOR ANNA WORM CREATOR
The mayor of the city of Sneek has offered the recently arrested 20 year-old
who created the Kournikova worm a job. According to mayor S. Hartkamp "We're
of course talking about a man who has shown he's capable of something" and
"for people like him we've always got a spot at our IT department". Also the
mayor says he's happy about the publicity his city is getting after this incident.
"I was watching CNN and all of a sudden I saw our policestation on international
television". This news comes after Jan DeWitt turned himself in earlier this week
and admitted he didn't know what he was doing and hadn't anticipated any of
the consequences his acts would have.
INTEL ATTACKER TALKS TO THE REG
A computer enthusiast who defaced Intel's Web site twice this week told The
Register about the techniques he uses to break into prestige Web sites and
what motivates him to tweak the nose of system administrators in the IT
industry. The-Rev, of cracker group sm0ked crew, has contributed to the
defacement of sub-domains on Web sites belonging to Hewlett-Packard,
Compaq and Intel twice this week alone. SmOked crew, which also includes
a member called splurge, had a pop at Gateway and the New York Times
this week just for good measure.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17000.html
NAPSTER'S NEW (SECURE) GROOVE
Details of Napster's new secure service are leaking, even as the recording
industry continues to tighten the legal screws on the file-trading company.
Napster formed an alliance with Bertelsmann's Digital World Services division
on Friday to develop a secure system for file-trading that can be built into
the existing service. Although Napster officials have been tight-lipped about
the new service, Bertelsmann executives said the new system will build
encryption into files currently being traded across the network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,41880,00.html
EDUCATION IS PRIMARY DEFENSE FOR SECURE MACHINES
It was with no small amount of irony that Jay Beale, lead developer for Bastille
Linux, was hired by MandrakeSoft last Fall to help the French Linux company
bolster the security of its Linux-Mandrake distribution. Now, after a few
months in the employ of MandrakeSoft, Beale has some definite ideas about
how he will be securing Linux-Mandrake and all of the other Linux distributions
as well. As he has said from day one, Beale's first set of priorities in his new
job is to make Linux-Mandrake and the other MandrakeSoft product more
secure. This does not mean he will be diverted from his work on Bastille. On
the contrary, through the support of MandrakeSoft, Beale is getting more
time and funding to work even more on Bastille than he did in the past.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxplanet.com/linuxplanet/reports/3011/1/
UPDATE ON WEF 'HACK'
Swiss federal police knew anti-globalisation 'hackers' could try to steal
confidential data from the rich and powerful on the guest list at the
World Economic Forum (WEF) but did not warn organisers, a Swiss
newspaper said on Sunday.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/19info2.htm
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
THREE SECURITY HOLES FIXED IN NEW KERNEL
Three security holes have been fixed in the kernel. One involves ptrace, another
involves sysctl, and the last is specific to some Intel CPUs. All three security
holes involve local access only (they do not provide a hole to remote attackers
without a local account). The ptrace and sysctl bugs provide local users with
the potential to compromise the root account. Neither has an active exploit
available at the time of this writing. The last security hole is a DoS that does
not provide access to the root account but does allow any user with shell
access the ability to halt the CPU.
Link: http://www.net-security.org/text/bugs/981998065,83491,.shtml
NOVELL GROUPWISE CLIENT VULNERABILITY
with zen polices or NT Polices installed properly on a windows machine GroupWise
can view the file system while policies do not allow local access to view the files
system of local or remote drives. The GroupWise client allows permission to see
and call files on all drives. This does not change or proxy the rights of another
user it simply allows them to see what policies should be hiding. This problem
was caused when Novell used an API that did not check with OS policies that
have been applied to the user. This problem has been reported and confirmed
by Novell Tech Support.
Link: http://www.net-security.org/text/bugs/981998342,24809,.shtml
DEBIAN LINUX - PROFTPD UPDATE
The following problems have been reported for the version of proftpd in Debian
2.2 (potato):
1. There is a memory leak in the SIZE command which can result in a denial of
service, as reported by Wojciech Purczynski. This is only a problem if proftpd
cannot write to its scoreboard file; the default configuration of proftpd in
Debian is not vulnerable.
2. A similar memory leak affects the USER command, also as reported by
Wojciech Purczynski. The proftpd in Debian 2.2 is susceptible to this
vulnerability; an attacker can cause the proftpd daemon to crash by
exhausting its available memory.
3. There were some format string vulnerabilities reported by Przemyslaw
Frasunek. These are not known to have exploits, but have been corrected
as a precaution.
Link: http://www.net-security.org/text/bugs/982076610,8446,.shtml
WEBSPIRS CGI SCRIPT VULNERABILITY
Problem lyes in incorrect validation of user submitted-by-browser information,
that can show any file of the system where script installed.
Link: http://www.net-security.org/text/bugs/982077684,43757,.shtml
COMMERCE.CGI VULNERABILITY
Adding the string "/../%00" in front of a webpage document will allow an remote
attacker to be able to view any files on the server, provided that the httpd has
the correct permissions. You need to know the directory and file for it to be
viewable, and directory listing and remote command execution doesn't appear
to be possible. Although it may be possible to view some transactions of cc#'s
with the proper tinkering, and depending on if the admin has set proper
directory permissions.
Link: http://www.net-security.org/text/bugs/982077748,40437,.shtml
TRUSTIX SECURITY ADVISORY - PROFTPD, KERNEL
A race condition in ptrace allows a malicious user to gain root. A signedness
error in the sysctl interface also potentially allows a user to gain root.
Link: http://www.net-security.org/text/bugs/982189417,54382,.shtml
SECURITY HOLE IN KICQ
kicq is a free icq client clone available at http://kicq.sourceforge.net/.
Unfortunately received (untrusted!) URLs are passed to the specified
webbrowser (standard is kfmclient) without any sanity checking using
system(). The only user action needed for this is to click "Open" in a
popup menu.
Link: http://www.net-security.org/text/bugs/982202806,24596,.shtml
MITM ATTACKS AGAINST NOVELL NETWARE
Novell has implemented RSA's public/private key technology for encryption and
part of their authentication process. Due to protocol implementation problems,
a man-in-the-middle attack could allow for password hash recovery, and even
a user's RSA private key.
Link: http://www.net-security.org/text/bugs/982293844,88586,.shtml
WEBACTIVE HTTP SERVER 1.0 VULNERABILITY
Adding the string "/../" to an URL allows an attacker to view any file on the
server provided you know where the file is at in the first place. Only Win9x &
NT are affected.
Link: http://www.net-security.org/text/bugs/982378705,521,.shtml
THINKING ARTS STORE.CGI DIRECTORY TRAVERSAL
Adding the string "/../" to an URL allows an attacker to view any file on the
server, and also list directories within the server which the owner of the
vulnerable httpd has permissions to access. Remote execution of commands
does not apear to be possible with this directory traversal bug, but directory
listings are. Please note that you do need the %00.html at the end of your
command.
Link: http://www.net-security.org/text/bugs/982378729,75704,.shtml
SUSE LINUX - SSH UPDATE
SuSE distributions contain the ssh package in the version 1.2.27. No later
version is provided because of licensing issues. SuSE maintains the 1.2.27
version in a patched package. Three new patches have been added that
workaround three independent security problems in the ssh package.
Link: http://www.net-security.org/text/bugs/982378844,18801,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
WATCHGUARD SERVERLOCK INTRODUCED - [12.02.2001]
WatchGuard Technologies, Inc., a leader in Internet security solutions, extended
its award-winning Firebox firewall and VPN appliances with the introduction of
WatchGuard ServerLock, new software that locks-down Microsoft NT and
Microsoft Windows 2000 servers.
Press release:
< http://www.net-security.org/text/press/981997982,33252,.shtml >
----------------------------------------------------------------------------
F-SECURE: ANNA KOURNIKOVA THEMED WORM - [13.02.2001]
F-Secure Corporation, a leading provider of centrally-managed, widely distributed
security solutions is alerting computer users worldwide about a new, rapidly
spreading e-mail worm. Known as "Onthefly", this worm sends itself in an Anna
Kournikova -themed attachments in e-mails titled as "Here you have,;o)".
Ms. Kournikova is known as an international tennis star.
Press release:
< http://www.net-security.org/text/press/982075911,58240,.shtml >
----------------------------------------------------------------------------
FINLAND'S FIRST SECURITY SOLUTION FOR ADSL CLIENTS - [13.02.2001]
2001 F-Secure Online Solutions, a leading provider of centrally managed security
services, and Elisa Communications announced the first bundled personal
anti-virus and personal firewall services for ADSL users in Finland. The companies
have entered into an agreement whereby F-SOS is the premier Security Service
partner for Elisa Communications. The first result of the partnership is the launch
of Personal Anti-Virus and Personal Firewall Services for Elisa Communications'
ADSL customers.
Press release:
< http://www.net-security.org/text/press/982075986,21559,.shtml >
----------------------------------------------------------------------------
KASPERSY LABS - KOURNIKOVA WORM - [13.02.2001]
Kaspersky Labs, an international data-security software development company,
reports the discovery "in the wild" of the new modification of the "Lee" worm
going by the moniker of "Kournikova". The new worm already has managed to
infect many computer systems in both North America and East Asia. At the
same time, the worm poses no threat to Kaspersky Anti-Virus users due to
the program's unique integrated heuristic code analyser designed to combat
against unknown viruses - Kaspersky AV is able to detect the worm without
any additional updates to the anti-virus database.
Press release:
< http://www.net-security.org/text/press/982076214,24241,.shtml >
----------------------------------------------------------------------------
Securing Capacity Group of Companies - [14.02.2001]
Trend Micro Inc., the leading provider of antivirus security, shares news of the
successful defense of yesterday's "Anna Kournikova" virus outbreak by Capacity
Group of Companies, using Trend Micro's ScanMail for Exchange. One of the top
100 insurance brokers in the country, Capacity Group of Companies, weathered
the worldwide virus outbreak unscathed. By using Trend Micro's ScanMail for
Exchange, incoming infected messages, spreading via Outlook, were stopped
at Capacity Group of Companies' Exchange mail server without disruption to
its employees or its communications system.
Press release:
< http://www.net-security.org/text/press/982115915,61092,.shtml >
----------------------------------------------------------------------------
SECURITY DEPLOYMENT IN WESTERN EUROPE - [14.02.2001]
Infonetics Research's latest market research study, "Network Technology
Adoption Forecasts, Europe 2001," shows growth in almost every area of
network build-out among organizations in Western Europe, particularly in
security technologies and services. The results of this study closely parallel
those found in a study Infonetics Research published just a few weeks ago
on the U.S. and Canadian markets.
Press release:
< http://www.net-security.org/text/press/982115972,30596,.shtml >
----------------------------------------------------------------------------
TRUSECURE CORPORATION EXPANDS EXECUTIVES - [.02.2001]
In support of its continued growth and global expansion, TruSecure Corporation,
the leader in Internet security assurance, today announced the appointment
of three new executives: Greg Coticchia as chief operating officer, Jef Loos
as senior vice president, general manager of European operations, and Sanjay
Mehta as vice president of business development. Together this team brings
more than forty years of additional senior executive experience to TruSecure.
Press release:
< http://www.net-security.org/text/press/982116034,90742,.shtml >
----------------------------------------------------------------------------
SOPHOS - KOURNIKOVA WORM CREATOR ARRESTED - [14.02.2001]
Sophos, a world leader in corporate anti-virus protection, has welcomed the
arrest of a man in the Netherlands in connection with the VBS/SST-A computer
worm. Dutch police spokesman Robert Rambonnet confirmed that the police
force in the Netherlands have arrested a 20 year old in connection with the
recent "Anna Kournikova" virus outbreak on suspicion of damaging computer
programs and property. The man, who lives in Friesland, turned himself into
the authorities after apparently posting a bizarre apology for his actions on
the internet. His identity has not been revealed, but the author of the
computer worm and self-confessed fan of Anna Kournikova uses the
pseudonym "OnTheFly".
Press release:
< http://www.net-security.org/text/press/982164133,56196,.shtml >
----------------------------------------------------------------------------
F-SECURE PRODUCTS INTEGRATE WITH CA'S EMS - [14.02.2001]
Secure Corporation, a leading provider of centrally managed security solutions
for the mobile, distributed enterprise, today announced integration of F-Secure
products with the enterprise management systems [EMS] from Computer
Associates and BMC Software. Organizations that have standardized on
Unicenter TNG and BMC PATROL can now use the familiar management
consoles of these three market-leading frameworks to control and monitor
most aspects of F-Secure's products. As a result, IT administrators can
more effectively and efficiently manage their networks and security, while
preserving their investments in those management frameworks.
Press release:
< http://www.net-security.org/text/press/982164488,68552,.shtml >
----------------------------------------------------------------------------
TELE DANMARK SELECTS SONICWALL - [14.02.2001]
SonicWALL, Inc. (NASDAQ:SNWL), a leading provider of Internet security
products, announced that it has been selected by TDC Internet, a division
of Denmark's leading telecommunications company Tele Danmark Communications
(TDC), as a foundation for the company's new managed security solutions. With
SonicWALL's Internet security appliances and Global Management System (GMS),
TDC will be able to deliver managed security and value added services to its
small to medium-sized enterprise customers (SME).
Press release:
< http://www.net-security.org/text/press/982203363,39069,.shtml >
----------------------------------------------------------------------------
WEST COAST LABS CERTIFY APPGATE V.3.2 - [.02.2001]
Network security experts appGate, Inc., announced that West Coast Labs, a
division of West Coast Publishing Limited, has awarded them the first Checkmark
certificate for secure application gateways. West Coast Labs sets and publishes
standards for computer security products and awards its Checkmark certificate
to those manufacturers who meet or exceed those standards. The newly
introduced Checkmark for secure application gateways was awarded to
appGate for its latest software release, appGate Version 3.2. The company
was awarded Level 2 of the West Coast Labs standard, currently the highest
level of certification that the Checkmark provides.
Press release:
< http://www.net-security.org/text/press/982203401,66068,.shtml >
----------------------------------------------------------------------------
FREE VIRUS PROTECTION FOR WIRELESS DEVICES - [15.02.2001]
Trend Micro Inc., a leading provider of network antivirus and content security
for the Internet age, today announced the availability of free antivirus software
for the most popular handheld mobile and wireless device platforms, including
Palm OS, Windows CE, and Symbian EPOC. Based on Trend Micro's award-winning
PC-cillin desktop antivirus software, PC-cillin for Wireless resides on Palm OS,
Pocket PC (Windows CE), and EPOC handheld devices to protect users from
potentially malicious code including viruses, scripts, Trojan horses, and worms.
Devices are susceptible to these threats whenever users receive email, browse
the Web, or receive information via beaming and synching.
Press release:
< http://www.net-security.org/text/press/982203494,36531,.shtml >
----------------------------------------------------------------------------
FIPASS NOVEL TOKEN PASSWORD SECURITY SYSTEM - [15.02.2001]
FiPoint is proudly sponsoring the World Boxing Association Heavyweight
Contender, John "The Quiet Man" Ruiz for the Holyfield -Ruiz 2 fight which will
be broadcast live on SET -Showtime Event Television from Mandalay Bay in Las
Vegas on March 3rd 2001. FiPoint, the financial integrator, is sponsoring Ruiz to
introduce its premier security product "the FiPass" which will position FiPoint to
lead the fight to "protect yourself online." The FiPass logo will be in the ring
with Ruiz on his fighting shorts, on the Ruiz Team gear and in Ruiz's corner.
Press release:
< http://www.net-security.org/text/press/982260460,54584,.shtml >
----------------------------------------------------------------------------
CYBERGUARD'S SECURITY SCOOP IN SINGAPORE - [15.02.2001]
With Internet security a serious global issue, Paul Henry of CyberGuard
Corporation, the technology leader in network security, will divulge his
security secrets at a National University of Singapore seminar on February
23 at 10:30 a.m. local time. Henry, managing director of Asian operations
for CyberGuard, will be presenting "Hacking Exposed: The Hacking Tools of
Script Kiddies" as part of the university's "You are the TARGET" seminar on
information security.
Press release:
< http://www.net-security.org/text/press/982260499,29458,.shtml >
----------------------------------------------------------------------------
FIRST KOREA SECURITY INFORMATION SHARING CREATED - [15.02.2001]
Predictive Systems, a leading network infrastructure consulting firm, announced
that it has entered into an agreement with Infosec Corporation, a leading South
Korean information security services provider, to create the Korea Security
Information Sharing and Analysis Center (KS/ISAC) to facilitate the sharing of
sensitive information about cyber attacks and security vulnerabilities that pose
threats to Korean businesses. As a participating bureau of the Worldwide ISAC
(WW/ISAC), which was launched last year, the KS/ISAC provides a secure
database, analytical tools, and information gathering and distribution facilities
designed to allow authorized participants to submit either anonymous or
attributed reports about information security threats, vulnerabilities,
incidents, and solutions.
Press release:
< http://www.net-security.org/text/press/982260554,78205,.shtml >
----------------------------------------------------------------------------
PROTECTING ENTERPRISE FROM MALICIOUS CODE - [20.02.2001]
F-Secure Corporation, a leading provider of centrally managed security for the
mobile enterprise, today announced the general availability of F-Secure Anti-Virus
for Internet Mail. The product protects all email traffic against inbound and
outbound security threats in real time, including internal SMTP mail traffic.
Since email can bypass traditional workstation and server-based virus
protection, businesses need an anti-virus solution at the gateway level. In
today's corporate environment, the ability to protect sensitive data from
viruses outside the corporate network has become a necessity. F-Secure
Anti-Virus for Internet Mail incorporates multiple scanning engines, creating
superior detection rates and ensuring that these threats never penetrate
the network.
Press release:
< http://www.net-security.org/text/press/982633450,84386,.shtml >
----------------------------------------------------------------------------
PARA-PROTECT SERVICES APPOINTS CFO - [20.02.2001]
Para-Protect Services Inc., a managed security and support services provider
for the global 500 and trusted partner providers, announced the appointment
of Joseph D. Ragan III, CPA. as Chief Financial Officer. Ragan joins Para-Protect
Services, Inc. after serving as CFO, US Operations for Winstar Communications
for the past two years. Winstar is a publicly traded company in the broadband
services market serving over 60 domestic markets and 12 international markets.
With the firm, Ragan improved quality and timeliness of financial reporting,
internal controls, and asset management reporting and substantially reduced
telecommunications costs.
Press release:
< http://www.net-security.org/text/press/982633974,29797,.shtml >
----------------------------------------------------------------------------
Featured books
----------------
The HNS bookstore is located at:
http://net-security.org/various/bookstore
Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org
----------------------------------------------------------------------------
CISCO IP ROUTING HANDBOOK
The book approaches the more complicated and capable routing protocols first
by explaining Routing Information Protocol (RIP) and the fundamental principles
that it incorporates in a way that's understood relatively easily. The explanations
require readers to pay close attention to text that's interspersed with routing
tables and input/output sequences from Cisco's Internetworking Operating
System (IOS). Given the proper attention, this text does a fine job of explaining
how Interior Gateway Routing Protocol (IGRP), Enhanced IGRP (EIGRP), and Open
Shortest Path First (OSPF) routing work, along with static routing and other
simpler concepts. Topics covered: Routing protocols, as implemented by Cisco
Systems routers and configured on the Cisco Internetworking Operating System
(IOS). Routing Information Protocol (RIP), Interior Gateway Routing Protocol
(IGRP), Enhanced IGRP (EIGRP), Open Shortest Path First (OSPF), Integrated
System to Integrated System (IS-IS), and Border Gateway Protocol (BGP)
version 4 all are covered.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0764546953/netsecurity >
----------------------------------------------------------------------------
MICROSOFT SQL SERVER 2000 ADMINISTRATOR'S POCKET CONSULTANT
If specialization is for insects, those of us who have only two legs are bound
to need reminders when we sit down to perform a specialized task. For those
times in which the specialized task at hand involves the latest version of
Microsoft's high-end database management system (DBMS), Microsoft SQL
Server 2000 Administrator's Pocket Consultant will provide how-to answers
on the double-quick. This small, inch-thick volume fits nicely into a briefcase,
and opens flat for easy reference. It makes little attempt to explain how SQL
Server works, assuming instead that the reader knows what he or she needs.
For example, a quick scan of the index for "Logins, Assigning Roles for Multiple"
yields a reference to a page that explains exactly what to do, step by step.
Procedures are a large part of the appeal of this book; value tables and
Transact-SQL syntax documentation contribute the rest. A typical value
table lists all standard database roles, along with commentary on what sort
of user is appropriate for each role. Transact-SQL documentation includes
generic "all available options" statements of syntax, followed by usage
examples. Deeper explanations of what each option does would make the
syntax documentation stronger, but what's here is certainly enough to jog
readers' memories and point them to heavier reference material, if they
need it. Keep this book handy if your job requires you to hop from DBMS
to DBMS.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0735611297/netsecurity >
----------------------------------------------------------------------------
THE OFFICIAL GUIDE TO INFORMIX/RED BRICK DATA WAREHOUSING
The book covers all the features of RedBrick in the process of building a data
warehouse through its complete lifecycle, beginning with planning the project,
designing the database, building and loading the database, deploying the
database to business users and maintaining the data warehouse in the future.
Each of the topics is presented in a straightforward fashion by discussing in
detail the objective, concepts, and implementation techniques and briefly
touching on the more advanced components. One ongoing case study used
throughout the book allows the reader to build upon it with each major area
to create a sample data warehouse. Sample forms and documents as well
as completed exercises are provided on the CD-ROM.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0764546945/netsecurity >
----------------------------------------------------------------------------
POSTGRESQL: INTRODUCTION AND CONCEPTS
(Pearson Education) Presents the fundamentals of PostgreSQL, an advanced,
feature-filled database server. Assumes no background in databases at all, but
still moves quickly, going beyond mechanics and into the applications of simple
commands in working database applications. Highlights common pitfalls and
offers time and trouble-saving tips.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0201703319/netsecurity >
----------------------------------------------------------------------------
PLANNING EXTREME PROGRAMMING (THE XP SERIES)
The Extreme Programming (XP) paradigm has developers doing things like
programming in pairs, writing tests to verify all code, and continuously
refactoring designs for improved performance. Written by two of its
inventors, Planning Extreme Programming shows you how to implement
XP by using a simple, effective process. This remarkably short (yet
remarkably useful) title will give any XP manager or programmer a
perspective on delivering software that meets the needs of customers
better. Simplicity is the watchword of the XP software process. This
book is virtually devoid of traditional software-engineering jargon and
design diagrams, and yet does a good job of laying the foundation of
how to perform XP--which is all about working with a customer to
deliver features incrementally.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0201710919/netsecurity >
----------------------------------------------------------------------------
Security Software
-------------------
All programs are located at:
http://net-security.org/various/software
----------------------------------------------------------------------------
NESSUS 1.0.7A
Nessus is a free, up-to-date, and full featured remote security scanner for Linux,
BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a
nice GTK interface, and currently performs over 531 remote security checks.
It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only
points out problems, but suggests a solution for each of them. Changes: 1.0.7a
fixes bugs in the scanner timeout.
Info/Download:
< http://www.net-security.org/various/software/982454976,58605,linux.shtml >
----------------------------------------------------------------------------
BLACKICE DEFENDER 2.1
BlackICE Defender delivers bulletproof intrusion detection and personal firewall
protection to your PC. It scans your DSL, cable, or dial-up Internet connection
looking for hacker activity, much like antivirus programs scan your hard disk
looking for viruses. BlackICE will not slow down your PC or your Internet
experience.
Info/Download:
< http://www.net-security.org/various/software/982455317,56745,windows.shtml >
----------------------------------------------------------------------------
ZONEALARM 2.1.44
ZoneAlarm is designed to protect your DSL or cable-connected PC from hackers.
This program includes four interlocking security services: a firewall, an Application
Control, an Internet Lock, and Zones. The firewall controls the door to your
computer and allows only traffic that you understand and initiate. The Application
Control allows you to decide which applications can and cannot use the Internet.
The Internet Lock blocks Internet traffic while your computer is unattended or
while you are not using the Internet, and it can be activated automatically with
your computer's screensaver or after a set period of inactivity. Zones monitor all
activity on your computer and alert you when a new application attempts to
access the Internet. This version includes protection from emailborne worms.
Info/Download:
< http://www.net-security.org/various/software/982455527,33047,windows.shtml >
----------------------------------------------------------------------------
PALMPASSWORD 1.51
With PalmPassword, you will never again have to remember account names
and passwords, or which one is used where. PalmPassword will completely
automate the process of using login names and passwords, whenever and
wherever you need them.
Info/Download:
< http://www.net-security.org/various/software/982084445,35396,palm.shtml >
----------------------------------------------------------------------------
TEAL LOCK 3.21
TealLock replaces the standard Palm security application with a system that
offers many activation and customization options. These include activation
by shortcut strokes, custom locking of screen text and images, optional
auto-locking of private records, and file-hiding immediately at shutdown
or after a specified period of time.
Info/Download:
< http://www.net-security.org/various/software/982084525,67290,palm.shtml >
----------------------------------------------------------------------------
INTERNET EXPLORER SECURITY 1.1
From the developer: "Internet Explorer Security is a free utility that customizes
many aspects of the Internet Explorer Web browser. It's a snap to use and
provides the tools you need to retain and manage your Web browser settings.
It lets you disable individual menu items and prevent others from editing your
Favorites. It also allows you to disable individual tabs in the Internet Options
dialog, as well as specific settings from each tab. Still other settings let you
change the title caption, toolbar background, and animated icon; change
default folders; and replace standard error information pages. Multiuser
support and password protection are also offered."
Info/Download:
< http://www.net-security.org/various/software/982084622,69048,windows.shtml >
----------------------------------------------------------------------------
ONLYME 2.15
OnlyMe automatically locks your Palm whenever the device is turned off.
Entering your password is the only way to turn it on. This version stops
the Palm V from turning on when the case pushes the up/down arrow keys,
and handles certain conflicts with upcoming versions of the Palm OS and
with certain game programs.
Info/Download:
< http://www.net-security.org/various/software/982440775,76206,palm.shtml >
----------------------------------------------------------------------------
12GHOSTS WASH 21.03
This will cover your tracks and clean out folders of unused and unwanted data.
It includes options for Windows, browsers, and other applications. You can even
turn on the included shredder for total security. In Windows, it can clear the Run
history, recent documents, Find-files history, and the Temp folder. In your
browser, it will clear the typed address list, cached files, history, and cookies.
This program can also remove WinZip's Most-Recently used file list, or the Last
Open folder in ACDsee. Command-line control is available to create automatic
"wash" times (prior to shutdown, for example).
Info/Download:
< http://www.net-security.org/various/software/982440911,87752,windows.shtml >
----------------------------------------------------------------------------
Defaced archives
------------------------
[10.02.2001] - SecureNet BR
Original: http://www.securenet.com.br/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/10/www.securenet.com.br/
[11.02.2001] - Asia-Pacific Service Network
Original: http://www.apsn.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/11/www.apsn.com/
[11.02.2001] - CompUSA Inc.
Original: http://commercial.compusa.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/11/commercial.compusa.com/
[11.02.2001] - Pinnacle Communications
Original: http://dev.ldd.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/11/dev.ldd.com/
[11.02.2001] - Gateway 2000, Inc.
Original: http://jobs.gateway.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/11/jobs.gateway.com/
[12.02.2001] - British Columbia Courts
Original: http://www.courts.gov.bc.ca/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/12/www.courts.gov.bc.ca/
[13.02.2001] - Intel Corporation
Original: http://talisman1.cps.intel.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/13/talisman1.cps.intel.com/
[13.02.2001] - Walt Disney Company: Go.Com
Original: http://remote.go.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/13/remote.go.com/
[14.02.2001] - Linux Mania
Original: http://www.linuxmania.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/14/www.linuxmania.org/
[14.02.2001] - Hewlett-Packard Company
Original: http://e-learning.hp.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/14/e-learning.hp.com/
[14.02.2001] - AltaVista Company
Original: http://merchant.shopping.altavista.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/14/merchant.shopping.altavista.com/
[14.02.2001] - Compaq Computer Corporation
Original: http://www.weft2.emea.compaq.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/14/www.weft2.emea.compaq.com/
[15.02.2001] - Software Patent Institute
Original: http://www.spi.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/15/www.spi.org/
[15.02.2001] - The New York Times Company
Original: http://business.nytimes.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/15/business.nytimes.com/
[17.02.2001] - Fuji Film
Original: http://www.fujifilm.se/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/17/www.fujifilm.se/
[17.02.2001] - Zavod za zaposlovanje Republike Slovenije
Original: http://www.ess.gov.si/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/17/www.ess.gov.si/
[17.02.2001] - Iomega Corp.
Original: http://search.iomega.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/17/search.iomega.com/
[18.02.2001] - Financial Institutions Commission Homepage
Original: http://www.fic.gov.bc.ca/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/18/www.fic.gov.bc.ca/
[18.02.2001] - Comite International Olympique
Original: http://atlanta.olympic.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/18/atlanta.olympic.org/
[18.02.2001] - Idaho State Government
Original: http://www.doi.state.id.us/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/18/www.doi.state.id.us/
[18.02.2001] - Hewlett-Packard Company
Original: http://openview.hp.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/18/openview.hp.com/
----------------------------------------------------------------------------
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org