HNS Newsletter Issue 41 - 11.12.2000 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured books 5) Security software 6) Defaced archives General security news --------------------- ---------------------------------------------------------------------------- TURKISH PM WEBSITE DEFACED BBC reports that the website of the Turkish Prime Minister's office was defaced in protest against the government's economic policies. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.bbc.co.uk/hi/english/world/europe/newsid_1053000/1053031.stm SNOOP POWERS Civil liberty campaigners yesterday warned Home Secretary Jack Straw not to grant police and the secret services new "snoop" powers. A proposal, which would create a database of every phone call, e-mail and Internet connection made in the UK, could see Britain hauled up before the European Court of Human Rights, warned Liberty. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.record-mail.co.uk/shtml/NEWS/P2S2.shtml JOHNS HOPKINS TO LAUNCH IT SECURITY CENTER Johns Hopkins University announced Monday that, thanks to a $10 million gift from an anonymous donor, it would open a center to study computer and information security issues. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/12/04/001204hnjohnshopkins.xml SECURITY MARKET The worldwide market for security consulting, implementation, management and training services will increase at a compound annual growth rate of 26 percent, from $5.5 billion in 1999, to $17.2 billion in 2004, according to a new study from IDC. Link: http://www.esj.com/breaknewsdisp.asp?ID=3761 YET ANOTHER DoS ALERT The FBI's cybercrime unit has warned web users to be vigilant during the Christmas holidays. Yes, as you guessed, they are alerting on Denial of Service attacks... Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ananova.com/news/story/sm_134941.html KURT SEIFRIED INTERVIEW LinuxSecurity Brasil did an interview with Kurt Seifried from SecurityPortal. Kurt is the author of the well known Linux Administrator's Security Guide (LASG) and is working now at SecurityPortal.com... English version: http://www.linuxsecurity.com.br/sections.php?op=viewarticle&artid=2 Portuguese version: http://www.linuxsecurity.com.br/sections.php?op=viewarticle&artid=1 ATTRITION STAFFERS FEATURED AT IDG IDG interviewed Cancer Omega, Jericho and Null - Attrition staffers. Questions go from "What made you decide to take a legitimate job in computer security?" to "How easy is it to break into the typical Fortune 500 company site?" Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_302972_1794_9-10000.html PRIVACY SITUATION AND MORE Marketing companies have begun to embed invisible HTML "beacons" in their e-mail. Because these tiny one-pixel images must be retrieved from the sender's server when the message is opened, they can tell the sender when and how often a recipient looks at a message. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/12/05/001205hnwebbug.xml FROM CISCO WITH LOVE Cisco has advised users to update the software used in its 600 family of routers following the identification of what it admits are multiple security vulnerabilities. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/5/15246.html PROLIN DOES LITTLE HARM IDG.net reports that the newly discovered Prolin worm appears to be doing less damage than originally feared. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_304085_1794_9-10000.html LAST LINE OF PREVENTION The Israel Land Administration (ILA) was forced to close most of its Internet site last Fridey, due to damage caused by hostile cyber attacks. Link: http://new.globes.co.il/serveEN/globes/docView.asp?did=454769&fid=947 UPDATE ON MAFIABOY CASE Nearly a year after all those DDoS attacks, prosecutors and lawyers representing a defendant known as "Mafiaboy" are locked in a high stakes game of chicken over whether the case will go to trial. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.usatoday.com/usatonline/20001205/2888098s.htm ENCRYPTION EXPERTS SET TO BUST RIP RULES Mathematician Peter Fairbrother has launched a project called M-o-o-t, which would make it physically impossible to surrender encryption keys - or for security services to track e-mails. Link: http://www.computerweekly.com/cwarchive/daily/20001206/cwcontainer.asp?name=C5.HTML&SubSection=6&ct=daily SCHWAB SITE VULNERABLE Charles Schwab & Co.'s Web site is vulnerable to a well-known attack that could allow anyone to gain access to sensitive account information, the financial services company acknowledged yesterday. More information about the problem could be found here (http://www.net-security.org/text/bugs/976159213,50588,.shtml) Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2662137,00.html COMPUTER CRIME LAWS Criminal laws in most countries have not been extended into cyberspace yet, potentially making prosecution difficult on computer-related crimes such as hacking and distributing viruses on the Internet, a 52-country survey says. Link: http://thestar.com.my/tech/story.asp?file=/2000/12/7/technology/07nolaws&sec=technology HOSPITAL RECORDS HACKED HARD A sophisticated hacker took command of large portions of the University of Washington Medical Centre's internal network earlier this year and downloaded computerized admissions records for four thousand heart patients, SecurityFocus has learned. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15285.html HV2K MEMBER SENTENCED A high school senior who allegedly co-founded an international computer hacking group was sentenced to five years' probation after he pleaded guilty to defacing several government Web sites. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www0.mercurycenter.com/svtech/news/breaking/merc/docs/064296.htm CZECH GOVERNMENT WEBSITE ATTACKED Czech interior ministry's website got defaced on Wednesday by inserting a modified picture of Interior Minister Stanislav Gross, a spokesman said. Link: http://thestar.com.my/tech/story.asp?file=/2000/12/7/technology/07hack&sec=technology PERSONAL FIREWALLS FAIL THE LEAK TEST In an attempt to show that personal firewalls may afford their users little protection against serious threats, a respected PC security expert Steve Gibson has released a new software tool that pokes holes in many of the leading desktop security packages. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.internetnews.com/intra-news/article/0,,7_529661,00.html SAFENET 2000 Bill Gates kicked off the company's first-ever security summit in Redmond, dubbed SafeNet 2000, calling for industry-wide involvement and hinting at some of the security features the company is developing. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://abcnews.go.com/sections/tech/DailyNews/microsoft_summit001207.html FTSE WEB SITE DEFACED The FTSE web site at FT-SE.co.uk has been hacked by a group calling themselves "kat krew." The FTSE confirmed that the front page had been hacked in the early hours of this morning, at around four AM. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15345.html IDENTIFYING ICMP HACKERY TOOLS USED IN THE WILD TODAY Several tools exist in the wild today that allow a malicious computer attacker to send crafted ICMP datagrams. Those datagrams can be used for various tasks: host detection, advanced host detection, Operating System Fingerprinting and more. This article by Ofir Arkin will examine whether we can identify the different tools used for ICMP hackery that are available in the wild today. If we can identify the tool, we may be able to identify the underlying operating system or a number of operating systems that this tool might be running on top of. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/icmptools.html HOLIDAY ALERT: PART 4 Yet another "alert" about Christmas attacks - this time a leading Scottish internet security company Buchanan International, has predicted that a major online retailer will be shut down by hackers in the run up to Christmas... Link: http://www.thescotsman.co.uk/business.cfm?id=28490&keyword=the VERIZON SPAMMED Verizon Communications worked Saturday to clear a backlog of millions of junk messages that slowed email for as many as 200,000 of its Internet customers on the East Coast. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1004-200-4076405.html ENTRANCE TO FBI AND FTC WEB SITES One of the HIT2000 members says that he discovered a potential security hazard in two U.S. government Web sites that use Netscape Communications Enterprise Server, including the online home of the U.S. Federal Bureau of Investigation (FBI). Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/00/12/08/001208hnfbiftc.xml PERSONAL FIREWALLS NOT SO SAFE It's one thing to rush an application to market without thinking about security. It's another to rush a security application to market. But that's what's happened with several personal firewalls - a product category that was a virtual nonentity a year ago but is now standard fare for anyone on a broadband connection, including telecommuters. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2663028,00.html SECURING YOUR BUSINESS IN THE AGE OF THE INTERNET Information technology is permeating all aspects of modern life and business. The growth of the Internet and in particular of the World Wide Web presents increasing challenges to information technology and business managers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/cover/coverstory20001204.html INSIDE THE STAGES WORM Recent e-mail worm incidents have attracted so much media coverage that one might expect users to be more wary of running emailed attachments. However, the June 2000 in-the-wild appearance of Argentinian virus writer Zulu's VBS.Stages worm demonstrated the folly of this assumption. In this article in SecurityFocus's Virus Focus Area, Szappanos Gabor gives an interesting overview of the Stages worm. The article discusses a variety of aspects of the threat, including its activation and propagation, and the role of shell scraps in its life cycle. The author also touches on additional concerns such as polymorphism and hidden extensions, and how they affect the Stages worm. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/virus/articles/stages/stages.html LINUX NETWORK SECURITY There are several methods remote attackers can use to break into your machine. Usually they are exploiting problems with existing programs. The Linux community always quickly spots these 'exploits' and releases a fix. Linux fixes are usually out long before the equivalent programs in other operating systems are mended. The issue here though is how to prevent your machine from suffering any sort of problem of this sort. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxplanet.com/linuxplanet/tutorials/211/1 THE FIFTH ESTATE In its investigative documentary, Hackers, the fifth estate explores the inherent tension between the convenience and speed with which people conduct their personal, social and corporate affairs via the internet, and the high price in personal security exacted by the technology they use. The internet is a global web of interconnected computers which make it possible for people and companies to complete transactions at the speed of light. But it is the very interconnectedness of the web that leaves virtually every machine attached to it vulnerable to unwanted intrusions. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cbc.ca/news/indepth/hackers/ ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- BYPASSING ADMIN AUTHENTICATION IN PHPWEBLOG In common.inc.php, $CONF is not properly initialized as an array, thus allowing users to alter the contents in it, wich can leed to bypass administrator authentication. Link: http://www.net-security.org/text/bugs/976014942,58296,.shtml XITAMI WEBSERVER MULTIPLE VULNERABILITES Xitami Webservers default installation /Cgi-Bin directory has a Vulnerability that allows remote users to View information regarding your system and Webserver's Directory by executing TestCgi.exe using your browser sample: http://www.Target.com/cgi-bin/testcgi Link: http://www.net-security.org/text/bugs/976016727,49445,.shtml IIS 4.0/5.0 PHONE BOOK SERVER BUFFER OVERRUN The Phone Book Service was created by Microsoft to help provide dial in services to the corporation and ISPs. As part of the functionality of the service when users dial in their client software can be configured to download phone book updates from a web server. The ISAPI application that serves the update is pbserver.dll. This DLL contains a buffer overrun vulnerability that can allow the execution of arbitrary code or at best crash the Interner Information Server process, inetinfo.exe. Link: http://www.net-security.org/text/bugs/976067413,42776,.shtml PHONE BOOK SERVER BUG PATCHED Microsoft has released a patch that eliminates a security vulnerability in an optional service that ships with Microsoft Windows NT 4.0 and Windows 2000 Servers. The vulnerability could allow a malicious user to execute hostile code on a remote server that is running the service. Link: http://www.net-security.org/text/bugs/976067428,968,.shtml CHARLES SCHWAB ONLINE TRADING BUGS Through cross-site scripting, an attacker can gain control of the account of a Charles Schwab customer who uses the online trading service. The attacker can choose to either gain interactive use of the service, or to cause the account holder to perform inadvertent unwanted actions on the attacker's behalf. Link: http://www.net-security.org/text/bugs/976159213,50588,.shtml APCUPSD 3.7.2 DENIAL OF SERVICE During startup apcupsd creates a PID-file named "apcupsd.pid" in /var/run (system specific, maybe other directory) with the ID of the daemon process, this PID-file is used by the shutdown-script to kill the daemon process. Unfortunatly this PID-file ist world-writeable (Mode 666, -rw-rw-rw). A malicious user can overwrite the file with arbitrary process ID's, these processes will be killed instead of the apcupsd process during restart or stop of the apcupsd daemon and during system shutdown or restart, the whole system can be crashed this way. Link: http://www.net-security.org/text/bugs/976208482,77278,.shtml PHP AND APACHE VULNERABILITY CHINANSL security team has found a security problem in Apache web server where using php3. Exploitation of this vulnerability, A malicious user can access the content of file in the machine where Apache web server is runing. Link: http://www.net-security.org/text/bugs/976208520,99957,.shtml ULTRASEEK SERVER 3.0 VULNERABILITY CHINANLS security team has found a security problem in Ultraseek Server 3.0. Exploitation of this vulnerability, It is possible that a malicious user can get the absolute path and source code of Ultraseek Server addons. Link: http://www.net-security.org/text/bugs/976208502,82387,.shtml ---------------------------------------------------------------------------- PHPGROUPWARE VULNERABILITIES phpGroupWare makes insecure calls to the include() function of PHP which can allow the inclusion of remote files, and thereby the execution of arbitrary commands on the remote web server with the permissions of the web server user, usually 'nobody' Link: http://www.net-security.org/text/bugs/976208568,21880,.shtml IBM DB2 SQL DOS DB2 Universal Database (UDB) is IBM's relational database server solution for the UNIX, OS/2 and Windows NT/2000 operating environments.And More than 70% of the world's major companies rely on DB2 to manage their mission-critical business applications. There is a bug when you excute a special sql include time and varchar ,which will make the database crash. Link: http://www.net-security.org/text/bugs/976208595,66917,.shtml LEXMARK MARKVISION DRIVERS ROOT COMPROMISE Several of the utilities that make up the Unix printer drivers contain command line buffer overflows. As some of these utilities are installed setuid root, a local attacker can trivially exploit the vulnerabilities to execute arbitrary code as root. Link: http://www.net-security.org/text/bugs/976306427,15975,.shtml HOMESEER DIRECTORY TRAVERSAL VULNERABILITY Adding the string "../" to an URL allows an attacker to files outside of the webserver's publishing directory. This allows read access to any file on the server. Example: http://localhost:80/../../../autoexec.bat reads the file "autoexec.bat" from the partition's root dir. Link: http://www.net-security.org/text/bugs/976306486,83751,.shtml BROADVISION ONE-TO-ONE ENTERPRISE BUG BroadVision One-To-One Enterprise contains a vulnerability which reveals server information . Requesting a non-existent file,the server will reveal the physical path of server files as following: "Script /appl/bv1to1/bv1to1_var/script-root/login/benjurry.jsp failed, reason unknown " Link: http://www.net-security.org/text/bugs/976306619,90744,.shtml ADMINISTRATION REGISTRY KEY VULNERABILITY The registry key in Windows NT 4.0 that handles the administration of Remote Access Service (RAS) third-party tools is not properly configured to deny write access to unprivileged users. Such lenient permissions assigned to this particular registry key would allow any user that could log on locally to a system with a RAS server installed to modify the value of the key to an arbitrary DLL file that would be executed upon startup of RAS. The DLL in the RAS registry key is run under LocalSystem privileges. Therefore, the malicious user would be able to perform any action under the LocalSystem security context which would basically yield full control over the local machine. The location of the RAS r egistry key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS. Link: http://www.net-security.org/text/bugs/976306634,8269,.shtml VULNERABILITIES IN KTH KERBEROS IV The KTH Kerberos IV implementation (http://www.pdc.kth.se/kth-krb/) contains the following vulnerabilities: 1) Honoring certain environment variables 2) Buffer overflow in protocol parsing code 3) File system race when writing ticket files The vulnerabilities may lead to local and remote root compromise if the system supports Kerberos authentication and uses the KTH implementation (as is the case with e.g. OpenBSD per default). The system needn't be specifically configured to use Kerberos for all of the issues to be exploitable; some of the vulnerabilities are exploitable even if Kerberos is disabled by commenting out the realm name in the "krb.conf" file. Link: http://www.net-security.org/text/bugs/976410064,99928,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- ARGANTE PROJECT ANNOUNCED - [03.12.2000] We - a small group of computer security and programming enthusiasts - are proud to present a result of our hard work on making secure, functional, portable and effective environment, called "Argante". Although Argante is introducing completely new standards, architecture concepts and design basis, we believe it can find its place, both in dedicated and hybrid solutions, where Argante code is mixed with traditional components - especially in server software, secure distributed solutions / network monitoring and analysis software, distributed self-organizing clusters (at management / request propagation layer), virtual routers (for easy building of complex, fault-tolerant private networks from scratch) and so on, making such solutions simpler, more secure and stable - and, very often, more effective. Press release: < http://www.net-security.org/text/press/975813054,97593,.shtml > ---------------------------------------------------------------------------- CONEXANT CHIPSET OFFERS WATCHGUARD PROTECTION - [04.12.2000] WatchGuard Technologies, Inc. announced that Conexant Systems, Inc. will be the first semiconductor company to offer WatchGuard's firewall and LiveSecurity Services with their new CX82100 home networking processor for Internet enabled devices. The Conexant CX82100 will offer a reference design with a built-in WatchGuard firewall and access to WatchGuard's suite of LiveSecurity Services where end users can enhance their protection by subscribing to additional services, such as WatchGuard's IPSec VPN (Virtual Private Network). Press release: < http://www.net-security.org/text/press/975948103,25179,.shtml > ---------------------------------------------------------------------------- NETWORK-1 CITED IN RECENT IDC AND GARTNER REPORTS - [04.12.2000] Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention solutions for e-Business networks, announced that it continues to gain in awareness and market recognition among industry analysts that follow the network security industry. In October, the company was cited as one of the original manufacturers of Distributed Firewalls, a market segment IDC characterizes as "hot." A subsequent report issued in November by the Gartner Group, "Firewall Market Magic Quadrant Update 2000," now includes Network-1 within the quadrant and refers to the company under the "New Entrants" section. Press release: < http://www.net-security.org/text/press/975949007,19004,.shtml > ---------------------------------------------------------------------------- "NAPTHA" SECURITY VULNERABILITY UNCOVERED - [04.12.2000] BindView Corporation, a leading provider of IT security management solutions, announced that it has identified Naptha, a cluster of new security vulnerabilities that threatens at least seven major operating systems including Microsoft, Novell, Solaris and Linux. Naptha is comprised of a variety of denial-of-service vulnerabilities that exploit the TCP protocol and cause a variety of service degradation effects. Results could range from a slow down or disruption of services to total operating system failure. Applications including DNS servers, Web servers, and e-mail servers as well as entire operating systems are at risk of attack from Naptha. Press release: < http://www.net-security.org/text/press/975949798,67328,.shtml > ---------------------------------------------------------------------------- NETSCREEN INTRODUCES GIGABIT SECURITY SYSTEM - [05.12.2000] NetScreen Technologies, Inc., a leading developer of ASIC-based Internet security systems and appliances, announced a new version of the NetScreen 1000 Gigabit Security System. The NetScreen-1000ES (Enterprise System) is a gigabit speed firewall/VPN security system specially configured to meet the high-bandwidth security needs of enterprise intranets, e-business operations, and broadband Internet access. Press release: < http://www.net-security.org/text/press/976015420,90988,.shtml > ---------------------------------------------------------------------------- I-WORM.XTC TARGETS NEW YEAR'S DAY - [06.12.2000] Central Command, a leading provider of PC anti-virus software and computer s ecurity services, and its partners' announced the discovery of I-Worm.XTC, a new Internet worm that infects Windows 95/98/Me/NT/2000 computers and masquerades itself as a virus protection update. This new worm uses a new technique for replication, and can be remotely controlled through the Internet. Press release: < http://www.net-security.org/text/press/976066755,63640,.shtml > ---------------------------------------------------------------------------- DON'T LET A DOT.COM BECOME A DOT.CON - [06.12.2000] Little compares with the convenience of pointing and clicking through holiday shopping lists, but consumers could pay a steep price for cyber shopping if they don't protect personal data. Experts estimate that 55 million Americans will spend $12.5 billion online this holiday season, nearly double last year's total and a record for any year. Press release: < http://www.net-security.org/text/press/976066825,98721,.shtml > ---------------------------------------------------------------------------- JAWZ announced Cyber Crime Response Unit - [06.12.2000] JAWZ Inc. announced details of its newly formed Cyber Crime Response Unit. This group will be part of JAWZ's Professional Security Services division, and will focus on providing JAWZ's clients with Computer Incident Response Team (CIRT) capabilities, Computer Crime Investigation and Forensic Analysis, and Forensic Training and Certification. Press release: < http://www.net-security.org/text/press/976066908,92668,.shtml > ---------------------------------------------------------------------------- RAINBOW ANNOUNCES 2001 EXPANSION - [06.12.2000] Rainbow Technologies, Inc. announced an aggressive growth strategy, commencing in January 2001, which places Rainbow's core competencies into four business units. This move includes the creation of IVEA Technologies for products in eCommerce acceleration and performance enhancement, and the Digital Rights Management Group that focuses on hardware and software authentication and security products. Press release: < http://www.net-security.org/text/press/976122378,87105,.shtml > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- FROM ACCESS TO SQL SERVER The book begins by discussing SQL Server and by carefully explaining the areas in which it differs from Access. Sinclair reviews the SQL Server technology, including its architecture and application environment. He also provides coverage of key topics, including security; data storage; system databases; database objects such as tables, views, and stored procedures; and, of course, how to query and view the data in the database. After reviewing SQL Server, Sinclair discusses the potential reasons for an upgrade and the planning process necessary to complete a successful migration. He covers core migration issues and helps to provide a framework for decisionmaking. The author then turns to the working issues of the migration process itself. Among the topics covered: Microsoft's Upsizing Wizards, use of SQL Server's Data Transformation Services, options for connecting Access databases directly to SQL Server, differences and similarities between Tables and Views in Access and in SQL Server, how to write SQL Server stored procedures, and even how to convert existing Access reports to stored procedures. Book: < http://www.amazon.com/exec/obidos/ASIN/1893115240/netsecurity > ---------------------------------------------------------------------------- LINUX PROGRAMMING: A BEGINNER'S GUIDE Learn the fundamentals of Linux programming by following the steps and examples in this easy-to-use guide. Linux expert Richard Petersen uses hands-on exercises to teach you how to program the BASH and TCSH shells, customize Linux using Perl, Tcl, and Gawk, and write GUI programs in Tk. You'll also learn GUI programming techniques for interfaces such as the Gnome and KDE desktop environments. Book: < http://www.amazon.com/exec/obidos/ASIN/0072127430/netsecurity > ---------------------------------------------------------------------------- A BRIEF HISTORY OF THE FUTURE: ORIGINS OF THE INTERNET This book is Naughton's attempt to educate the uninitiated in how the Internet came to be. Although its development occurred in starts and stops over a half- century, the Internet came into its own only in the 1990s, with the arrival of the World Wide Web and widely available software to negotiate it. Each of those innovations, though, drew on work that sometimes extends deep into the past, and Naughton does a good job of tracing technical lineages. Though studded with geekspeak, his narrative doesn't presuppose much background knowledge on his readers' part, unlike Stephen Segaller's worthy Nerds 2.0.1., which covers some of the same ground. Naughton's cast of characters includes such scientific and administrative luminaries as Norbert Wiener, Vannevar Bush, Paul Baran, Bill Gates, Linus Torvalds, and Tim Berners-Lee (but, sad to say, not Al Gore), each of whom made contributions large and small to what Naughton insists is a technological revolution with endless possibilities for the common good. Book: < http://www.amazon.com/exec/obidos/ASIN/1585670324/netsecurity > ---------------------------------------------------------------------------- DEBUGGING ASP: TROUBLESHOOTING FOR PROGRAMMERS Author Derek Ferguson has compiled a list of bugs from his work at a regional ISP, a perfect laboratory for uncovering the most common problems that ASP developers face every day. First and foremost are his suggestions for configuring Internet Information Server (IIS) for development systems. A number of valuable tips help you improve the feedback that you get from Web server logs. You also learn about several options that will simplify debugging of new scripts and components over old ones. (In short, Debugging ASP will help you make sure, when you deploy a new script or component, that it gets displayed in your Web page, instead of the out-of-date version.) A really useful section points out common gotchas in ASP development, and there are tips on the right ways to include other files in ASPs and how to redirect HTTP requests correctly. The book also explains how to maintain state with Session objects, while balancing performance and security considerations. Book: < http://www.amazon.com/exec/obidos/ASIN/0072125349/netsecurity > ---------------------------------------------------------------------------- REMOVING THE SPAM: EMAIL PROCESSING AND FILTERING No one likes unsolicited electronic mail. Even though you can easily delete messages describing ways to MAKE MONEY FAST, they take a toll on network bandwidth and reduce your productivity. The key to gaining the upper hand in the battle against spam is to understand the tools at your disposal. In Removing the Spam, Geoff Mulligan names those tools and then describes how to use several of them. Mulligan begins explaining the operation and management of two widely distributed Unix e-mail tools: Sendmail and Procmail. In his section on Sendmail, the author answers the question asked by everyone who's ever been harassed on e-mail: How do I automatically trash mail from X? He shows you how to block mail based on mail attributes like sender, subject line, message size and several other parameters. Coverage of Procmail in Removing the Spam includes the essentials of recipe files, but more ready-to-use mail-management recipes would be welcome. In addition to covering Sendmail and Procmail, the author addresses mailing lists under Majordomo and SmartList. He also provides a handy guide to the user and administrator commands that control these popular programs--just the thing you need the next time you're on a list and want to unsubscribe. Book: < http://www.amazon.com/exec/obidos/ASIN/0201379570/netsecurity > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- LIBMIX (LINUX) LibMix is a library that provides an API for various useful functions, including an AES encryption interface, various network front-ends and low level datagram functions, as well as functions for string manipulations and other miscellaneous utility functions. It also includes functions to transmit encrypted data via stateless spoofed datagrams (tfntransmit/tfnread). Info/Download: < http://net-security.org/various/software/976015993,7246,.shtml > ---------------------------------------------------------------------------- NETWATCH V.0.9 Netwatch allows monitoring of an Ethernet segment or PPP line and examine activity on the network, highlighting hostnames in colors to indicate activity on the bus network based on time. The monitor includes packet statistics and a TOP mode which allows a sorted list of hosts based on IP usage. All info is updated on a per second basis. Info/Download: < http://net-security.org/various/software/976016083,31197,.shtml > ---------------------------------------------------------------------------- FORMS 2.0 CONTROL SECURITY PATCH This patch addresses a vulnerability that occurs when the Forms 2.0 Control (Fm20*.dll) is available on a user's system. Forms 2.0 is an ActiveX control that allows users to create customized dialog boxes. A malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a Web site set up by the malicious hacker or opens an email created by the hacker. The Forms 2.0 Control Security Patch prevents a hacker from exploiting this vulnerability. Info/Download: < http://net-security.org/various/software/976411977,7441,.shtml > ---------------------------------------------------------------------------- BIG CROCODILE 1.4 Big Crocodile is a powerful, secure password manager. It provides storage for all your passwords, logins, and hyperlinks in a securely encrypted file. It enables generation of new, random passwords. It has a multi-file interface, a hierarchical database, and several other features. It also has command-line and file-association support and export to spreadsheet files, support of local (2GB) and network drives, and small improvements (two dialogs). Info/Download: < http://net-security.org/various/software/976412174,64936,.shtml > ---------------------------------------------------------------------------- FOLDER GUARD 4.14 Folder Guard allows the user to selectively hide folders and restrict user access to system resources. It makes folders invisible or read-only in applications, including Explorer, MS Office, and MS-DOS, as well as in common dialogs. It also provides password protection, user-dependent configurations, and user validation at login. Protect individual files within folders. Separate passwords may be set up for each file or folder, letting you unlock only the password-protected items, leaving the rest of the system protected. Folder Guard also lets you restrict access to whole classes of files according to the file names, folders they are located in, and modules by which they are accessed. Info/Download: < http://net-security.org/various/software/976412419,54644,.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [04.12.2000] - Tokyo Metropolitan Institute of Technology Original: http://buofu7.tmit.ac.jp/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/04/buofu7.tmit.ac.jp/ [05.12.2000] - Lebanese Armed Forces Original: http://www.lebarmy.gov.lb/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/05/www.lebarmy.gov.lb/ [06.12.2000] - www.elortondo.gov.ar Original: http://www.elortondo.gov.ar/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.elortondo.gov.ar/ [06.12.2000] - www.chabas.gov.ar Original: http://www.chabas.gov.ar/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.chabas.gov.ar/ [06.12.2000] - www.firmat.gov.ar Original: http://www.firmat.gov.ar/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.firmat.gov.ar/ [06.12.2000] - NLP Gov (PK) Original: http://www.nlp.gov.pk/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.nlp.gov.pk/ [06.12.2000] - Geeknews Original: http://www.geeknews.net/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/www.geeknews.net/ [06.12.2000] - University of Oklahoma Health Sciences Center Original: http://admin-scb.ouhsc.edu/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/06/admin-scb.ouhsc.edu/ [07.12.2000] - The Ministry of Foreign Affairs, Republic of Macedonia Original: http://www.mnr.gov.mk/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/07/www.mnr.gov.mk/ [08.12.2000] - Exchange Bank Original: http://www.exchangebank.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/08/www.exchangebank.com/ [08.12.2000] - D-Link Systems, Inc. Original: http://www.dlink.com/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/08/www.dlink.com/ [10.12.2000] - Department of Civil Aviation, United Arab Emirates Original: http://www.dcaauh.gov.ae/ Defaced: http://www.attrition.org/mirror/attrition/2000/12/10/www.dcaauh.gov.ae/ ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org