Copy Link
Add to Bookmark
Report
Net-Sec Issue 056
HNS Newsletter
Issue 56 - 26.03.2001
http://net-security.org
http://security-db.com
This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter
Current subscriber count to this digest: 2085
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security software
6) Defaced archives
General security news
---------------------
----------------------------------------------------------------------------
FBI ISSUES WARNING OVER 'STICK'
The Internet crime division of the FBI issued a vaguely-worded warning last
week about an alarming new tool soon to be available to computer criminals.
The tool--called "Stick" - essentially disarms intrusion detection systems...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2697767,00.html
PGP DESKTOP SECURITY
PGP Desktop Security 7.0 is the first and only security product to combine
personal firewall, intrusion detection, VPN client, and encryption technologies
into a single solution that fully protects computers against intruders and
theft/loss of data.
Link: http://www.security-db.com/product.php?id=115&cid=23
BUILDING A BRIDGING FIREWALL WITH LINUX
"The Linux kernels v2.2 and higher have support for Ethernet bridging. In a
bridge, all packets received by one interface are passed to the other, without
regard to source or destination IP address, by examining the Ethernet MAC
destination address of the packet. AC2I, a French company, distributes a
kernel patch that allows the ipchains packet filter to work on the bridged
interfaces. This configuration allows you to set up a firewall system that is
invisible to the Internet, yet provides a high level of protection and access
control for your private network. The remainder of this article explains the
steps necessary to get a bridging firewall up and running."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www2.linuxjournal.com/articles/misc/0041.html
REALIZING COMPUTER SECURITY: IF NOT NOW, WHEN?
Security is increasingly recognized as a necessity in today's highly competitive
environment. The trouble is that in practice, corporate security policies too
often pay only lip service to protecting data assets; in one security analysis
in my own practice, a corporate security policy consisted solely of the
statement, "The Company recognizes the importance of security in its
operations."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/securitynow20010319.html
PC CARD GIVES NOTEBOOK THIEVES THE FINGER
Toshiba has moved a touch closer to the future as depicted by sci-fi films
with the release of a fingerprint reader for notebooks. The imaginatively
ttled Fingerprint Reader is a PC card and will fit into any Type II slot. A
fingerprint reader is nothing new but Toshiba claims this one is the best
so far for security as it works at the BIOS level, rather than on top.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17731.html
LITTLE DAMAGE DONE BY PRO-PALESTINIAN VIRUS
A handful of companies have been hit by a computer virus named Injustice
that causes a victim's computer to send pro-Palestinian messages to 25
Israeli organizations and government agencies. The worm is largely benign
and does not damage data on the infected PC, but the flurry of e-mails its
sends to other computers could swamp a business' network, said Ian
Hameroff, business manager for security solutions at antivirus and PC
services company Computer Associates.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-200-5185169.html
COMPILING THE FREEBSD KERNEL
As with the Linux kernel, compiling the FreeBSD kernel is something of an
essential skill. The newly compiled kernel will give you access to your new
hardware. It will be your custom configuration. And finally, it will elevate
you a couple of points up the Guru scale. Read on for more on how you
can achieve all of the above.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.freeos.com/articles/3827/
REALISTIC EXPECTATIONS FOR INTRUSION DETECTION SYSTEMS
The emergence of IDSs causes some security commentators to see them as
a panacea, solving all of the complex and diverse threats to network security.
However, as does any weapon in the security arsenal, an IDS has limited
capabilities. To expect too much of an IDS places the user's network at risk.
This article will discuss reasonable expectations of Intrusion Detection Systems
(IDSs). Its purpose is to help users and potential users realize the increasing
importance of intrusion detection in all organizations, while also pointing out
the realistic outcomes to be expected from current IDS products. It will also
discuss those expectations that users may have of intrusion detection systems
that are unrealistic and, as such, may threaten the security of the user's network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/expect.html
FORENSIC CHALLENGE ENDED
Honeynet Project Forensic Challenge is finished. Organizers received 13
submissions from around the world and one team spent a total of 104
hours on their analysis...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://project.honeynet.org/challenge/results/
RANDOM PASSWORD GENERATION
If you let users sign up for accounts online, most likely you will be automatically
giving them temporary passwords after signup. Sometimes these passwords are
given out through email or instantly presented on a web page.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.swynk.com/friends/watkins/randompasswords.asp
PRIVACY SERIES - OVERVIEW
There has been a lot of news and noise about privacy online lately. Some
people seem to be getting very concerned that their online activities might
be monitored. As with many public issues, the focus is on the simple and
mostly harmless aspects of the problem. The really nasty issues are quietly
being largely ignored; in fact, most people are blissfully unaware of them.
This is unfortunate because as privacy erodes, people will become used to
the process, thus allowing it to erode further. This is the first article in a
series that I plan to work on over the next few weeks or months.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010321.html
BOB TOXEN'S LINUX SECURITY TIPS
Bob Toxen, the author of Real World Linux Security: Intrusion Prevention,
Detection, and Recovery, boasts an impressive résumé as a writer, developer,
creator, and software architect. Cameron Laird conducted a lively discussion
with Toxen on security, Linux hacking, open source development, and more.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxworld.com/linuxworld/lw-2001-03/lw-03-toxen.html
ASSOCIATED PRESS SITE ATTACKED
The Associated Press (AP) overnight joined the lengthening list of sites struck
by a Brazilian group of defacers... The news organization said its AP.org site
was attacked about 2:19 AM ET. The site carries information about the AP's
products and services.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1005-200-5202358.html
PGP INVENTOR SAYS ENCRYPTION FLAW MINOR
A flaw found by two Czech researchers in the popular OpenPGP digital signature
standard is real but relatively minor according to Phil Zimmermann, chairman of
the open-source group.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-200-5208418.html
INFORMATION DISCOVERY - SEARCHING AND PROCESSING
This is the eighth and final article in SecurityFocus.com writer Timothy Wright's
Field Guide for Investigating Computer Crime. The last installment introduced the
basics for the information discovery process. It then discussed three basic rules
of thumb that should act as guides for any information discovery, mentioning
along the way how each rule has a parallel in the world of physical search and
seizure. This installment will bring the series to a close by examining the final
two stages - searching for and processing data evidence.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ih/articles/crimeguide8.html
HOW TO HACK
"The first class of attackers probably forms more than 95% of the population, and
are often referred to as "script-kiddies". Beyond being able to use a computer and
having a very basic knowledge of networks and operating systems, script-kiddies
do not have much skill. They typically download packaged software (and in some
cases, precompiled software) that they then use to attack other computers.
Often, they do not even know how the software works, other than it will allow
them to gain access to other computers, or deny use of remote services (by
crashing the machine or simply flooding the link it is on)."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.samag.com/articles/2000/0011/0011e/0011e.htm
INTERNET SECURITY FIRMS HANGING TOUGH
Internet security companies, which specialize in deterring hackers, setting up
firewalls and delivering virtual private networks to corporations, are allegedly
recession resistant. The consensus view is that security is needed to keep
e-business moving. It's a necessity. But shares in companies such as Check
Point Software, Internet Security Systems and Netegrity have taken their
lumps of late as Wall Street frets about possible profit warnings.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-200-5207856.html
FBI'S CYBERDEFENSE UNIT GETS NEW LEADER
The FBI appointed one of its veteran investigators to head the bureau's
cyberdefense unit, as security experts and lawmakers on Capitol Hill continue
to debate how best to organize federal efforts to protect the nation's critical
infrastructure from a devastating cyberattack. FBI Director Louis Freeh
announced the appointment of Ronald Dick as the new head of the National
Infrastructure Protection Center (NIPC).
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://computerworld.com/cwi/story/0,1199,NAV47_STO58837,00.html
DEFACED: UK GOVT, EBAY, COMPAQ
The Register reports that several United Kingdom Government sites got defaced.
Govtalk.gov.uk was the hackers' main target as in particularly embarrassing
because that it is the site used by e-envoy Andrew Pinder to discuss within
government how to bring about the e-revolution. Also Alldas.de mirror list shows
that a subdomain on eBay.com was attacked today. Apocalypse Dow contributed
that Alldas.de, today mirrored two Compaq defacements...
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17778.html
GERMANS LAUNCH $5,000 CEBIT HACKER CHALLENGE
A German computer security firm is inviting hackers to break into its products
live at this year's CeBIT computer fair. Wibu will place its reputation on the line
by asking a group of "ethical" hackers to crack a file scambled with its encryption
technology. Although the event has been decribed as little more than a publicity
stunt by one UK computer security expert, it is sure to draw a crowd at this year's
show: the company is offering a prize of $5,000 to any hacker that can break its
copy protection system and decrypt a hidden message.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/11/ns-21758.html
DEVELOPERS CALL FOR WEB SECURITY STANDARD
A group of security developers has called for an industry standard for internet
security testing. The group, called Ideahamster, which includes a mixture of
security experts and developers, has suggested that the introduction of such
a standard would make it easier for users to judge security products. Security
firms currently use a number of different methodologies for testing their products.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://thebusiness.vnunet.com/News/1119548
EUROPEAN PARLIAMENT CONTINUES ECHELON INVESTIGATION
The European Parliament will continue its investigation into the Echelon spying
system today in Brussels. A temporary committee was set up half way through
last year when reports of the US, UK, Australia and New Zealand-sponsored
spying system entered wide circulation. The European Parliament will decide
what it should do regarding Echelon in a series of meetings, the second set of
which started today. The French are particularly upset about the spying system
- mostly because they're not part of it - and have started up their own rival
system. They also ran their own investigation into whether Echelon has been
used to spy on and influence important international business decisions. The
report decided they did and asked for greater encryption in Europe.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17800.html
MICROSOFT WARNS OF HIJACKED CERTIFICATES
Two digital certificates have been mistakenly issued in Microsoft's name that
could be used by virus writers to fool people into running harmful programs. In
this case, a person using the VeriSign-issued certificates could post a virus on
the Web that would appear to be from Microsoft but could actually be used to
wipe out a person's hard drive, for example.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-200-5222484.html
AN INTRODUCTION TO WEBLOGIC SERVER 6.0 FOR LINUX
If you develop Java on Linux, there is a good chance that you use WebLogic.
Discover the new features in version 6.0 and find tips on installing, configuring
and deploying that widely used server.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxworld.com/linuxworld/lw-2001-03/lw-03-weblogic.html
GETTING STARTED WITH TRIPWIRE
In this feature story, F. William Lynch outlines how to install and configure
Tripwire, Open Source Linux Edition. Tripwire is a very effective host intrustion
detection system. A crude yet effective intrusion detection system such as
Tripwire can alert systems administrators to possible intrusion attempts by
periodically verifying the integrity of a server's file systems. Systems intruders
will often use trojan binaries for login, su, ps, and ls, etc. to cover their tracks
and keep a low profile on the system. Under normal circumstances even astute
systems administrators may not observe the intrusion because the trojan binaries
mimic the system binaries so well.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/feature_story-81.html
APACHE INSECURITY REVEALS DIRECTORY CONTENTS
This weeks Security Alerts is out. "In this column, we look at buffer overflows
in icecast, Half-Life Dedicated Server, Solaris SNMP, ipop2d, ipop3d, and imapd;
format string vulnerabilities in icecast, mutt, Half-Life Dedicated Server, and
cfengine; temporary-file problems in the SGML-Tools package and Mesa; and
problems with Apache, several FTP daemons, a Solaris SNMP agent, vBulletin,
FTPFS, and Ikonboard."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.oreillynet.com/pub/a/linux/2001/03/20/insecurities.html
NSA'S RICE CALLS FOR JOINT WEB SECURITY EFFORT
The protection of the American infrastructure is an important part of the agenda
of the National Security Council, according to President Bush's National Security
Advisor, Condoleezza Rice. Speaking to industry and government leaders at the
Partnership for Critical Infrastructure of the US Chamber of Commerce annual
meeting in Washington, Rice said, "Today, the cyber economy is the economy.
And I don't mean the dot-coms. I mean virtually every vital service - water
supply, transportation, energy, banking and finance, telecommunications, public
health. All of these rely upon computers and the fiber-optic lines, switchers and
routers that connect them."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/163535.html
CEBIT - LET'S GO WIRELESS - WITH SECURITY, TOO
Cellular or wireless communications is seen as a hostile environment for security,
mainly because it's a radio-based platform. Most mobile phones use firmware-
based software, and it's difficult to authenticate a mobile user reliably without
less than seamless technology. Now, Baltimore Technologies is teaming with
Gemplus, the smart card vendor, and AU Systems, the firm behind Ericsson's
WAP technology, to offer what it says is the world's first digital signature
system that works over high-speed wireless networks such as GPRS.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/163542.html
MS PLANS A "SECURE PC" FOR AUDIO FILES
Microsoft's research division is busily inventing a mysterious beast called the
Secure PC, which is designed to win hearts, minds and wallets in the recording
industry by blocking unlicensed copying of digital music. We know that the
Secure PC exists at least as a concept, because it's listed as a project of
Microsoft research's cryptography group.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/4/17851.html
"LION" WORM COULD CAUSE SERIOUS DAMAGE
Lion is similar to the Ramen worm. However, this worm is significantly more
dangerous and should be taken very seriously. It infects Linux machines
running the BIND DNS server. It is known to infect bind version(s) 8.2, 8.2-P1,
8.2.1, 8.2.2-Px, and all 8.2.3-betas. The specific vulnerability used by the worm
to exploit machines is the TSIG vulnerability that was reported on January 29,
2001. The Lion worm spreads via an application called "randb". Randb scans
random class B networks probing TCP port 53. Once it hits a system, it checks
to see if it is vulnerable. If so, Lion exploits the system using an exploit called
"name". It then installs the t0rn rootkit which enables the attacker to wreak
havoc on the compromised machine.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sans.org/y2k/lion.htm
SECURITY ALERT SHAKES UP VERISGN
The security alert raised on Thursday by Verisign, after an individual posing as
a Microsoft employee managed to obtain two digital certificates, or online
signatures, has served only to compound existing fears.
Link: http://www.marketsandexchanges.com/index.asp?news=13490
ATTACKS ON GOVERNMENT SITES
Silicon reports that Government websites receive around 100,000 hits
from various cyber attackers every day. The source in this story, a
former government intelligence expert, said that around 30 per cent
of these are classified as "serious".
Link: http://www.silicon.com/public/door?REQUNIQ=985389196&6004REQEVENT=&REQINT1=43446&REQSTR1
OPEN SOURCE SECURITY
Network security appliances generally offer firewalling and/or virtual private
networking, and perhaps other services such as single sign-on (SSO) or
content filtering. Any or all of these functions are easily provided with almost
any open-source BSD-based OS or Linux. For example, Cobalt Networks uses
Red Hat Linux as its base OS. WireX Communications adapts and hardens Red
Hat Linux and then packages it into a software network appliance that can
be licensed for resale.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infosecuritymag.com/articles/march01/features1_open_source_sec.shtml
FAQ: MICROSOFT'S SECURITY BREACH
After two digital certificates were mistakenly issued in Microsoft's name,
consumers may wonder if they are now vulnerable to downloading software
from less-than-safe sources. Here are some frequently asked questions about
how digital signatures work,and the risks of downloading software from the
Internet.
Link: http://www.zdii.com/industry_list.asp?mode=news&doc_id=ZD5080023
P3P PRIVACY SUPPORT TO APPEAR IN EXPLORER
Microsoft has again committed itself to releasing a version of IE that includes
support for open standards that can make such software respond automatically
to a Web site's privacy policies. The Platform for Privacy Preferences Project
(P3P) has long been touted as offering Web surfers an opportunity to take
control of their personal information online, arming browser software with the
ability to scope out a site's approach to privacy before loading a single page.
However, the effort, led by the World Wide Web Consortium (W3C), has
languished while supporters waited for Web sites and browser makers to
implement the P3P protocols.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/03/23/news3.html
A BRIEF COMPARISON OF EMAIL ENCRYPTION PROTOCOLS
"This document briefly reviews and compares five major email encryption
protocols under consideration: MOSS, MSP, PGP, PGP/MIME, and S/MIME.
Each is capable of adequate security, but also suffers from the lack of good
implementation, in the context of transparent email encryption. I will try to
address issues of underlying cryptographic soundness, ease of integration
with email, implementation issues, support for multimedia and Web datatypes,
and backwards compatibility."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.arraydev.com/commerce/JIBC/9603-2.htm
ACQUIRING PKI
Discussions on public key infrastructure (PKI) usually focus on the complexities
of its underlying technology or the difficulties of implementing it in a live setting.
Given the current state of PKI, it's no wonder these areas have consumed so
much of our attention. While PKI in theory provides an effective, robust means
of securing electronic communications and transactions, deploying and managing
the technology remains a daunting challenge to many organizations.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infosecuritymag.com/articles/march01/features3_pki.shtml
THE COMPLETE LINUX SHELL PROGRAMMING TRAINING COURSE
The book is intended primarily as an entry-level teaching text, but because
topics are from the outset presented in extreme detail, it is probably not
appropriate to the total neophyte. According to the welcome movie in the
courseware, the authors assume only that you have a working knowledge
of some Unix text editor. In fact, you should probably be familiar with either
vi or emacs. If your only previous experience has been with a visual editor
such as gedit, you may find some of the jargon in the first few chapters
unfamiliar. Even though there are someeference materials in the appendices,
(specifically, command references for several utilities and a concise comparison
of several shells), the book is clearly a teaching text and not a reference work.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://unixreview.com/reviews/articles/software/0103linuxshell.shtml
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
TRUSTIX SECURE LINUX - MUTT UPDATE
This release fixes at least one grave IMAP error which may lead to confusing
display and other strangeness, and our instances of the "wuftpd format bug",
which had (mostly) the effect that your IMAP server's operator could break
into your computer with some work.
Link: http://www.net-security.org/text/bugs/985136109,86701,.shtml
CONECTIVA - REMOTE BUFFER OVERFLOW IN IMAP
"imap" is a package which contains POP3 and IMAP mail servers. Several
buffer overflow vulnerabilities have been found in this package by their
authors and by independent groups.
Link: http://www.net-security.org/text/bugs/985136159,13868,.shtml
REMOTE BUFFER OVERFLOW IN ICECAST
Our latest update to this software changes the package to use an unprivileged
user ("icecast") for the daemon, so the impact of this vulnerability is not as high.
Recent distributions (CL >= 5.1) have this package compiled with StackGuard
to make it more difficult to exploit buffer overflows. All icecast users are urged
to upgrade.
Link: http://www.net-security.org/text/bugs/985136439,63985,.shtml
MICROSOFT PWS UNICODE VULNERABILITY
"Just wanted to point out that while testing my Default installation of Windows
98 running Microsoft Personal Web Server that came with the Windows98 SE
CD I discovered that the famous IIS 4/5 Unicode Directory Traversal
Vulnerability applies also to this Server just as bad as in IIS."
Link: http://www.net-security.org/text/bugs/985136954,14208,.shtml
PROBLEMS WITH EUDORA 5.02
Silent delivery and installation of an executable on a target computer. No
client input other than opening an email using Eudora 5.02 - Sponsored
Mode provided 'use Microsoft viewer' and 'allow executables in HTML
content' are enabled.
Link: http://www.net-security.org/text/bugs/985136999,53955,.shtml
WEBSERVER PRO VULNERABILITY
Website Pro, all versions, reveals the web directory with a simple character
similar to the past vulnerability but all have been fixed except this one.
Link: http://www.net-security.org/text/bugs/985137021,24388,.shtml
RPM-4.0.2 FOR ALL RED HAT PLATFORMS
A common version of rpm for all Red Hat distributions is being released. This
version of rpm understands legacy version 3 packaging used in Red Hat 6.x/5.x
distributions as well as version 4 packaging used in Red Hat 7.x. In addition,
rpm-4.0.2 has support for both the legacy db1 format used in Red Hat 6.x/5.x
databases as well as support for the db3 format database used in Red Hat 7.x
Link: http://www.net-security.org/text/bugs/985258597,16357,.shtml
LINUX MANDRAKE - LICQ PROBLEMS
Versions of Licq prior to 1.0.3 have a vulnerability involving the way Licq parses
received URLs. The received URLs are passed to the web browser without any
sanity checking by using the system() function. Because of the lack of checks
on the URL, remote attackers can pipe other commands with the sent URLs
causing the client to unwillingly execute arbitrary commands. The URL parsing
code has been fixed in the most recent 1.0.3 version.
Link: http://www.net-security.org/text/bugs/985258666,52078,.shtml
RED HAT LINUX - UPDATED LICQ PACKAGES
Link: http://www.net-security.org/text/bugs/985355306,89514,.shtml
SURFCONTROL BYPASS VULNERABILITY
It appears that there is yet another way to bypass the site blocking feature
of SurfControl for MS Proxy.
Link: http://www.net-security.org/text/bugs/985259149,80992,.shtml
REDI STORES PASSWORDS IN CLEAR TEXT
User name and password are stored in a clear text file on the users computer
every time the user logs in. The file, defaulting to E:\Program Files\SLK\REDI
\Logon\StartLog.txt contains information about the programs startup useful
for troubleshooting.
Link: http://www.net-security.org/text/bugs/985259229,51161,.shtml
SUSE LINUX - POP UPDATE
The eMail access daemons imapd(8), ipop2d(8) and ipop3d(8) of SuSE 6.1
are vulnerable to several buffer overflows. Due to a misconfiguration these
vulnerbilities could be triggered remotely after a user had been authenticated.
Link: http://www.net-security.org/text/bugs/985355413,14944,.shtml
SUSE LINUX - NKITB/NKITSERV UPDATE
Two parts of the nkitb/nkitserv package are vulnerable to security related bugs.
in.ftpd(8): A one-byte bufferoverflow was discovered in the OpenBSD port of
the FTP daemon in.ftpd(8) several weeks ago. This bug could just be triggered
by authenticated users, which have write access. This bug is believed to not be
exploitable under Linux. However, we prefer to provide a fixed update package
to make sure that the daemon is on the safe side.
in.ftpd(8) will be invoked by inetd(8) and is activated by default.
timed(8): The time server daemon timed(8), which is started at boot time, tries
to synchronize the local host time with the time of other machines on the local
area network.
A bug in timed(8) was reported by the FreeBSD Security Officer,
that could be triggered remotely to crash the time server daemon.
Link: http://www.net-security.org/text/bugs/985355486,67630,.shtml
COMPAQ INSIGHT MANAGER PROXY VULNERABILITY
Compaq Insight Manager has a serious configuration issue which allows the use
of the software as a proxy server. No logging is performed on either the OS or
app., making this a perfect anonymous proxy.
Link: http://www.net-security.org/text/bugs/985355516,2948,.shtml
WINDOWS SHARING ALLOWS TRACKING
As long as you can monitor others, there are others that will be able to monitor
you. Here's a possible scenario: You were given access to an NT Server via
shares just to do some tweaks or whatever. You leave in peace and go back
to the rest of your work. What you just did was leave traces of online receipts,
cookies, etc., without even knowing it. Part of the problem is that, to my
knowledge, there is no option from stopping this from happening, so the
cleansing of the transferred cache must be done manually. One minor setting
that can contribute to defending from this problem is to enable the "Temporary
Internet Files clean on closing" option in Internet Explorer 5x.
Link: http://www.net-security.org/text/bugs/985355546,32327,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
FIRST ENTERPRISE LEVEL PDA SECURITY PRODUCT - [19.03.2001]
Trust Digital LLC, a recently formed subsidiary of Applied Technologies, Inc.,
announced that it would formally release the first enterprise capable data
security product for PDA handheld devices at the FOSE trade show in
Washington, DC. The new product, PDASecure, secures handheld devices
that use the Palm Operating System (OS). The product uses the newly
established Advanced Encryption Standard (AES) based on the Rijndael or
"Rain Doll" algorithm, selected in a competition by the National Institute of
Standards and Technology (NIST).
Press release:
< http://www.net-security.org/text/press/984972585,90929,.shtml >
----------------------------------------------------------------------------
SOPHOS: NO FEAR FROM INJUSTICE WORM - [21.03.2001]
Sophos, a world leader in corporate anti-virus protection, has advised computer
users that there is no need to panic following reports of the latest email-aware
computer worm. So far Sophos has received just a single report of the worm in
the wild, but - as it is self replicating and has the potential to spread quickly -
users are advised to be cautious of suspicious looking emails and to ensure they
have up to date anti-virus protection.
Press release:
< http://www.net-security.org/text/press/985137079,33528,.shtml >
----------------------------------------------------------------------------
NO.1 MID-RANGE VPN HARDWARE SOLUTION - [21.03.2001]
WatchGuard Technologies, Inc., a leader in Internet security solutions,
announced that Infonetics Research has named WatchGuard the revenue
market share leader in mid-range VPN hardware. According to the February
2001 Infonetics report, "VPN Hardware and Software," WatchGuard owned
20% of the market in 2000, earning the top spot as the No. 1 revenue
generating mid-range VPN hardware. WatchGuard prevailed as the leader,
consistently generating more revenue quarter-over-quarter than Intel,
Lucent, Netscreen, Nortel, Red Creek, SafeNet and SonicWall.
Press release:
< http://www.net-security.org/text/press/985137545,21129,.shtml >
----------------------------------------------------------------------------
INFO ON MOBILE COMMUNICATIONS SECURITY - [22.03.2001]
F-Secure Corporation and Sonera Zed Ltd. announced a strategic agreement
to cooperate in the development, production and licensing of security solutions
for value added mobile communication services. Under the arrangement, Sonera
Zed will offer F-Secure products to existing and prospective zed for business
customers as well as test and evaluate F-Secure products and platforms. The
companies will initially focus on content security solutions for wireless
infrastructure, starting with the integration of F-Secure Anti-Virus for
WAP Gateways into zed's mobile business services offering.
Press release:
< http://www.net-security.org/text/press/985258482,43891,.shtml >
----------------------------------------------------------------------------
BALTIMORE LAUNCHES SUREWARE RUNNER - [23.03.2001]
Baltimore Technologies, a global leader in e-security, announced availability of
Baltimore SureWare Runner, the latest product in its next generation hardware
security range. SureWare Runner provides enhanced security and performance
for Web Servers utilising the Secure Sockets Layer (SSL) protocol, accelerating
the speed of connection and accessibility for customers using online services.
Press release:
< http://www.net-security.org/text/press/985354578,93110,.shtml >
----------------------------------------------------------------------------
STONESOFT ANNOUNCES STONEGATE FIREWALL - [23.03.2001]
Stonesoft Corporation, a leading provider of enterprise-level security and high
availability software solutions, today announced StoneGate, its fully scalable
Firewall and VPN solution for large-scale enterprises, service providers and
carriers. The StoneGate Firewall and VPN provides maximum network and
VPN security as it includes all the latest secure firewall features and adds
Stonesoft's proven high availability, high throughput and advanced, enterprise
wide management. StoneGate, with its revolutionary Multi-Link technology, is
the industry's first firewall to enable end-to-end high availability and security
from the corporate intranet out to multiple ISP connections. With the
StoneGate Firewall and VPN, Stonesoft delivers upon its vision for the
Secure, Highly Available Enterprise.
Press release:
< http://www.net-security.org/text/press/985355137,16829,.shtml >
----------------------------------------------------------------------------
RSA SECURITY SELECTED BY ESPEED - [23.03.2001]
Continuing its momentum in the B2B marketplace, RSA Security Inc.
announced that eSpeed, Inc., a leading interactive electronic marketplace
engine for business-to-business (B2B) e-commerce, has licensed RSA BSAFE
SSL-C software for incorporation into its eSpeedsm platform. RSA BSAFE
SSL-C software will further enhance eSpeed's ability to provide its customers
the comprehensive security solution they require to operate highly secure
marketplaces and trading communities. "We recognize RSA Security as a leader
in its market, and are proud to incorporate RSA BSAFE SSL-C software into our
eSpeedsm platform," said Joe Noviello, chief technology officer of eSpeed.
Press release:
< http://www.net-security.org/text/press/985355200,42067,.shtml >
----------------------------------------------------------------------------
GLOBALSIGN PARTNERS WITH E-TELBANK - [23.03.2001]
GlobalSign, a leading Trust Services Provider for Internet-based transactions, is
signing a partnership with E-Telbank, a new company owned for 100% by BPT
Telbank, number one data network operator in Poland, providing telecommunication
services for the Polish banking and financial sector. This new partnership enables
E-Telbank to issue different types of certificates to all Telbank customers setting
through GlobalSign MyVirtualCA solution. My VirtualCA is a customised Public Key
Infrastructure (PKI) solution that delivers Certification Authority capabilities to the
customer, tailored to address Telbank's unique PKI-requirements. This solution will
be implemented as a first stage of the Strategic Licensing ProgramTM. With this
partnership, GlobalSign realises its first steps on the Polish market and acquires
hence an important opening to Central and East-European market. Moreover, the
partnership confirms the success of outsourced PKI solutions to the financial
sector. This major contract represents a starting value of 200.000 Euro and is
set to grow significantly as the amount of delivered certificates will increase
rapidly.
Press release:
< http://www.net-security.org/text/press/985358579,42653,.shtml >
----------------------------------------------------------------------------
Featured articles
-----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
Below is the list of the recently added articles.
----------------------------------------------------------------------------
ANALYSIS OF VENDOR ACKNOWLEDGEMENT OF VULNERABILITIES
"Many disclosure debates focus on researchers who discover vulnerabilities.
Little attention is given to the impact on busy security analysts who must
determine which vulnerabilities exist, and if they can be patched. There is
little or no emphasis on the role of vendors of the vulnerable software. Given
continued discussions of vulnerability disclosure practices, most recently
regarding vendor contacts on the PEN-TEST list, we decided to offer some
results of an informal analysis we performed in October 2000. We also make
some recommendations for improvements."
Read more:
< http://www.net-security.org/text/articles/informal.shtml >
----------------------------------------------------------------------------
ATTACK ON PRIVATE SIGNATURE KEYS OF THE OPENPGP FORMAT, PGP
PROGRAMS AND OTHER APPLICATIONS COMPATIBLE WITH OPENPGP
The article describes an attack on OpenPGP format, which leads to disclosure
of the private signature keys of the DSA and RSA algorithms. The OpenPGP
format is used in a number of applications including PGP, GNU Privacy Guard
and other programs specified on the list of products compatible with OpenPGP.
Therefore all these applications must undergo the same revision as the actual
program PGP. The success of the attack was practically verified and
demonstrated on the PGP program, version 7.0.3 with a combination of AES
and DH/DSS algorithms. As the private signature key is the basic information
of the whole system which is kept secret, it is encrypted using the strong
cipher. However, it shows that this protection is illusory, as the attacker
has neither to attack this cipher nor user´s secret passphrase.
Read more:
< http://www.net-security.org/text/articles/index-download.shtml#PGP >
----------------------------------------------------------------------------
Security Software
-------------------
All programs are located at:
http://net-security.org/various/software
----------------------------------------------------------------------------
SECURETROY 2.14
From the developer: "SecureTroy is the ultimate internet security suite.
It offers extremely high protection against hackers and is able to detect
attempts by hackers to break into your system. It also includes many
useful utilities that give you more control over your system.
Info/Download:
< http://www.net-security.org/various/software/985563243,24735,windows.shtml >
----------------------------------------------------------------------------
SIMPROBE CODER V4 4.05
From the developer: "with coder v4 you can encrypt and decrypt files with
your own passwords. It supports any files that are on your computer. It has
compression support and plenty more features including Auto-Update. Coder
v4 is totally free!
Info/Download:
< http://www.net-security.org/various/software/985563353,4688,windows.shtml >
----------------------------------------------------------------------------
COLD FUSION ENCRYPTOR 1.51
Tired for typing DOS command and finding the correct path to encrypt your
Cold Fusion application? This is a program that give you the ability to encrypt
all your scripts that you have wrote just in one click. It's work as an assitance
tool with cfencode.exe which provided by Allaire to perform the task. With
backup feature and 2000/NT bug fixed.
Info/Download:
< http://www.net-security.org/various/software/985563468,6455,windows.shtml >
----------------------------------------------------------------------------
ZORP 0.8.0
Zorp is a new-generation modular proxy firewall suite to fine tune proxy
decisions with its built in script language, fully analyze complex protocols
(like SSH with several forwarded TCP connections), and utilize out of
band authentication techniques (unlike common practices where proxy
authentication had to be hacked into the protocol).
Info/Download:
< http://www.net-security.org/various/software/985563626,80206,linux.shtml >
----------------------------------------------------------------------------
Defaced archives
------------------------
[19.03.2001]
Original: http://www.selcuklu-bld.gov.tr/
Defaced: http://defaced.alldas.de/mirror/2001/03/19/www.selcuklu-bld.gov.tr/
OS: Windows
Original: http://www.izmirpolis.gov.tr/
Defaced: http://defaced.alldas.de/mirror/2001/03/19/www.izmirpolis.gov.tr/
OS: Windows
Original: http://www.airtc.defence.gov.au/
Defaced: http://defaced.alldas.de/mirror/2001/03/19/www.airtc.defence.gov.au/
OS: Windows
Original: http://www.saude.ce.gov.br/
Defaced: http://defaced.alldas.de/mirror/2001/03/19/www.saude.ce.gov.br/
OS: Windows
Original: http://www.energy.gov.tt/
Defaced: http://defaced.alldas.de/mirror/2001/03/19/www.energy.gov.tt/
OS: Unknown
[20.03.2001]
Original: http://www.alcatel.altech.co.za/
Defaced: http://defaced.alldas.de/mirror/2001/03/20/www.alcatel.altech.co.za/
OS: Windows
Original: http://www.manuscripts.idsc.gov.eg/
Defaced: http://defaced.alldas.de/mirror/2001/03/20/www.manuscripts.idsc.gov.eg/
OS: Windows
Original: http://www.threestooges.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/20/www.threestooges.com/
OS: Windows
Original: http://www.citroen.co.th/
Defaced: http://defaced.alldas.de/mirror/2001/03/20/www.citroen.co.th/
OS: Windows
[21.03.2001]
Original: http://booksrv2.raleigh.ibm.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/21/booksrv2.raleigh.ibm.com/
OS: Windows
Original: http://www.parkinsons-foundation.org/
Defaced: http://defaced.alldas.de/mirror/2001/03/21/www.parkinsons-foundation.org/
OS: Windows
Original: http://www.nas.gov.uk/
Defaced: http://defaced.alldas.de/mirror/2001/03/21/www.nas.gov.uk/
OS: Windows
Original: http://www.linuxerfer.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/21/www.linuxerfer.com/
OS: Linux
Original: http://www.ml-mpsj.gov.my/
Defaced: http://defaced.alldas.de/mirror/2001/03/21/www.ml-mpsj.gov.my/
OS: Windows
Original: http://www.hp.co.za/
Defaced: http://defaced.alldas.de/mirror/2001/03/21/www.hp.co.za/
OS: Windows
Original: http://www.linux.hu/
Defaced: http://defaced.alldas.de/mirror/2001/03/21/www.linux.hu/
OS: Linux
[22.03.2001]
Original: http://www.ericsson.ly/
Defaced: http://defaced.alldas.de/mirror/2001/03/22/www.ericsson.ly/
OS: Unknown
Original: http://www.suzukicars.co.uk/
Defaced: http://defaced.alldas.de/mirror/2001/03/22/www.suzukicars.co.uk/
OS: Windows
Original: http://www.qa.ebay.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/22/www.qa.ebay.com/
OS: Unknown
Original: http://www.ols2.software-acq.compaq.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/22/www.ols2.software-acq.compaq.com/
OS: Windows
Original: http://lotus.carepaq.emea.compaq.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/22/lotus.carepaq.emea.compaq.com/
OS: Windows
Original: http://server2.acu4.spear.navy.mil/
Defaced: http://defaced.alldas.de/mirror/2001/03/22/server2.acu4.spear.navy.mil/
OS: Windows
[23.03.2001]
Original: http://www.epson.com.ve/
Defaced: http://defaced.alldas.de/mirror/2001/03/23/www.epson.com.ve/
OS: Windows
Original: http://www.public-data.ford.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/23/www.public-data.ford.com/
OS: Windows
Original: http://wwwdeviii.lason.ford.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/23/wwwdeviii.lason.ford.com/
OS: Windows
Original: http://www.mcdonalds.si/
Defaced: http://defaced.alldas.de/mirror/2001/03/23/www.mcdonalds.si/
OS: Windows
Original: http://www.lawsearch.gov.au/
Defaced: http://defaced.alldas.de/mirror/2001/03/23/www.lawsearch.gov.au/
OS: Windows
[24.03.2001]
Original: http://www.nissan.com.ar/
Defaced: http://defaced.alldas.de/mirror/2001/03/24/www.nissan.com.ar/
OS: Windows
Original: http://www.nissan.com.sg/
Defaced: http://defaced.alldas.de/mirror/2001/03/24/www.nissan.com.sg/
OS: Windows
Original: http://www.mpl.gov.my/
Defaced: http://defaced.alldas.de/mirror/2001/03/24/www.mpl.gov.my/
OS: Windows
Original: http://www.marine.toyota.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/24/www.marine.toyota.com/
OS: Windows
Original: http://www.audi.co.yu/
Defaced: http://defaced.alldas.de/mirror/2001/03/24/www.audi.co.yu/
OS: Windows
[25.03.2001]
Original: http://www.verbatim.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/25/www.verbatim.com/
OS: Windows
Original: http://www.aiwa.com.pa/
Defaced: http://defaced.alldas.de/mirror/2001/03/25/www.aiwa.com.pa/
OS: Windows
Original: http://www.cfs.canon.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/25/www.cfs.canon.com/
OS: Windows
Original: http://www.martini.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/25/www.martini.com/
OS: Windows
Original: http://www.pizzahut.com.tw/
Defaced: http://defaced.alldas.de/mirror/2001/03/25/www.pizzahut.com.tw/
OS: Windows
Original: http://www.sanyo.com.mx/
Defaced: http://defaced.alldas.de/mirror/2001/03/25/www.sanyo.com.mx/
OS: Windows
Original: http://support.canon.de/
Defaced: http://defaced.alldas.de/mirror/2001/03/25/support.canon.de/
OS: Unknown
Original: http://www.patents.att.com/
Defaced: http://defaced.alldas.de/mirror/2001/03/25/www.patents.att.com/
OS: Windows
----------------------------------------------------------------------------
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org
http://security-db.com