HNS Newsletter
Issue 47 - 22.01.2001
http://net-security.org
 
This is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. Visit Help 
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter

Current subscriber count to this digest: 1805

Table of contents:
 
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security software
6) Defaced archives



General security news
---------------------
 
----------------------------------------------------------------------------

WORLD FOR WORMS
The Kakworm virus was responsible for more helpdesk calls than the Love Letter 
virus during 2000, even though Love Letter caused major business disruption 
during May, according to antivirus software supplier Sophos.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/2/ns-20225.html


HONEYNET CHALLENGE
"One of the primary goals of the Honeynet Project is to find order in chaos by 
letting the attackers do their thing, and allowing the defenders to learn from 
the experience and improve. The latest challenge, inspired by the Honeynet 
Project's founder Lance Spitzner, is the Forensic Challenge. Only this time, 
we're opening it up to anyone who wants to join in... The best 20 submissions 
will win a copy of "Hacking Exposed", Second Edition (courtesy of Foundstone)".
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://project.honeynet.org/challenge/


MANY INDIAN WEB SITES HACKED IN 2000
Some 635 Indian Web sites were hacked during the year 2000 - reflecting the 
low awareness level of Internet security amongst Indian companies - according 
to Dewang Mehta, president of the National Association of Software and Service 
Companies. Companies spend only 0.8 percent of their total IT spending on 
Internet security annually as against the world average of 5.5 percent. Since 
95 percent of the sites hacked are hosted abroad, Indian firms believed that 
Web hosting companies would take care of the security aspects, which 
generally does not happen, added Mehta.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/160515.html


IT COMPANIES CREATE PRIVATE COMPUTER SECURITY NETWORK
Today, a group of more than 20 information technology companies - including 
Intel, AT&T, Microsoft, IBM and Hewlett Packard will announce a major milestone 
in their efforts to create a private network for sharing information on computer 
security weaknesses and cyber-attacks. The details of the announcement 
center on a mechanism the industry is crafting to share information on cyber
attacks, vulnerabilities and security practices that can be used to better 
respond to deliberate intrusions into computer networks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/01/16/news1.html


COMPUTER CRIME INVESTIGATOR'S TOOLKIT: PART III
While one doesn't have to be a master programmer to be a computer crime 
sleuth, being able to read code helps generate insight. If you find a Perl script 
useful for checking the aging of passwords, for example, understanding how 
the program works goes a long way toward implementing the tool properly. 
And, you learn during the process how to develop your own tools. Some 
investigators may prefer C or C++ as a starting point. That preference has 
some merit since quite a few computer security tools are available written 
in those languages. But the most important skill is to learn a code and then 
build on that knowledge. More common ground exists between languages 
than you might realize.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/feature20010116.html


SECURITY SOFTWARE MARKET SET TO GROW
The worldwide security software market is due to grow at a compound rate 
of 21.7% through to 2004, when revenue will be over $6.7bn, according to a 
recent study. The report from Gartner Dataquest, "Internet and E-commerce 
drive Security Software Growth", also points to increasing focus by large 
companies such as IBM/Tivoli and HP on security in their core offerings. 
Apparently 31% of the security software market in 1999 was Anti-Viral 
software. Of this, Network Associates has 43.8% market share, followed 
by Symantec with 33.8%, and Trend Micro at 11.9%.
Link: http://www.netimperative.com/technology/newsarticle.asp?ArticleID=7513&ChannelID=3&ArticleType=1


LINUX FIREWALL - THE TRAFFIC SHAPER
The firewall is a fundamental component of all computer security strategies. 
However, the simple firewall is not only restricted to safeguarding the user's 
valuable information - it can also optimize the user's bandwidth. This article, 
by Jeroen Wortelboer and Jan Van Oorschot will discuss how Linux firewalls 
can be used to shape traffic to optimize quality of Internet service and to 
reduce vulnerability to DoS attacks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/linux/articles/trafshap.html


TRACKING NETWORK TRAFFIC IN 3D
The vital monitoring of networks can now be done in 3-D. High Tower Software, 
an offshoot of NASA, recently launched a 3-D tool that lets operators not only 
see where a problem might be, but also see the whole network and what could 
be affected if a component or device breaks down. The lack of trained IT staff 
puts a lot of pressure on companies to interpret data emanating from network 
monitoring systems. "Even network personnel who understand these issues have 
a hard time figuring out what is going wrong," said Robert Angelino, the head of 
software engineering.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.telekomnet.com/writer_telekomnet/1-16-01_hightower.asp


U.S. POST OFFICE UNVEILS SECURE INTERNET SYSTEM
The U.S. Postal Service unveiled a new service that allows government agencies 
to send and receive sensitive documents such as birth certificates and medical 
records over the Internet in a secure manner. An electronic version of Certified 
Mail, the new service uses a system of passwords and ID cards embedded with 
computer chips to provide proof that the document arrived safely in the hands 
of its intended recipient.
Link: http://www.reuters.com/news_article.jhtml;$sessionid$DUZS4RAAACHZ0CRBADLSFEYKEEANMIV2?type=internet&Repository=INTERNET_REP&RepositoryStoryID=%2Fnews%2FIDS%2FInternet%2FNET-TECH-POSTAL-DC_TXT.XML


FIGHT RAGES OVER DIGITAL RIGHTS
Critics say content owners and digital rights management companies are 
discouraging the growth of digital music by taking liberties with their control 
of copyrights. The Digital Millennium Copyright Act was enacted in 1998 to 
encourage content owners to begin moving their businesses online. At the 
center of the act were precautions set up to allow copyright holders to 
protect their work by making it against the law for consumers to illegally 
post and share materials.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,41183,00.html


STARTING FROM SCRATCH
Of all people, security experts are the most likely to keep their own systems 
backed up, and verify that the backups haven't been overwritten, right? Wrong, 
says Carole Fennelly. In this week's Unix Security, Carole reveals how 
complacency caused her to lose her home directory and email, and shows 
you how you can prevent the same thing from happening to you.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sunworld.com/unixinsideronline/swol-01-2001/swol-0112-unixsecurity.html


A LOOK AT SYSTEM V INITIALIZATION
System V method of initialization is one of the most widely used across most 
Linux distributions. It definitely eases the system administrators job. There's a 
lot more than autoexec.bat and config.sys here. We've written this article for 
novice users. It explains the concept of runlevels, initialization scripts and the 
significance of /etc/rc.d.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.freeos.com/articles/3243/


SECURE LINUX DISTRIBUTIONS
If there is one question I hate, it's "Which Linux distribution is the most secure?" 
followed by "Which firewall is best?" People ask these questions in all innocence, 
and very few realize the complexity behind them. If I'm in a bad mood I'll usually 
say, "Whichever one works best for you with the fewest problems." While 
essentially a correct answer, it is mostly useless. To actually answer the 
question properly, I usually need to spend the better part of an hour asking 
the other person questions: what their requirements are, how much they can 
spend, what the current installation has, and so on. After getting this information 
I can usually make a recommendation; sometimes the answer is clear, and other 
times it isn't too clear.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010117.html


RUNNING SNORT ON IIS WEB SERVERS: PART I
In 1998, Martin Roesch developed Snort for Unix platforms as a "lightweight 
intrusion detection system." In the summer of 2000, Mike Davis created the 
first Win32 port of Snort, bringing a great tool to a whole new world of Windows 
users and bringing a world of Windows users to a different understanding of 
security. Now in this, the first of a series of articles on Snort for Microsoft 
platforms, Mark Burnett introduces the reader to Snort for IIS Web Servers. 
This article will discuss various aspects of SNort, including: the development 
of Snort, the installion and use of Snort, and strategies for the most effective 
implementation of Snort on IIS servers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/microsoft/iis/mssnort.html


WHO’S THAT KNOCKING ON THE FIREWALL?
Open Door Networks Monday began shipping its firewall advisor software, Who’s 
There? Firewall Advisor, which Open Door bills as "essential for understanding 
the ever-increasing access attempts from the Net", is compatible with Open 
Door’s DoorStop firewall software and Symantec’s Norton Personal Firewall. 
The software does not work with Intego’s NetBarrier.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.insanely-great.com/news/01/486.html


MALAYSIAN POLICE TRACKING DEFACERS
Malaysian police have traced attackers who broke into Parliament's home page 
in December to Brazil and France and are seeking help from police there to 
capture them.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/ASIANOW/southeast/01/16/malaysia.hackers.ap/index.html


LOS ALAMOS EMPLOYEE DENIES HACKING
Claiming he's being used as a scapegoat, 21-year-old MagicFX has reportedly 
denied hacking into six company Web sites before he was hired last year at 
the Los Alamos National Laboratory.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/01/16/news6.html


UPDATE ON ETISALAT CASE
The Public Prosecutor's office has begun its investigation into allegations that 
a 21-year-old Briton hacked into Emirates Telecommunications Corp's (Etisalat) 
Internet system last June.Lee Ashurst was charged with the "misuse of 
equipment, services or facilities provided by Etisalat" after he was allegedly 
traced as one of the hackers who caused widescale disruptions to the service, 
causing it to crash.
Link: http://www.gulf-news.com/Articles/news.asp?ArticleID=7046


GERMAN WATCHDOG TO PROBE ONLINE BANK SECURITY
Germany's banking watchdogs said they have launched a security check at 
some of Europe's largest Internet banks and brokers as the threat from hackers 
or electronic theft increases. The check of banks' electronic defenses will be 
run by a three-part team including the German central bank the Bundesbank, 
the Federal Banking Regulatory Agency BAKred, and the Interior Ministry's 
special unit for computer security BSI.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/19info31.htm


REMOTE DESKTOP USING VNC
X-terminals allowed you to work off another machine while sitting on your 
machine. VNC allows you to do the same and also adds the ability to go 
beyond your local network to access a desktop over the Internet. Use it 
from your Windows machine to access and administer your Linux box or 
even the other way round!
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.freeos.com/articles/3292/


MAFIABOY PLEADS GUILTY ON 55 CHARGES
The trial of the 16-year-old Montrealer known as "Mafiaboy" had been set to 
begin on 66 charges relating to attacks last year on several major Web sites, 
as well as security breaches of other sites at institutions such as Yale and 
Harvard universities. The court had just convened when prosecutor Louis 
Miville-Deschenes announced that the youth had pleaded guilty to most 
of the charges.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/computing/01/18/mafiaboy.ap/index.html


PANDA SOFTWARE SLAMMED
Antivirus company Panda Software has been suspended from an industry group 
for withholding information about a new virus it claimed was "more deadly than 
the Love Bug" (they were speaking about Little Davinia).
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1116640


EFF ON DECSS: HACKERS' RIGHTS AT STAKE
The Electronic Frontier Foundation is asking a federal appeals court to overturn 
a ruling that banned a Web site from posting and linking to a software program 
that can crack DVD security, saying the decision did "great violence" to the 
First Amendment.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2676657,00.html


SOFTWARE REVIEW: ARKEIA BACKUP
This document is a review of the Arkeia backup software combined with the 
Ecrix rakpak dual 66G drive, discussion of the features, security, usage, 
documentation, and support.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/feature_story-74.html


OPENHACK III BOWED BUT NOT BROKEN
The battle has begun, and the first salvo was a fierce one, as a cascade of 
denial-of-service attacks swept over the Openhack III site in its first four 
days of operation. As of midday Thursday, no one had succeeded in any of 
the four hacking goals, although eWEEK Labs saw creative DoS attacks 
directed against the Champaign, Ill., site, along with heavy usage.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2676675,00.html

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

MEDIA PLAYER 7 AND IE JAVA VULNERABILITY
There is a security vulnerability in Windows Media Player 7 exploitable thru IE 
and java which allows reading local files and browsing directories which in turn 
allows executing arbitratrary programs. This may lead to taking full control over 
user's computer.
Link: http://www.net-security.org/text/bugs/979586134,83134,.shtml


YAHOO! INSTANT MESSENGER TRANSMISSIONS
"When being warned by my firewall that some packet contents may contain 
sensitive data when connecting to Yahoo! servers with the popular, Yahoo! 
Instant Messenger, I found to my amazement my username and password 
combination where being sent to the server in plain text."
Link: http://www.net-security.org/text/bugs/979594691,35290,.shtml


PHP ADVISORY - APACHE MODULE BUGS
[1] PHP supports a configuration mechanism that allows users to configure PHP 
directives on a per-directory basis. Under Apache, this is usually done using 
.htaccess files. Due to a bug in the Apache module version of PHP, remote 
'malicious users' might be able to create a special HTTP request that would 
cause PHP to serve the next page with the wrong values for these directives. 
In certain (fairly rare) situations, this could result in a security problem. 
[2] PHP supports the ability to be installed, and yet disabled, by setting the 
configuration option 'engine = off'. Due to a bug in the Apache module version 
of PHP, if one or more virtual hosts within a single Apache server were configured 
with engine=off, this value could 'propagate' to other virtual hosts. Because 
setting this option to 'off' disables execution of PHP scripts, the source code 
of the scripts could end up being sent to the end clients. 
Link: http://www.net-security.org/text/bugs/979594708,42917,.shtml


HTML.DROPPER (INTERESTING)
Internet Explorer 5.5 and accompanying mail and news client afford us the 
unique ability to dictate which icons and file extensions we require. Specifically, 
we are able to manufacture an email message to appear as one thing when in 
fact it is not.
Link: http://www.net-security.org/text/bugs/979781821,21006,.shtml


NEW MAILING LIST MOBILEBUGS
It is dedicated to discussion of cellular phone and network security aspects. To 
subscribe to this list, send a message to majordomo@developers.of.pl with the 
following in the body of the message: subscribe mobileBugs.
Link: http://www.net-security.org/text/bugs/979781840,31202,.shtml


INN TEMPORARY DIRECTORY CONFIGURATION
"It's recently come to our attention that some repackagers of INN have 
mistakenly shipped INN packages configured to use the system temporary 
directory (either /tmp or /var/tmp) for create temporary files. INN expects 
its configured temporary directory to only be writeable by the news user 
and does not take sufficient precautions when creating temporary files to 
be able to use world-writeable temporary directories. This configuration 
could be exploited to gain access to the news account."
Link: http://www.net-security.org/text/bugs/979781859,46967,.shtml


CRYPTANALYSIS OF THE RSA SECURID ALGORITHM
Recently, I.C. Wiener published a reverse engineering effort of the RSA SecurID 
algorithm. There were few speculations on the security ramifications of the 
algorithm in I.C. Wiener's posting, so this note is an effort to touch upon 
areas of concern. We have verified that I.C. Wiener's released version of the 
proprietary algorithm is accurate by comparing it with our own prior reverse 
engineering of the same algorithm.
Link: http://www.net-security.org/text/bugs/979874843,29493,.shtml


SHOUTCAST SERVER BUFFER CRASHES SERVER
The following information is being released by PA Networks to expose a potential 
problem with the Shoutcast server for Linux version v1.7.1 for Shoutcast 
Distributed Network Audio Server. During testing of new streams the following 
was discovered. 
Software Needed To Perform This Overflow:
Winamp (Any Version)
DSP Plugin for Audio Streaming
Microsoft Netshow Tools (Audio MP3 Codecs Only)
Shoutcast Server for Linux v1.7.1
Normally the Winamp client uses the DSP plugin to encode MP3 files and send a 
single stream to a DNAS Server (Shoutcast) for distribution to listeners. By 
entering a string in the description past the visible field the server will overflow 
causing the shoutcast server to crash. This has been tested and verified on the 
Linux version only so we do not know if the Win32 version of DNAS is also affected.
Link: http://www.net-security.org/text/bugs/979874858,39730,.shtml


LICENSING FIREWALL-1 DOS ATTACK
"I have identified a denial of service attack that can be launched against 
Firewall-1 that has identical results to the IP fragmentation attack identified 
by Lance Spitzner."
Symptoms: Firewall CPU hits 100% utilization, console locks up, a reboot only 
temporarily solves the problem. 
Vulnerable: All versions of Firewall-1 4.1 on Solaris 2.x using a limited-IP license
Link: http://www.net-security.org/text/bugs/979874948,44992,.shtml


PATCH FOR ORACLE INTERNET DIRECTORY
Several potential buffer overflow vulnerabilities have been discovered in the 
Oracle Internet Directory executables 'oidldapd' and 'oidmon'. These 
vulnerabilities were originally found in Oracle Internet Directory (OID) 
2.0, Release 2.0.6, on Linux. (Note: OID 2.0.6 on LINUX was a beta release.)
Link: http://www.net-security.org/text/bugs/979957423,83735,.shtml


ENCRYPTED FILE SYSTEM WIN 2000 FLAW
"I have found a major problem with the encrypted filesystem (EFS) in Windows 
2000 which shows that encrypted files are still very available for a thief or 
attacker."
Link: http://www.net-security.org/text/bugs/979957507,70469,.shtml

----------------------------------------------------------------------------




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

HNC DELIVERS FRAUD DETECTION - [18.01.2001]

HNC Software Inc. announced the availability of a new fraud detection service 
for stored value cards. The service delivers fraud protection from both Falcon,
the leading payment card fraud detection system, and eFalcon, the leading 
real-time payment fraud detection service. WildCard Systems, a provider of 
high-quality e-payment solutions, is the first stored value card provider to 
use the service.

Press release:
< http://www.net-security.org/text/press/979780431,85413,.shtml >

----------------------------------------------------------------------------

INTRUSION.COM ANNOUNCES NEW JOINT VENTURE - [18.01.2001]

Intrusion.com, Inc., a leading provider of enterprise security solutions for the 
information-driven economy, today announced an agreement to establish a 
joint venture with Shanghai Video and Audio Electronics Co., Ltd. This new 
venture, Shanghai SVA Intrusion.com Joint Venture, will manufacture, market, 
distribute and sell Intrusion.com SecureCom platform solutions, and will be the 
authorized reseller of selected Intrusion.com software products in China (PRC 
Mainland) under an exclusive multi-year licensing agreement.

Press release:
< http://www.net-security.org/text/press/979780474,55331,.shtml >

----------------------------------------------------------------------------

FLAGSHIP MOBILE VPN-BASED SOFTWARE RELEASED - [18.01.2001]

Roam Secure, Inc., a Washington, D.C. based mobile VPN (virtual private network) 
software solutions company, announced its first product, OnRoad, that provides 
advanced Internet mobility, security and networking features and allows both 
wireless and wired communications in a VPN.

Press release:
< http://www.net-security.org/text/press/979780559,93861,.shtml >

----------------------------------------------------------------------------

DIGITAL CERTIFICATES FOR GOVERNMENT AGENCIES - [18.01.2001]

E-business security pioneer Cylink Corporation announced the deployment of its 
NetAuthority(tm) public key infrastructure solution as the certificate authority 
for the U.S. Postal Service's NetPost.Certified, a new Internet-based service 
designed to secure and authenticate electronic correspondence between 
government agencies.

Press release:
< http://www.net-security.org/text/press/979780817,6686,.shtml >

----------------------------------------------------------------------------

VIRUSMD.COM BIDS TO LEAD MEDICAL RECORDS ENCRYPTION - [18.01.2001]

In its bid to lead the new $3.8 billion dollar gold rush for medical records privacy 
and encryption, the VirusMD sofware corporation today hired two Board-Certified 
physicians to join its consulting team. In order to protect the security and 
confidentiality of electronic health information, Congress has passed The 
Health Insurance Portability and Accountability Act, also known as HIPAA.

Press release:
< http://www.net-security.org/text/press/979780923,36108,.shtml >

----------------------------------------------------------------------------

SELLING 'NETWORK VAULT' TECHNOLOGY - [18.01.2001]

CyberArk Software, Ltd., makers of the industry's first "network vault" for 
securing corporate data and e-business, announced today that Global 
Technology Associates (GTA), a U.K.-based IT security consulting firm, 
will begin reselling Cyber-Ark's PrivateArk solution. GTA is a respected 
authority in the Internet and network security arena and assesses 
corporate security needs and provides leading-edge security solutions.

Press release:
< http://www.net-security.org/text/press/979780999,85255,.shtml >

----------------------------------------------------------------------------

NO FEAR FROM MELISSA-X WORM - [20.01.2001]

Sophos Anti-Virus, a world leader in corporate anti-virus protection, has 
announced that users practising safe computing have nothing to fear from 
the Melissa-X virus. However, users without the latest version of their 
anti-virus software may be unable to detect the virus.

Press release:
< http://www.net-security.org/text/press/979957211,47193,.shtml >

----------------------------------------------------------------------------

SECURITY BIOMETRICS' BOARD OF DIRECTORS GROWS - [20.01.2001]

Mr. George Gould, President of Security Biometrics, Inc. (www.sigbio.com) is 
pleased to announce the appointment of Robert M. Egery as a director to 
the company. "We are delighted to see Egery joining our team at this exciting 
time for SBI," says Gould. "His expertise and industry exposure will serve us all 
very well in the near and distant future."

Press release:
< http://www.net-security.org/text/press/979957634,24064,.shtml >

----------------------------------------------------------------------------

SYMANTEC ON NEW MELISSA VARIANT - [20.01.2001]

Researchers at the Symantec AntiVirus Research Center are warning computer 
users of Melissa.W, a variant of the damaging Melissa virus that uses Microsoft 
Outlook to e-mail itself as an attachment.

Press release:
< http://www.net-security.org/text/press/979957704,68834,.shtml >

----------------------------------------------------------------------------




Featured articles
-----------------

All articles are located at:
http://www.net-security.org/text/articles

Articles can be contributed to staff@net-security.org

Below is the list of the recently added articles.

----------------------------------------------------------------------------

TECHNIQUES TO VALIDATE HOST-CONNECTIVITY

This paper will attempt to describe techniques used to discover heavily filtered 
and firewalled hosts, that will not answer to standard PING responses. It is 
assumed that the reader has a firm knowledge of the major internet protocols 
(TCP,IP,UDP,ICMP). Most other protocols will not be discussed but techniques 
described here can be applied to many protocols.

Read more:
< http://www.net-security.org/text/articles/index-download.shtml#host >

----------------------------------------------------------------------------

WHAT'S SO SPECIAL ABOUT "DAVINIA"? THE TRUTH ABOUT THE RECENTLY 
DISCOVERED INTERNET-WORM by Kaspersky Lab

"Davinia" spreads via e-mail using the popular MS Outlook e-mail program. The 
worm uses a very sophisticated way of penetrating into a user's computer. This 
process consists of two parts...

Read more:
< http://www.net-security.org/text/articles/viruses/davinia.shtml >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

ABI-CODER 3.5

This free file encryption software uses a 192-bit Triple DES algorithm. It allows 
you to encrypt files and folders with a click of the mouse. ABI-CODER is easy 
to use and comes with great help files as well as hints to guide you along the 
way. Included is a self-decryption tool. Version 3.5 includes a new 128-bit 
Blowfish encryption algorithm.

Info/Download:
< http://www.net-security.org/various/software/978804005,99349,windows.shtml >

----------------------------------------------------------------------------

LINUX IDS 0.9.12-2.2.18

The Linux Intrusion Detection System is a patch which enhances the kernel's 
security. When it's in effect, many system administration operations can be 
made impossible even for root. You can turn the security protection on or off 
on the fly and you can hide sensitive processes and prevent anyone from using 
ptrace or any other capability on your system. LIDS can also provide raw device 
and I/O access protection. Changes: The file that acls inherit has had several 
bugs removed. Multiplatform support has been added to the makefile.

Info/Download:
< http://www.net-security.org/various/software/979669522,23787,linux.shtml >

----------------------------------------------------------------------------

WEBPASSWORD 1.0

WebPassword is a program which protects your Web pages with a password. 
Once you have password-protected your page, no one will be able to view its 
content without having a correct password, either in their browser or as an 
original HTML source. In a Web browser, the content of a password-protected 
page may be viewed only after a valid password is entered. In a text viewer, 
the content of an encoded page appears as a block of JavaScript data in an 
HTML page.

Info/Download:
< http://www.net-security.org/various/software/978809296,27689,windows.shtml >

----------------------------------------------------------------------------

FWLOGWATCH-0.1.2

Fwlogwatch analyzes the ipchains, netfilter, or iptables packet filter logfiles 
and generates text and HTML summaries. Features realtime anomaly alerting 
capability, an interactive report generator, and the ability to cut off attacks 
by adding firewall rules. Changes: Some remaining problems in realtime 
response mode were fixed.

Info/Download:
< http://www.net-security.org/various/software/979836008,28948,linux.shtml >

----------------------------------------------------------------------------

DEVICELOCK ME 1.0

DeviceLock Me gives network administrators control over which users can 
access what removable devices (floppies, Magneto-Optical disks, CD-ROMs, 
ZIPs, and so on) on a local computer. Once DeviceLock Me is installed, 
administrators can control access to floppies, CD-ROMs, or any other device, 
depending on the time and date. DeviceLock Me enhances access control for 
Windows System Administrators and helps control removable disk usage. It can 
protect network and local computers against viruses, Trojans, and other 
malicious programs often introduced by removable disks. Network administrators 
can also use DeviceLock Me to flush a storage device's buffers. Remote control 
is also available.

Info/Download:
< http://www.net-security.org/various/software/978809487,99994,windows.shtml >

----------------------------------------------------------------------------

CRYPT EDIT 4.0

Crypt Edit is a multidocument word processor with enhanced cryptographic 
features. It can easily save texts in HTML, DOC, RTF, ASCII, WRI, Unicode, 
and PRT (Protected Text Format with three security levels) formats. Encrypt 
and decrypt binary files with compression, and create desktop shortcuts for 
your documents. Insert OLE objects and pictures in GIF, JPEG, BMP, EMF, or 
WMF format. The program includes an email client with an address book, a 
spelling checker, a built-in Clipboard viewer, various converters (Lowercase, 
Uppercase, ROT-13, OEM, and so on), a character map, and an autoformat 
tool. The new version is now nag-free donationware.

Info/Download:
< http://www.net-security.org/various/software/978809762,78481,windows.shtml >

----------------------------------------------------------------------------

UNRM-0.92

unrm is a small linux utility which can, under some circumstances, recover 
almost 99% of your erased data (similar to DOS's undelete). Changes: Fixed 
a bug that allowed only 6 digit inode numbers to be dumped, and added a few 
variables containing the common used program locations (mount,debugfs).

Info/Download:
< http://www.net-security.org/various/software/979836106,61006,linux.shtml >

----------------------------------------------------------------------------

DATA ENCRYPTION TOOLKIT 1.0

Data Encryption Toolkit is a comprehensive program for data encryption. This 
program allows you to use five well-known, highly secure encryption algorithms. 
DET will help you to encrypt single files, groups of files, or entire folders, 
including all subfolders, quickly and easily. You can work with encrypted 
folders as simply as with usual folders (except entering the unlocking password). 
All encryption and decryption actions can be done on fly. The program can be 
integrated into any Windows shell and all its functions are available from the 
context menu. Besides encryption, the program has some additional features. 
DET is fast, and easy to setup and to use.

Info/Download:
< http://www.net-security.org/various/software/978809844,49850,windows.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[14.01.2001] - Rockwell Software, Inc.
Original: http://www.rsbizware.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/14/www.rsbizware.com/

[14.01.2001] - #2 McHammer Official Site
Original: http://www.mchammer.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/14/www.mchammer.com/

[14.01.2001] - National Centre for Radio Astrophysics, India
Original: http://dual2.gmrt.ncra.tifr.res.in/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/14/dual2.gmrt.ncra.tifr.res.in/

[14.01.2001] - Northern Plains Region Homepage - Natural Resources
Original: http://www.np.nrcs.usda.gov/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/14/www.np.nrcs.usda.gov/

[15.01.2001] - National Aeronautics and Space Administration
Original: http://uta7400.jpl.nasa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/15/uta7400.jpl.nasa.gov/

[16.01.2001] - Newspaper Association of America
Original: http://www.naa.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/16/www.naa.org/

[16.01.2001] - Presidency of The Islamic Republic of Iran
Original: http://web.president.gov.ir/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/16/web.president.gov.ir/

[16.01.2001] - Ministry of Trade and Industry, Israel
Original: http://www.tamas.gov.il/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/16/www.tamas.gov.il/

[16.01.2001] - President Administration (Bulgaria)
Original: http://www.president.bg/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/16/www.president.bg/

[19.01.2001] - Ministry of Education and Science (Bulgaria)
Original: http://asclep.muvar.acad.bg/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/19/asclep.muvar.acad.bg/

[19.01.2001] - USAF Pararescue
Original: http://www.specialtactics.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/19/www.specialtactics.com/

[19.01.2001] - Australian Institute of Marine Science
Original: http://www.aims.gov.au/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/19/www.aims.gov.au/

[19.01.2001] - US Department of the Interior, Alaskan Office
Original: http://www.ak.doi.gov/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/19/www.ak.doi.gov/

[19.01.2001] - National Cemetary Administration, Department of Veterans Affairs
Original: http://www.cem.va.gov/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/19/www.cem.va.gov/

[19.01.2001] - Swindon Borough Council, UK
Original: http://www.swindon.gov.uk/
Defaced: http://www.attrition.org/mirror/attrition/2001/01/19/www.swindon.gov.uk/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
 
staff@net-security.org
http://net-security.org