Net-Sec Newsletter Issue 40 - 04.12.2000 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured articles 5) Featured books 6) Security software 7) Defaced archives General security news --------------------- ---------------------------------------------------------------------------- HONEYNET TEAM During just one month of monitoring, the Honeynet team's "honey pot," which poses as a real network to attract attackers, had been scanned by hundreds of unique IP addresses looking for two particular ports: UDP (User Datagram Protocol) port 137, used by the NetBIOS Naming Service, and TCP port 139, the tried-and-true NetBIOS Session Service. This should not surprise loyal Security Watch students, who know that these ports, which are the Achilles' heels of Windows 9x/ME computers, turn users into "easy @Home and DSL victims." Knowing the proliferation of Windows 9x systems on the Internet and admitting more than idle curiosity about attackers targeting Windows systems, the team decided to build a default Windows 98 system with the entire C: drive shared to the world - hoping the "black-hat" bad guys would come. And come they did. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_296206_1794_9-10000.html THE STORY OF JEFF - PART I and II This story is the ongoing saga of Jeff, a tragic tale full of hardship, heartbreak and triumph over impossible odds. Jeff is your average network administrator, responsible for Acme Inc's Microsoft based corporate network. We start with the basics and steadily spiral into madness and insanity as Jeff's network is repeatedly broken into. Part I: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/cover/coverstory20001127.html Part II: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/jeff20001201.html ANY PORT IS A HACKER STORM "One of the biggest information giveaways for hackers is for you to have machines with ports that aren't in use but respond anyway. Windows, unfortunately, makes it horribly easy to leave your machine open for information to be discovered." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nwfusion.com/columnists/2000/1127gearhead.html SIGNED CODE: SECURITY OR CENSORSHIP? Depending on Microsoft's approach, code signing could not only secure the desktop, but the software giant's control over it as well. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.excite.com/news/zd/001127/11/signed-code-security SOLARIS BSM AUDITING When considering the security of a system we need to be concerned not only with which features and tools we use to implement the access restrictions, but also with what logging of access we do. Logging is important for two main reasons: regular analysis of our logs gives us an early warning of suspicious activity and, if stored securely it can provide the evidence required to find out what went wrong when a breach in the security policy occurs. In this article, Darren Moffat, of the Solaris Security Technoglies Group at Sun Microsystems, gives us an overview of the Basic Security Module implementation and management aspects, and provides us insight helpful in raising security to another level in "Solaris BSM Auditing." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/sun/articles/bsmaudit1.html FORGET PASSWORDS, WHAT ABOUT PICTURES? We're drowning in passwords, and our brains are rebelling. Most of us have one of two strategies for remembering all these new strings of letters and numbers: use the exact same password across the board, or keep written reminders of the various secret phrases. Either way, the entire purpose of passwords - security - is undermined. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2657540,00.html FREEBSD WEB SITE GOT DEFACED It looks like FreeBSD web site (www.freebsd.org) got defaced. If you surf to the page, you won't see anything strange, but look down and you will see "FreeBSD got a new Security Officer. Nohican and {} would like to wish the new Security Officer (Kris) good luck on his new job. We are sure you will do a great job!". Frank Van Vliet aka {} is well known for his "white hat" hacks of Slashdot and Apache.org Link: http://www.net-security.org/misc/sites/www.freebsd.org/ MICROPROSE WEB SITE DEFACED Games developer Microprose, famous for such simulation titles as GrandPrix 3, has had its Web site defaced by group known as "Delinquent Hacking Organisation". Link: http://www.theregister.co.uk/content/6/15008.html 'EVIL' UNISYS EMPLOYEES A former Unisys accounts clerk that went over to the dark side is being sued for deceit and breaches of fiduciary duty for allegedly rerouting more then 828,273 british pounds into an unauthorized bank account. Link: http://www.securitywatch.com/scripts/news/list.asp?AID=4856 CREEPY CRAWLERS VBS/Jean-A is a Visual Basic Script worm that will send copies of itself to each of the first 50 entries in the Microsoft Outlook addressbook. It tarrgets German Internet users, as the whole message is written in German. Currently Sophos has received just one report of this worm in the wild. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sophos.com/virusinfo/analyses/vbsjeana.html PRIVACY, SECURITY TOP CONCERNS FOR ONLINE SHOPPERS Nearly half of regular Internet users cite privacy and security as their biggest concerns when shopping online, according to a recent survey. Because of those concerns, 31 percent of survey participants said they would not shop on the Web this holiday season, and 38 percent said they will limit the amount they spend online. The survey "proves many consumers will not make purchases on the Web because they are afraid that their personal privacy will be violated or their credit card and identity will be stolen," said Al Decker, Fiderus CEO, in a prepared statement. Link: http://www.crn.com/Sections/BreakingNews/dailyarchives.asp?ArticleID=21928 CYBER-TERRORISM A focus is beginning to emerge about the topic of cyber-terrorism. For some time, everything bad, or perceived as bad, on the Internet fell into the black hole known as cyber-terrorism. Events as varied as hacking, political protests, actions by international terrorists, wartime attacks on computers, denial of service attacks, and trashing Websites came under cyber-terrorism. Fortunately, a more mature perspective continues to emerge. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/cyberterrorism20001128.html SMART CARDS POISED TO CHANGE THE FACE OF PAYMENT The ability to manufacture forged smart chip processors will likely be beyond the means of all but the most organized criminal operations. Because of this, Visa International believes that a move to smart card technology could reduce payment card fraud by as much as 90 percent. That's because defrauding a smart card system isn't a matter of copying down numbers and expiration dates, or forging government notes. Those types of crimes involve fooling a person. But smart card purchases don't go through until the card itself says they're OK. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sfgate.com/technology/expound/ MTX VIRUS WON'T LET YOU GET HELP A computer virus that's smart enough to block its victims from getting help is steadily spreading around the Internet. The bug, called MTX, was discovered in August and initially labeled a low risk. But in recent weeks, infections have been growing and last week it was the most prevalent virus in the world, according to one antivirus firm. The bug has one very sinister feature: once it infects a user, it's programmed to stop the victim from visiting antivirus Web sites and sending "mayday" emails to antivirus companies. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/47/ns-19366.html ISC DHCPD It's interesting to see the number of articles written on ISC's DNS server BIND, compared with the total lack of coverage of one of their other products that is just as important - DHCP. DHCP stands for Dynamic Host Control Protocol and does exactly what it claims. There is practically no information available online regarding DHCP security. This is odd, considering the ubiquity of DHCP servers on most networks. Unlike BIND, the ISC DHCP server does not have command line options to chroot the server or run it as a non-root user. This means that most DHCP servers are running non-chrooted and as root, increasing the chances that any security flaws found will be quite serious. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20001129.html SDMI AWARDS HACKERS IN CONTEST A music and technology forum that ran a $10,000 contest back in September challenging people to hack into copyright protection technologies said it was paying prize money to two hackers. The Secure Digital Music Initiative (SDMI) said it was contacting two successful challengers, who will receive $5,000 each, for participation in the HackSDMI public invitation. The two challengers emerged from a field of 447 submissions as the only ones able to remove the protection systems and successfully disable one of five technologies currently under consideration for SDMI screening technology, the group said. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/47/ns-19363.html YAHOO!: ENCRYPTION FOR THE MASSES Yahoo! is the first Web portal to introduce an email encryption service. The company is clear that the service is not end-to-end, but offers a "certain level of security" to the person receiving the email. While some people question the value of mass market encryption products, Topsoft, a UK encryption specialist, positively encourages it. "Encryption suffers from something of an image problem," says Topsoft's non-executive director, Tom Parker. "We need to get it into use in the general population. People are beginning to see the value of the security it offers, but are intimidated by the techie image it has." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15100.html ADVANCED BIOMETRICS GIVES SECURITY A HAND Advanced Biometrics is developing biometric track ball and mouse technology to be used in identification and authentication. The track ball or mouse, provisionally named Live Grip, maps the substructure of the human hand by measuring veins, deep creases, scars and fatty tissue density through infrared light. With alpha testing scheduled for the first quarter of next year and with e-commerce beta testers signed on, the company is targeting the technology for business-to- business Web sites, credit card issuers and financial institutions. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2658995,00.html SECURITY REVIEW: VELOCIRAPTOR FIREWALL KICKS! Similar to the Nokia IP650 firewall appliance, VelociRaptor runs on an Intel compatible AMD-K6 platform. Its Remote Management Console (RMC) for Windows NT and Windows 2000 makes it ideal for organizations that need to manage firewall services remotely at customer sites or field offices. All communication between the RMC console and the VelociRaptor is encrypted for secure management over a public network. Included with all VelociRaptor units is a proxy-secured gateway-to-gateway Virtual Private Network (VPN) tunneling capabilities. The VPN capabilities are based on the standard IPSec protocol. Link: http://alllinuxdevices.com/news_story.php3?ltsn=2000-11-29-006-03-SC-SA INTRODUCTION TO INCIDENT HANDLING Incident handling is a generalized term that refers to the response by a person or organization to an computer security incident or attack. An organized and careful reaction to an incident could mean the difference between complete recovery and total disaster. This paper by Chad Cook provides a logical, sequential approach to managing two of the most common forms of attack - viruses and system compromise. The method this article describes is a useful step-by-step approach for safe recovery and response without the need for highly technical knowledge. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/basics/articles/inchan.html PHP.PIRUS This virus is written in PHP and is contained in a file that is 718 bytes long. When executed, the virus searches the current directory for files with .php or .htm extensions. If one of these files is writable, the virus opens the file to determine if the file is already infected. If the file is not infected, the virus inserts a line to execute the original viral file rather than appending itself to the infected file. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sarc.com/avcenter/venc/data/php.pirus.html SECURITY COMPANY'S WEB SITE ATTACKED Computer security firm Network Associates was left embarrassed after two of its corporate Web site were defaced Wednesday although it claims it is not its fault. A group calling itself Insanity Zine defaced the Brazilian homepages of two Network Associates sites: www.nai.com.br and www.mcafee.com.br. The defacement represents as a major embarrassment for a company that produces software designed to protect computer systems from security threats. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/47/ns-19398.html SECURITY-SERVICES MARKET Demand for information-security services will skyrocket in the next three years, according to market-research and advisory firm IDC. The U.S. market for security consulting, implementation, management and training services will leap to $8.2 billion in 2004 from $2.8 billion this year, IDC says. The worldwide market will increase at a compound annual growth rate of 26 percent, to $17.2 billion in 2004 from $5.5 billion in 1999. Link: http://www.crn.com/Sections/BreakingNews/dailyarchives.asp?ArticleID=22034 FINGERPRINTS AND SMARTCARDS Fighting off hooligans and providing disco dollars to regulars, a new "cyber bouncer" is making waves in European nightclubs. It cuts through the fake IDs, credit cards and drivers licenses to allow club owners to easily assess who causes trouble and who doesn’t. The new system, developed by a U.S. company, has been implemented with a piece of technology the size of a credit card. These "smart cards" have a computer strip that stores a swathe of information. It can record biometric data including a person’s fingerprints. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://abcnews.go.com/sections/world/DailyNews/britain_cyberbouncers001130.html BENCHMARKING SOLARIS A new collaborative security organization is preparing to release the first in a wave of security benchmarks for commercial products widely used in government, industry and academia. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.fcw.com/fcw/articles/2000/1127/web-cis-11-29-00.asp JUDICIARY WEIGHS PRIVACY, ACCESS The federal judiciary is asking for the public's help in hashing out the privacy issues attendant with allowing web access to court case files, which can sometimes include such sensitive information as medical histories, personnel files, tax returns and social security numbers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/120 WEBCASTERS, MEDIA GROUPS SPAR OVER COPYRIGHT PROPOSAL Digital media companies and leaders in the entertainment industry faced off in a hearing that could lead Congress to propose changes to online intellectual- property laws. The first, and most contentious proposal would have amended Section 109 of the act to make the "first sale" privilege - the provision that permits the resale of used books, for example - apply expressly to digital transmissions of copyrighted works. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/12/01/news1.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- IIS 5.0 WITH PATCH Q277873 IS BAD FOR YOU Microsoft issued: "Microsoft Security Bulletin (MS00-086). Patch Available for "Web Server File Request Parsing" Vulnerability. Originally posted: November 06, 2000. Updated: November 21, 2000" which installs patch Q277873. Unfortunately patch Q277873 opens another vulnerability which allows executing arbitrary programs on the web server. Link: http://www.net-security.org/text/bugs/975377848,40922,.shtml SECURITY PROBLEMS WITH TWIG WEBMAIL SYSTEM Twig is designed to allow the use of virtual hosting, unfortunatly the script that checks this fails to check for user suplied input, thus allowing anyone to submit malicious values as the configuration directory. Link: http://www.net-security.org/text/bugs/975377903,16734,.shtml IBM NET.DATA LOCAL PATH DISCLOSURE IBM's Net.Data package (often used in conjuction with NetCommerce3 and db2www) will disclose the local path of server files if fed improper requests. This software is in use on a variety of sites, including several online-shopping locales. Link: http://www.net-security.org/text/bugs/975462531,47164,.shtml SUSE LINUX 6.X 7.0 IDENT BUFFER OVERFLOW This advisory details a buffer overflow vulnerability under SuSE Linux that can enable a malicious user to cause Identification Protocol (Ident) handling to crash. Due to the overflow, the system will no longer be able to establish certain connections which use Ident, for example IRC (Internet Relay Chat) connections. If the Ident daemon is not running, users wishing to connect to IRC will not be allowed to make a connection. In the this case the vulnerability could be used in a denial of service attack to keep a person of irc. It's not clear at this present time whether this vulnerability could be exploited in such a way that arbitrary code is executed. If so, this will happen with the privileges of the user "nobody" in a default installation. Link: http://www.net-security.org/text/bugs/975462563,49538,.shtml 24LINK WEBSERVER VULNERABILITY A vulnerability was found in 24Link 1.06 Web Server for Windows 95/98/2000/NT machines. The vulnerability allows you to view any password protected files on the Web Server, provided that the Authorization - Check User Name and Password- On all Requests option wasn't chosen, which asks for user name/password for every request sent to the server. Link: http://www.net-security.org/text/bugs/975462579,88789,.shtml REMOTE FILE ATTACHMENT THEFT WebMail (possibly WhoWhere.com software) as installed on comm.lycos.com, angelfire.com, eudoramail.com and others allows an attacker to hijack other people's attachments by modifying the hidden form fields on the compose message form. Link: http://www.net-security.org/text/bugs/975547058,21897,.shtml MANDRAKE LINUX - BASH1 UPDATE The bash1 shell program has the same << vulnerability that tcsh has and incorrectly creates temporary files without the O_EXCL flag. This vulnerability does not exist in bash2 which uses the O_EXCL flag when creating temporary files. Link: http://www.net-security.org/text/bugs/975547095,61321,.shtml CISCO 675 DENIAL OF SERVICE ATTACK The Cisco 675 DSL routers with the Web Administration Interface enabled can be crashed (hard) using a simple GET request. CBOS versions 2.0.x through 2.2.x have been found to be vulnerable. The new CBOS 2.3.x has not been tested, but there are no notes in the 2.3.x changelogs to indicate that they've fixed this problem. Effected 675s were configured in PPP mode. The 'Web Administration Interface' is enabled by default in CBOS revisions 2.0.x and 2.2.x. Link: http://www.net-security.org/text/bugs/975547115,60889,.shtml DOS IN SONICWALL SOHO FIREWALL I was just playing a bit with a Sonicwall SOHO firewall, to verify performances and security of the product. I've noticed that using a very long string (some hundreds of chars) as the User Name in the auth page of the Sonicwall web server, the firewall reacts strangely: it begins to refuse connections to the 80/tcp port and it stops routing packets from the internal LAN. After about 30 seconds it apparently returns normal. Link: http://www.net-security.org/text/bugs/975547130,93049,.shtml SUSE SECURITY ANNOUNCEMENT: NETSCAPE Michal Zalewski < lcamtuf@DIONE.IDS.PL> has found a buffer overflow in the html parser code of the Netscape Navigator in all versions before and including 4.75. html code of the form < form action=foo method=bar> < input type=password value=long string here> more form tags < /form> can crash the browser. It may be possible for an attacker to supply a webpage that executes arbitrary code as the user running netscape. As of today, no exploit code is known to exist in the wild. Link: http://www.net-security.org/text/bugs/975637488,44617,.shtml DEBIAN LINUX - FSH SYMLINK ATTACK Colin Phipps found an interesting symlink attack problem in fsh (a tool to quickly run remote commands over rsh/ssh/lsh). When fshd starts it creates a directory in /tmp to hold its sockets. It tries to do that securely by checking of it can chown that directory if it already exists to check if it is owner by the user invoking it. However an attacker can circumvent this check by inserting a symlink to a file that is owner by the user who runs fhsd and replacing that with a directory just before fshd creates the socket. Link: WINDOWS 2000 TELNET SERVICE DOS The Telnet Service in question is vulnerable to a simple Denial of Service attack. The problem apparently lies within the login routine of the daemon. The problem can be demonstrated by telneting to a machine running the specified version of the Telnet Service and waiting at the login/password prompt until a session timeout takes place. However, after it does time out the connection is not reset by the daemon until the user presses a key. In Windows 2000 Professional, due to the fact, it allows only one telnet connection per host, this will effectively disable access for the authorized user. Link: http://www.net-security.org/text/bugs/975637518,37939,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- SECURE COMPUTING PARTNER WITH EDS - [28.11.2000] Secure Computing, announced the formation of an alliance agreement with EDS, the leading pure-play global services company that offers corporations and government clients a scalable safe, secure extranet for their growing e-business strategies. Press release: < http://www.net-security.org/text/press/975376733,13922,.shtml > ---------------------------------------------------------------------------- PRIVILEGE - FINALIST FOR SIIA 2001 CODIE AWARD - [28.11.2000] Aladdin Knowledge Systems, a global leader in the field of Internet content and software security, today announced the Software & Information Industry Association named Aladdin's Privilege software licensing and distribution solution a finalist for SIIA's coveted 2001 Codie Award in the Best Application Service Solution category. Press release: < http://www.net-security.org/text/press/975376826,41652,.shtml > ---------------------------------------------------------------------------- US AF AWARDS TINY SOFTWARE WITH CONTRACT - [28.11.2000] Tiny Software Inc., a leader in router and firewall software solutions for small to medium size networks, today announced that it has been awarded a contract by the Air Force Information Warfare Center to develop a centrally managed desktop security (CMDS) system. When complete, the CMDS will provide the Air Force the capability to manage its network security enterprise environment in a truly hierarchical method. The CMDS will manage the network security environment through policy enforcement. The system is designed to report suspicious events through the network-established hierarchy and will log network connections to the desktop. Press release: < http://www.net-security.org/text/press/975376889,25418,.shtml > ---------------------------------------------------------------------------- TINY PERSONAL FIREWALL V.2 FREE FOR DOWNLOAD - [28.11.2000] Tiny Software Inc., a leader in router and firewall software solutions for small to medium size networks, today released version two of its popular Tiny Personal Firewall. Free for personal use, Tiny Personal Firewall v.2 is an easy-to-use software firewall that prevents unauthorized access, offers high security for computers and is based on the award winning, ICSA-certified WinRoute Pro security technology. Press release: < http://www.net-security.org/text/press/975376937,92063,.shtml > ---------------------------------------------------------------------------- FORMER CTO OF XEROX.COM JOINS VYNAMIC - [29.11.2000] Vynamic™, the Portsmouth, NH based e-Learning security firm, announced the appointment of Fred Damiano as Chief Technology Officer. Mr. Damiano joins Vynamic from his former position as CTO for Xerox Corporation's Internet Business Group/ www.xerox.com. Mr. Damiano will be responsible for leading all aspects of Vynamic's technology development, including the launch of the company's technology center - a 25-person engineering team that will be located in Rochester, NY. Press release: < http://www.net-security.org/text/press/975463471,52026,.shtml > ---------------------------------------------------------------------------- SOPHOS GETS CERTIFICATION FOR 100% DETECTION - [29.11.2000] Sophos Anti-Virus, the world's leading developer of corporate anti-virus protection, announced today that the three versions of its product recently submitted for Checkmark certification have passed the test effortlessly. Sophos Anti-Virus for Windows 95/98, Windows NT and NetWare have all attained Anti-Virus Checkmark level 1, providing further proof that the products are capable of detecting all known 'in-the-wild' viruses. Press release: < http://www.net-security.org/text/press/975463562,39020,.shtml > ---------------------------------------------------------------------------- MCP MAG'S 'COMPREHENSIVE FIREWALL PROTECTION' - [01.12.2000] Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention solutions for e-Business networks, announced that it was favorably reviewed and recommended by Microsoft Certified Professional Magazine, considered by many to be the most prestigious of the Microsoft-dedicated publications. Press release: < http://www.net-security.org/text/press/975638135,29699,.shtml > ---------------------------------------------------------------------------- TOP TEN VIRUSES IN NOVEMBER 2000 - [01.12.2000] This is the latest in a series of monthly charts counting down the ten most frequently occurring viruses as compiled by Sophos, the world leaders in corporate anti-virus protection. Press release: < http://www.net-security.org/text/press/975638244,77952,.shtml > ---------------------------------------------------------------------------- Featured articles ----------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org Below is the list of the recently added articles. ---------------------------------------------------------------------------- HYPE AND THE SECURITY SCENE: TAKING THE "REP" by Thejian Ever since there has been a "hackerscene" there has been a constant struggle between its "inhabitants" and mainstream media over words. That's all it is you know, "what's in a name" to put it really (really :) trite. Wether it was hacker, cracker or script kiddie, wether it was Kevin Mitnick or Mafiaboy (or neither) who represents the word "hacker", there was and will always be disagreements and misconceptions in and about this scene when it comes to words. Read more: < http://www.net-security.org/text/articles/thejian/rep.shtml > ---------------------------------------------------------------------------- THE ATTRITION.ORG STAFF ON CYBERWAR AND THE MEDIA "CyberWar Rages in the Middle East!!! YOUR Servers could be next!!!" - is is the kind of crap coming out of so-called security companies and news media lately. The real irony is that they are using data from the Attrition web defacement mirror to support their hyped conclusions. Let's take a little reality break, folks - the sky isn't falling. Read more: < http://www.net-security.org/text/articles/attrition.shtml > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- RHCE: RED HAT CERTIFIED ENGINEER STUDY GUIDE Passing the RHCE Certification Exam (RH302) isn't easy, students must master intense lab-based components. The hands-on exam requires success in installing and configuring Red Hat, setting up common network (IP) services, and performing essential administration, diagnostic tests and troubleshooting, among other internetworking and systems administration tasks. The RHCE Study Guide is THE answer for anyone who wants to take and pass the RHCE Certification Exam (RH302) in order to become certified in setting up and administering a Red Hat Linux server for critical network services and security. Coverage includes important background information, hands-on exercises for lab-based topics, real-world troubleshooting exercises for a variety of scenarios, challenging review questions for each exercise, strategies, tips and tricks for passing the exam. Book: < http://www.amazon.com/exec/obidos/ASIN/0782127932/netsecurity > ---------------------------------------------------------------------------- WINDOWS NT/2000 NETWORK SECURITY This book is intended primarily for LAN administrators, system programmers, information security staff, and advanced users. Although the main focus of the book will be technical, many facets of Windows NT security involve practicing sound control procedures. As such, much of the book's discussion will be pertinent to all three groups. Topics covered: How to keep Microsoft Windows NT 4.0 and Windows 2000 secure in networked environments. Specific areas of coverage include a primer on the various modes of attack, security-minded everyday system administration, security of specific services, protection against viruses, and maintenance of security in a virtual private network. Book: < http://www.amazon.com/exec/obidos/ASIN/1578702534/netsecurity > ---------------------------------------------------------------------------- SAIR LINUX AND GNU CERTIFICATION LEVEL 1, SYSTEM ADMINISTRATION Topics covered: The concepts, facts, and procedures you need to understand to pass the installation and configuration exam (3X0-103) en route to Sair Linux & GNU Certified Professional (LCP) certification. Most coverage goes to the Linux 2.2.x kernel itself, but the author walks you through installation and configuration of Red Hat Linux 6, SuSE Linux 6.1, Caldera OpenLinux 2.2, and Slackware 4. He also highlights some differences that show up in a few other distributions. Other coverage goes to hardware compatibility, preinstallation planning, the bash shell and its important commands, and top utilities. Book: < http://www.amazon.com/exec/obidos/ASIN/0471369764/netsecurity > ---------------------------------------------------------------------------- SSL AND TLS: DESIGNING AND BUILDING SECURE SYSTEMS >From the Back Cover "This is the best book on SSL/TLS. Rescorla knows SSL/TLS as well as anyone and presents it both clearly and completely.... At times, I felt like he's been looking over my shoulder when I designed SSL v3. If network security matters to you, buy this book." Paul Kocher, Cryptography Research, Inc. Co-Designer of SSL v3 "Having the right crypto is necessary but not sufficient to having secure communications." Book: < http://www.amazon.com/exec/obidos/ASIN/0201615983/netsecurity > ---------------------------------------------------------------------------- PROFESSIONAL WINDOWS DNA: BUILDING DISTRIBUTED WEB APPLICATIONS WITH VB, COM+, MSMQ, SOAP, AND ASP This book is for anyone involved with building distributed web applications that want to see the bigger picture. As such the book assumes a working knowledge of VB and ASP in places, but the emphasis is not so much on the code as on where each of the pieces fit into the puzzle. It's designed to give you an idea of how each area or technology affects you, enabling you to make informed decisions about whether to pursue a subject further, or confidently assert that you can do without it. This book takes an in-depth look at the DNA architecture, focusing on fitting the pieces of the puzzle together. Each of the logical tiers is examined, with particular emphasis placed on the features COM+ contains to make component building simpler and more powerful. Book: < http://www.amazon.com/exec/obidos/ASIN/1861004451/netsecurity > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- EMAILPATROL 1.0 EmailPatrol is an online email previewer. EmailPatrol will download the headers and a user defined number of lines for a fast preview of the mailbox contents. This feature is specially designed to avoid potential security risks regarding the spread of macro viruses by email attachments. EmailPatrol has a browser -like interface, and provides basic information about all the messages in the user's mailbox. The user can then choose to delete the message, drag and drop the whole message contents into the desktop or forward the message to another address. Info/Download: < http://net-security.org/various/software/975087472,3606,.shtml > ---------------------------------------------------------------------------- PASSWORD STORE 1.81 (PALMOS 2.0) Password Store is a program that stores a list of all of your passwords. It makes it easy to keep track of passwords and PINs for credit cards, email accounts, phone cards, and more. Password Store can also be protected with its own password to keep your information safe. Info/Download: < http://net-security.org/various/software/975087617,111,.shtml > ---------------------------------------------------------------------------- FLOWPROTECTOR GLOBAL INTERNET SECURITY FlowProtector Global Internet Security provides computer protection for Internet users. It includes a secure Web browser that neutralizes spy software, cleans up cookies and cache, adds a proxy for parental control, and includes a micro firewall that detects online activity. Info/Download: < http://net-security.org/various/software/975087760,99482,.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [26.11.2000] - Borland (mail server) Original: http://mail.borland.pl/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/26/mail.borland.pl/ [26.11.2000] - Israel Lands Authority Original: http://mmichavah.mmi.gov.il/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/26/mmichavah.mmi.gov.il/ [26.11.2000] - Wuqing China Gov Original: http://www.tjwq.gov.cn/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/26/www.tjwq.gov.cn/ [26.11.2000] - AT&T Global Network Services Italia Original: http://www.att.it/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/26/www.att.it/ [26.11.2000] - State of California Original: http://svhqwebstat1.dot.ca.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/26/svhqwebstat1.dot.ca.gov/ [27.11.2000] - National Institutes of Health Original: http://nlmplan.nlm.nih.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/27/nlmplan.nlm.nih.gov/ [27.11.2000] - Banco Central do Brasil Original: http://www.bcb.gov.br/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/27/www.bcb.gov.br/ [27.11.2000] - Taipei Hospital, Department of Health Original: http://www.ptph.gov.tw/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/27/www.ptph.gov.tw/ [28.11.2000] - Ministry of Endowments and Islamic Affairs Original: http://www.islamweb.net/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/28/www.islamweb.net/ [28.11.2000] - Posta Crne Gore d.o.o. Podgorica Original: http://www.posta.cg.yu/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/28/www.posta.cg.yu/ [28.11.2000] - Department of Materials Science and Engineering, U of Arizona Original: http://oxygen.mse.arizona.edu/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/28/oxygen.mse.arizona.edu/ [29.11.2000] - Samsung [South Africa] Original: http://www.samsung.co.za/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/29/www.samsung.co.za/ [29.11.2000] - Sony Schweiz SA Original: http://www.sony.ch/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/29/www.sony.ch/ [29.11.2000] - McAfee - Network Associates do Brasil Original: http://www.mcafee.com.br/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/29/www.mcafee.com.br/ [29.11.2000] - Network Associates do Brasil Original: http://www.nai.com.br/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/29/www.nai.com.br/ [29.11.2000] - Istra Informaticki Inzenjering Original: http://www.iii.hr/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/29/www.iii.hr/ [29.11.2000] - SRH - Secretaria dos Recursos Hídricos do Estado do Ceará Original: http://www.ra.gov.ee/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/29/www.ra.gov.ee/ [29.11.2000] - Ministerio de la Presidencia de la república de Venezuela Original: http://www.venezuela.gov.ve/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/29/www.venezuela.gov.ve/ [29.11.2000] - Federal Aviation Administration - ABA Home Page Original: http://abaweb.faa.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/29/abaweb.faa.gov/ [30.11.2000] - Dell Computadores Original: http://www.dell.com.br/ Defaced: http://www.attrition.org/mirror/attrition/2000/11/30/www.dell.com.br/ ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org