Copy Link
Add to Bookmark
Report
Net-Sec Issue 068
HNS Newsletter
Issue 68 - 25.06.2001
http://net-security.org
http://security-db.com
This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter
Current subscriber count to this digest: 2598
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured products
5) Featured article
6) Defaced archives
========================================================
Secure Exchange 2000 against email attacks/viruses!
========================================================
LANguard SELM is a network wide event log monitor that retrieves logs
from all NT/2000 servers and workstations and immediately alerts the
administrator of possible intrusions. Through network wide reporting, you
can identify machines being targeted as well as local users trying to hack
internal company information. LANguard analyses the system event logs,
therefore is not impaired by switches, IP traffic encryption or high-speed
data transfer.
Download your evaluation copy from:
http://www.net-security.org/cgi-bin/ads/ads.pl?banner=gfitxt
========================================================
General security news
---------------------
----------------------------------------------------------------------------
NSA SECURES WIN-2K
Your tax dollars have been put to good use for a change, as the US NSA has
been busy figuring out how to make Windows 2000 more secure, and has
released a set of templates and instructions to enable anyone to batten down
their '2K hatches. The package had been available briefly at NSA's Web site,
but has temporarily been taken down due to overwhelming demand. The files
will be available again from NSA within a week's time.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/19761.html
SECURITY TIPS: APPLYING IIS 5 PATCHES
While we try to keep most of the security tips in this column as general as
possible, this week's is very specific and addresses a critical vulnerability in
Microsoft's Internet Information Server 5 which was recently discovered.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/Features/1123261
CARNIVORE 'NO PROBLEM' FOR NEW E-MAIL ENCRYPTION
If a new software research project proves successful, Web surfers will be able
to send secure e-mail and instant messages that are not only automatically
encrypted, but are further hidden from prying eyes by a stream of fake data.
A research team led by Nikola Bobic, a part-time professor at Ottawa University,
aims to create a virtual network on the Internet called "Cryptobox", which
would be similar to peer-to-peer systems like Gnutella.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.osopinion.com/perl/story/11281.html
COMPUTER VIRUSES EASIER TO WRITE, HARDER TO FIGHT
As automated programs have made computer hacking and the creation of
malicious code easier, more security administrators are scanning for the
software tools used to create viruses and attack networks. And while
companies and universities are looking to secure their own systems, they
are also concerned with the liability that comes with malicious code that
was created on their systems being used against other systems.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsfactor.com/perl/story/11333.html
HACKER TOOLS AND THEIR SIGNATURES, PART TWO
This is the second installment in the Hacker Tools and Their Signatures series,
a series written to assist system administrators, security administrators, and
the security community as a whole to identify and understand the tools that
are being used in the hacker community. The first article examined This
installment will focus on two tools: Juno and Unisploit. This paper will provide
a detailed analysis of these tools, including tcpdump examples and other
useful references.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/junisploit.html
DDOS ATTACKERS RAISING THE BAR
Distributed denial-of-service attacks - which by some estimates total more
than 4,000 a week - are likely to get much worse as the perpetrators hone
their skills and new weaknesses in popular platforms are discovered and
exploited. As vendors such as Asta Networks Inc. and Mazu Networks Inc.
prepare to launch their anti-DDoS solutions in the coming weeks, attackers
across the Internet are fine-tuning their tools and creating sophisticated
assaults designed to elude even the best defenses.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0%2C11011%2C2775881%2C00.html
LAWYERS RAISE FEARS OVER ALTAVISTA'S SEARCH ENGINE
Lawyers have warned that companies using AltaVista's new search engine
technology are at risk of breaching data protection laws. Launched last week,
AltaVista's new software lets people search entire corporate networks allowing
employees to access all network folders, personal computers and emails.
Lawyers are warning that the search facility could be too intrusive. Unless
these are protected in some way, it could allow others to pry into personal
records and emails.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/19773.html
BEST PRACTICES AND GOOD ENGINEERING LEADS TO SECURITY
Security has always been a dynamic task, not something you do once and let
run forever. The changes in our networked environment, and the increasingly
global nature of business and government dictates that you need to be on top
of security every second of the day. New vulnerabilities and new attack
methodologies are created and distributed as sets of exploit code thru the
internet. Underground cells of crackers then take these cookie cutter solutions
and use it to further their peer reverence and sometimes to further a political
cause.
Link: http://www.alphaque.com/article.php?sid=21
SOCIAL WORKER ADVISES DETENTION FOR MAFIABOY
Hanny Chung, a court-appointed social worker, told a sentencing hearing that
his lack of remorse meant a "moderate risk" existed he would do it again. "Not
only is he not taking full responsibility for what he did, he's still trying to justify
that what he did was right," Chung told Judge Gilles Ouellet. Mafiaboy, who
can't be identified under Canadian law because of his age, pleaded guilty in
January to 58 charges related to the attacks and security breaches of sites
in Canada, the United States, Denmark and South Korea.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.salon.com/tech/wire/2001/06/19/hacker/index.html
(UN)AUTHORIZED ACCESS
"Continuing with our theme of legality online this week, I'll be going over
(un)authorized access. Specifically, I will be looking at the issue of accessing
online resources, attempted access, and what people providing restricted
services should be aware of."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010620.html
KEEPING SECRETS
This is an interview with Michael Jacobs, information assurance director at the
NSA. "The security side of the development cycle was risk-averse. Now, we've
got a risk-complex environment [because] we don't have the luxury of time.
For example, firewalls upgrade every 18 months. So we have to be more agile
in our approach to dealing with security problems. This has shifted the burden
of security from the developer - us - to the customer."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerworld.com/cwi/story/0,1199,NAV47_STO61396,00.html.html
ULTIMATE IN INTERNET SECURITY OR ANTI-HACKER HYPE?
A security firm headed by a former KGB agent has come under fire for claims
its forthcoming products provide the ultimate solution to computer security
problems. Invicta Networks, is developing security products that attempt to
foil cracking attacks by using constantly changing IP addresses, which it
claims "has the ability to cloak entire computer networks with a shield that
makes them invisible and impossible to hack". According to Invicta, this
means its hardware system protects against both external and internal
hackers as well as denial of service attacks and computer viruses.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/19814.html
ONLINE SHOPS EXPOSE CUSTOMER ORDER DATA
Several small online shops are exposing their customer order data, including
credit card numbers, because of improperly installed online shopping cart
software. Hundreds of unencrypted customer records were viewable Tuesday
by anyone with a Web browser at a candle-making supply store, a computer
seller, a music shop and a photographer's gallery, Newsbytes has confirmed.
The exposed sites are all running a free online shopping cart program called
DCShop, from Boston-based DC Business Solutions.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/167000.html
KNOW THY ENEMY
Open ports and any unsolicited attempts by your computer to contact the
Net should always be a cause for concern. Unfortunately, most of us never
really know what our computers are doing.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/anchordesk/stories/story/0,10738,2777057,00.html
SECURE ONLINE BEHAVIOR, PART TWO
This is the second article in a series devoted to introducing readers to secure
online behaviors. In the first article, we saw how users have come to rely on
the Internet for exchanging business and personal information, and looked at
some of the security risks that this might pose. This article will discuss secure
e-mail behavior by looking at the various threats posed by using e-mail, as
well as some secure habits that users should take to minimize those risks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/basics/articles/sechabits2.html
NETWORK NEGLIGENCE CREATES SECURITY RISK
Rob Enderle, research fellow at Giga Information Group, said that maintenance
on user accounts has become an important networking issue. He warned that
negligence in closing accounts after a user left the company could subject
corporate networks to the mercy of disgruntled ex-employees, temps or
contractors. He argued that organisations usually deploy multiple software
applications, with separate accounts to set-up. After creation, each login
needs maintenance and closure when users leave the company. But the
complexity of account maintenance process was prone to create 'orphan
accounts', which remained open even though users had left.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1123341
PERFORMANCE CO-PILOT FIXED PACKAGES
Performance Co-Pilot (version 2.2.1-3) is now available. This version contains
fixes for the recent security issues uncovered against the earlier 2.2.0-18
release. New source and binary RPMs are available from SGI.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://oss.sgi.com/projects/pcp/download
ECHELON PANEL CALLS IT A DAY
The defining accomplishment of the European Parliament's temporary committee
on Echelon may be that it is due to close up shop right on schedule, less than
a year after it began its work. Many will remember the committee for backing
off from accusing the United States of using the alleged satellite-based
surveillance system for industrial espionage, as many of the committee's 36
members clearly believe it did.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,44721,00.html
PHREAKERS HIT GEORGIA COMPANY
They used a Covington company's toll-free line to run up $89,911.80 in
overseas calls. Now, it's a question of who pays the bill. Officials of the
Covington company, Gerri Murphy Realty, say they bear no blame for the
calls to Pakistan, India, Bangladesh and other spots outside metro Atlanta.
Finding that the phone line was misused was unpleasant. Finding that the
company is supposed to pay sent the trio who owns and runs Murphy
Realty scrambling for lawyer Robert Stansfield.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.thedigest.com/more/129/129-135.html
FULL DISCLOSURE STUDY RESULTS
The goal of this distinction project was to determine the attitudes about
disclosure practices in the computer security community regarding issues
surrounding full disclosure. Two hypotheses were tested. First, a majority
of those in the computer security field support the full disclosure model of
disseminating vulnerability information and second, attitudes on the full
disclosure debate will vary across participation in different computer
security circles. In order to test these hypotheses, opinions from users
of full disclosure information and computer security practitioners were
solicited using an on-line survey.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://fisher.osu.edu/people/goens_1/results.htm
CALIFORNIA INDICTMENT IN RUSSIAN HACKS
A Russian computer programmer imprisoned in the U.S. on charges that he
perpetrated a cyber crime spree of extortion and credit card fraud was
indicted in California - adding the Golden State to a growing list of destinations
on the accused hacker's whirlwind tour of U.S. detention centers. Alexey V.
Ivanov, 20, was slammed with fifteen counts of computer fraud and extortion
for the Southern California portion of a string of financially-motivated attacks
on e-commerce companies and small financial institutions, aimed at stealing
credit card numbers and consumer information, and strong-arming companies
into paying protection money.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/219
CIA CAN'T COMPETE WITH HACKERS
The CIA cannot predict computer attacks on U.S. systems before they happen,
as the agency is expected to do with political and military events, a top CIA
official told Congress on Thursday. Despite a major increase in intelligence
efforts dedicated to computer security, attackers still develop new tools and
techniques faster than the CIA can keep up, Lawrence K. Gershwin said. Often,
"we end up detecting it after it's happened," said Gershwin, the CIA's top
adviser on science and technology issues. "I don't feel very good about our
ability to anticipate."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cbsnews.com/now/story/0,1597,297811-412,00.shtml
INTRODUCTION TO IPv6
This article discusses features of IPv6: bigger address space, support for
mobile devices, and built-in security. It also shows some of the changes
from IPv4 to IPv6.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.onlamp.com/pub/a/onlamp/2001/05/24/ipv6_tutorial.html
GIBSON POSTS LIST OF ATTACK SITES
After weathering seven denial of service attacks in a little over one month,
Steve Gibson has decided to name names. He has successfully logged the
addresses of 195 machines that were used by the attackers to flood GRC.com
with data. In a move designed both to prod the operators into patching their
systems, and to cut the legs out from under his attackers, Gibson has posted
a list of the machines at his site.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/167145.html
WEB SECURITY LAPSE PUTS WHICH? IN DOCK
Naming and shaming is all in a day's work for the Consumers' Assocation, but
friday it had to name and shame itself. It had to warn more than 2,700
people who had bought Which? TaxCalc software from its website that their
financial details had been available on the internet and could have fallen in to
the wrong hands. The program helps with self-assessment tax forms. The
association has advised the customers to cancel the cards used, to head
off fraud.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.guardianunlimited.co.uk/internetnews/story/0,7369,511452,00.html
E-COMMERCE FEARS? GOOD REASONS
The little lock icon that appears in your Web browser's window is supposed to
prove you are engaging in a safe transaction. But it may be nothing more than
a visual placebo. The icon is intended to indicate that information is being
encrypted as it moves from your computer to the e-commerce site's computer.
But complete and uncrackable encryption of outgoing and incoming information
may not always take place every time the lock appears on your computer's
screen. And safe arrival at the site's servers doesn't guarantee your information
is safe forever. Experts say that once the data arrives at the e-commerce site,
it's often stored decrypted on the site's servers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/ebiz/0,1272,44690,00.html
STARTUPS AIM TO PREVENT DoS ATTACKS
With more than $100m in venture funding, four startups aim to combat DoS
network attacks, which by some estimates total more than 4000 a week.
Arbor Networks, Asta Networks, Lancope Technologies and Mazu Networks
are attempting to automate the response to DoS attacks which still require
the co-operation of the major internet service providers as most DoS attacks
cannot be traced.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://webserv.vnunet.com/News/1123388
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
REMOTE BUFFER OVERFLOW IN MICROSOFT IIS
There exists a remote buffer overflow vulnerability in all versions of Microsoft
Internet Information Services (IIS) Web server software. The vulnerability lies
within the code that allows a Web server to interact with Microsoft Indexing
Service functionality. The vulnerable Indexing Service ISAPI filter is installed
by default on all versions of IIS. The problem lies in the fact that the .ida
(Indexing Service) ISAPI filter does not perform proper "bounds checking" on
user inputted buffers and therefore is susceptible to a buffer overflow attack.
Link: http://www.net-security.org/text/bugs/992957789,83405,.shtml
MULTIPLE VULNERABILITIES IN AMLSERVER
AMLServer's "Webpaging" http interface is susceptible to a directory traversal
attack. Adding the string "../" to a URL allows an attacker access to files
outside of the webserver's publishing directory. This allows read access to
any file on the server. A second problem is found in the file pUser.Dat. All
username/password combinations applicable to the various services provided
by AMLServer are stored in this file in plaintext. The mentioned userfile is
stored in the server's main directory. The exact location can be obtained
exploiting another problem in the web interface, a path disclosure bug. The
http-header field 'Location' contains the full path to servermaindir/Messages.
Link: http://www.net-security.org/text/bugs/992958480,13379,.shtml
SECURITY VULNERABILITY IN CISCO TFTPD SERVER 1.1
TFTPD is vulnerable to some kind of primitve directory transversal attack
which allows a remote user to obtain any file from the target system.
Link: http://www.net-security.org/text/bugs/992958565,61005,.shtml
DCSHOP SECURITY VULNERABILITY
The issue does not show up on properly configured servers, i.e. where the
"Everyone"-group has "Full Access" to the CGI-BIN or sub-folders.
Link: http://www.net-security.org/text/bugs/992958636,8903,.shtml
CONECTIVA LINUX SECURITY ANNOUNCEMENT - FETCHMAIL
Fetchmail would segfault when receiving emails with large "To:" headers. This
was due to a buffer overflow in the header parser and it could be exploited
remotely.
Link: http://www.net-security.org/text/bugs/993038284,68116,.shtml
SURGEFTP VULNERABILITIES
1.) A simple directory transversal bug allows listing of normaly unaccessable files
2.) FTP allows anybody to DOS the machine with a well known con/con attack.
Link: http://www.net-security.org/text/bugs/993038307,52537,.shtml
MANDRAKE LINUX SECURITY - KDELIBS UPDATE
A problem exists with the kdesu component of kdelibs. It created a world
readable temporary file to exchange authentication information and delete
it shortly after. This can be abused by a local user to gain access to the X
server and could result in a compromise of the account that kdesu would
access.
Link: http://www.net-security.org/text/bugs/993038396,68436,.shtml
RED HAT LINUX LOCALLY EXPLOITABLE FORMAT STRING
A format string vulnerability exists in the batch SMTP processing code, which
is triggered by any SMTP response that includes a part of its SMTP command.
Link: http://www.net-security.org/text/bugs/993125773,14203,.shtml
W3M MALFORMED MIME HEADER BUFFER OVERFLOW
w3m, a text file/Web browser which is similar to lynx, has a buffer overflow
vulnerability in a routine to parse MIME header. If a user retrieves/downloads
a malformed Web page with w3m, a malicious Web server administrator may
gain an escalated privilege from the w3m user, which is run by w3m remotely.
Link: http://www.net-security.org/text/bugs/993125802,52251,.shtml
CONECTIVA - TWO SECURITY FIXES FOR XINETD
"xinetd" is an alternative to the inetd superserver. zen-parse reported on
Bugtraq a remote buffer overflow vulnerability in xinetd that could be used
by a remote attacker to execute arbitrary commands on the server with
root privileges. Another vulnerability that has been corrected with this release
is the umask setting, which previous versions were configuring to zero. With
the umask set to zero, applications started by xinetd could inadvertently
create world writable files if they did not check this setting before.
Link: http://www.net-security.org/text/bugs/993125833,6282,.shtml
MULTIPLE VENDOR 802.11B ACCESS POINT SNMP FLAW
ISS X-Force has discovered a serious flaw in the authentication mechanism of
the Atmel VNET-B Simple Network Management Protocol (SNMP) implementation.
Atmel devices are provided via Original Equipment Manufacturer (OEM) agreements
to Netgear and Linksys. These devices do not implement any SNMP security
measures, which may allow an attacker to gain access to or control a wireless
LAN (WLAN).
Link: http://www.net-security.org/text/bugs/993126131,21102,.shtml
EPERL ALLOWS THE USER TO EMBED PERL CODE
ePerl allows the user to embed perl code (specified inside ePerl delimiters) in
HTML. ePerl has the ability to "safely" include untrusted files using the #sinclude
directive. The untrusted file is not supposed to be able to specify any perl code
to run, but this safe mode can easily be circumvented. The #sinclude directive
operates by replacing the ePerl delimiters on the untrusted file so that they are
ignored during parsing. The problem is that it still follows the preprocessing
directives, so the untrusted file can then include another file while not in
safe mode.
Link: http://www.net-security.org/text/bugs/993221840,96404,.shtml
KAV (AVP) FOR SENDMAIL FORMAT STRING BUG
While testing this software by permission of Kaspersky Lab, format string bug
was found in syslog() call in avpkeeper
/usr/local/share/AVP/avpkeeper/avpkeeper
utility, which is launched from sendmail to scan and desinfect messages.
Link: http://www.net-security.org/text/bugs/993222097,77121,.shtml
CERBERUS FTP SERVER 1.X REMOTE DOS ATTACK
Cartel security team has found a buffer overflow in the Cerberus FTP server,
which means that an attacker can execute a denial of service attack against
it.This attack will crash the server, without any error. FTP service is then
unavailable.
Link: http://www.net-security.org/text/bugs/993222237,68606,.shtml
A-FTP ANONYMOUS FTP SERVER REMOTE DOS ATTACK VULNERABILITY
Cartel security team has found a buffer overflow in the A-FTP anonymous FTP
server, which means that an attacker can execute a denial of service attack
against it. Once the big buffer has been sent, the server is vulnerable. Only
one more connection is needed to make the FTP service unavailable.
Link: http://www.net-security.org/text/bugs/993222306,99442,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
BASTILLE LINUX RELEASES VERSION 1.2 - [18.06.2001]
The Bastille Linux development team today announced the release of Bastille
Linux 1.2, a hardening script for multiple Linux distributions. With this release,
Bastille Linux delivers on the full promise of simplified, automated security
administration for Linux systems.
Press release:
< http://www.net-security.org/text/press/992862006,86386,.shtml >
----------------------------------------------------------------------------
MANAGED SECURITY SERVICES PORTAL BY LURHQ - [18.06.2001]
LURHQ Corporation announced the release of the Managed Security Services
Portal, a technology that allows the customer to co-manage and monitor their
information security infrastructure. The Managed Security Services Portal
provides a consolidated interface to LURHQ's Managed Firewall, Intrusion
Detection, Anti-virus, and SherlockESM (enterprise security monitoring)
customers.
Press release:
< http://www.net-security.org/text/press/992862138,82967,.shtml >
----------------------------------------------------------------------------
NAI EXPANDS GAUNTLET FIREWALL 6.0 - [18.06.2001]
PGP Security, a division of Network Associates, announced that it has expanded
Gauntlet Firewall 6.0 and virtual private networking (VPN) software support to
include the 64-bit Solaris 8 Operating Environment (Solaris OE) from Sun
Microsystems. This makes PGP Security, with its Gauntlet 6.0 product, one of
the first major firewall application providers to fully support the Solaris OE on all
of Sun's hardware platforms, including the recently introduced Netra T1 and X1
thin servers and the UltraSPARC(TM) III based servers.
Press release:
< http://www.net-security.org/text/press/992862401,65792,.shtml >
----------------------------------------------------------------------------
SECUREINFO CORP. EXPANDS SECURETRAINING INSTITUTE - [18.06.2001]
SecureInfo Corporation has expanded its business operations to include the
newly formed SecureTraining Institute which has added an additional 3000
feet of classroom space and new offices to SecureInfo Corp.'s current
location in the Koger Center.
Press release:
< http://www.net-security.org/text/press/992862692,65353,.shtml >
----------------------------------------------------------------------------
WATCHGUARD ANNOUNCED LIVESECURITY SERVICE GOLD - [18.06.2001]
WatchGuard Technologies, Inc., a leader in Internet security solutions,
announced LiveSecurity Service Gold, a premium support package that
helps administrators quickly and easily deploy large scale, multi-site
Virtual Private Networks. LiveSecurity reduces the complexity of managing
Internet security by integrating customer support with value-added
customer care services that help administrators safeguard their network
against evolving threats.
Press release:
< http://www.net-security.org/text/press/992862901,82296,.shtml >
----------------------------------------------------------------------------
SURFCONTROL'S SUPERSCOUT GETS 5 STAR FROM SC MAG - [19.06.2001]
SurfControl, The Internet Filtering Company, announced today that SC Magazine
has awarded its SuperScout Web Filter an overall rating of five stars in its June
Market Survey of various security related hardware and software products.
SuperScout Web Filter, a software solution that enhances employee productivity,
optimizes bandwidth and reduces legal liability, earned the highest five star
ranking for its features, performance and ease of use among others.
Press release:
< http://www.net-security.org/text/press/992958804,3720,.shtml >
----------------------------------------------------------------------------
ICSA LABS ANNOUNCES NIDS CERTIFICATION - [19.06.2001]
TruSecure Corporation, the leader in information security assurance, announced
that its ICSA Labs division will offer the industry's first and only continuously
deployed testing and certification program for Network Intrusion Detection
Systems (NIDS) to test the functionality and compliance of intrusion detection
products. The NIDS Certification Program offers an independent and
comprehensive process that vigorously tests, assesses and validates the
security of intrusion detection systems relied upon by corporations and
public entities.
Press release:
< http://www.net-security.org/text/press/992959084,73052,.shtml >
----------------------------------------------------------------------------
SECURITY BIOMETRICS ACQUIRES NETFACE LLC - [20.06.2001]
Security Biometrics Inc. announced today that the Company has signed an
agreement to acquire 100% of NetFace LLC for 20 million Security Biometrics
Inc.'s common shares. NetFace holds the exclusive option to license DSI
Datotech, Inc.'s Gesture Recognition Technology specific for video gaming and
Internet/Interactive TV markets. Through its exercise of this license, NetFace
has the first "right of refusal" on the development of other GRT horizontal
markets.
Press release:
< http://www.net-security.org/text/press/993038646,41062,.shtml >
----------------------------------------------------------------------------
SYGATE SECURE ENTERPRISE 2.0 RELEASED - [20.06.2001]
Sygate Technologies, the leader in securing the remote enterprise, unveiled a
new version of its flagship product suite, enabling IT professionals to successfully
defend their organizations from a new generation of stealthy viruses. These
emerging corporate security threats have the power to fool traditional defenses
by changing the way they look several times a day, or masquerading as known
computer programs. They prey on the unprotected machines of remote workers
and mobile professionals to gain access to corporate data centers via existing
VPN and wireless communications, giving hackers unrestricted access to valuable
databases and files.
Press release:
< http://www.net-security.org/text/press/993038820,2135,.shtml >
----------------------------------------------------------------------------
MAX. 6 MONTH TO AUTHOR OF KOURNIKOVA WORM - [21.06.2001]
The suspected author of the infamous Anna Kournikova worm is to face
prosecution in the Netherlands. Jan de Wit is suspected of being "OnTheFly",
the author of the Kournikova worm. It is alleged that he identified himself as
the worm's creator after it infected thousands of computers across the globe
in February. De Wit is due to appear in court on September 12th charged with
spreading information via a computer network with the intention of causing
damage. According to Dutch authorities the maximum sentence he could
receive is either 6 months imprisonment or a fine of 100,000 guilders,
equivalent to over £27,000.
Press release:
< http://www.net-security.org/text/press/993122455,25589,.shtml >
----------------------------------------------------------------------------
11TH ANNUAL VIRUS BULLETIN CONFERENCE IN PRAGUE - [21.06.2001]
Virus Bulletin today announces that the 11th annual Virus Bulletin international
conference and exhibition will be held at the Hilton, Prague on Thursday 27th
and Friday 28th September 2001. VB2001 is the only event to focus exclusively
on the threat of viruses and includes an exhibition and conference programme.
Press release:
< http://www.net-security.org/text/press/993126494,65876,.shtml >
----------------------------------------------------------------------------
Featured products
-------------------
The HNS Security Database is located at:
http://www.security-db.com
Submissions for the database can be sent to: staff@net-security.org
----------------------------------------------------------------------------
NET-COMMANDO 2000 LITE
Net-Commando 2000 Lite is a High-grade Hacker Protection/Prevention, Trojan
Horse virus Detection/Prevention/Removal, it is a cut-down version of its bigger
brother - Net-Commando 2000. It provides uses technology from Net-Commando
2000 to rank itself a Quality Hacker Protection and Trojan Horse virus Detection
Systems.
Read more:
< http://www.security-db.com/product.php?id=599 >
This is a product of Delta Design UK, for more information:
< http://www.security-db.com/info.php?id=130 >
----------------------------------------------------------------------------
DIRECTORYSMART
DirectorySmart, is a proven platform for securing Web applications and defining,
enforcing and delegating e-business security policies across complex business
relationships. By integrating role-based policy management, Web access control
and delegated authority into one comprehensive and easy-to-deploy product,
DirectorySmart enables companies to bring their e-business initiatives to market
quickly and scale to millions of users without incremental costs.
Read more:
< http://www.security-db.com/product.php?id=765 >
This is a product of OpenNetwork Technologies, for more information:
< http://www.security-db.com/info.php?id=176 >
----------------------------------------------------------------------------
BV-CONTROL FOR UNIX
As BindView's premier security solution, bv-Control for UNIX ensures the safety
and reliability of UNIX systems. From comprehensive security assessments to
routine disk space analysis, bv-Control for UNIX delivers the information
necessary to efficiently secure and maintain optimal network service levels.
bv-Control's superior reporting capabilities are flexible and easy-to-use,
allowing security administrators to quickly pinpoint and close security risks -
improving enterprise security and productivity.
Read more:
< http://www.security-db.com/product.php?id=577 >
This is a product of BindView, for more information:
< http://www.security-db.com/info.php?id=29 >
----------------------------------------------------------------------------
Featured article
----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
----------------------------------------------------------------------------
ANONYMIZED? SAFE WEB? NOT YET. by Alexander K. Yezhov
Just a couple of words about the JavaScript filtering problems I've discovered
recently. You could see my posts to bugraq or some reprinted versions
somewhere. I bet almost everyone knows the Anonymizer service. It's a good
tool that lets you stay anonymous surfing the web. Moreover, it blocks the
JavaScript code placed on the web pages. The problem is that it just comments
scripts instead of cutting them out. On the one hand it's good since you can
look at the original JavaScript code if you want. On the other hand this
commenting has some disadvantages.
Read more:
< http://www.net-security.org/text/articles/anonymized.shtml >
----------------------------------------------------------------------------
Defaced archives
------------------------
[18.06.2001]
Original: http://www.kenwood.cd/
Defaced: http://defaced.alldas.de/mirror/2001/06/18/www.kenwood.cd/
OS: Windows
Original: http://www.hackerwatch.org/
Defaced: http://defaced.alldas.de/mirror/2001/06/18/www.hackerwatch.org/
OS: Windows
Original: http://www.parliament.ru/
Defaced: http://defaced.alldas.de/mirror/2001/06/18/www.parliament.ru/
OS: Windows
[19.06.2001]
Original: http://www.interface.microsoft.co.za/
Defaced: http://defaced.alldas.de/mirror/2001/06/19/www.interface.microsoft.co.za/
OS: Windows
Original: http://www.bentleyslondon.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/19/www.bentleyslondon.com/
OS: Windows
Original: http://www.governor.state.tx.us/
Defaced: http://defaced.alldas.de/mirror/2001/06/19/www.governor.state.tx.us/
OS: Windows
[20.06.2001]
Original: http://www.artmuseum.net/
Defaced: http://defaced.alldas.de/mirror/2001/06/20/www.artmuseum.net/
OS: Windows
Original: http://www2.saude.sp.gov.br/
Defaced: http://defaced.alldas.de/mirror/2001/06/20/www2.saude.sp.gov.br/
OS: Windows
[21.06.2001]
Original: http://arulk.rte.microsoft.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/21/arulk.rte.microsoft.com/
OS: Windows
Original: http://feeds.mobile.msn.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/21/feeds.mobile.msn.com/
OS: Windows
Original: http://redsand.rte.microsoft.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/21/redsand.rte.microsoft.com/
OS: Windows
[22.06.2001]
Original: http://atwnt368.external.hp.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/22/atwnt368.external.hp.com/
OS: Windows
Original: http://service-asc.sel.sony.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/22/service-asc.sel.sony.com/
OS: Windows
Original: http://webcfeedback.msn.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/22/webcfeedback.msn.com/
OS: Windows
[23.06.2001]
Original: http://booksrv2.raleigh.ibm.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/23/booksrv2.raleigh.ibm.com/
OS: Windows
Original: http://www.x.org/
Defaced: http://defaced.alldas.de/mirror/2001/06/23/www.X.Org/
OS: Windows
Original: http://www.ericsson.co.ma/
Defaced: http://defaced.alldas.de/mirror/2001/06/23/www.ericsson.co.ma/
OS: Windows
Original: http://ecs08.external.hp.com/
Defaced: http://defaced.alldas.de/mirror/2001/06/23/ecs08.external.hp.com/
OS: Windows
Original: http://www.netbsd.hu/
Defaced: http://defaced.alldas.de/mirror/2001/06/23/www.netbsd.hu/
OS: Windows
[24.06.2001]
Original: http://www.fiat.ch/
Defaced: http://defaced.alldas.de/mirror/2001/06/24/www.fiat.ch/
OS: Windows
Original: http://www.lancia.ch/
Defaced: http://defaced.alldas.de/mirror/2001/06/24/www.lancia.ch/
OS: Windows
Original: http://www.schmidt.de/
Defaced: http://defaced.alldas.de/mirror/2001/06/24/www.schmidt.de/
OS: Windows
Original: http://www.police.york.on.ca/
Defaced: http://defaced.alldas.de/mirror/2001/06/24/www.police.york.on.ca/
OS: Windows
----------------------------------------------------------------------------
========================================================
Help Net Security T-Shirt available
========================================================
Thanks to our affiliate Jinx Hackwear we are offering you the opportunity
to wear a nifty HNS shirt :) The image speaks for itself so follow the link
and get yourself one, summer is just around the corner.
Get one here: http://207.21.213.175:8000/ss?click&jinx&3af04db0
========================================================
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org
http://security-db.com