Net-Sec newsletter Issue 35 - 23.10.2000 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured articles 5) Featured books 6) Security software 7) Defaced archives ============================================================ In association with Kaspersky Lab (www.kasperskylabs.com), HNS staff created a new section of the site, with about 400 descriptions of well known and not so know viruses. Specially interesting part of that section are screenshots of 50 virus infections. All viruses are well categorized and easy to browse. Point your browser to this URL: http://www.net-security.org/text/viruses ============================================================ General security news --------------------- ---------------------------------------------------------------------------- FEDS' SECURITY ROLE MAY YIELD BUSINESS BENEFITS Garnering low marks on IT security efforts and realizing that many of the nation's most sensitive networks are now situated in the private sector, the federal government more than ever is drumming up security-related partnerships with Corporate America. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/10/16/001016hnnist.xml DNS SECURITY UPGRADE PROMISES A SAFER 'NET An emerging technology promises to improve the security of the Internet's infrastructure by preventing hackers from hijacking Web traffic and redirecting it to bogus sites. The new security mechanism, dubbed DNSSEC, plugs a hole in the Internet's Domain Name System that attackers have exploited to spoof Web sites. DNSSEC prevents these attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nwfusion.com/news/2000/1016dnsec.html ABNORMAL IP PACKETS This article, a discussion of the characteristics of abnormal Internet Protocol packets, is the first in a series of tutorials that are intended to educate intrusion detection system administrators about IP. As the use of network intrusion detection systems becomes more widespread, system administrators must learn how to use them effectively. Unfortunately, many admins do not have a thorough knowledge of IP. So even though an IDS may produce alerts about particular scans and attacks, an admin may not understand what the alerts mean. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/abnormal1.html BSDCON'S BSD SYSTEM SECURITY TUTORIAL "This year's BSDCon is being held at the Monterey Hyatt, in Monterey Ca. The first tutorial was a two-day tutorial covering BSD System Security. For the most part the classes are intensive and there was a lot of ground to cover. And attendees should have been fairly comfortable with at least one flavor of UNIX. However there was considerable mention of routers and their important role in overall network security." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/2000/October/News311.html SPAMMERS ClickAction Inc. today said it was working with the FBI and several Internet service providers to determine the source of a series of "spam" attacks, wherein millions of bogus political campaign e-mail messages were sent via hijacked third party servers. The company said the messages, sent via numerous third-party ISP servers, include references to a ClickAction hosted Web site. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/00/10/16/news4.html SUMMERCON RFP The oldest of the living security/hacker conferences Summercon 2001 will be hosted in the Dutch city of Amsterdam at the Grand Hotel Krasnapolsky. Summercon 2001 will be broadcasted live via streaming media and presentations, with additional content, and collateral will be edited for future download from the website. You could submit your paper until 30 November 2000. Link: http://www.summercon.org/ COMPUTER INTRUSION CASES Here is a summary chart of recently prosecuted computer cases. This listing is a representative sample; it is not exhaustive. You can click on the name of the case to read a press release about the case. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cybercrime.gov/cccases.html HV2K MEMBER INDICTED 18-year-old Robert Russell Sanford, member of hV2k, suspected of defacing government web sites in Texas and Canada last winter, surrendered to Dallas County authorities last Friday, a day after he was indicted on charges for defacing. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://web.lexis-nexis.com/more/cahners-chicago/11407/6439100/6 SUIDNET - AN ONGOING SOLUTION "I come not to bury Suidnet, but to praise it. Well, that is not entirely true, there are still some significant problems with Suidnet, but it looks to be the start of something good. I wouldn't be surprised if you haven't heard of Suidnet. It's an effort by IRC and security enthusiasts to create a more secure IRC network." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20001018.html BUG-HUNTERS SAY FIRMS IGNORING SECURITY HOLES Major software firms may be neglecting security vulnerabilities and putting their users at serious risk, according to bug-hunters at Swedish security firm Defcom. The group says the situation has forced it to consider publicising the details of several exploits which would cause the companies involved embarrassment. Although Defcom says the majority of firms respond quickly to alerts, it claims that at least two large firms have failed to get back to it over a number of months. It is now holding last minute discussions with the firms, but says it is still considering releasing details. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/41/ns-18519.html DON’T JUST COMPLAIN ABOUT SECURITY Federal agencies must work more closely with industry to get government security needs built into products as they are developed, rather than going to vendors for fixes after the fact, according to public and private-sector experts. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.fcw.com/fcw/articles/2000/1016/web-nissc-10-17-00.asp INSIDEDEFENSE - SPECIAL REPORT A year after two teams of experts concluded the National Security Agency was suffering from profound operational and organizational problems, the director of the Ft. Meade, MD-based signals intelligence organization said last week he is beginning to see the initial benefits of a sweeping transformation effort aimed at changing the agency's culture, improving its technical capabilities and repairing its relationships with key stakeholders. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/nsa-reorg-id.htm WEB ANONYMITY UNDER SIEGE A Florida appeals court ruled that ISPs can be compelled by subpoena to identify people who post defamatory messages on Internet bulletin boards, even when the libellous nature of the statements has yet to be proved. In this case, Hvide Marine company former CEO Erik Hvide was seeking the identities of eight people who criticised both him and his company on a BBS. The subpoena had been temporarily blocked pending appeal, and the appellate court chose to let it proceed. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/14060.html EARTHLINK FLAW EXPOSES DOMAINS A one-two punch of poor security left up to 81,000 domains hosted by Internet service provider EarthLink Inc. open to defacement and exploitation for at least a week. The vulnerability resulted from a recently discovered flaw in an open- source e-commerce package combined with a misconfigured hosting server operated by EarthLink subsidiary MindSpring. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2641790,00.html ACER NOTEBOOK SUPPORTS SECURITY CARDS, WIRELESS Acer's new TravelMate 350 notebook is barely an inch thick and weighs just 4 pounds, but it's chock full of new technology. The unit includes a built-in smart card reader and the hardware to add integrated Bluetooth wireless connectivity. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_273308_1794_9-10000.html SECURITY TESTS FOR EMPLOYEES At the National Security Agency, the U.S. government's secretive intelligence gathering arm, employees are required to pass a test to show basic understanding of information security policy and procedures. Failing the test may result in a loss of an e-mail account and system access rights. It's no idle threat, says U.S. Air Force Col. John Whiteford, the deputy CIO at the NSA. All employees - from the agency's director on down - must complete the Web-based information security training course, which is followed by a 25- to 30-question, multiple-choice online test. If they fail, they take it again. So far, no one has lost his access rights, said Whiteford. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_273442_1794_9-10000.html ANTI-HACKING SQUADS COULD HELP CORPORATES Gartner has called on enterprises to consider establishing specialist internal anti-hacking teams who would have wide ranging powers to defend against internet attacks. William Spernow, Gartner research director, said that such a team would realistically cost $250,000 a year to run, and would be hard to sell to chief executives, but was needed in order to defend technology infrastructures. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1112675 THE THROWAWAY CREDIT CARD Following American Express's launch of a similar product last month, MBNA, the world's largest independent credit card issuer, announced plans to give consumers a more secure way of shopping online, with a disposable credit card number. MBNA will use technology created by New York-based Orbiscom to allow its 45 million Visa and MasterCard customers to buy goods on the Net without ever disclosing their personal credit card number. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.thestandard.com/article/display/0,1151,19505,00.html WORKING THE BIG COMPUTER CRIME CASE Crimes may be geographically diverse, crossing state, national, and international boundaries. They may involve multiple networks and domains. In cases of fraud, investigative and analytical methods have to fit individuals from diverse localities into a larger picture or pattern. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/crime20001019.html COMPUTER CRIME TREATY THREATENS HUMAN RIGHTS An international coalition of 28 human rights and civil liberties groups has called on the Council of Europe to alter its draft treaty on International cybercrime, warning that the agreement could violate the European Convention on Human Rights and rob Internet users of their freedom. The Global Internet Liberty Campaign (GILC) attacks draft proposals to increase the power given to law enforcers to intercept international communications and traffic data as part of their investigations. The group says such measures would give police forces free range to wiretap Internet users and would be open to abuse. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/41/ns-18546.html MAVERICK JOINS ARMY FOR NETWORK SECURITY The Army will use a new product from General Dynamics Electronic Systems for testing network vulnerabilities and for training soldiers to respond to cyberattacks. The company bills the product named Maverick as "the first commercially available Internet security software to combine Internet reconnaissance and Internet attack capabilities." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.fcw.com/fcw/articles/2000/1016/web-infowar-10-19-00.asp DENIAL-OF-SERVICE ATTACKS STILL A BIG THREAT The types of massive distributed denial-of-service attacks that knocked several big e-commerce Web sites out of action earlier this year remain a viable threat that could grow even more sophisticated, according to experts at this week's government-sponsored National Information Systems Security Conference. Experts at the conference - which was sponsored by the National Institute of Standards and Technology and the National Security Agency's National Computer Security Center - said there currently are no adequate mechanisms for stopping DDOS attacks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_274724_1794_9-10000.html IPSWITCH RATCHETS UP SECURITY IN FTP SERVER Ipswitch Inc. released version 2.0 of its WS_FTP server, adding several security enhancements that the company hopes will give businesses a faster, cheaper alternative to VPNs. The new iteration of WS_FTP is essentially the first secure FTP server and gives users the added insurance of Secure Sockets Layer encryption on both the client and server sides, company officials said. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2643153,00.html FIREWALLS AND SECURITY "All security implementations are about striking an appropriate balance between usability and security. Increased security means decreased usability. For those who are somewhat protected by a well-configured firewall, good for you. But it may not be enough. I'll show you 3 scenarios where firewalls are not very helpful." Link: http://linuxtoday.com/news_story.php3?ltsn=2000-10-22-013-04-OP-BZ-SW PRIVACY SOLUTIONS The SiegeSurfer is a web-based proxy that can relay pages either through clear text or through encrypted SSL. It has a free edition which is accessible on their web site. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.siegesoft.com/ ONLINE BANK SECURITY BREACH HITS NORWAY Consumer faith in online banking suffered another dent this week after four Norwegian banks admitted leaving the financial details of one million customers exposed on their internet sites for two months. The flaw was only discovered by one of the banks when a 17-year-old boy contacted a Norwegian newspaper to explain how it was possible to see the details. Services at Sparebanken Nor, Parat 24, Sparebanken More and Sparebanken Sogn og Fjordane were affected. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.uk.internet.com/Article/100713 SAFETY IN INTERNET SECURITY According to International Data Corporation, the worldwide market for information security services (including consulting, integration, management, and education and training) will grow to $16.5 billion by 2004, up from $4.8 billion in 1998. As a growing number of companies move online, secure transactions become more important. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cnnfn.cnn.com/2000/10/23/redherring/herring_netsafety/ PUTTING PRIVACY IN PERSPECTIVE There's a lot of sound and fury these days about privacy and the Net - about how your privacy is going to be seriously compromised soon, if it's not already; about how innovations in cell phones and global positioning satellite systems (GPSS) are going to reveal our innermost thoughts and lives; and about how our personal data is going to be sold on every street corner, to all comers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2643408,00.html US NATIONAL SECURITY AGENCY BADLY CRIPPLED Those accustomed to imagine the NSA as some guild of omniscient, malevolent hermits effortlessly deciphering all the electromagnetic noise enveloping the modern world will be bitterly disappointed to learn that its basic, functional competence is in doubt. While the Agency has been credited with miraculous achievements such as monitoring every communication made by electronic means worldwide with its famous Echelon system, there's reason to wonder if it will even exist a decade from now. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/1/14170.html BROADBAND COULD BE HACKLAND Recently, Steve Gibson, an independent software developer, received a call from the FBI. "Apparently, some hacker was getting into people's computers and posting notes on their Windows desktops," Gibson said. "The notes were telling people that their computer was insecure, and that they should go to GRC.com. So the FBI said, 'Steve, did you do this?'" Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,39235,00.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- HALF-LIFE DEDICATED SERVER VULNERABILITY The vulnerability appears to exist in the changelevel rcon command and does not require a valid rcon password. The overflow appears to exist after the logging function as the following was found in the last entries of the daemon's logs. Link: http://www.net-security.org/text/bugs/971734269,9161,.shtml VARIOUS BUGS IN AUCTION WEAVER LITE 1.0 - 1.04 Auction Weaver LITE 1.0 through 1.04 contains several vulnerabilities that allow remote attackers to create, read, or delete arbitrary files with the privileges of the Auction Weaver process. These vulnerabilities are different than the ones described by Meliksah Ozoral and teleh0r in several Bugtraq posts during August 2000. All of the vulnerabilities are commonly found in CGI scripting programs. Link: http://www.net-security.org/text/bugs/971734296,24398,.shtml LOCAL ROOT COMPROMISE IN SUSE LINUX The problem in the implementation of traceroute that we ship is a format string parsing bug in a routine that can be used to terminate a line in traceroute's output to easily embed the program in cgi scripts as used for web frontends for traceroute. Using a specially crafted sequence of characters on the commandline, it is possile to trick the traceroute program into running arbitrary code as root. Link: http://www.net-security.org/text/bugs/971734328,33658,.shtml MS - "WEB SERVER FOLDER TRAVERSAL" VULNERABILITY Microsoft has released a patch that eliminates a security vulnerability in Microsoft IIS 4.0 and 5.0. The vulnerability could potentially allow a visitor to a web site to take a wide range of destructive actions against it, including running programs on it. Link: http://www.net-security.org/text/bugs/971791936,23710,.shtml RED HAT - POTENTIAL SECURITY PROBLEMS IN PING FIXED Several problems in ping are fixed: 1) Root privileges are dropped after acquiring a raw socket. 2) An 8 byte overflow of a static buffer "outpack" is prevented. 3) An overflow of a static buffer "buf" is prevented. A non-exploitable root only segfault is fixed as well. Link: http://www.net-security.org/text/bugs/971918719,36405,.shtml SUSE LINUX - POSSIBLE REMOTE ROOT COMPROMISE Security problems have been found in the client code of the NIS subsytem. SuSE distributions before SuSE-6.1 came with the original ypbind program, SuSE-6.2 and later included the ypbind-mt NIS client implementation. ypbind-3.3 (the earlier version) has a format string parsing bug if it is run in debug mode, and (discovered by Olaf Kirch ) leaks file descriptors under certain circumstances which can lead to a DoS. In addition, ypbind-3.3 may suffer from buffer overflows. ypbind-mt, the software shipped with SuSE distributions starting with SuSE-6.2, suffers from a single format string parsing bug. Some of these bugs could allow remote attackers to execute arbitrary code as root. Link: http://www.net-security.org/text/bugs/971918769,99572,.shtml IE 5.5/OUTLOOK JAVA SECURITY VULNERABILITY The problem is the possibility for specifying arbitrary codebase for an applet loaded from < OBJECT> tag and a jar file. Applets may read URLs from their codebase and communicate with hosts from the codebase. Link: http://www.net-security.org/text/bugs/971918788,31435,.shtml HYPERTERMINAL BUFFER OVERFLOW VULNERABILITY The USSR Team has found a buffer overflow in the HyperTerminal telnet client, which is in the code that processes the Telnet URL's, that can enable an attacker to execute arbitrary code on another user's system. If a user opens an mail containing HTML and also contains a malformed Telnet URL a buffer overrun will enable the creator of the mail to cause arbitrary code to be runned on the user's system. Link: http://www.net-security.org/text/bugs/971956137,87210,.shtml MS - "HYPERTERMINAL BUFFER OVERFLOW" PATCH Microsoft has released a patch that eliminates a security vulnerability in the HyperTerminal application that ships with several Microsoft operating systems. This vulnerability could, under certain circumstances, allow a malicious user to execute arbitrary code on another user's system. Link: http://www.net-security.org/text/bugs/971956179,76463,.shtml DOS ON COMPUTERS RUNNING MICROSOFT NETMEETING The exploit has been tested against the current version of NetMeeting 3.01 which ships with Windows 2000. It has been tested on Windows 95, NT 4 Workstation and Server SP5/6, and Windows 2000 Workstation and Server SP1. It has been tested against computers with either modem or ethernet connections. Microsoft has released a patch for Windows 2000. At this time, there are some issues with the NT 4.0 patch installer. Microsoft is working to fix these issues, and an updated installer should be available when complete. Link: http://www.net-security.org/text/bugs/971956301,13545,.shtml CALDERA LINUX - VERIFICATION BUG IN GNUPG There is a bug in the signature verification of GNUpg, the GNU replacement for PGP. Normally, signature verification with gnupg works as expected; gnupg properly detects when digitally signed data has been tampered with. However, these checks do not work properly if there are several sections with inline signatures within a single file. In this case, GNUpg does not always detect when some of the signed portions have been modified, and incorrectly claims that all signatures are valid. Link: http://www.net-security.org/text/bugs/972040195,29520,.shtml DOS IN INTEL'S 'INBUSINESS EMAIL STATION' "I found a buffer overflow in the Intel InBusiness eMail Station, which can enable an attacker to execute a denial of service attack against it." Link: http://www.net-security.org/text/bugs/972091882,33592,.shtml MANDRAKE & RED HAT LINUX - GNUPG UPDATE A problem exists in all versions of GnuPG prior to and including 1.0.3. Because of this problem, GnuPG may report files which have been signed with multiple keys (one or more of which may be incorrect) to be valid even if one of the signatures is in fact valid. Mandrake: http://www.net-security.org/text/bugs/972138403,22492,.shtml Red Hat: http://www.net-security.org/text/bugs/972138926,2985,.shtml NETMEETING DS VULNERABILITY PATCH This patch eliminates a security vulnerability in NetMeeting, an application that ships with Microsoft Windows 2000 and is also available as a separate download for Windows NT 4.0. The vulnerability could allow a malicious user to temporarily prevent an affected machine from providing any NetMeeting services and possibly consume 100% CPU utilization during an attack. Link: http://net-security.org/various/software/972136197,66286,.shtml TASKPAD SCRIPTING VULNERABILITY PATCH Eliminate a vulnerability in the TaskPads feature, which is provided as part of Microsoft Resource Kit products for Windows 95, 98 and Windows NT. The vulnerability could allow a Web site to run executables on the computer of a user who had installed one of the affected Resource Kits. The patch will check the system for the vulnerability and repair it. In addition, a measure will be introduced to prevent accidental reinstallation of the TaskPads' functionality. Link: http://net-security.org/various/software/972136281,83666,.shtml WEBTV VULNERABILITY PATCH (WIN 98) This patch eliminates a security vulnerability in Microsoft WebTV for Windows. There is a Denial-of-service vulnerability in WebTV for Windows that may allow a malicious user to remotely crash either the WebTV for Windows application and/or the computer system running WebTV for Windows. Restarting the application and/or system will return the system to its normal state. Although the WebTV for Windows application ships with Windows 98, 98SE, and Windows Me products, the application is not installed by default, and customers who have not installed it would not be at risk. Link: http://net-security.org/various/software/972137324,68386,.shtml WEBTV VULNERABILITY PATCH (WIN 2K) Link: http://net-security.org/various/software/972137392,43847,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- ATTACHMATE INTRODUCES E-VANTAGE HOST ACCESS SERVER V2.3 - [17.10.2000] Attachmate Corporation announced the release of Attachmate e-Vantage Host Access Server 2.3, the latest version of Attachmate's Web-based host access management solution. Attachmate e-Vantage Host Access Server 2.3 introduces management console support on IBM's OS/390 mainframe and AS/400 host platforms, in addition to server platform support on Sun Solaris HP/UX , AIX and LINUX operating systems. Press release: < http://www.net-security.org/text/press/971737900,23487,.shtml > ---------------------------------------------------------------------------- ESECURITYONLINE NAMES ROBIN HUTCHINSON CEO - [18.10.2000] Ernst & Young LLP announced today that Robin Hutchinson has been appointed CEO of eSecurityOnline, a venture of Ernst & Young LLP. eSecurityOnline provides businesses with an online security content solution to help protect against computer and Internet crime. Its offerings include vulnerability tracking, security asset management, as well as providing a portal to over one thousand security related resources. Press release: < http://www.net-security.org/text/press/971737998,72858,.shtml > ---------------------------------------------------------------------------- PROTECTION AGAINST NEW MICROSOFT IIS VULNERABILITY - [18.10.2000] Network ICE's team of security experts release protection against a newly discovered exploit poised to cause significant damage to the Internet. The new vulnerability, "Multibyte Backticking," allows intruders to break into large numbers of Microsoft IIS 4.0 and 5.0 servers. Microsoft IIS servers account for roughly 20% of the websites on the Internet. Press release: < http://www.net-security.org/text/press/971830658,73146,.shtml > ---------------------------------------------------------------------------- SYBARI AND SOPHOS PARTNERSHIP - [18.10.2000] Sybari Software, Inc., the premier antivirus and security specialist for groupware solutions, announced that its installed customer base will receive Sophos' award winning scan engine at no cost for the length of their existing Antigen license agreement. Press release: < http://www.net-security.org/text/press/971831246,67224,.shtml > ---------------------------------------------------------------------------- @STAKE PARTNERS WITH COUNTERPANE - [18.10.2000] @stake, the world's leading Internet security consulting firm, announced an alliance with the premier Managed Security Monitoring services firm, Counterpane Internet Security, Inc. Working together, @stake and Counterpane will offer a comprehensive set of Internet security consulting and response services integrated with world-class 24 X 7 managed services. Press release: < http://www.net-security.org/text/press/971881026,40424,.shtml > ---------------------------------------------------------------------------- COMPUTER ASSOCIATES AND SYBARI SOFTWARE ALLIANCE - [19.10.2000] Computer Associates International, Inc, the world's leading eBusiness solutions provider, and Sybari Software, Inc., the premier antivirus and security specialist for groupware solutions, announced an alliance designed to protect the most complex messaging infrastructures from malicious virus attacks. Press release: < http://www.net-security.org/text/press/971919142,42607,.shtml > ---------------------------------------------------------------------------- SECURELY MANAGING E-BUSINESS APPLICATIONS - [19.10.2000] AXENT Technologies, Inc., one of the world's leading e-security solutions providers for e-business, who recently entered into a definitive agreement with Symantec Corporation to be acquired, and ActivCard, Inc., a leader in digital identity and electronic certification technology, announced plans to expand their long-term relationship to provide customers with flexible and versatile authentication through the use of smart card technology. Press release: < http://www.net-security.org/text/press/971973401,88722,.shtml > ---------------------------------------------------------------------------- CUSTOMIZABLE NETWORK-BASED FIREWALL SERVICE - [19.10.2000] Businesses with broadband DSL connections can now enjoy customizable protection against intrusion and hacker attacks at a fraction of the cost of conventional, CPE-based firewalls, thanks to Firewall Flex(sm), a customizable, network-based security product from Zyan Communications. Press release: < http://www.net-security.org/text/press/971973458,71081,.shtml > ---------------------------------------------------------------------------- HYPERTERMINAL PRIVATE EDITION 6.1 PLUGS VULNERABILITY - [20.10.2000] Hilgraeve Inc., a long-time leader in PC data communications software, announced HyperTerminal Private Edition 6.1, as an upgrade to its HyperTerminal communications program, which Microsoft includes with every copy of Windows. This new release corrects a potentially serious security issue that affects versions of HyperTerminal included with Microsoft Windows. Press release: < http://www.net-security.org/text/press/972003786,31146,.shtml > ---------------------------------------------------------------------------- ITALIAN COMPANY CRYPTONET PARTNERS WITH RAINBOW - [21.10.2000] Rainbow TechnologiesTM Inc., a leading provider of high-performance security solutions for the Internet and eCommerce, and CryptoNet, an Italian company focused entirely on information security, announced a partnership agreement that permits CryptoNet to distribute Rainbow's CryptoSwift eCommerce accelerator products and iKey workstation security solutions in Italy. The agreement represents the next step in Rainbow's aggressive strategy for international distribution of products and services that provide security solutions for the Internet and international eCommerce. Press release: < http://www.net-security.org/text/press/972092122,42214,.shtml > ---------------------------------------------------------------------------- Featured articles ----------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org ---------------------------------------------------------------------------- TWO NEW ADDITIONS TO THE ARTICLES SECTION The first addition is dedicated to Old School text files, that have their roots in the BBS era. This section was built in association with Textfiles.com in order to let a larger audience experience the beginnings of the "hacking" scene and the related events and thoughts. The Old School section can be found here: < http://www.net-security.org/text/articles/index-oldschool.shtml > The second addition is made in cooperation with RADCOM, a member of the RAD Group, a leading network test and quality monitoring equipment manufacturer focused on test solutions for LANs, WANs, ATM, cellular converged networks and convergence technologies. In this section you can read documents which contain useful technical information concerning the communications industry in general and the use of RADCOM's protocol analyzers in various testing situations. The RADCOM section can be found here: < http://www.net-security.org/text/articles/index-radcom.shtml > ---------------------------------------------------------------------------- Following is the complete list of available articles in these two added sections. ---------------------------------------------------------------------------- COMPLETE LIST OF AVAILABLE PAPERS IN THE OLD SCHOOL SECTION AT&T has declared malicious WAR < http://www.net-security.org/text/articles/oldschool/attrebel.shtml > Fun with Automatic Tellers < http://www.net-security.org/text/articles/oldschool/tellers.shtml > Hacking Calling Cards < http://www.net-security.org/text/articles/oldschool/callingcards.shtml > Free CompuServe Passwords < http://www.net-security.org/text/articles/oldschool/compus.shtml > Tapping Computer Data Is Easy < http://www.net-security.org/text/articles/oldschool/datatap.shtml > CIRR Database < http://www.net-security.org/text/articles/oldschool/database.shtml > Acronyms 01 < http://www.net-security.org/text/articles/oldschool/acro1.shtml > Acronyms 02 < http://www.net-security.org/text/articles/oldschool/acro2.shtml > List of Computer Hackers News Articles < http://www.net-security.org/text/articles/oldschool/articls.shtml > Hackers Penetrate DOD Computer Systems < http://www.net-security.org/text/articles/oldschool/com_sec91.shtml > For Your Protection < http://www.net-security.org/text/articles/oldschool/crackdwn.shtml > The CyberPunk Movement < http://www.net-security.org/text/articles/oldschool/cyber.shtml > Dial Back isn't always secure < http://www.net-security.org/text/articles/oldschool/dialback.shtml > The FBI fights computer crime... < http://www.net-security.org/text/articles/oldschool/fbiafta.shtml > Diary of a Hacker < http://www.net-security.org/text/articles/oldschool/hacker1.shtml > The Hacker's Song < http://www.net-security.org/text/articles/oldschool/hacksong.shtml > The History of Hacking and Phreaking < http://www.net-security.org/text/articles/oldschool/his-hp.shtml > Pumpcon < http://www.net-security.org/text/articles/oldschool/pumpcon.shtml > The Phrack E911 Affair < http://www.net-security.org/text/articles/oldschool/2600dox.shtml > Planning Ahead < http://www.net-security.org/text/articles/oldschool/avoidcap.shtml > Data General < http://www.net-security.org/text/articles/oldschool/datagen.shtml > Bell Trashing < http://www.net-security.org/text/articles/oldschool/garbake_phk.shtml > Hacking Voice Mail Systems < http://www.net-security.org/text/articles/oldschool/voicemail.shtml > HoHoCon 1993 < http://www.net-security.org/text/articles/oldschool/hohocon.shtml > [ The History of MOD ] - book one < http://www.net-security.org/text/articles/oldschool/mod1.shtml > [ The History of MOD ] - book two < http://www.net-security.org/text/articles/oldschool/mod2.shtml > [ The History of MOD ] - book three < http://www.net-security.org/text/articles/oldschool/mod3.shtml > [ The History of MOD ] - book four < http://www.net-security.org/text/articles/oldschool/mod4.shtml > [ The History of MOD ] - book five < http://www.net-security.org/text/articles/oldschool/mod5.shtml > ---------------------------------------------------------------------------- COMPLETE LIST OF AVAILABLE DOCUMENTS IN THE RADCOM SECTION How to Analyze LAN Traffic Over ATM < http://www.net-security.org/text/articles/dl/radcom/an5294.pdf > How to Test ATM SONET/SDH Lines < http://www.net-security.org/text/articles/dl/radcom/an4994.pdf > How to Verify Data Integrity Through an ATM Network < http://www.net-security.org/text/articles/dl/radcom/an0495.pdf > How to Integrate FORE Systems Equipment with SPANS Signalling < http://www.net-security.org/text/articles/dl/radcom/an0695.pdf > Effective PPP Testing < http://www.net-security.org/text/articles/dl/radcom/ppp.pdf > ISDN Testing < http://www.net-security.org/text/articles/dl/radcom/wl42.pdf > Internet Protocol Analyzer < http://www.net-security.org/text/articles/dl/radcom/wl46.pdf > IP Blaster < http://www.net-security.org/text/articles/dl/radcom/ipblaste.pdf > ISDN Simulation < http://www.net-security.org/text/articles/dl/radcom/isdnsim.pdf > Live Protocol Analysis < http://www.net-security.org/text/articles/dl/radcom/liveprot.pdf > RC-155-C Script Language < http://www.net-security.org/text/articles/dl/radcom/script.pdf > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- HACKING EXPOSED - SECOND EDITION The book describes the security characteristics of several computer-industry pillars, including Windows NT, Unix, Novell NetWare, and certain firewalls. It also explains what sorts of attacks against these systems are feasible, which are popular, and what tools exist to make them easier. The authors walk the reader through numerous attacks, explaining exactly what attackers want, how they defeat the relevant security features, and what they do once they've achieved their goal. In what might be called after-action reports, countermeasures that can help steer bad buys toward less-well-defended prey are explained. Topics covered: The state of the art in breaking into computers and networks, as viewed from the vantage point of the attacker and the defender. There's information on surveying a system remotely, identifying weak points, and exploiting weaknesses in specific operating systems (Windows NT, Unix, and Novell NetWare, mostly). Coverage also includes war dialers, circumventing firewalls, denial-of-service attacks, and remote-control software. There's a cool appendix on the security characteristics of Windows 2000. Book: < http://www.amazon.com/exec/obidos/ASIN/0072127481/netsecurity > ---------------------------------------------------------------------------- PROFESSIONAL JAVA 2 ENTERPRISE EDITION WITH BEA WEBLOGIC SERVER Business objects are basically encapsulated business processes that deal with some input data and mediate the appropriate business response. Professional J2EE Programming with BEA Web Logic Server shows how suited to the creation of business objects and the n-tier applications centered on them Java is. Key areas covered include real world techniques for application development, explanation of how to create business logic components from Enterprise Java Beans, database handling with JDBC, JNDI and directory services, Java messaging services and interfacing applications to CORBA/DCOM systems and XML. Book: < http://www.amazon.com/exec/obidos/ASIN/1861002998/netsecurity > ---------------------------------------------------------------------------- LINUX ASSEMBLY LANGUAGE PROGRAMMING Explains all the key features of c86 assembly language in the context of Linux operating system and the C language. Uses a step-by-step, one-concept-at- a-time coverage to help the user master essentials skills. CD-ROM includes the Open Source assembler NASM, edinas, and sample device drivers from the text. Book: < http://www.amazon.com/exec/obidos/ASIN/0130879401/netsecurity > ---------------------------------------------------------------------------- TOMES OF DELPHI: ALGORITHMS AND DATA STRUCTURES Tomes of Delphi: Algorithms and Data Structures is a highly sophisticated title targeted for advanced developers. Author Julian Bucknall works for one of Inprise's leading and oldest third-party library and tool companies, TurboPower, where he is in charge of technical development. This is the only book on the market that will provide Delphi developers with a comprehensive and current overview of using algorithms and data structures from a practical, not a theoretical, textbook perspective. The book will include a wealth of code examples appropriate for practicing developers. Bucknall's title will provide comprehensive coverage of such topics as binary trees, data compression, and other advanced topics not treated in any competing titles. The CD includes the author's highly successful freeware library EZDSL along with the code from the book. Book: < http://www.amazon.com/exec/obidos/ASIN/1556227361/netsecurity > ---------------------------------------------------------------------------- THE JAVA DEVELOPERS ALMANAC 2000 (THE JAVA SERIES) This book provides a truly valuable reference to nearly all the classes and APIs in standard Java. This "white pages" for Java puts all classes and APIs at your fingertips, along with short samples that illustrate essential programming tasks. It's a compliment to say that this title resembles a telephone book. With over 1,000 pages (and printed on similar paper stock), The Java Developers Almanac, like a phone book, is organized alphabetically. Early sections look at Java 2 classes by package, such as graphics (including Java 2D), file I/O, network programming, and AWT and Swing. Early sections include several hundred short code excerpts, which provide key programming solutions. The heart of this text is an A-to-Z compendium of over 2,100 Java classes, and a whopping 24,000 methods and properties. Book: < http://www.amazon.com/exec/obidos/ASIN/0201432994/netsecurity > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- VLAD THE SCANNER V0.7.4 VLAD the Scanner is an open-source security scanner that checks for the SANS Top Ten security vulnerabilities commonly found to be the source of a system compromise. It has been tested on Linux, OpenBSD, and FreeBSD. Link: < http://net-security.org/various/software/971974205,30976,.shtml > ---------------------------------------------------------------------------- SPAMMOTEL V.1.2.1 A unique web-based anti-spam program that gives you complete control of your e-mail address, without the use of filters. SpamMotel gives you a special 'disposable' e-mail address each time you use it, and lets you attach a reminder memo to it. Any e-mail sent to that special address is forwarded to your regular e-mail account, along with your memo, which appears at the top of the incoming e-mail message. You'll know exactly when and where the spammer got your e-mail address. Use the handy online Log Page to control these special addresses and block any sender. This free program works with your existing e-mail account. A download-able interface makes access easy, and requires no installation on your computer. Also useful in organizing your e-mail folders more effectively. Link: < http://net-security.org/various/software/971647417,19204,.shtml > ---------------------------------------------------------------------------- SAFEGUARD PRIVATECRYPT SafeGuard PrivateCrypt an easy to use encryption application supporting the new AES algorithm. Thus it is one of the fastest and most secure encryption tools worldwide. And one of the easiest - without authorization of the recipient, without exchange of keys. Link: < http://net-security.org/various/software/971974861,31291,.shtml > ---------------------------------------------------------------------------- BASTILLE LINUX V.1.1.1 Bastille Linux aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat Linux 6.0/6.1. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security. Link: < http://net-security.org/various/software/971974996,81622,.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [16.10.2000] - Anti-AOL Original: http://www.anti-aol.org/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/16/www.anti-aol.org/ [16.10.2000] - United States Department of Transportation Original: http://stratplan.dot.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/16/stratplan.dot.gov/ [16.10.2000] - National Institutes of Health Original: http://intra.ninds.nih.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/16/intra.ninds.nih.gov/ [16.10.2000] - Administrative Office of the U.S. Courts Original: http://www.mab.uscourts.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/16/www.mab.uscourts.gov/ [16.10.2000] - Multistate Tax Commission Original: http://www.mtc.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/16/www.mtc.gov/ [16.10.2000] - State of California Original: http://www.pia.ca.gov/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/16/www.pia.ca.gov/ [16.10.2000] - Panasonic (PL) Original: http://www.panasonic.com.pl/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/16/www.panasonic.com.pl/ [17.10.2000] - Linux Center (AR) Original: http://www.linuxcenter.com.ar/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/17/www.linuxcenter.com.ar/ [18.10.2000] - Family Serv Original: http://www.familyserv.org/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/18/www.familyserv.org/ [21.10.2000] - The Scottish Legal Life Assurance Society Ltd. Original: http://www.scotlegal.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/21/www.scotlegal.com/ [21.10.2000] - Gamers Network GmbH Original: http://www.planetfifa.de/ Defaced: http://www.attrition.org/mirror/attrition/2000/10/21/www.planetfifa.de/ ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org