Copy Link
Add to Bookmark
Report
Net-Sec Issue 043
Net-Sec Newsletter
Issue 43 - 24.12.2000
http://net-security.org
[ -- Happy Holidays -- ]
This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Featured books
6) Security software
7) Defaced archives
========================================
Help Net Security in association with Viking Penguin gives
you the chance to win two copies of Stephen Levy's new book
called "Crypto". Steven Levy is the author of Hackers, which
has been in print for more than fifteen years. Crypto is about
privacy in the information age and about the nerds and
visionaries who, nearly twenty years ago, predicted that the
Internet's greatest virtue--free access to information--was also
its most perilous drawback: a possible end to privacy.
Visit http://www.net-security.org/various/bookstore/levy/
========================================
General security news
---------------------
----------------------------------------------------------------------------
PORT SCANS LEGAL, JUDGE SAYS
A tiff between two IT contractors that spiraled into federal court ended last
month with a U.S. district court ruling in Georgia that port scanning a network
does not damage it, under a section of the anti-hacking laws that allows
victims of cyber attack to sue an attacker. Last week both sides agreed not
to appeal the decision by judge Thomas Thrash, who found that the value of
time spent investigating a port scan can not be considered damage. "The
statute clearly states that the damage must be an impairment to the
integrity and availability of the network," wrote the judge, who found
that a port scan impaired neither.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/126
SERIOUS SECURITY SLIP AT BTOPENWOE
Due to a serious security lapse, users signing up to BTOpenworld's ADSL service
have been invited to send credit card details over an insecure internet connection.
A vulture-eyed Register reader, who tried to sign up to the telcom giant's domestic
version of BTOpenworld, noticed he was invited to submit his credit card details
over an insecure http connection. He had been trying to register for the home
500 service. He also discovered that orders for the broadband service submitted
over the phone were input by BT's operators using the same insecure web page.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/5/15564.html
BUSH EYES OVERHAUL OF E-SECURITY
With George W. Bush striding toward the White House, national security experts
are preparing for what could be a major change in the way the government and
the private sector organize to defend against cyberattacks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/12/18/001218hnbush.xml
IDC PUTS PKI ON FAST TRACK
Security has been an uncertain wonder of the Web, causing many companies
to shy away from online transactions. But public-key infrastructure vendors
seek to change all that, and according to research firm IDC, these vendors
are seeing success.
Link: http://www.line56.com/articles/default.asp?NewsID=1874
THE CRUX OF NT SECURITY PHASE FOUR
This is the fourth in a series on NT security by Aaron Sullivan. In the previous
article, the author discussed secure network design three common network
configurations referred to as Networks A, B and C. This article will discuss a
last design, Network D, for those with more performance and security
demands, as well as a high availability feature, and the additional budget
required to implement it. The article will examine issues surrounding
implentation, strengths and weaknesses of the network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/microsoft/nt/crux4.html
SECURITY AGAINST COMPELLED DISCLOSURE
"Various existing and pending legislation can be used to force individuals and
organizations to disclose confidential information. Courts may order a wide
variety of data to be turned over by either party in civil and criminal cases.
Government agencies are explicitly tasked with protecting "national economic
security." And organised crime will target information just like any other valuable
asset. In a less than perfectly ethical world, companies require means to protect
their information assets against economic espionage, misuse of discovery
processes and criminal coersion. We describe actual and potential examples
of compelled disclosure abuses in the US and UK, and enhancements to
conventional security services for protecting communications and stored
data against their recurrence."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.apache-ssl.org/disclosure.pdf
DIGITAL ASSAULT AGAINST PENTAGON RISES
The number of cyberattacks and intrusions into Pentagon computer networks
this year is expected to top off at 24,000, an increase of 5 percent compared
with last year, said the U.S. Department of Defense. However, the
overwhelming majority of those intrusions are due to known vulnerabilities
and poor security practices.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/12/18/pentagon.cyberattacks.idg/index.html
FBI: 'TIS THE SEASON FOR CYBERATTACKS
Malicious hacker activity targeting e-commerce sites has been heating up for
the holidays, the FBI's National Infrastructure Protection Center said in a report
released earlier this month. That should be no surprise. More people than ever
are shopping online, said a report issued yesterday by Chicago-based Andersen
Consulting, and a greater proportion of them - 92 percent as opposed to 75
percent last year - are successfully completing their online purchases.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/12/18/increase.in.cyberattacks.idg/index.html
SECURITY AND ENCRYPTION TECHNOLOGIES BOOMING
"PKI is an important foundation for digital trust in enterprises and extranets,"
said Jeason Yeu, president of 3Rsoft.com, a subsidiary of 3R Soft Inc., which
controls an 80 percent share of the security software market. Using a PKI
enabled mail server, the system's administrators can trace a visitor's personal
information or the location of their personal computer and eventually protect
additional crimes on the web. Furthermore, the system can provide legal
evidence in the form of a log file. In addition, users can securely download
digital credentials into their personal computer from anywhere over the
Internet, allowing them to work from multiple systems both at their
offices and at home.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.korealink.co.kr/kt_tech/200012/t20001219173631451127.htm
DEFACEMENT STATISTICS
There is a new addon in 'Attrition Defacement Statistics', which is a graph
called 'Top Groups OS breakdowns'. It is a graphical file containing all groups
with more then 45 defacements and it shows the operating system stats of
those defacements. Microsoft Windows NT is leading with 45%.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.attrition.org/mirror/attrition/graphs/groups_os.gif
VIRUS WRITERS AND CRACKER LOVE-IN
Crackers are using viruses to get their malicious code into corporate Intranets,
according to Marc Blanchard, technical director at Trend Micro. This means
antivirus companies will have to start working on ways to combat this code,
as well as the viruses they are used to tackling. This is part of a general
trend of convergence between the virus writers and crackers that would
have seemed impossible a few years ago.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/4/15585.html
CYBERCRIME TREATY CONDEMNED
A draft European treaty on cybercrime has been condemned as "appalling" by
civil liberty groups around the globe. In all, 23 organisations have signed a
letter warning that the treaty will do serious damage to civil liberties under
the guise of helping law enforcers catch computer criminals.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.bbc.co.uk/hi/english/sci/tech/newsid_1072000/1072580.stm
EMAIL AND THE INTERNET: UNEXPECTED SECURITY RISKS
External email of all kinds can be filtered through a firewall system which strictly
controls the addresses of inbound and outbound messages. Specifically, such a
firewall must include detection of fraudulent addresses on inbound email:
addresses implying that external email originated from within the organization.
For consistency, and as a service to the greater community, such a firewall
should also restrict outbound email to ensure that no such messages have
addresses implying that they originated outside the organization. These
measures help to fight unsolicited commercial email ("spam") on the Net.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/email20001219.html
PEACEFIRE TOSSES WEB-FILTER GRENADE
Porn-blocking Web filters from Net Nanny, CyberSitter, and five other companies
can be disabled with a program released Monday by anti-filtering group Peacefire,
the group claims. The program, available as a free download at the Peacefire
Web site, was released in reaction to expected federal mandates for Web filters
on school and library computers. "Peacefire" is actually an amalgam of the
instructions for disabling filters that Peacefire has been posting on its site
for months. But instead of having to input lines of code, the download
makes disabling filters a "one-click process," said Peacefire's Bennett Haselton.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2666010,00.html
VULNERABILITIES IN OS PATCH DISTRIBUTION
The bugtraq mailing list and other security forums regularly announce dozens
of new security patches every month; however, there has been little or no
mention that there are substantial differences across vendors in the extent
to which their patch distributions offer authentication and integrity protection.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://razor.bindview.com/publish/papers/os-patch-sum.html
MCAFEE ANTIVIRUS UPDATE DAMAGES NT 4.0
Read on to find out how to stop the antivirus update messing with your master
boot record. Windows 2000 users are not affected. A number of Windows NT
4.0 users who updated Network Associate's McAfee VirusScan/Netshield 4.0.2
using the 4120/4110 SuperDat utility were greeted with an ominous error
message upon rebooting: "Operating System Not Found." This upgrade had in
fact damaged the Master Boot Record of the NTFS partition. The MBR contains
information that, among other things, tells the computer where to find the
operating system when it starts up. In one worst-case scenario made very
real, System Administrator Craig Hackl reports distributing the 4120/4110
upgrade to 130 workstations on a Windows NT network and having to
reinstall the OS on every PC.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/50/ns-19841.html
WEB BUGS, PARANOIA AND MICROSOFT
"I don't think Microsoft will be getting anything for Christmas this year. Over the
years Microsoft has certainly been very public about privacy, trumpeting how it
respects consumer rights and protects your personal information. At the same
time it has been deploying technology and services that intrude heavily into
users' privacy."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20001220.html
SYSTEMS TO BE CHECKED
British police force computer systems are to be checked for illegal software
in plans announced by junior Home Office minister Lord Bassam. Bassam
pronounced in parliament yesterday that the Association of Police Chief
Officers will audit a sample of police IT equipment, checking for the widely
distributed counterfeit Microsoft software.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.silicon.com/a41646
THIS NAUGHTY BUG'S NOT NICE FOR CHRISTMAS
Makers of virus-protection software are warning PC owners about some rogue
code that packs a Dec. 25 surprise. Although the virus, labeled W32.Kriz,
caused barely a ripple during its first Christmas in 1999, experts at software
maker Symantec Corp. say it's possible that "Kriz" has had a busy year
piggybacking on some higher-profile visitors, such as the Happy99 worm.
Marian Merritt, a group product manager for Symantec, makers of the Norton
AntiVirus line, told Newsbytes that Kriz is a potentially nasty virus that infects
32-bit Windows executable files. While it can infect new programs at any time,
it turns destructive only on Dec. 25, when it attempts a two-pronged attack
on a host PC by trying to destroy the contents of the chip-resident BIOS and
erasing hard disk contents.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/12/20/news13.html
CHECK POINT RECOMMENDS AN UPDATE
Check Point has been made aware of security issues related to the FastMode
service in VPN-1/FireWall-1. All known issues related to this issue are fully
addressed in VPN-1/FireWall-1 4.1 SP3 which is available for immediate
download. Check Point recommends that all users of VPN-1/FireWall-1
upgrade to the new release.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.checkpoint.com/techsupport/alerts/index.html
VIRUS TROUBLE IN INDIA
A leading data recovery company has reported that a virus has caused data
loss after spreading through major automobile, engineering, government and
financial institutions and personal computers in India.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/20info9.htm
SOLARIS KERNEL TUNING FOR SECURITY
The Solaris kernel provides a great deal of user-configurable control over the
system TCP/IP stack. Everything from cache table lifetimes to the number of
TCP connections that the system can address are controllable. However,
without understanding the underlying need for tuning these kernel parameters,
many system administrators choose to ignore them - thereby leaving their
systems vulnerable to a resourceful assailant. This article by Ido Dubrawsky
discusses the ways in which these parameters can be adjusted to strengthen
the security posture of a system.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/sun/articles/kernel.html
HOSPITAL HACK POINTS TO NEED FOR STANDARDS
The recent hacking of 5,000 administrative patient files from one of the country's
top hospitals underscores the lack of firm, clear, universal standards to ensure
the security of online medical records. Although officials are crafting regulations
governing electronic patient records for the health care industry, some analysts
and industry players are skeptical about how effective these specifications will be.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2000/TECH/computing/12/20/health.care.security.idg/index.html
TAIWAN GOVERNMENT WEB SITE ATTACKED
An attacker, possibly based on the Chinese mainland, invaded the principal Web
site operated by Taiwan's Board of Foreign Trade sometime between 6 p.m.
Sunday and 9 a.m. Monday, Taipei time. As of Wednesday morning, the site
was still not operating. Board officials did not provide any explanation. Although
the intruder called himself the "old cat from Chaozhou" - Chaozhou is a coastal
city in eastern Guangdong province - and politically motivated China-based
hackers have in the past attacked Taiwan government sites, officials said
the attacker may be from Taiwan.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.internetnews.com/intl-news/article/0,,6_540731,00.html
SECURITY PATCH DISTRIBUTION - IT'S TROJAN TIME
The way operating system vendors issue security patches is insecure, in many
cases, and could let crackers exploit this to trick users into loading trojan
horses onto their systems. Security firm BindView, whose Razor team of
security researchers completed the research, questioned 27 different
vendors of commonly used products on whether patches are accompanied
by digital signatures or other forms of cryptographic authentication. Its
findings are a real eye-opener because they highlight glaring security
gaps, not least that a minority of vendors, including Apple and Compaq,
provide no authentication for their patches.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/4/15618.html
SECURE CGI LIBRARY
The Secure CGI Library eases the development of C/C++ Web applications using
the CGI interface. It's designed with security in mind and can enforce correct
limits to avoid common denial-of-service attacks. It can also handle an unlimited
number of variables with unlimited content size, and with very fast parsing and
hashed lookups.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.jedi.claranet.fr
UPDATE ON DECSS TRIALS
"I am an avid DVD enjoyer. I love watching DVD movies. I've purchased many
in the past. I've got a DVD player. I wanted to watch DVDs on my computer,"
said Hughes 29 year old Jeraimee Hughes who is being trialed for putting DeCSS
on www.ct2600.org. DeCSS trials are still bugging people who mirrored DeCSS...
Link: http://www.ctnow.com/scripts/editorial.dll?fromspage=CG/articles/business.htm&categoryid=&bfromind=377&eeid=3678448&eetype=article&render=y&ck=&userid=206553684&userpw=.&uh=206553684,2,&ver=2.11
TOKYO STOCK EXCHANGE AND VIRUSES
Strange quote from Kyodo Magazine's article - "Someone has hacked into the
server of the 'Mothers Supporters Club' e-mail magazine on the Internet home
page of the Tokyo Stock Exchange (TSE), and has sent virus-infected e-mails
to some club members, the TSE said Thursday."
Link: http://home.kyodo.co.jp/fullstory/display.jsp?newsnb=20001221089
THE STORY OF JEFF: PART V
This story is the ongoing saga of Jeff, a tragic tale full of hardship, heartbreak
and triumph over impossible odds. Jeff is your average network administrator,
responsible for Acme, Inc.'s Microsoft-based corporate network. This week Jeff
hears a knock on his door and answers it. He lets Cindy into his office, wondering
what's up. "Jeff, I think we have a problem..." she starts, hoping to phrase it so
he won't take it the wrong way. "You remember those phone logs I mentioned
at the party?"
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/articles/jeff20001222.html
HOW DOES YOUR NET SECURITY RATE?
The newly-formed Center for Internet Security hopes to answer that question
by creating a suite of tests that would give computer owners a rating - on a
scale of 1 to 10 - of how good their security is. A level-10 server could protect
an e-commerce company's virtual gold, while a level-1 would be an online
vandal's playground.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2667644,00.html
MAKING RED HAT SECURE
In this article I will explain how to make your Linux box secure by taking basic
security measures. This article will enable anybody to tighten the security of a
redhat Linux box. Always set a password on BIOS to disallow booting from
floppy by changing the BIOS settings. This will block undesired people from
trying to boot your Linux system with a special boot disk and will protect you
from people trying to change BIOS feature like allowing boot from floppy drive
or booting the server without password prompt.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxmonth.com/issue4/articles/redhat/redhat.html
CERT ON ACTIVEX
Past summer, CERT sponsored a two-day workshop on security issues with
ActiveX controls. The final report was just released today and is available
as a PDF file at the CERT Web site.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cert.org/reports/activeX_report.pdf
RAID 2001 CFP
The RAID International Symposium series is intended to further advances in
intrusion detection by promoting the exchange of ideas in a broad range of
topics. They just issued Call For Paper.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.raid-symposium.org/Raid2001
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
SAFEWORD E.ID TRIVIAL PIN BRUTE-FORCE
An attacker that obtains access to the "sceiddb.pdb" file, part of Secure
Computing's e.iD Authenticator for Palm, can determine the user's PIN.
Link: http://www.net-security.org/text/bugs/977145205,24054,.shtml
BUGS IN WATCHGUARD SOHO FIREWALL
ISS X-Force discovered the following vulnerabilities in the SOHO Firewall that
may allow an attacker to compromise or deny service to the device:
1. Weak Authentication
2. GET Request Buffer Overflow
3. Fragmented IP Packet Attack
4. Password Reset Using POST Operation
Link: http://www.net-security.org/text/bugs/977145222,94540,.shtml
MDAEMON MAIL SERVER VULNERABILITY
If a mail server administrator wanted to deny access to MD server , he right
clicks on the system tray Icon and select "lock server" and then MDaemon will
ask for a password and again ask to confirm it. Whenever you wanted to open
MD window, you double click on the icon at system tray, MD will ask for the
password. If you enter the correct password, you will be allowed inside. The
security could be bypassed here. Just double click on the system tray icon of
MDaemon to start. Now, MDaemon will prompt for the password. Without
entering any password the, just click on Cancel button. AND IMMEDIATELY
PRESS THE ENTER KEY and YOU WILL BE TAKEN INTO MDAEMON. You can
do whatever you wanted to do with MDaemon and then safe minimize it to
close the window.
Link: http://www.net-security.org/text/bugs/977145237,83311,.shtml
LINUX MANDRAKE - JPILOT UPDATE
The jpilot program automatically creates a directory called .jpilot/ in the user's
home directory with 777 (world read/write/execute) permissions. This directory
is used to store all backups, configuration and synchronized Palm Pilot
information.
Link: http://www.net-security.org/text/bugs/977183880,80077,.shtml
SONATA CONFERENCING VULNERABILITIES
The setuid binary doroot does exactly what it says. It executes its command
line argument as root.
Link: http://www.net-security.org/text/bugs/977276142,19919,.shtml
OPENBSD SECURITY ADVISORY
A relatively obscure one-byte buffer overflow bug present in ftpd(8) turns out to
be a serious problem, yielding remote users root access under certain conditions.
For a system to be vulnerable, ftpd must have been explicitly enabled by the
administrator (OpenBSD ships with it OFF by default) and the attacker must
have write access to at least one directory. Therefore, anonymous read-only
FTP servers are safe (we recommend applying the patch regardless, of course).
Non-anonymous FTP administrators should seriously consider using a more secure
transport like SSH.
Link: http://www.net-security.org/text/bugs/977276297,17614,.shtml
MICROSOFT SECURITY BULLETIN MS00-097
Microsoft Windows Media Services are the server-side component of Windows
Media Technologies which provides streaming video and audio content
capabilities. It is divided into types of services, Unicast and Multicast.
Windows Media Unicast Services supplies media content to one client at
a time as opposed to Multicast which serves multiple clients simultaneously.
Windows Media Unicast Services are only affected by the vulnerability at hand.
In the event that a client establishes a connection and then severs it abruptly
in a particular fashion, Windows Media Services will not release the resources it
has allocated to that particular client. If Windows Media Services were to
receive these connections repeatedly, resources would become depleted and
reach such a level that Windows Media Services would not be able to properly
service clients. Restarting the service would be required in order to regain
normal functionality and any client being serviced at the time would have
to re-establish their connection.
Link: http://www.net-security.org/text/bugs/977359935,2693,.shtml
RED HAT LINUX - NEW SLOCATE PACKAGES
New slocate packages are availble for Red Hat Linux 6.x and Red Hat Linux 7.
These fix a problem with the database parsing code in slocate. (slocate was
not shipped with Red Hat Linux prior to version 6.0, so earlier versions are
not affected.)
Link: http://www.net-security.org/text/bugs/977359967,76749,.shtml
PROFTPD 1.2.0 MEMORY LEAKAGE
This is sample code to demonstrate effects of memory leak in ProFTPD daemon.
As far as I know all available versions up to date (19.12.2000) are vulnerable to
this. http://www.net-security.org/text/bugs/dos.c This bug is not dangerous, if
you run one instance of included code. But wonder, what will happen, if someone
will run about 20 sessions... Wojciech Purczynski reported, that memory leak
exists also, when other FTP commands are invoked (eg. STAT).
Link: http://www.net-security.org/text/bugs/977428179,1015,.shtml
NETBSD SECURITY ADVISORY 2000-017
The combination of a too liberal implementation in telnetd and bugs in libkrb
combines to make it possible for authorized users of a system to obtain root
access on a system.
Link: http://www.net-security.org/text/bugs/977428196,62700,.shtml
NORTON ANTIVIRUS 5.0 AND EMBEDDED FILES
Files 'embedded' in Word and Excel documents appear to evade scanning.
Link: http://www.net-security.org/text/bugs/977428211,77420,.shtml
MULTIPLE VULNERABILITIES IN ZONEALARM
ZoneAlarm does not detect several types of common Nmap scans. It is also
possible for a remote attacker, under certain circumstances, to gain complete
access to the file system and disable ZoneAlarm.
Link: http://www.net-security.org/text/bugs/977428230,93713,.shtml
BS SCRIPTS VULNERABILITIES
There are a couple of scripts from bsScripts (www.stanback.net), that have
holes in them because the author did not filter out; from the form input. The
scripts that this affects is bsguest (a guestbook script) and bslist (a mailing
list script). The hole allows anyone to execute commands on the server. The
author has been informed and the holes are now patched in the latest release.
Link: http://www.net-security.org/text/bugs/977428251,12200,.shtml
INFINITE INTERCHANGE DOS
One of Interchange's main features is a popular webmail interface. This interface
and it's supporting HTTP server are subject to a Denial of Service attack through
a malformed POST request.
Link: http://www.net-security.org/text/bugs/977448625,43634,.shtml
ZOPE DTML ROLE ISSUE
The issue involves security registration of "legacy" names for certain object
constructors such as the constructors for DTML Method objects. Security
was not being applied correctly for the legacy names, making it possible to
call those constructors without the permissions that should have been required.
This issue could allow anonymous users with enough internal knowledge of Zope
to instantiate new DTML Method instances through the Web.
Link: http://www.net-security.org/text/bugs/977572733,90410,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
LINK ENCRYPTOR FOR E-BUSINESS SECURITY - [18.12.2000]
E-business security provider Cylink Corporation introduced the Cylink Link
Encryptor HSSI, the fastest member of Cylink's link encryptor family with
encryption rates of up to 52 Mbps for high-speed data communications.
The CLE HSSI (High-Speed Serial Interface), the latest addition to Cylink's
comprehensive set of encryption solutions, supports the X.509 digital
certificate and 1024 bit DSS digital signature industry standards. X.509
defines what information can go into a certificate and the format in
which it is to be recorded.
Press release:
< http://www.net-security.org/text/press/977145426,38251,.shtml >
----------------------------------------------------------------------------
THE INTERNET SECURITY CONFERENCE 2001 - [19.12.2000]
The Internet Security Conference (TISC) will be held June 4-8, 2001, at the
Century Plaza Hotel in Los Angeles. TISC is the industry leading technical
event addressing the issues of safeguarding enterprise networks and
Internet connections.
Press release:
< http://www.net-security.org/text/press/977182677,55154,.shtml >
----------------------------------------------------------------------------
CYBERGUARD STARLORD SECURITY SOLUTION - [19.12.2000]
When it comes to providing security for the most demanding environments,
specifically key Web hosting companies who provide Internet services to
others, a growing number of those companies have turned to CyberGuard's
new super-powerful firewall appliance, STARLord.
Press release:
< http://www.net-security.org/text/press/977182980,19721,.shtml >
----------------------------------------------------------------------------
CYBERGUARD'S KNIGHTSTAR - "PICK OF 2000" - [19.12.2000]
CyberGuard Corporation, the technology leader in network security, announced
that its KnightSTAR premium appliance firewall has been named a "Pick of 2000"
by SC Magazine, a magazine devoted entirely to computer security. KnightSTAR
received a five-star rating in the magazine's December 2000 issue, which
includes the prestigious "Buyer's Bible 2001." KnightSTAR is among the select
IT security products listed in the guide, featuring the "best of the best"
security products reviewed by the SC labs throughout the year.
Press release:
< http://www.net-security.org/text/press/977183096,38879,.shtml >
----------------------------------------------------------------------------
ALADDIN PARTNERS WITH RSA SECURITY TO OFFER TRUSTED ENVIRONMENTS
FOR DIGITAL CERTIFICATES - [19.12.2000]
Aladdin Knowledge Systems, a global leader in the field of Internet content and
software security, announced they have signed a strategic partnership agreement
with RSA Security, the most trusted name in e-security, in which RSA Security's
RSA Keon digital certificate management system will be used with eToken,
Aladdin's USB-based user authentication device to enable customers to securely
store private keys and digital certificates to conduct e-business transactions.
Press release:
< http://www.net-security.org/text/press/977183135,96159,.shtml >
----------------------------------------------------------------------------
BLACK HAT WINDOWS 2000 SECURITY CON - [19.12.2000]
February 14-15, 2001 @ Caesars Palace Hotel in Las Vegas, NV USA
The Black Hat Briefings Win2K Security conference features a proven format
emphasizing in-depth technical presentations and peer-to-peer networking. It
will provide you with specific solutions to your most pressing security challenges.
If you1re responsible for Win2K systems security in your organization you need
to attend the Black Hat Briefings Windows 2000 conference.
Press release:
< http://www.net-security.org/text/press/977223815,41962,.shtml >
----------------------------------------------------------------------------
SECURE COMPUTING RELEASED SIDEWINDER 5.1 - [20.12.2000]
Secure Computing announced the release of its Sidewinder 5.1 security gateway.
The world's most secure firewall delivers greater ease of use, new features,
extended performance and enhanced interoperability with other market leading
security products.
Press release:
< http://www.net-security.org/text/press/977274769,39099,.shtml >
----------------------------------------------------------------------------
CREATING A XML BASED SECURITY STANDARD - [20.12.2000]
Marking a significant step towards the establishment of a unified XML-based
approach for securing Web transactions, 10 leading Web access management
vendors announced that they would work together to develop a common
industry standard for sharing security information. The group of vendors will
work together towards this common goal in the recently announced OASIS
XML-Based Security Services Technical Committee (TC) where they plan to
discuss existing standard initiatives. The vendors participating in this OASIS
Technical Committee include, Baltimore Technologies, Entegrity Solutions,
Entrust Technologies, Hewlett Packard, IBM's Tivoli Systems, iPlanet
E-Commerce Solutions, a Sun-Netscape Alliance, Oblix, OpenNetwork
Technologies, Securant Technologies, and TransIndigo.
Press release:
< http://www.net-security.org/text/press/977321010,17352,.shtml >
----------------------------------------------------------------------------
EVINCI SECURITY INFRASTRUCTURE SOLUTIONS - [21.12.2000]
EVINCI is focused on providing its partners with the E-Security Infrastructure
to power a leading-edge Internet Threat Management Service, said Len Netti,
president and Chief Executive Officer of EVINCI, in an announcement today.
Press release:
< http://www.net-security.org/text/press/977360168,85775,.shtml >
----------------------------------------------------------------------------
NEW VPN SERVICE BY GENUITY AND CISCO - [21.12.2000]
Genuity Inc., a Tier 1 provider of Internet infrastructure, and Cisco Systems,
Inc., the worldwide leader in networking for the Internet, announced the
newest member of Genuity's VPN family of managed security services.
Powered by VPN-optimized Cisco routers, the new service line will be
named VPN Service for Cisco. This new service is the first IPsec-based
virtual private network service deployed on industry-leading Cisco 7200
and 2600 modular multiservice routers and delivered over the quality of
Genuity's Tier 1 Backbone. Designated as a Cisco Powered Network service,
it is designed to suit the needs of customers seeking to establish secure,
economical VPN connections between corporate headquarters, company
branches, customers, suppliers, and business partner locations.
Press release:
< http://www.net-security.org/text/press/977360416,8707,.shtml >
----------------------------------------------------------------------------
NEW INTERNET PRIVACY PRODUCTS UNVEILED - [21.12.2000]
Encrypt-Now.com announced the launch of a line of consumer-level products
that not only cloak an Internet user in anonymity, at both the source and the
destination, but also enable a user to acquire and transfer data without
detection. Since the service does not require user software, it can be
used from any PC, whether it's at home or at work.
Press release:
< http://www.net-security.org/text/press/977360454,73689,.shtml >
----------------------------------------------------------------------------
ANTI-VIRUS SOLUTION FOR LOTUS NOTES/DOMINO - [21.12.2000]
Kaspersky Lab, an international data-security software-development company,
announces the beta-version release of its flagship anti-virus product, KasperskyT
Anti-Virus (AVP), for Lotus Notes/Domino e-mail gateways running on the Linux
or Windows NT operating system.
Press release:
< http://www.net-security.org/text/press/977414170,58227,.shtml >
----------------------------------------------------------------------------
THE VIRUSMD FAMILY WEBFILTER ANNOUNCEMENT - [21.12.2000]
CNET's Download.com today launched a new software product designed to help
parents protect their children when they use the Internet. The VirusMD Family
Webfilter premieres as the world's easiest-to-use content filtering software
designed for parents. The VirusMD Family Webfilter is unique in that it was
designed to the specifications of Board-Certified medical doctors. It is the
best software for parents to help keep their children safe on the Internet.
Unlike other content filters that grow outdated or stale because they are
based on a static list of blocked websites, the VirusMD program stays
up-to-date by encouraging close supervision and monitoring by parents.
Press release:
< http://www.net-security.org/text/press/977428744,88625,.shtml >
----------------------------------------------------------------------------
SMART CARDS READY FOR U.S. PRIME TIME - [21.12.2000]
Unlike Europe where smart cards are a part of everyday life, U.S. use has been
limited in part due to availability and widespread use of magnetic strip credit
cards. But with the advent and growth of electronic and mobile commerce
projected to increase dramatically in 2001, and the need to provide new
services requiring high security such as Internet banking and stock trading,
financial institutions have begun to enhance regular credit cards with chips
transforming them into smart cards.
Press release:
< http://www.net-security.org/text/press/977428943,7860,.shtml >
----------------------------------------------------------------------------
Featured articles
-----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
Below is the list of the recently added articles.
----------------------------------------------------------------------------
VIRUSES, TROJANS, AND CIA by Randy M. Nash
Trojan horse programs used to be simple programs that would masquerade as
some type of new utility program available to be downloaded, but would then
destroy your precious information. Today trojans are not just destructive, but
manipulative. They provide back doors into your systems, remote administrative
capabilities, and covert tunnels through your firewalls. Just ask Microsoft
executives how damaging or embarrassing this sort of program can be.
Read more:
< http://www.net-security.org/text/articles/cia.shtml >
----------------------------------------------------------------------------
PRIVACY, IS IT REAL? by Crawl-X
In our daily lives a persons privacy is violated countless times. So many in fact,
we tend to catch less and less of them as we become more desensitized. In the
making of this article, I decided to document the different ways a persons
privacy (in this case mine) was at risk and how.
Read more:
< http://www.net-security.org/text/articles/real.shtml >
----------------------------------------------------------------------------
LAPTOP ENCRYPTION AND INTERNATIONAL TRAVEL by M. E. Kabay
"However, if your staff travels to North Korea (although recent political
developments may change this), Libya, Iraq, Syria, Iran, Afghanistan, Burma
and other totalitarian states, I recommend that your legal department establish
the current state of their regulations before you enter with a computer. Even if
encryption is allowed in such places under certain circumstances, the last thing
you want is rubber-truncheon techniques for (literally) brute-force cracking of
your keys. You might want to restrict information on a laptop to the absolute
minimum you need for that particular trip. In addition to crypto, your staff should
also be well informed about laws pertaining to Internet access. I suggest that
you work with a firm such as Kroll Associates in preparing for such adventurous
trips."
Read more:
< http://www.net-security.org/text/articles/nwf/laptop.shtml >
----------------------------------------------------------------------------
SOCIAL ENGINEERING SIMULATIONS by M. E. Kabay
We know that social engineering is an important tool for criminal hackers. Social
engineering refers to lying, cheating, tricking, seducing, extorting, intimidating
and even threatening employees into revealing confidential information that can
then be used to break into systems. Social engineering is based on deception
and on violation of social norms of fairness and honesty.
Why not use social engineering in penetration testing?
Read more:
< http://www.net-security.org/text/articles/nwf/simulations.shtml >
----------------------------------------------------------------------------
Featured books
----------------
The HNS bookstore is located at:
http://net-security.org/various/bookstore
Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org
----------------------------------------------------------------------------
CISCO CCNP PREPARATION LIBRARY, SECOND EDITION
Cisco Certified Network Professional (CCNP) exams tests your skill in installing,
configuring, operating, and troubleshooting complex routed LANs, routed WANs,
switched LANs, and dial access services. This challenging certification requires
you to pass four written exams, including: Routing Exam #640-503, Switching
Exam #640-504, Remote Access Exam #640-505, and Support Exam #640-506.
The recommended training courses for each of these exams have been ported
into Coursebooks by Cisco Press, and are now available in this value price
bundle. These books, Building Scalable Cisco Networks, Building Cisco Multilayer
Switched Networks, Building Cisco Remote Access Networks , and Cisco
Internetwork Troubleshooting, cover all the key topics that appear on each
of the CCNP exams in great detail. They are derived from official training
courses developed by Cisco Systems for CCNP preparation.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1587050137/netsecurity >
----------------------------------------------------------------------------
SECURING WINDOWS NT/2000 SERVERS FOR THE INTERNET:
A CHECKLIST FOR SYSTEM ADMINISTRATORS
This is a guide that pares down installation and configuration instructions into a
series of checklists aimed at Windows administrators. Topics include: Introduction
- Windows NT/2000 security threats, architecture of the Windows NT/2000
operating system and typical perimeter networks. How to build a Windows NT
bastion host. Configuring Windows and network services, encrypting the password
database, editing the registry, setting system policy characteristics, performing
TCP/IP configuration, configuring administrative tools, and setting necessary
permissions. Differences between Windows NT and Windows 2000 security
including IPSec (IP Security Protocol) configuration. Secure remote administration
- SSH, OpenSSH, TCP Wrappers, the Virtual Network Console, and the new
Windows 2000 Terminal Services. Windows NT/2000 backup, recovery, auditing,
and monitoring - event logs, the audit policy, time synchronization with NTP
, remote logging, integrity checking, and intrusion detection.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1565927680/netsecurity >
----------------------------------------------------------------------------
SPARC ARCHITECTURE, ASSEMBLY LANGUAGE PROGRAMMING, AND C
Introduces the SPARC assembly language from a programmer's perspective,
and covers making use of UNIX tools, and the von Neumann machine and its
relationship to programmable calculators and to the JAVA bytecode and JAVA
virtual machine. Can be used by students in introductory computer architecture
courses, and by those programming SPARC architecture machines in languages
such as C and C++. This second edition offers more material on the new Ultra
SPARC architecture, and on floating point, traps, and other architectures.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0130255963/netsecurity >
----------------------------------------------------------------------------
BUILDING SCALABLE CISCO NETWORKS
Cisco Certified Network Professional and Cisco Certified Design Professional
certifications require candidates to pass four exams. This book is a direct
port of the BSCN instructor-led training course and helps prepare readers
for the Routing Exam #640-503. Building Scalable Cisco Networks addresses
tasks that network managers and engineers need to perform when managing
access and controlling overhead traffic in growing, routed networks. This book
discusses router capabilities used to control multi-protocol traffic over LANs
and WANs, as well as connecting corporate network to an Internet Service
Provider (ISP). Divided into three parts (Scalable Internetworks, Scalable
Routing Protocols, and Controlling Scalable Internetworks), this book
covers a broad range of technical details on topics related to routing,
including routing summarization, IP traffic management, access lists,
and protocol redistribution. OSPF, EIGRP, and BGP are all investigated
in detail.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1578702283/netsecurity >
----------------------------------------------------------------------------
HACKER ATTACK
This is the only book about computer security that is at once entertaining,
understandable, and practical. You'll be fascinated as you read about hackers,
crackers and whackers - people who spend their time trying to break into your
computer, spreading computer viruses, or peeping (and recording what they
see!) as you surf the Internet or send email. Best of all, this book provides
simple but powerful solutions to all these security needs. It's all on the book's
CD. Protect yourself right now with firewalls, anonymisers, and virus-guards.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0782128300/netsecurity >
----------------------------------------------------------------------------
Security Software
-------------------
All programs are located at:
http://net-security.org/various/software
----------------------------------------------------------------------------
SUPER CODE 1.0
Super Code encrypts and secures email and PC files using a powerful encryption
management facility. Security Folder automatically encrypts PC files at close-
down and decrypts at start-up, safeguarding PC folders even if a PC is stolen.
Time-stamped log facility records the history of encryption-decryption
operations. Password Directory aids the tracking of numerous email passwords.
Multiple system IDs offer separate privacy to each shared user of a PC.
Self-Extracting email attachment can be prepared and sent to anyone who
has a private password to decrypt.
Info/Download:
< http://net-security.org/various/software/976900267,30745,.shtml >
----------------------------------------------------------------------------
DSNIFF V.2.3
dsniff is a suite of utilities that are useful for penetration testing. It consists of
the following programs: arpredirect intercepts packets from a target host on
the LAN intended for another host on the LAN by forging ARP replies. findgw
determines the local gateway of an unknown network via passive sniffing.
macof floods the local network with random MAC addresses. tcpkill kills
specified in-progress TCP connections. dsniff is a powerful sniffer which
automatically detects and parses many protocols, only saving the interesting
bits. filesnarf saves files sniffed from network file system traffic. mailsnarf
outputs all messages sniffed from SMTP traffic in Berkeley mbox format.
webspy sends URLs sniffed from a client to your local Netscape browser
for display, updated in real-time.
Info/Download:
< http://net-security.org/various/software/977185968,29675,.shtml >
----------------------------------------------------------------------------
TROJAN DEFENSE SUIT 3
TDS lets you attack Trojans from more angles than any other program in the
world. Anti-virus scanners are not doing the job, detecting appallingly low
numbers of commonly used Remote Access Trojans (RAT). This simply isn't
good enough. If you're infected with a RAT, chances are VERY high that
TDS will find it.
Info/Download:
< http://net-security.org/various/software/977571672,20567,.shtml >
----------------------------------------------------------------------------
WORMGUARD 2.1
DiamondCS WormGuard is the only system in the world that:
- Analyses files generically using heuristic and intelligent rule-sets rather than
relying on signatures for known worms - this is the future of worm interception.
- Provides worm-detection for ALL executed files, ensuring the file is safe BEFORE
it is allowed to run.
- Has four primary and six secondary core detection engines built-in to handle
executed files depending on their type.
- And more.
Info/Download:
< http://net-security.org/various/software/977572084,68112,.shtml >
----------------------------------------------------------------------------
Defaced archives
------------------------
[19.12.2000] - U.S. Foreign and Commercial Service
Original: http://www.usatrade.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/19/www.usatrade.gov/
[19.12.2000] - HMC Internetworking Services
Original: http://www.hmcnet.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/19/www.hmcnet.com/
[19.12.2000] - Islamic Society of North America
Original: http://www.isna.net/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/19/www.isna.net/
[19.12.2000] - National Centre for Radio Astrophysics
Original: http://sakthi.ncra.tifr.res.in/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/19/sakthi.ncra.tifr.res.in/
[21.12.2000] - United Arts
Original: http://www.unitedarts.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/21/www.unitedarts.com/
[21.12.2000] - US Bankruptcy Court - Eastern District of North Carolina
Original: http://www.nceb.uscourts.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/21/www.nceb.uscourts.gov/
[21.12.2000] - Advanced Network Technology Ltd.
Original: http://www.anet-brno.cz/
Defaced: http://www.attrition.org/mirror/attrition/2000/12/21/www.anet-brno.cz/
----------------------------------------------------------------------------
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org