Copy Link
Add to Bookmark
Report

Net-Sec Issue 045

eZine's profile picture
Published in 
Net Sec newsletter
 · 5 years ago

  

HNS Newsletter
Issue 45 - 08.01.2001
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter

Current subscriber count to this digest : 1676

Table of contents:

1) General security news
2) Security issues
3) Security world
4) Featured article
5) Featured books
6) Security software
7) Defaced archives



General security news
---------------------

----------------------------------------------------------------------------

COMPUTER SECURITY GETS A NEW TOUCH
City workers in Oceanside, Calif., were drowning in passwords. One to check
e-mail, others to see water billing records or police reports, all on top of the
codes and personal identification numbers they had to keep straight in their
off-the-job lives. Time and money were wasted answering up to 30 calls a
day from workers who forgot or lost passwords. Now, those calls are down
to one or two a week. Two years ago, Oceanside began installing mouse
size fingerprint scanners at city computers. So instead of fumbling for a
password, city workers now need only to place finger to scanner to get
onto the network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.denver-rmn.com/business/0101bio4.shtml


PARLIAMENT WEBSITE ATTACKED
The official website of Parliament has been attacked and all its information
wiped out. The intruder - who called himself "topeira" had removed the website
at http://www.parlimen.gov.my and replaced it with some foreign words and a
Brazilian address on the rock group Garbage. This was the first time the
Parliament website, which was put up earlier this year, had been penetrated.
Link: http://thestar.com.my/news/story.asp?file=/2000/12/31/nation/3101llha&sec=nation


TOP 10 SECURITY STORIES OF 2000
If 1999 was the year that Information Security began creeping into our
collective consciousness like a dripping faucet, the year 2000 was when
the water main burst. While the year began with a collective sigh of relief
with the Y2K non-event, it was quickly followed by a yearlong procession
of security headlines. I have a feeling that some people have kept their
emergency shelters well stocked, lest some hacker figures out how to
manipulate the power grid and their bank account. As with Y2K, the
mainstream press has missed some of the real significance of 2000's
information security news, so the staff at SecurityPortal has selected
our top 10 list of security stories to further enlighten the masses and
help you lead a better life.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/cover/coverstory20010101.html


TOP PRIVACY ISSUES OF Y2K
The phenomenal rise, and technological sophistication, of workplace surveillance
leads the list of the Top 10 privacy stories of the year 2000, according to a
Privacy Foundation analysis. Also in the Top 10 are proposed new medical
privacy rules; the FBI’s controversial use of the Carnivore email wiretap;
DoubleClick’s stalled plan to track consumers online; and the arrival of
chief privacy officers in corporate boardrooms.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cipherwar.com/news/01/privacy_threats_2000.htm


COMP.OS.LINUX.SECURITY FAQ INTRODUCED
Daniel Swan's tireless efforts come to fruition after many months of development
of the comp.os.linux.security FAQ. LinuxSecurity.com speaks with Daniel about
his FAQ and Linux security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/interview-cols.html


COMPUTER CRIME INVESTIGATOR'S TOOLKIT: PART I
Computer crime investigators come from differing backgrounds. In the private
sector a wide range of certifications exist: CISSP, MCSE, Internet Security
Specialist, Computer Forensics Specialist, and the like. Developing a common
body of knowledge is often a response to the particular examination program
one wishes to pass through. Yet, professional practice often dictates the
areas of an investigator's expertise. Those with an emphasis on forensic
issues (such as police investigators) may concentrate on techniques
pertaining to "black" or illegal email, illegal pornography, and common-law
crimes committed using a computer. Those with an emphasis on security
issues may deal with technologies related to combating hacking, denial of
service (DoS), intrusion, and business espionage.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/articles/toolkit20010102.html


"THE FREEBSD CORPORATE NETWORKER'S GUIDE"
A new FreeBSD book from Addison Wesley is now on sale.The FreeBSD
Corporate Networker's Guide is written for the beginning FreeBSD
administrator who wants to take advantage of the power and cost
savings afforded by use of this operating system on their organization's
production network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/2001/January/News375.html


CRYPTO-POLITICS: DECODING THE NEW ENCRYPTION STANDARD
his fall the Department of Commerce announced its choice for the Advanced
Encryption Standard (AES): the Rijndael algorithm. The first-of-its-kind
international competition for the proposed new Federal Information Processing
Standard included 15 entries by leading cryptographers from 12 countries.
Sun Microsystems' Whitfield Diffie and Susan Landau, renowned authors
and encryption experts, provide exclusive commentary on the AES, the
political victory it represents, and why it heralds a new era in cryptography.
They also discuss the government's new willingness to allow the export of
strong encryption and the FBI's Internet surveillance program, Carnivore.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sun.com/research/features/encryption/


YEAR 2000 SECURITY ROUNDUP
The year 2000 highlighted the need for business to better co-ordinate internet
security - as global losses due to network downtime looked likely to top the
trillion dollar mark according to research. It was the year viruses such as the
Love Bug alone caused billions of pounds of damage, customers credit card
details were left exposed on the web and companies everywhere were
embarrassed at home and overseas by hackers, crackers and more hardened
cyber criminals. Even Microsoft was caught with its pants down, although the
Redmond giant claimed the crown jewels of its software line up had not been
exposed by the breach of the firm's network security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.uk.internet.com/Article/101126


HACKERS ASSASSINATE GAME CHARACTERS
Online gamers saw their champion characters mercilessly killed off by computer
hackers who gained access to their players through a security hole in Blizzard
Entertainment's games server. Last week infiltrators exploited a vulnerability in
the sign-in system to gain access to numerous player accounts. At first they
began to discard valuable items belonging to these players but later began
disposing of some of the games top characters. According to some reports,
eight out of the top ten players were assassinated.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/0/ns-19961.html
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.bbc.co.uk/hi/english/sci/tech/newsid_1097000/1097330.stm


CROSSING THE WIRELESS SECURITY GAP
Most organizations would prefer to support only a single security model for
e-commerce, preferably the Internet model in use today, notes Jeff Reed,
vice president of e-commerce consulting firm Logical. E-commerce in the
wired world today relies primarily on SSL, which is used to transmit
everything from personal identification numbers and passwords to
credit card numbers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_340748_1794_9-10000.html


ECOMMERCE OUTFITS LEAVE SECURITY ON THE BACKBURNER
Security policies in large organisations are failing to cope with the rigours of
ecommerce, leaving IT managers claiming ebusiness plans and security
strategies are out of step. According to research by market analyst house
Xephon, the host of high-profile security blunders that occurred last year
knocked the confidence of consumers and made other companies think
twice about developing their own ebusiness strategies.
Link: http://www.silicon.com/public/door?REQUNIQ=978478057&6004REQEVENT=&REQINT1=41756


CHINA PASSES INTERNET SECURITY LAW
The 19th Session of the Standing Committee of the Ninth National People's
Congress (NPC) passed a resolution on maintaining the security of computer
networks on Dec. 28. The resolution makes it a criminal offense to commit
any of following actions, according to the China News Service: Entering
computer information networks involved with national affairs, national
defense or advanced technology...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://asia.internet.com/biz/2001/01/0102-COL.html


DENNIS MORAN AKA COOLIO PLEADS GUILTY
"Coolio", who was briefly linked to a highly publicized series of hacking attacks
against major companies pleaded guilty to three misdemeanors. He broke into
rsa.com, operated by Internet security company RSA Security Inc., and
dare.com, an anti-drug site connected to the Los Angeles Police Department.
If a judge approves a plea agreement, Moran will serve nine months to a year
in jail and pay $5,000 in restitution to each of three victims.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.salon.com/tech/wire/2001/01/02/coolio/index.html


HACKER MELTDOWN FAILS TO MATERALISE
The widespread fear of a concerted distributed denial of service attack over
the holiday season thankfully failed to materialise, but security experts are
still at odds over how serious the threat was. Fears about an attack similar
to that which swamped prestige internet sites such as Yahoo and eBay led
the National Infrastructure Protection Center - the FBI's cyber crime busters
- to issue an alert urging security administrators to bolt up their security
hatches.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15766.html


COMMENTARY: ARE WE READY FOR A CYBER-UL?
Security expert Bruce Schneier takes a dim view of the Center for Internet
Security's plan to emulate the example of Underwriters Laboratories (UL)
when it comes to rating network security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/comment/0,5859,2669664,00.html


Y2K BUG BELATEDLY BITES NORWAY TRAINS
The Y2K computer bug bit Norway's national railroad company later than
expected. The bug was discovered when none of the company's new 16
airport express trains or 13 high-speed, long-distance Signatur trains would
start early Dec. 31. The computers on board the trains apparently did not
recognize the date, something not anticipated by experts who checked the
systems thoroughly last year in anticipation of problems feared worldwide
when the clocks rolled to Jan. 1, 2000, a spokesman said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nandotimes.com/technology/story/0,1643,500295238-500469842-503172996-0,00.html


INSIGHTS ON OPEN SOURCE RELEASE ENGINEERING
"NetBSD 1.5 was released a few weeks ago, and after the dust has settled a
bit now, we were able to get hold of Todd Vierling to tell us more about the
1.5 release engineering process. Todd was one of the release engineers who
did most of the work in the "hot" phase of the 1.5 release cycle - here's an
interview with him, and your chance to get some insight into the details of
the release engineering process of a major Open Source project!"
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.daemonnews.org/200101/interview-tv.html


SECURITY'S HARD KNOCKS
"A few months ago, I learned a hard lesson about hiring practices. My
colleagues and I found ourselves with a technician who just wasn't working
out. The fellow was habitually late and didn't take responsibility seriously so
we said goodbye. End of story. Or so we thought.Next thing we knew we got
a call from a police officer who frequently works with us. "You know that guy
who was working for you?" he asked. "Well, he's got a criminal record as long
as my arm. Didn't you run a background check?" Whoops. Now that's a security
problem, isn't it? Not quite as sexy as the latest IIS exploit, but bad enough."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nwc.com/1201/1201colfeldman.html


TEENAGE COMPUTER HACKERS HIRED AS CYBER COPS
The National Cyber Cop Committee, which has been set up by the software
industry, is to be advised by a group of hackers between the ages of 14 and
19. Dewang Mehta, president of India's National Association of Software and
Service Companies, said only a hacker could enter the mind of another hacker.
"They will tell us where our soft spots are - where government and industry
websites are most vulnerable, thus helping us strengthen our e-security,"
Mr Mehta told BBC News Online.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/culture/0,1284,40951,00.html


OUT-OF-BAND SIGNALING
Well, it's the new millennium (for real this time) and we're still alive (what to
do with all that canned food?). Much has changed in the last 10 years. The
digital computer revolution finally happened, and we are now sticking computer
chips in everything from children's toys and toasters to army trucks and body
armor, to mention nothing of the spread of desktop, server and appliance
computers. And as many of us know, computers are much more useful
when networked together.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/closet/closet20010103.html


MCAFEE: NO VIRUSES REPORTED DURING HOLIDAYS
Because many businesses were closed between Christmas and New Year,
viruses could have struck as offices went back online this morning. Nothing
has happened so far, however. "There was absolutely no outbreak of viruses
this morning. We did not get any problem reports at all from Europe or Asia.
I expect it to stay quiet," said Marius van Oers, virus research engineer at
McAfee, a division of Network Associates.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/computing/01/03/no.christmas.viruses.idg/index.html


EMULEX SCAMMER TO SEE SLAMMER
A 23-year-old college student faces almost four years in prison after pleading
guilty to posting a fake news release which led to one of the Web's biggest-
ever stock manipulation frauds. Mark Simeon Jakob, admitted to perpetrating
the hoax last August in a bid to avoid losing $97,000 in an investment in Emulex
Corp. stock, according to a Reuters report today, which noted that the press
release was designed to topple Emulex's share price, netting him more than
$241,000 in profits while biting other investors to the tune of $110 million.
The scheme caused Emulex to drop by 62 percent on the Nasdaq, plunging
to $42 from $110 per share.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/01/03/news3.html


IDS EVASION WITH UNICODE
Recently, there has been much discussion of the Unicode problem with regard
to intrusion detection. Some pundits have gone so far as to claim that Unicode
will contribute to the demise of Intrusion Detection Systems (IDS). This article
by Eric Hacker will explain what Unicode is, how it complicates IDS and provides
opportunities for IDS evasion, and what can be done about it. This discussion
will focus particularly on the role of UTF-8, a means by which Unicode code
points are encoded, in circumventing IDSs.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/utf8.html


VIRUS INFECTION RATES SOAR
The number of email viruses soared last year to the point where one in 700
emails was infected, according to a survey by a firm which scans electronic
communications for malicious code. MessageLabs, which scans over 3 million
emails per day, said it had detected and stopped an average of one email
virus every three minutes during 2000. In some months, the number of
viruses per email reached one in 700, up from one in 2000 at the start
of the year.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/4/15751.html


NAVIDAD VIRUS AT LARGE AGAIN
A variation of the Navidad virus has been discovered in the wild according
to anti-virus vendor Sophos. W32/Navidad-B is a variant of the original
W32/Navidad email virus, which arrives in an email message containing an
attachment called EMMANUEL.EXE. Once the attached program is launched,
it attempts to read new email messages and to send itself to the senders'
addresses.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.silicon.com/a41776


CYBER ATTACKS PROVE COSTLY
As the computer industry intensifies, so does the amount of cyber attacks.
Many Web sites are open to all sorts of "web hacking." According to the
Computer Security Institute and the FBI's joint survey, 90% of 643 computer
security practitioners from government agencies, private corporations, and
universities detected cyber attacks last year. Over $265,589,940 in financial
losses were reported by 273 organizations. How do we limit the possibilities
of being a victim of a cyber attack?
Link: http://www.linux.com/newsitem.phtml?sid=1&aid=11505


WATCH OUT FOR CYBER-TERRORISM AND VIRUS MUTATIONS
Cyber-terrorist activity and new delivery mechanisms for the transmission of
virus mutations will be among the next wave of significant information security
trends to affect businesses, organizations, and even individual users, according
to Predictive Systems, a network infrastructure consulting firm. "Advances in
technology, insider knowledge, inadequate security precautions - all are
contributing to a new generation of criminal cyber behavior that could have
a potentially devastating impact on companies and even individuals that fail
to take steps to protect themselves," said Dr. Terry Gudaitis, a cyber crime
profiler for Predictive Systems.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnetasia.com/news/dailynews/story/0,2000010021,20170094-1,00.htm


MACROMEDIA INVESTIGATES FLASH SECURITY
Software giant Macromedia is investigating reports that its Flash Player plugin
for Internet browsers could allow malicious hackers access to computers
connected to the Internet.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/0/ns-20009.html


THE SPAM-TASTIC YEAR 2000
Sadly, and despite the best efforts of a few dedicated spam fighters, unsolicited
commercial e-mail seems to be getting worse. The average business e-mail user
receives three spam messages a day, and in three years that number will swell
to 40. According to Ferris Research, in 2003 we'll waste 15 hours deleting e-mail,
compared to 2.2 hours in the year 2000. That will cost the average business in
the future $400 per in-box, compared to $55 today. Spam can even threaten
privacy or bring viruses to your system.
Link: http://www.pcworld.com/news/article.asp?aid=37402


FREEBSD IPSEC MINI-HOWTO
This document is intended to be a primer on how to get IPsec on FreeBSD up
and running, interoperating both with another FreeBSD (or NetBSD or any other
KAME-derived stack) machine, and a Windows 2000 machine. IPsec is a means
to secure IP layer communications between hosts, and can secure both IPv4
and IPv6 traffic. Only IPsec over IPv4 will be discussed here.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://ezine.daemonnews.org/200101/ipsec-howto.html


MALAYSIA PROBES HACKING
Malaysian police are investigating how hackers infiltrated parliament's website
in an intrusion that was overlooked for days until the opposition pointed it out
to the media. The break-in, as well as the delay in discovering it, has some
Malaysians criticising what they believe is lax vigilance in a country seeking
to be a regional high-tech centre.
Link: http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT382ZCTKHC&live=true&tagid=ZZZC19QUA0C&subheading=asia%20pacific


MICROSOFT HACKER FIRED
The hacker who made Microsoft look foolish in November by breaking into its
servers through a known security hole has been fired by his company Getronics.
He was fired after a court case. Getronics terminated Dimitri Van de Glessen's
one-year contract but there is no Netherlands law that allows a company to
fire members of staff for hacking in their private time, so both parties went
to court to resolve the issue.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15802.html


TECH GIANTS, FBI JOIN FORCES TO COMBAT HACKERS
IBM and more than 500 other companies have joined forces with the FBI to
fight cybercrime. The system, called InfraGard, lets the FBI and the companies
alert each other and share information about attacks by intruders and how
to protect against them.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1005-200-4388133.html


NASA NOT AMUSED BY WEB VANDALISM
NASA said Friday it nabbed an Internet vandal who allegedly broke into one
of its Web sites and left a message urging the space agency to beef up security.
Link: http://www.zdii.com/industry_list.asp?mode=news&doc_id=ZD2671675


INSTALLING FIREWALL CAN KEEP THE PC BAD GUYS AT BAY
Ron Trepanier knew that the Internet could be a dangerous place, but it wasn't
until he installed a personal firewall that he realized his home computer was
coming under daily attack. The mechanical engineer, who lives outside Toronto,
recently documented 30 attempts to gain access to his PC through his high
speed DSL connection during a single week. As broadband Internet access
becomes more common, cyber-trespassers are increasingly taking advantage
of the speedy, "always on" connections to probe for unprotected machines.
"People can come in, they can steal, modify or put things on your computer,"
warns Sam Curry, security architect for McAfee.com, a provider of security
software. "They can cause your system to reboot or not talk properly on
the Internet."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www0.mercurycenter.com/svtech/news/indepth/docs/fire010701.htm


LINUX VENDORS BEGIN KICKING TIRES OF 2.4 KERNEL
Linus Torvalds and his merry Linux band released the 2.4 kernel - less than a
week after posting one pre-release version but nearly a year behind schedule.
The market has been anxiously awaiting the final release, which can be
downloaded from kernel.org, even though some of the features found in
the kernel have already made their way into vendors' current Linux offerings.
However, vendors are being cautious about detailing exactly when the kernel
itself will find its way into their lineups.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2671593,00.html


FIRST HYPERTEXT VIRUS FOUND
Central Command says it has uncovered the first script virus that can
execute in a hypertext server environment. The good news is that the virus,
PHP.NewWorld, has no payload and is not self-propagating. Steve Sundermeier,
Central Command's product manager, told Newsbytes the appearance of the
virus is worrisome, since it is a "proof of concept" virus for the hypertext
preprocessor (PHP) scripting language. "If you look back at the development
of scripting viruses, right through to Loveletter, you'll see that they all started
with proof of concept versions," he said, adding that, once a proof of concept
edition of a virus has been created, it is a few short steps for other hackers to
add payloads and other destructive attributes to the program.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/160115.html


CRYPTO
Who can resist innovations like mobile phones and networked computers? They
put anyone, anywhere, within earshot, and zip information - whether an
unabashed declaration of love, a medical chart or a detailed plan for a
product rollout - around the globe in a heartbeat. Unfortunately, it’s all
too easy for corporate eavesdroppers, nosy neighbors with a nerdy streak
or government snoops to snap up those messages and conversations en
route to their legitimate recipients. We think we’re whispering, but we’re
really broadcasting.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/511696.asp


COLLEGE STUDENT ARRESTED
Taiwan's Criminal Investigation Bureau (CIB) announced Friday that its computer
crimes division had arrested a local college student for allegedly creating and
spreading the island's first "trojan" program called BirdSPY.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.chinatimes.com.tw/english/esociety/90010501.htm


NEW CONGRESS TO PUSH PRIVACY
Though the 107th Congress is evenly split between the two major parties and
has the potential to act as a house divided, legislators are confident that they
will pass a series of tech bills including one protecting individuals' privacy online.
A panel of senators and representatives speaking at the Consumer Electronics
Show on Sunday discussed plans to rapidly introduce legislation concerning
telemedicine, broadband regulation, the digital divide and encryption.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,40965,00.html


CPS-2 ENCRYPTION SCHEME BROKEN
Acheon writes at Slashdot: "The CPS-2 arcade board from Capcom uses some
hard encryption scheme that has been a very hot issue in emulation for years.
Yet finally the code was broken Final Burn, a quite recent arcade emulator,
showed concrete results by running previously unsupported games such as
Street Fighter Zero using decrypted ROM images. The CPS-2 Shock Team,
who managed to reverse engineer the process for scratch, really outdone
themselves and it is a very uncommon achievement."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://slashdot.org/articles/01/01/07/0246252.shtml


A ROUNDTABLE ON BSD, SECURITY, AND QUALITY
Contributing Editor Jack Woehr moderated a roundtable at the recent USENIX
Security Symposium 2000. The participants, Theo deRaadt, Todd Miller, Angelos
Keromytis, and Werner Losh, discussed several topics, including the evolving
distinction between Linux and BSD and the notion that reliability and security
are achieved through simplicity.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ddj.com/articles/2001/0165/0165a/0165a.htm


BUILD A FLOPPY FIREWALL
"Here's how I turned an unused PC into a packet-filtering firewall using a
package called floppyfw. The firewall boots off a single floppy, runs completely
in RAM, and uses ipchains for the filter rules. It also does IP masquerading, port
forwarding, and can log to a remote host using syslog. All this in a machine with
as little as 8 MB of RAM and no hard drive!"
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.samag.com/linux/articles/v10/i01/a10.shtml


DISTRIBUTED REAL-TIME SECURITY MONITORING
Programmers and software developers interested in security applications for
component technology should keep tabs on work underway at Stanford
Research Institute International (SRI). SRI has been tasked by the Defense
Advanced Research Projects Agency (DARPA) to develop ways to use
component technology to distribute real-time security monitoring throughout
enterprise networks. According to Phillip Porras, program director of network
security for SRI, the components emerging from DARPA's project, aptly named
the Event Monitoring Enabling Responses to Anomalous Live Disturbances
(EMERALD), are capable of providing anomaly and misuse detection for
networks of all sizes.
Link: http://www-106.ibm.com/developerworks/library/co-emrld.html?dwzone=components

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

WINROUTE PRO MAIL SERVER
The problem is that the current version of the WinRoute mail server does not
support any form of secure logon authentication. This means that user's
Windows logon credentials are being sent to the mail server in plain text.
Anyone placing a packet sniffer on the network could totally compromise
domain and/or firewall security by capturing traffic destined to the mail
server and extracting user logon names and passwords. The problem is
even worse if the company is allowing roaming users to access their
POP3 mailboxes from the Internet.
Link: http://www.net-security.org/text/bugs/978458586,12029,.shtml


MAC OS 9 VULNERABILITY
Mac OS 9.04 comes with a 'Multiple Users' Control Panel that allows an
administrator (called 'Owner') to create user accounts (called 'Normal'
users) with limited access to the computer. The problem is that the
Owner password can be removed by a Normal user by moving the
'Users & Groups Data File and logging back in using the Owner
account, giving full access to the machine.
Link: http://www.net-security.org/text/bugs/978491537,95827,.shtml


WINDOWS MEDIA PLAYER 7 AND IE VULNERABILITY
There is a security vulnerability in Windows Media Player 7 exploitable thru IE
which allows reading local files which in turn allows executing arbitratrary
programs. This may lead to taking full control over user's computer.
Link: http://www.net-security.org/text/bugs/978491554,22622,.shtml


WINROUTE PRO AND MEMORY PROTECTION
I have discovered that the WinRoute installer disables memory write protection
under Windows 2000. WinRoute refuses to run if memory write protection is
enable. Memory write protection enabled is the default for Windows 2000.
Link: http://www.net-security.org/text/bugs/978491829,39449,.shtml


IBM WEBSPHERE COMMERCE SUITE VULNERABILITY
IBM WCS is bussiness suite, after install it. A file named admin.config will be
produced, The user name and password to access that suite connect database
will be include in this file. and this file access right is -rwxr-xr-x, So local
usercan access it, and run some aibitrary command to get root right.
Link: http://www.net-security.org/text/bugs/978634842,97432,.shtml


THE BAT! DIRECTORY TRAVERSAL VULNERABILITY
The Bat! doesn't allow filename of attached file to contain '\' symbol, if name is
specified as clear text. The problem is, that this check isn't performed then
filename specified as RFC's 2047 'encoded-word'.
Link: http://www.net-security.org/text/bugs/978700177,39196,.shtml


CONECTIVA LINUX - SLOCATE UPDATE
"slocate" is a program which catalogues existing files and allows for a quick
lookup later. There is a vulnerability present in previous versions. By giving it
a crafted database, an attacker could make slocate execute arbitrary code
as the "slocate" user. Additionally, a bug which caused slocate to segfault
with large pathnames was fixed.
Link: http://www.net-security.org/text/bugs/978700190,91550,.shtml


NEWS DESK 1.2 CGI VULNERBILITY
Adding the string "/../" to an URL allows an attacker to view any file on the
server, and also list directories within the server which the owner of the
vulnerable httpd has permissions to access.
Link: http://www.net-security.org/text/bugs/978700223,88942,.shtml


FRONTPAGE PUBLISHING DOS
Any current NT server running IIS with Frontpage server extensions (which are
installed by default) is vulnerable a remote DoS (Denial of Service). The
vulnerability stems from Frontpage improperly handling queries to Frontpage
Authoring (author.dll) modules as well as shtml calls. It is possible for a
remote attacker to send a malformed query to those modules which will
cause Frontpage to crash which will then in turn bring down inetinfo.exe
on Windows NT 4.0 systems.
Link: http://www.net-security.org/text/bugs/978700238,93337,.shtml


VULNERABILITY IN FASTGRAF WHOIS.CGI
The whois.cgi script of Fastgraf has almost no metacharcterchecking which
enables attackers to execute commands as uid of the webserver.
Link: http://www.net-security.org/text/bugs/978806584,91924,.shtml


LOTUS DOMINO 5.0.5 WEB SERVER VULNERABILITY
Lotus Domino Web Server under Windows 2000 (have not tested other
versions) allows reading files outside the web root. The problem are URLs like:
http://TARGETDOMINO/.nsf/../winnt/win.ini
which read c:\winnt\win.ini.
Note that above URL does not work in IE - for some strange reasons IE
strips .nsf/../ so try it from Netscape or direct HTTP request.
Link: http://www.net-security.org/text/bugs/978806599,44296,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

WRAP-UP OF THE DATA SECURITY YEAR - [02.01.2001]

F-Secure, a leader in centrally managed security solutions for the mobile,
distributed enterprise, today summarised that the year 2000 was the year
when computer safety became a household word. Viruses, worms, trojans
and hacking and denial-of-service attacks, not to mention the Y2K scare,
induced a state of dread to savvy and novice computer users alike and
kept computer security companies on their toes. Unfortunately, the future
looks no brighter, says Mikko Hypponen, Manager of Anti-Virus Research
at F-Secure Corporation. The "bad guys" and their tricks are here to stay.

Press release:
< http://www.net-security.org/text/press/978406440,3287,.shtml >

----------------------------------------------------------------------------

CONFERENCE ON E-LAW AND RULES OF CYBERSPACE - [02.01.2001]

Michigan Attorney General Jennifer Granholm will keynote Michigan's first ever
conference on e-law and the emerging rules of cyberspace, Tuesday, February
6, 2001, at the Kellogg Center at Michigan State University in East Lansing.
Granholm, one of the nation's leaders in cyber-law is aggressively enforcing
cyber-law violations and is dramatically affecting how business is conducted
on the web.

Press release:
< http://www.net-security.org/text/press/978406520,2839,.shtml >

----------------------------------------------------------------------------

NO CAUSE FOR ALARM - [02.01.2001]

Despite recent publicity about computer security breaches, most chief
information officers (CIOs) believe their enterprises are relatively safe
from internal and external security violations. In a recent survey, 91
percent of CIOs polled said they are confident about the security of
their corporate networks.

Press release:
< http://www.net-security.org/text/press/978406674,54729,.shtml >

----------------------------------------------------------------------------

PNC BANK SELECTS XCERT PKI TECHNOLOGY - [03.01.2001]

Xcert, a leading provider of software products for securing business-to-
business transactions and communications over the Internet, announced that
PNC Bank, a member of the PNC Financial Services Group, has selected Xcert
Sentry Public Key Infrastructure (PKI) and digital certificate technology to
enable a secure Web interface for 25,000 employees.

Press release:
< http://www.net-security.org/text/press/978491939,13466,.shtml >

----------------------------------------------------------------------------

ZIXMAIL WINS PC MAG EDITORS' CHOICE AWARD - [03.01.2001]

ZixIt Corporation, premier provider of products and services that bring privacy
and security to Internet communications, today announced that its flagship
product, ZixMail, has won PC Magazine's Editors' Choice award in the email
security category.

Press release:
< http://www.net-security.org/text/press/978491978,24290,.shtml >

----------------------------------------------------------------------------

TOP TEN VIRUSES IN DECEMBER 2000 - [05.01.2001]

This is the latest in a series of monthly charts counting down the ten most
frequently occurring viruses as compiled by Sophos, a world leader in
corporate anti-virus protection.

Press release:
< http://www.net-security.org/text/press/978699334,25908,.shtml >

----------------------------------------------------------------------------

NETWORK-1 ALLIANCE AGREEMENT WITH EDS - [05.01.2001]

Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention
solutions for e-Business networks, announced an alliance agreement with EDS,
the leading pure-play global services company that offers corporations and
government clients a scalable, safe, secure extranet for their growing
e-Business strategies.

Press release:
< http://www.net-security.org/text/press/978699510,3594,.shtml >

----------------------------------------------------------------------------

SECURIFY RECEIVES INVESTMENT FROM ISS - [05.01.2001]

Securify, Inc., a leading provider of security services for interconnected
businesses, publicly announced an investment from Internet Security Systems
(ISS). The investment is part of Securify's $34 million Series "A" private equity
financing which closed in October 2000. Other investors include Spectrum Equity
Investors, Pequot Capital, GemVentures, the venture fund arm of the smart card
solutions provider Gemplus, and Bayview Investors, an affiliate of Robertson
Stephens.

Press release:
< http://www.net-security.org/text/press/978699611,90829,.shtml >

----------------------------------------------------------------------------

RSA KEON CERTIFICATE SERVER AND OPSEC - [05.01.2001]

RSA Security Inc., the most trusted name in e-security, announced that RSA
Keon Certificate Server 5.5 -- RSA Security's digital certificate management
system designed to add trust to e-business applications -- has been certified
by Check Point Software Technologies' Open Platform for Security (OPSEC)
Alliance. OPSEC certification testifies that RSA Security's Keon Certificate
Server is interoperable with Check Point's Secure Virtual Network (SVN)
architecture and a wide number of other security components available
today.

Press release:
< http://www.net-security.org/text/press/978699729,61387,.shtml >

----------------------------------------------------------------------------

BIG INTEREST IN MCAFEE.COM .NET SERVICES - [08.01.2001]

McAfee.com a leading security Application Service Provider (ASP), announced
that over 1,000 companies worldwide have registered to evaluate McAfee.com's
.NET services for businesses. Launched in November during the Fall COMDEX
show, McAfee.com's .NET Initiative provides corporations a managed application
service delivering industrial-strength desktop security, helpdesk and productivity
services over the Internet. As a result, McAfee.com became the first company
to deliver a comprehensive set of IT-centric application services that allow
businesses to effortlessly secure, support and enhance their desktop and
mobile computing platforms.

Press release:
< http://www.net-security.org/text/press/978916365,87133,.shtml >

----------------------------------------------------------------------------




Featured article
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

----------------------------------------------------------------------------

ACTIVISM, HACKTIVISM, AND CYBERTERRORISM: THE INTERNET AS A TOOL
FOR INFLUENCING FOREIGN POLICY by Dorothy E. Denning

The purpose of this paper is to explore how the Internet is altering the
landscape of political discourse and advocacy, with particular emphasis
on how it is used by those wishing to influence foreign policy. Emphasis
is on actions taken by nonstate actors, including both individuals and
organizations, but state actions are discussed where they reflect foreign
policy decisions triggered by the Internet. The primary sources used in the
analysis are news reports of incidents and events. These are augmented
with interviews and survey data where available.

Read more:
< http://www.net-security.org/text/articles/tool.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org

----------------------------------------------------------------------------

INTEGRATE LINUX SOLUTIONS INTO YOUR WINDOWS NETWORK

In this day of ever-evolving technology, people are looking to migrate and
integrate from what they have to something better, faster, and cheaper.
These technological advances also make it easier for network administrators
to integrate various Linux solutions that best fit their particular situation. For
that reason, Integrate Linux Solutions into Your Windows Network offers many
ways to use Linux technology to increase the reliability and cost-effectiveness
of a network. Inside you will find what you need to know to upgrade gradually
so that the process is invisible to the end user. Administrators at all levels will
find this book focuses on the issues that face them and is full of sound solutions
to make Linux operational in their networks.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0761527915/netsecurity >

----------------------------------------------------------------------------

LINUX FOR WINDOWS NT/2000 ADMINISTRATORS: THE SECRET DECODER RING

In large part, this book comes across as Linux for the Reader Who Has a Clue.
Minasi enumerates the tasks that system administrators typically have to
carry out. Examples of these include installing software and manipulating
the privileges of users and groups. He explains how to do those jobs in
various Linux environments, and addresses himself to Windows experts
who'll need a bit of background, but don't require babying. Minasi doesn't
explain why you'd want to install applications, but rather explicitly the
mechanics of installing RPM packages and tarballed source code. He
states flatly that most people will be happy with a precompiled kernel -
that's what works for Windows, after all - but shows how to build your
own, anyway. Topics covered: Linux 2.2, explained in terms that Windows
adepts can understand easily. Staying rather distribution-neutral, the book
explains how to install Linux, use it in single-user workstation mode, and
configure it as a network operating system. System administration tasks--
software maintenance, user management, network troubleshooting, and
so on - get top billing, although an ongoing comparison of Linux and the
Wintel platform is important, too.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0782127304/netsecurity >

----------------------------------------------------------------------------

LINUX SYSTEM ADMINISTRATION BLACK BOOK

Linux Administration Black Book provides immediate solutions to the most common
Linux installation and configuration tasks. The book presents strong coverage of
kernel configuration, networking, system security, Internet services, LAN services,
file systems, and much more. It also explains the complexities of upgrading an
existing Linux installation and rebuilding from source. This book covers use of the
most common major Linux servers and utilities, including Apache, Sendmail,
majordomo, DHCP, Samba, ISC BIND, and Coda.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1576104192/netsecurity >

----------------------------------------------------------------------------

MANAGING CISCO NETWORK SECURITY

Don't wait until it's too late to find out you have security holes in your Cisco
network. As security threats to enterprise networks continue to mount, it is
critical that network managers know how to properly deploy and configure the
Cisco Secure family of products. This book describes in detail how to detect
network security incidents, measure vulnerability and policy compliance, and
manage security policy across an extended organization. Readers will find
coverage of the following security products which make up the Cisco Secure
line: Cisco Secure PIX Firewall, Cisco Secure Access Control Server, Cisco
Secure Integrated Software, Cisco Secure Scanner, Cisco Secure Integrated
VPN Software.

Book:
< http://www.amazon.com/exec/obidos/ASIN/1928994172/netsecurity >

----------------------------------------------------------------------------

THE CONCISE GUIDE TO XFREE86 FOR LINUX

The Concise Guide to Xfree86 for Linux is the first book on the market that
gives you the expert-level information you need to understand, configure and
administer Xfree86 (also referred to as "X"). X provides the infrastructure for
graphical environments like KDE and Gnome. This book addresses the high-
level information need that has arisen as support personnel are required to
troubleshoot and support all facets of Linux. Topics covered: All aspects of
XFree86 for Linux, including elementary installation and configuration but with
emphasis on advanced capabilities and little-known features. Special attention
goes to hardware configuration (keyboard, mouse, and video display), the X
way of thinking about fonts and colors, and the relationships between XFree86
and various software that runs on top of it.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0789721821/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

TROJAN SECURITY 1.5

Trojan Security monitors 12 different ports where Trojans are known to be
installed. When an intruder attempts to connect to the port, Trojan Security
alerts you and relays information about the attack and the attacker. It also
disconnects the intruder.

Info/Download:
< http://net-security.org/various/software/978188506,40891,.shtml >

----------------------------------------------------------------------------

POWER CRYPTO 1.3

From the developer: "Use Power Crypto to secure sensitive files and text
messages. It's fast and easily mastered, and it handles even very large text
files with grace and ease. Power Crypto provides two basic options -- you
can browse for one or more files to encrypt, or paste in a text message. In
the first instance, you'll need to select a destination for the encrypted file
(you can also choose to overwrite the original), while in the second, you
can simply copy and paste the encrypted message as needed, for example
into emails. Power Crypto uses keys up to over 130.000 in bit length and
gives you a great deal of control over the particulars. A key generator
supplies you with superior suggestions for long and complicated keys,
which are referenced to by easy-to-remember nicknames. Much is done
to optimize the security levels, and you are also encouraged by the "help"
to think about what are needed to maintain a high level of security."

Info/Download:
< http://net-security.org/various/software/978188614,38610,.shtml >

----------------------------------------------------------------------------

DELETING COOKIES 1.00

From the developer: "This program will find all cookies from your hard drive and
give you option to delete all with onw click or you can select the cookies you
want to delete. It can delete all temporary internet files It will work on Windows
95/98/NT and Windows 2000 in Windows 2000 it will not give you all options.
But it works just fine."

Info/Download:
< http://net-security.org/various/software/978188687,91379,.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[01.01.2001] - Ministerio de Agricultura y Ganadería del Ecuador
Original: http://www.mag.gov.ec/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.mag.gov.ec/

[01.01.2001] - JVC (UK) Ltd
Original: http://www.jvc.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.jvc.co.uk/

[01.01.2001] - Committee of Safety for the USA
Original: http://www.committee.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.committee.org/

[01.01.2001] - University of Technology, Sydney
Original: http://groundwater.ncgm.uts.edu.au/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/groundwater.ncgm.uts.edu.au/

[01.01.2001] - Sony Electronicos de Mexico
Original: http://www.sonystyle.com.mx/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.sonystyle.com.mx/

[01.01.2001] - EgyptAir
Original: http://www.egyptair.com.eg/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.egyptair.com.eg/

[02.01.2001] - Indra Gandhi Centre for Atomic Research
Original: http://igcar.ernet.in/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/02/igcar.ernet.in/

[03.01.2001] - Pepsi Cola UK
Original: http://www.pepsi.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/03/www.pepsi.co.uk/

[03.01.2001] - SFOR
Original: http://www.sfor.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/03/www.sfor.org/

[04.01.2001] - Game News Network - Switzerland
Original: http://www.gnn.ch/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.gnn.ch/

[04.01.2001] - Faculty od Economics Skopje, Macedonia
Original: http://www.eccf.ukim.edu.mk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.eccf.ukim.edu.mk/

[04.01.2001] - Belgium State Archives
Original: http://www.arch.be/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.arch.be/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:

Help Net Security staff

staff@net-security.org
http://net-security.org

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT