Copy Link
Add to Bookmark
Report

Net-Sec Issue 044

eZine's profile picture
Published in 
Net Sec newsletter
 · 5 years ago

  

Net-Sec Newsletter
Issue 44 - 01.01.2001
http://net-security.org

[ -- Happy 2001 -- ]

This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Archive of the newsletter in TXT and PDF format available here:
http://www.net-security.org/news/archive/newsletter


Table of contents:

1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Featured books
6) Security software
7) Defaced archives




General security news
---------------------

----------------------------------------------------------------------------

EGGHEAD.COM SYSTEM COMPROMIZED
"Egghead.com has discovered that a hacker has accessed our computer
systems, potentially including our customer databases," the company
said in a statement released yesterday.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/24info5.htm


KASHMIR RELATED DEFACEMENTS
More than 40 Indian sites have been infiltrated this year by hackers like G Force
Pakistan and Doctor Nuker, who have left poignant pro-Pakistan slogans and
reasons why Kashmir belongs to that country. Wired has the report.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,40789,00.html


PC GUARDIAN ENCRYPTION PLUS HARD DISK
Once Encryption Plus Hard Disk is installed on a user’s computer, the system
will not boot without the user’s password. Even if an experienced user were
to somehow work around the boot protection and access the hard disk, s/he
would only be able to read file names. The data would remain encrypted. This
feature alone should make encryption practically mandatory for notebook users.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.canadacomputes.com/v3/story/1,1017,5163,00.html


INFORMATION SYSTEMS AND SURVEILLANCE
The miniaturization of electronic equipment and the advances in the production
of armaments and computer science equipment, thanks to technological
advances of knowledge and Information Systems (IS) have led some
theoreticians to define war of the information era as digital war.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/omni-is-spy.htm


THE LINUX YEAR IN REVIEW
Linux Weekly News has put together a great summary of the major events
surrounding Linux and open source over the past year. Continuing the popular
tradition of our 1998 and 1999 Linux Timelines, here is our attempt to summarize
what has happened in the Linux world over the last year. This is version 0.8.3
of the LWN 2000 Linux Timeline.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.lwn.net/2000/features/Timeline/


SECURITY-ENHANCED LINUX
As part of its Information Assurance mission, the NSA has long been involved
with the computer security research community in investigating a wide range
of computer security topics including operating system security. The results
of several previous research projects in this area have been incorporated in
a security-enhanced Linux system. This version of Linux has a strong, flexible
mandatory access control architecture incorporated into the major subsystems
of the kernel. The system provides a mechanism to enforce the separation of
information based on confidentiality and integrity requirements. This allows
threats of tampering and bypassing of application security mechanisms to be
addressed and enables the confinement of damage that can be caused by
malicious or flawed applications.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nsa.gov/selinux/


ESTABLISHING EMAIL VALIDITY
Scenario: Christmas morning you get an angry phone call from one of your
contractors. They claim to have received an email outlining why you have
chosen to terminate their contract, that in no uncertain terms describes
relations with their mother, family pet, or what have you. The caller can't
believe how rampantly unprofessional this message is, and has already
contacted their legal department about suing for damages and breach of
contract. All of this information has taken you completely by surprise. As
far as you know, no message has been sent by anyone at your company,
especially given that you're the only employee currently employed by your
company. How can you prove that no email was sent by you? How can you
demonstrate in a court that no such email has originated from your system?
What if it has? Can you prove that you were not the sender?
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/cover/coverstory20001225.html


ONLINE SECURITY KEY TO EMBRACING SMART CARDS
Imagine a single card that lets you purchase and download an airline ticket
using your PC. That same piece of plastic could also pay for a restaurant lunch,
open secure doors at the office, check out books at the library. It could even
become your car keys. Sound like a script from the Jetsons? Not really. Thanks
to the improving power and versatility of microprocessors embedded in the cards,
consumers will not only be able to better protect themselves against online fraud
as they bank or trade stocks. They will also be able to store digital cash, personal
information, Web site passwords and addresses, and such things as loyalty
coupons from merchants or frequent flyer points.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/12/25/smart.cards.ap/index.html


LINUX SECURITY WEEK
This week,advisories were released for ed, stunnel, bitchx, zope, nano, slocate,
procps, oops, halflifeserver, ethereal, netscape, pam, jpilot, rp-pppoe, kerberised
telnetd, ftpd, gnupg, mysql, and tcsh. The vendors include Conectiva, Debian,
FreeBSD, Mandrake, NetBSD, OpenBSD, Red Hat, and Trustix.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/articles/forums_article-2186.html


STIFFER PENALTIES IN HONG KONG
Hong Kong police on Monday warned would-be computer hackers of the
territory's stringent penalties against cybercrimes. The caution came as
official figures showed a 300 percent increase in the number of people
connected to the Internet across the territory in the last two years.
Link: http://www.dotcomdirectory.newsalert.com/bin/story?StoryId=CoKBuueibntaWmJKZndi2


"ANTITRUST" - HOLLYWOOD FILM ON TECH INDUSTRY DUE
AntiTrust," a new motion picture from MGM scheduled to hit theaters Jan. 12,
2001. Tim Robbins plays Gary Winston, the brilliant and driven mastermind
behind N.U.R.V., which stands for "Never Underestimate Radical Vision," a
software company dedicated to monopolizing digital convergence. Winston
dazzles promising young computer science student Milo, played by Ryan
Phillippe, into abandoning his plans to launch a start-up company with his
college buddy and come work for N.U.R.V. Winston's mantra is, "In this
business, you are either a one or a zero." At the heart of N.U.R.V. is the
Synapse project, which is described as the world's first satellite-delivered
global communications system. "AntiTrust" explores the issues of surveillance,
corporate espionage and intellectual property theft.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/12/26/news20.html


ETISALAT HACKING
The lawyer representing a young Briton accused of hacking into Emirates
Telecommunications Corp's (Etisalat) Internet system says he plans to ask
the Public Prosecutor to produce its evidence or drop the case.
Link: http://www.gulf-news.com/Articles/news.asp?ArticleID=5629
We covered the story closely, so you can find more information here:
http://net-security.org/cgi-bin/pr0n/viewnews.cgi?searchetisalat


HACKER ATTACKS ON SHARP RISE
Safeguards against hacker attacks are urgently needed, the Korea Information
Security Agency (KISA) said. The Ministry of Information and Communication-
affiliated institute said there were a total of 1,858 cases of hacking detected
in the nation as of November, more than triple the 572 cases found last year.
There were a mere 147 hacker attacks in 1996, and the figure dropped to 64
in 1997. However, cyber crime began rising sharply again, with the figure
climbing to 158 in 1998, and 572 last year. KISA noted that corporations
appear to be the main target for hacker attacks. Ninety-two, or 40.5 percent
of 227 hacker attacks that occurred in November were targeted against
corporations, for example. "This is an indication that security systems at
Korean corporations are frail and that companies lack mindset for security,"
a KISA official said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.koreaherald.co.kr/SITE/data/html_dir/2000/12/27/200012270081.asp


BAD DAYS FOR NETWORK ASSOCIATES
Network Associates Inc.'s top three executives, including Chairman and Chief
Executive William Larson, resigned suddenly Tuesday, shocking investors, who
sliced the company's stock price in half in after-hours trading. As we could see
from various news outlets their shares fell for 65% (according to ZDNet), 68%
(according to InfoWorld) and 72% (according to Reuters). Below you can read
a few articles that are covering the story.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/51/ns-19913.html
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www0.mercurycenter.com/svtech/news/indepth/docs/networ122700.htm
Link: http://www.crn.com/Sections/BreakingNews/dailyarchives.asp?ArticleID=22548


NATIONAL SECURITY RISK
In a report released this month titled "Cyber Threats and Information Security:
Meeting the 21st Century Challenge," the Center for Strategic and International
Studies (CSIS) concluded that the government and the private sector should
be concerned about the "trustworthiness" of future Microsoft products in the
aftermath of the hack into the company's network.
Link: http://www.net-security.org/cgi-bin/news.cgi?urlhttp://www.idg.net/ic_335424_1794_9-10000.html=


DEMAND FOR NET-BASED SECURITY PRODUCTS
Demand for Internet-based security products is exploding, as sales reached
$243 million last quarter and are expected to more than double next year,
a new study shows.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1004-200-4290053.html


HONG KONG POLICE OFFER CHRISTMAS WARNING TO HACKERS
Computer whizzes in Hong Kong who like to test their skills on the Web sites
of others will receive little sympathy from the Hong Kong Police who issued a
warning about the consequences of such actions.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/12/28/news16.html


CRYPTOGRAPHY IN YOUR POCKET
Recently, some announcements have been made of commercial encryption
programs for the PalmPilot personal organizer. Some of these were for
subroutines that might be used in programs whose primary purpose is
not encryption, for purposes such as software registration. Also, Network
Associates, the company that owns PGP, has a commercial product,
PGPwireless, specifically aimed at those who use their Palm Pilots (and,
shortly, other similar devices) to connect to the Internet.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/articles/pocket20001228.html


NO MONEY IN HACKERDOM, VERSION 1.0
"ESR has an article that explains some ways for you to become a Hacker. I'm
not going to repeat all the points he has in that article, as you can look at
that article for the specifics. I am going to make the argument that Hackers
do not generally Hack because they have to for work. Instead, it is their
passion, their life, in a dramatic way. Also, I'm going to make the argument
that, and this is not how ESR feels, Hackers can be non-contributing authors
to the code base of the world. That code base is better known as Open
Source or Free Software today."
Link: http://www.linuxpower.org/display.php?id=200


AN INTRODUCTION TO VIRUSES AND MALICIOUS CODE PART TWO
In Part One of this series SecurityFocus.com writer Brad Griffin introduced
readers to viruses and other forms of malicious code. He discussed the various
ways in which viruses can infect a user's computer and how they can affect a
user's important data. This article, the second in a three-part series, will
discuss ways of protecting computers against virus infection, including:
anti-virus software, proper handling of e-mail and external media such as
floppy disks, the dangers of non-essential software, and the necessity of
user education.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/basics/articles/malintro2.html


ANTI-DEFAMATION LEAGUE WEB SITE ATTACKED
The ADL Web site was taken over for about 20 minutes by attackers who
identified themselves as the "World's Fantabulous Defacers." In lieu of the
ADL home page, the attackers posted threats to Israelis as well as pro
Palestinian sentiment. The attackers did not gain access to any sensitive
information. The group closed the site a few minutes after the attack was
discovered, according to an ADL representative. Four hours later, the site
was restored.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1007-200-4292972.html


THE STORY OF JEFF: PART VI
This story is the ongoing saga of Jeff, a tragic tale full of hardship, heartbreak
and triumph over impossible odds. Jeff is your average network administrator,
responsible for Acme, Inc.'s Microsoft-based corporate network. A brightly lit
server room. Fans humming quietly, a glass wall at one end; on the other side
we see a table with several people sitting around it. Scattered on the table
are several pads of paper, pencils, pagers and a laptop. We see Jeff, eyes a
healthy shade of bloodshot pink accented by dark bags underneath. Lifting a
cup of cold coffee to his lips, he grimaces and takes a deep gulp, swallowing
it hurriedly.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/jeff20001229.html


THE 101 USES OF OPENSSH: PART I
This month we'll cover ssh's background and architecture, how to build and/or
install OpenSSH, how to use ssh as an encrypted replacement for Telnet, how
to set some basic ssh configuration options and how to use scp for encrypted
file transfers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www2.linuxjournal.com/lj-issues/issue81/4412.html


UPDATE ON EGGHEAD.COM PENETRATION
Egghead.com, the Internet firm that had 3.6 million credit cards compromised
before Christmas when security on its e-commerce site was cracked, said it
will know by the end of the week whether the hacker managed to steal the
financial information of its customers.
Link: http://www.nationalpost.com/tech/story.html?f=/stories/20001228/418915.html


DAILY NEWS THAILAND DEFACED
The Web site of the Daily News newspaper (www.dailynews.co.th) was defaced
late on Tuesday night, the third such break-in in recent years, its webmaster
said today. No information was destroyed or altered.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/00/159816.html


BEWARE OF HAPPY NEW YEAR VIRUS
A new e-mail virus is on the loose, according to Computer Associates
International. The "Tqll-A" worm is typically found in electronic messages
bearing a Happy New Year greeting in the subject field, said Ian Hameroff,
business manager for antivirus solutions for Computer Associates. The latest
threat, which CA detected at its global research centers, conveys itself via
Microsoft Outlook. When people open the "happynewyear.txt.vbs" attachment,
the virus then installs itself on the user's hard drive.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.techweb.com/wire/story/TWB20001229S0006


FEDS WARN OF CONCERTED ATTACKS ON NEW YEAR' EVE
Federal computer security experts are urging system administrators to take
added precautions in securing Web servers and network firewalls in advance
of the New Year's holiday weekend, citing FBI reports indicating an increase
in activity that often precedes widespread cyber attacks. Authorities at the
National Infrastructure Protection Center - the FBI's cyber crime division -
said data gleaned from FBI investigations and other sources indicate that
many computer systems may already have been turned into "zombies"
waiting for commands from hackers to cripple the Internet.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/00/159873.html


REPORT: MICROSOFT HACK A U.S. SECURITY RISK
Although Microsoft Corp. has denied that the hacker who penetrated its network
in October gained access to any of the company's source code, a recent report
by a Washington-based think tank is warning that the compromise may hold
grave national security implications.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/12/29/csis.microsoft.report.idg/index.html


NEW ATTACK ON DIGITAL PIRACY
Hollywood has teamed up with some of the biggest players in computer storage
technology to build a copy-prevention scheme into every hard drive and memory
card - opening a new front in the war against online piracy. If widely adopted,
the technology would make it more difficult for consumers to duplicate
copyrighted files such as music and movies without the permission of the
companies that own the rights. Hard drives and memory cards are used to
store information on everything from personal computers and MP3 music
players to digital cameras and palm-size organizers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www0.mercurycenter.com/svtech/news/indepth/docs/copy122900.htm


LINUXPPC SECURITY PRIMER, PART I
"So you've bought that new G4 you've been eyeing for lo these many months.
Or perhaps you've blown the dust off of some aging Performa you've kept in
your basement. Either way, you've decided to install Linux on your PowerPC
box, but you're worried about some '31337 haxOr d00dz' gaining control of
your machine through some security hole. It turns out there's both good
news and bad news for you."
Link: http://linuxppc.org/security/articles/lppc_security_primer_I.php3


'THE ANALYZER' ADMITS SABOTAGE
'The Analyzer' was convicted yesterday by the Kfar Sava Magistrates Court after
striking a plea bargain deal with prosecutors. Tannenbaum, a 21 year old Hod
Hasharon resident, confessed to offenses of conspiracy, wrongful infiltration
of computerized material, disruption of computer use, and destroying evidence.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www3.haaretz.co.il/eng/htmls/kat18_2.htm


SO MANY PREDICT SO MUCH
The three most important tech issues of 2001 will be free speech, privacy and
e-money. ISPs will continue to be the targets of governments such as France
who want to control what their citizens see and read. Privacy in all instances
will be contentious, especially when it comes to genetics. E-money will appear
back on the scene as countries other than the United States (for example,
Japan), begin to experiment and succeed with viable e-money systems.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,40906,00.html

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

THE END OF SSL AND SSH? FOLLOW-UP
"Well, I certainly managed to kick over a hornet's next with my article "The End
of SSL and SSH?". There were quite a few points I did not cover in the article,
many I did not think of, and some I trimmed. This article will cover the reaction
to SSL and SSH being "dead", as well as numerous implementation issues I did
not cover. The real issue is that technology cannot solve problems completely."
Link: http://www.net-security.org/text/bugs/977746823,69115,.shtml


1ST UP MAIL SERVER V4.1 VULNERABILITY
The Ussr Team has recently discovered a Buffer Overflow in 1st Up Mail Server
v4.1 where they do not use proper bounds checking. The overflow is in the
field "mail from: < ", a large number of aaaaaa's "> (over 300). It then displays
this message: "Application popup: smtp server: smtp server.exe - Application
Error : The instruction at "0x00402f23" referenced memory at "0x61616161".
The memory could not be "read". This results in a Denial of Service against
the service in question.
Link: http://www.net-security.org/text/bugs/977788101,95356,.shtml


DEBIAN LINUX - DIALOG SYMLINK ATTACK
Matt Kraai reported that he found a problem in the way dialog creates lock-files:
it did not create them safely which made it susceptible to a symlink attack. This
has been fixed in version 0.9a-20000118-3bis.
Link: http://www.net-security.org/text/bugs/977886772,81869,.shtml


DEBIAN LINUX - MULTIPLE STUNNEL VULNERABILITIES
Lez discovered a format string problem in stunnel (a tool to create Universal
SSL tunnel for other network daemons). Brian Hatch responded by stating he
was already preparing a new release with multiple security fixes:
1. The PRNG (pseudo-random generated) was not seeded correctly. This only
affects operation on operating systems without a secure random generator.
2. Pid files were not created securely, making stunnel vulnerable to a symlink
attack
3. There was an insecure syslog() call which could be exploited if the user
could manage to insert text into the logged text. At least one way to exploit
this using faked identd responses was demonstrated by Lez.
These problems have been fixed in version 3.10-0potato1.
Link: http://www.net-security.org/text/bugs/977886802,94324,.shtml


DEBIAN LINUX - TWO GPG PROBLEMS
There is a problem in the way gpg checks detached signatures which can lead
to false positives. Detached signature can be verified with a command like this:
gpg --verify detached.sig < mydata
If someone replaced detached.sig with a signed text (ie not a detached
signature) and then modified mydata gpg would still report a successfully
verified signature.
Link: http://www.net-security.org/text/bugs/977886820,3938,.shtml


ORACLE INTERNET APPLICATION SERVER BUGS
The first possible vulnerability is essentially a configuration issue associated
with the Portal Listener and modplsql. When these are installed, the default
configuration allows all users access to the Listener and modplsql administration
pages. A second potential vulnerability may occur if customers grant public
access to PL/SQL procedures, in particular those which access an Oracle
database such as OWA, SYS and DBMS. Since publicly accessible procedures
may be accessed through a URL, it may be possible to to invoke these
procedures through a URL and cause SQL statements to be executed on
a back-end Oracle database.
Link: http://www.net-security.org/text/bugs/977886859,308,.shtml


NSA SECURITY-ENHANCED LINUX PROBLEM
The most recent version that appears to be available is dated last week,
slinux-200012181053-release.tgz. In this distribution, the find_default_type
function in libsecure/get_default_type.c attempts to extract a type field from
the file /etc/security/default_type and copy it to a result buffer (specifically,
to the argument "char **type"). Memory for this result buffer is allocated
using malloc, but the argument to malloc is always one character too small.
For example, the role argument might typically be "sysadm_r" and the len
argument would then be 8. With the initial installation, the first value of
buf would be "sysadm_r:sysadm_t\n". There are no leading spaces, so i is 0.
In the statement
(*type) = (char*) malloc (sizeof(char) * (strlen(buf)-i-len-1));
the argument to malloc is 18 - 0 - 8 - 1, which is 9. Then,
strcpy ((*type), &buf[i]+len+1);
attempts to copy the 10 characters "sysadm_t\n\0" into the 9-character buffer.
Link: http://www.net-security.org/text/bugs/977971173,27822,.shtml


MORE PROBLEMS FOR TECHNOTE
in main.cgi ,failed properly validate user input which arguments a call to open().
FREE_BOARD is a default db
http://localhost/technote/main.cgi/oops?
board=FREE_BOARD&command=
down_load&filename=/../../../main.cgi
Link: http://www.net-security.org/text/bugs/977971189,41142,.shtml


REMOTE VULNERABILITY IN IKONBOARD
Ikonboard is a free forum system. Similair to UBB and UB. Versions up to and
including 2.1.7b contain a vulnerability that allows commands to be executed
as the script user. Therefore compromising security of the system running the
board and allowing an attacker to get passwords of the board users, because
they are in no way encrypted/hashed.
Link: http://www.net-security.org/text/bugs/978186540,73624,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

EGGHEAD.COM INVESTIGATES PENETRATION - [24.12.2000]

Egghead.com, Inc., released the following statement: "Egghead.com has
discovered that a hacker has accessed our computer systems, potentially
including our customer databases. As a precautionary measure, we have
taken immediate steps to protect our customers by contacting the credit
card companies we work with. They are in the process of alerting card
issuers and banks so that they can take the necessary steps to ensure
the security of cardholders who may be affected.

Press release:
< http://www.net-security.org/text/press/977664283,29904,.shtml >

----------------------------------------------------------------------------

RSA CONFERENCE 2001 ASIA RFP - [27.12.2000]

RSA Security Inc. announced a call for papers and demonstrations for the first
annual RSA Conference in Asia. RSA Conference 2001, Asia, is scheduled to be
held July 9 - 12, 2001, at the Singapore International Convention and Exhibition
Center in Suntec City, Singapore. The event is expected to bring together
decision-makers and influencers from financial services, government, education,
information technology, telecommunications and the media. Security professionals,
cryptographers, analysts, developers and strategic partners are encouraged to
submit presentations on their security implementations, applications or research.

Press release:
< http://www.net-security.org/text/press/977887231,94789,.shtml >

----------------------------------------------------------------------------

RSA KEON CERTIFICATE SERVER 5.5 CLOSE TO EAL4 - [27.12.2000]

Reinforcing its commitment to product security, quality and reliability, RSA
Security Inc., the most trusted name in e-Security, announced that the RSA
Keon Certificate Server 5.5, RSA Security's digital certificate management system
designed to add trust to e-government, has been accepted into evaluation against
the Common Criteria (CC) for Information Technology Security Evaluations. The
Common Criteria for Information Technology Security Evaluation (CC) V2.1/IS
15408 is an international standard for evaluating the security of IT products.
This important achievement indicates that the RSA Keon Certificate Server is
on its way to achieving CC evaluated status recognized by governments and
businesses around the world, including Australia, Canada, France, Germany,
the Netherlands, the United States, the United Kingdom, Italy, Spain, Greece,
Norway, Finland, and New Zealand.

Press release:
< http://www.net-security.org/text/press/977887369,30178,.shtml >

----------------------------------------------------------------------------

BINDVIEW'S BV-CONTROL FINALISTS IN INFOSEC MAG - [2.12.2000]

BindView Corporation, a leading provider of IT security management solutions,
announced that its bv-Control product family has been selected as a finalist
in the Security Management & Auditing Category for the Information Security
Excellence Award given by Information Security Magazine. The winners will be
announced at an awards luncheon in February at the MIS Training Institute's
InfoSec World Conference in Orlando.

Press release:
< http://www.net-security.org/text/press/977948954,9040,.shtml >

----------------------------------------------------------------------------

TRIPWIRE GETS "NSS APPROVED" STATUS - [28.12.2000]

Tripwire Inc., the leading provider of data and network integrity software,
announced that Tripwire HQ Manager and Tripwire HQ Connector for NT
were awarded the internationally recognized "NSS Approved" status for
their exceptional performance. Tripwire's products were thoroughly tested
in the Intrusion Detection Software (IDS)/Vulnerability Assessment Group
Test 2000 by The NSS Group, Europe's foremost independent test
organization focusing on security issues.

Press release:
< http://www.net-security.org/text/press/978020664,85700,.shtml >

----------------------------------------------------------------------------

SYMANTEC CEO COMMENTS SECURITY MARKET - [28.12.2000]

On the heels of a recent Network Associates announcement, Symantec Corp.
issued the following statement to its investors and customers: "We have never
been more confident in our future," said John W. Thompson, chairman, president
and CEO of Symantec. "Symantec continues to gain momentum in the enterprise
security business. Industry leaders such as Oracle, Cobalt, Yahoo and Earthlink
have recently chosen Symantec's security technology. Global leaders in
industries ranging from automotive, telecommunications and financial services
are showing increasing confidence in our products and our company. In addition,
our recently completed merger with AXENT Technologies makes Symantec the
largest Internet security company in the world."

Press release:
< http://www.net-security.org/text/press/978020871,73838,.shtml >

----------------------------------------------------------------------------

475,000 DOWNLOADS OF AVX VIRUS PROTECTION - [29.12.2000]

At a time when other anti-virus software providers are posting losses, Central
Command Inc., a leader in the anti-virus industry, announced that within the
last 45 days more than 475,000 people have downloaded AVX virus protection
to protect their computers from viruses. AVX Professional software, with its
new virus prevention technology designed around an open plug-in architecture,
is quickly becoming a standard among Internet users.

Press release:
< http://www.net-security.org/text/press/978091342,18550,.shtml >

----------------------------------------------------------------------------

FLORIDA SUPREME COURT SELECTS IDENTIX - [29.12.2000]

Identix Incorporated, the worldwide leader in providing user authentication,
security and identification solutions, announced that the Florida State Supreme
Court has selected Identix's fingerprint biometric security solutions to secure
its 650 seat Wide Area Network (WAN) enterprise-wide, which encompasses
five District Courts of Appeal and the State Supreme Court.

Press release:
< http://www.net-security.org/text/press/978091572,661,.shtml >

----------------------------------------------------------------------------

NEW CUSTOMERS USING CERTICOM'S SSL - [29.12.2000]

Continuing to strengthen its position as a leading provider of e-business security,
Certicom, announced that is has signed license agreements with five new
companies. Additional licensees are Alteon WebSystems, i-drive, Five Nine
Solutions, Inc., Ponoi Corp. and Tempest Software. These companies have
licensed Certicom's leading SSL Plus software to enhance the security and
trust of their respective internal applications and e-business offerings.

Press release:
< http://www.net-security.org/text/press/978091709,67478,.shtml >

----------------------------------------------------------------------------




Featured articles
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

Below is the list of the recently added articles.

----------------------------------------------------------------------------

YOUR OPINION: "WHAT ARE THE CURRENT PRIVACY THREATS?"

Recently we held a survey on HNS regarding the current privacy threats. Many
visitors decided to share their opinions with us. In this article you can read
some of the most interesting opinions.

Read more:
< http://www.net-security.org/text/articles/opinion.shtml >

----------------------------------------------------------------------------

ICMP USAGE IN SCANNING VERSION 2.5 by Ofir Arkin

"The Internet Control Message Protocol may seem harmless at first glance. Its
goals and features were outlined in RFC 792 (and than later cleared in RFCs
1122, 1256, 1349, 1812), as a way to provide a means to send error messages,
troubleshoot networking problems, and more. There is no consent between the
experts in charge for securing Internet networks (Firewall Administrators,
Network Administrators, System Administrators, Security Officers, etc.)
regarding the actions that should be taken to secure their network
infrastructure in order to prevent those risks. The risks involved in
implementing the ICMP protocol in a network, regarding scanning,
are the subject of this research paper".

PDF Version:
< http://www.net-security.org/text/articles/index-download.shtml#ICMP >

----------------------------------------------------------------------------

THE ABC OF COMPUTER SECURITY by Paul Ducklin

This White Paper gives an introduction to computer security and its significance
for businesses, followed by an alphabetical guide to common security measures
and threats.

PDF Version:
< http://www.net-security.org/text/articles/index-download.shtml#ABC >

----------------------------------------------------------------------------

RESULTS OF THE SECURITY IN ACTIVEX WORKSHOP

On August 22-23, 2000, the CERT Coordination Center hosted a workshop in
Pittsburgh, Pennsylvania, for twenty invited experts to address security issues
related to ActiveX controls. The primary goal of the workshop was to identify
the situations under which ActiveX and related technologies may be used safely
and to produce a paper describing security concerns and configuration guidance.
That goal was achieved and the result of the workshop, this paper, serves not
only to dispel unwarranted myths about the safety of using ActiveX but also to
furnish guidance to network administrators and others faced with security issues
involving mobile code in general and ActiveX in particular.

Read more:
< http://www.net-security.org/text/articles/index-download.shtml#active >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org

----------------------------------------------------------------------------

CIM IP ROUTING DVP SIMULATOR (CISCO CAREER CERTIFICATIONS)

With CIM IP Routing: Distance-Vector Protocols, you can master protocols that
are the backbone of the Internet and enable traffic to move across business
networks. Offering self-paced instruction and practice, this robust learning tool
gives you a quick and cost-effective way to acquire Cisco knowledge and
expertise. From an overview of IP routing concepts to the development of
IP access lists, you’ll learn the difference between routing functions and
strategies, routing traffic using multiple paths, and how to implement routing
protocols for quick convergence times with minimal network traffic through
Cisco internetworking devices. Mastering techniques developed by Cisco
Technical Assistance Center engineers, you’ll practice configuring and
troubleshooting RIP, IGRP, and EIGRP over IP networks. CIM IP Routing:
Distance-Vector Protocols is an excellent preparation tool for the Cisco
Certified Network Associate (CCNA) exam.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1587200120/netsecurity >

----------------------------------------------------------------------------

IN THE TRENCHES: CUSTOMIZING AND UPGRADING LINUX

A reference for the busy professional to installing and administering Linux,
detailing the difference between Linux and other Unix systems. The CD-ROM
contains Red Hat Linux 6.2, to enable the reader to follow along with the
text and see how Linux works.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1930713010/netsecurity >

----------------------------------------------------------------------------

GNU AUTOCONF, AUTOMAKE, AND LIBTOOL

This is a technically adept and expert guide to using these utilities effectively.
Any C/C++ or script programmer who writes software under Unix/Linux will want
to have a copy of this book to make better use of these powerful and sometimes
obscurely documented tools. This text is filled with the nuts-and-bolts details
of running these three utilities, including command-line switches and the actual,
generated files that automate the build process and help programmers port code
between different environments. As such, this title will be appreciated by those
at their workstations who want a hands-on guide to using the autotools. There's
a danger of missing the forest for the trees here, with all of this necessary detail,
but the middle sections of this book pull back a little with several useful chapters
on the bigger picture of code "portability." Chapters on both C and C++ portability
explore language features that likely will cause trouble when code is moved
between different versions of Unix (or even between Unix and Windows). A
similar section also discusses the issues when developing portable shell scripts.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1578701902/netsecurity >

----------------------------------------------------------------------------

LINUX IP STACKS COMMENTARY

The book is an in-depth look at the TCP/IP protocol implementation as
implemented in Linux. Using the style of John Lion's original much-photocopied
A Commentary on the Unix Operating System, Linux IP Stacks Commentary
guides you through the ins and outs of TCP, UDP, ICMP, routing, IPCHAIN
firewall code, and the Linux TCP/IP applications interface. The source for
the network code is included in the book and on the CD-ROM.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1576104702/netsecurity >

----------------------------------------------------------------------------

APACHE SERVER COMMENTARY

A guide for programmers and developers who need to understand and master
the source code that runs the world's mot popular Web server. Holden (author
and president of Stylus Media), Nicholas Wells (technical writer and consultant),
and Matthew Keller (programmer/analyst for Distributed Computing and
Telemedia department at the State U. of New York College) conduct a
line-by-line examination of the core code, as well as the standard Apache
modules that control logging, directory indexing, access control, CGI, and
other essential aspects of running a full-featured Web site. Flow charts
illustrate how individual modules work. The included CD-RRM contains the
complete source code for version 1.3.6 of the Apache Web server package,
a precompiled binary version of Apache for Windows 32- bit platforms,
ApacheWrapper version 1.3.29, Comanche, IPTraf version 1.4.3, and
Chili!Soft ASP 3.0.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1576104680/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

W32.KRIZ PREVENTION TOOL

This tool is a preventive measure against the W32.Kriz virus. It will not repair
damage done after the virus has been launched.

Info/Download:
< http://net-security.org/various/software/977614917,63951,.shtml >

----------------------------------------------------------------------------

KILL_CIH REMOVAL TOOL

The KILL_CIH tool is designed to safely detect and remove all known strains
of the W95.CIH (Chernobyl) virus (known strains as of August 3rd, 1998) from
memory under Windows 95 and Windows 98 (the W95.CIH virus cannot infect
Windows NT systems). If the tool is run before the virus has infected the
system, it will also "inoculate" the computer's memory to prevent the W95.CIH
virus from infecting the system until the next system reboot.

Info/Download:
< http://net-security.org/various/software/977615146,72255,.shtml >

----------------------------------------------------------------------------

W32.NAVIDAD REMOVAL TOOL

This tool will only work for W32.Navidad and it will not work for the
W32.Navidad.16896 variant.

Info/Download:
< http://net-security.org/various/software/977615252,711,.shtml >

----------------------------------------------------------------------------

CHKROOTKIT-0.19

chkrootkit locally checks for signs of a rootkit. Includes detection of LKM
rootkits, ifpromisc.c to check and see if the interface is in promisc mode,
chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp
for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.

Info/Download:
< http://net-security.org/various/software/978188214,78469,.shtml >

----------------------------------------------------------------------------

SECURE DISK EXPLORER 1.1.3

Secure Explorer is a full-featured file manager similar to Windows Explorer.
However, the biggest difference is that this program provides a completely
secure environment for data and documents on your system. It's capable of
encrypting files and locking folders, thus making them inaccessible to other
users. Like Explorer, Secure Explorer supplies its very own shell context menu.
As you browse your hard drive, simply right-click an item and select the
appropriate protection option from the menu. The program gives you the
option of preventing Explorer from displaying these items. Meanwhile, files
and folders are stored inside tabs on the interface, which require passwords
for entry. Like Explorer, Secure Explorer supplies its very own shell context
menu.

Info/Download:
< http://net-security.org/various/software/978188372,43683,.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[25.12.2000] - ChangChun Sience&Technology, China
Original: http://www.ccst.gov.cn/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/25/www.ccst.gov.cn/

[25.12.2000] - Slackware
Original: http://www.slackware.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/25/www.slackware.com/

[25.12.2000] - Nasdaq Japan
Original: http://www.nasdaq.co.jp/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/24/www.nasdaq.co.jp/

[25.12.2000] - Administrative Office of the U.S. Courts
Original: http://www.nywd.uscourts.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/25/www.nywd.uscourts.gov/

[26.12.2000] - Hizbollah
Original: http://www.hizbollah.org/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/26/www.hizbollah.org/

[27.12.2000] - Government Republic Of Moldova Site
Original: http://ministry.moldova.md/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/27/ministry.moldova.md/

[27.12.2000] - National Oceanic and Atmospheric Administration
Original: http://www.fob.noaa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/27/www.fob.noaa.gov/

[28.12.2000] - US DOI, Bureau of Land Management
Original: http://www5.ca.blm.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/28/www5.ca.blm.gov/

[29.12.2000] - Embassy of Israel, Wellington, New Zealand
Original: http://www.israel.org.nz/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/29/www.israel.org.nz/

[29.12.2000] - Human Right Education Programme, Pakistan
Original: http://www.hrep.com.pk/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/29/www.hrep.com.pk/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:

Help Net Security staff

staff@net-security.org
http://net-security.org

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT