HNS Newsletter Issue 45 - 08.01.2001 http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Current subscriber count to this digest : 1676 Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured article 5) Featured books 6) Security software 7) Defaced archives General security news --------------------- ---------------------------------------------------------------------------- COMPUTER SECURITY GETS A NEW TOUCH City workers in Oceanside, Calif., were drowning in passwords. One to check e-mail, others to see water billing records or police reports, all on top of the codes and personal identification numbers they had to keep straight in their off-the-job lives. Time and money were wasted answering up to 30 calls a day from workers who forgot or lost passwords. Now, those calls are down to one or two a week. Two years ago, Oceanside began installing mouse size fingerprint scanners at city computers. So instead of fumbling for a password, city workers now need only to place finger to scanner to get onto the network. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.denver-rmn.com/business/0101bio4.shtml PARLIAMENT WEBSITE ATTACKED The official website of Parliament has been attacked and all its information wiped out. The intruder - who called himself "topeira" had removed the website at http://www.parlimen.gov.my and replaced it with some foreign words and a Brazilian address on the rock group Garbage. This was the first time the Parliament website, which was put up earlier this year, had been penetrated. Link: http://thestar.com.my/news/story.asp?file=/2000/12/31/nation/3101llha&sec=nation TOP 10 SECURITY STORIES OF 2000 If 1999 was the year that Information Security began creeping into our collective consciousness like a dripping faucet, the year 2000 was when the water main burst. While the year began with a collective sigh of relief with the Y2K non-event, it was quickly followed by a yearlong procession of security headlines. I have a feeling that some people have kept their emergency shelters well stocked, lest some hacker figures out how to manipulate the power grid and their bank account. As with Y2K, the mainstream press has missed some of the real significance of 2000's information security news, so the staff at SecurityPortal has selected our top 10 list of security stories to further enlighten the masses and help you lead a better life. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/cover/coverstory20010101.html TOP PRIVACY ISSUES OF Y2K The phenomenal rise, and technological sophistication, of workplace surveillance leads the list of the Top 10 privacy stories of the year 2000, according to a Privacy Foundation analysis. Also in the Top 10 are proposed new medical privacy rules; the FBI’s controversial use of the Carnivore email wiretap; DoubleClick’s stalled plan to track consumers online; and the arrival of chief privacy officers in corporate boardrooms. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cipherwar.com/news/01/privacy_threats_2000.htm COMP.OS.LINUX.SECURITY FAQ INTRODUCED Daniel Swan's tireless efforts come to fruition after many months of development of the comp.os.linux.security FAQ. LinuxSecurity.com speaks with Daniel about his FAQ and Linux security. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/interview-cols.html COMPUTER CRIME INVESTIGATOR'S TOOLKIT: PART I Computer crime investigators come from differing backgrounds. In the private sector a wide range of certifications exist: CISSP, MCSE, Internet Security Specialist, Computer Forensics Specialist, and the like. Developing a common body of knowledge is often a response to the particular examination program one wishes to pass through. Yet, professional practice often dictates the areas of an investigator's expertise. Those with an emphasis on forensic issues (such as police investigators) may concentrate on techniques pertaining to "black" or illegal email, illegal pornography, and common-law crimes committed using a computer. Those with an emphasis on security issues may deal with technologies related to combating hacking, denial of service (DoS), intrusion, and business espionage. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/articles/toolkit20010102.html "THE FREEBSD CORPORATE NETWORKER'S GUIDE" A new FreeBSD book from Addison Wesley is now on sale.The FreeBSD Corporate Networker's Guide is written for the beginning FreeBSD administrator who wants to take advantage of the power and cost savings afforded by use of this operating system on their organization's production network. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/2001/January/News375.html CRYPTO-POLITICS: DECODING THE NEW ENCRYPTION STANDARD his fall the Department of Commerce announced its choice for the Advanced Encryption Standard (AES): the Rijndael algorithm. The first-of-its-kind international competition for the proposed new Federal Information Processing Standard included 15 entries by leading cryptographers from 12 countries. Sun Microsystems' Whitfield Diffie and Susan Landau, renowned authors and encryption experts, provide exclusive commentary on the AES, the political victory it represents, and why it heralds a new era in cryptography. They also discuss the government's new willingness to allow the export of strong encryption and the FBI's Internet surveillance program, Carnivore. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sun.com/research/features/encryption/ YEAR 2000 SECURITY ROUNDUP The year 2000 highlighted the need for business to better co-ordinate internet security - as global losses due to network downtime looked likely to top the trillion dollar mark according to research. It was the year viruses such as the Love Bug alone caused billions of pounds of damage, customers credit card details were left exposed on the web and companies everywhere were embarrassed at home and overseas by hackers, crackers and more hardened cyber criminals. Even Microsoft was caught with its pants down, although the Redmond giant claimed the crown jewels of its software line up had not been exposed by the breach of the firm's network security. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.uk.internet.com/Article/101126 HACKERS ASSASSINATE GAME CHARACTERS Online gamers saw their champion characters mercilessly killed off by computer hackers who gained access to their players through a security hole in Blizzard Entertainment's games server. Last week infiltrators exploited a vulnerability in the sign-in system to gain access to numerous player accounts. At first they began to discard valuable items belonging to these players but later began disposing of some of the games top characters. According to some reports, eight out of the top ten players were assassinated. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/0/ns-19961.html Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.bbc.co.uk/hi/english/sci/tech/newsid_1097000/1097330.stm CROSSING THE WIRELESS SECURITY GAP Most organizations would prefer to support only a single security model for e-commerce, preferably the Internet model in use today, notes Jeff Reed, vice president of e-commerce consulting firm Logical. E-commerce in the wired world today relies primarily on SSL, which is used to transmit everything from personal identification numbers and passwords to credit card numbers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_340748_1794_9-10000.html ECOMMERCE OUTFITS LEAVE SECURITY ON THE BACKBURNER Security policies in large organisations are failing to cope with the rigours of ecommerce, leaving IT managers claiming ebusiness plans and security strategies are out of step. According to research by market analyst house Xephon, the host of high-profile security blunders that occurred last year knocked the confidence of consumers and made other companies think twice about developing their own ebusiness strategies. Link: http://www.silicon.com/public/door?REQUNIQ=978478057&6004REQEVENT=&REQINT1=41756 CHINA PASSES INTERNET SECURITY LAW The 19th Session of the Standing Committee of the Ninth National People's Congress (NPC) passed a resolution on maintaining the security of computer networks on Dec. 28. The resolution makes it a criminal offense to commit any of following actions, according to the China News Service: Entering computer information networks involved with national affairs, national defense or advanced technology... Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://asia.internet.com/biz/2001/01/0102-COL.html DENNIS MORAN AKA COOLIO PLEADS GUILTY "Coolio", who was briefly linked to a highly publicized series of hacking attacks against major companies pleaded guilty to three misdemeanors. He broke into rsa.com, operated by Internet security company RSA Security Inc., and dare.com, an anti-drug site connected to the Los Angeles Police Department. If a judge approves a plea agreement, Moran will serve nine months to a year in jail and pay $5,000 in restitution to each of three victims. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.salon.com/tech/wire/2001/01/02/coolio/index.html HACKER MELTDOWN FAILS TO MATERALISE The widespread fear of a concerted distributed denial of service attack over the holiday season thankfully failed to materialise, but security experts are still at odds over how serious the threat was. Fears about an attack similar to that which swamped prestige internet sites such as Yahoo and eBay led the National Infrastructure Protection Center - the FBI's cyber crime busters - to issue an alert urging security administrators to bolt up their security hatches. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15766.html COMMENTARY: ARE WE READY FOR A CYBER-UL? Security expert Bruce Schneier takes a dim view of the Center for Internet Security's plan to emulate the example of Underwriters Laboratories (UL) when it comes to rating network security. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/comment/0,5859,2669664,00.html Y2K BUG BELATEDLY BITES NORWAY TRAINS The Y2K computer bug bit Norway's national railroad company later than expected. The bug was discovered when none of the company's new 16 airport express trains or 13 high-speed, long-distance Signatur trains would start early Dec. 31. The computers on board the trains apparently did not recognize the date, something not anticipated by experts who checked the systems thoroughly last year in anticipation of problems feared worldwide when the clocks rolled to Jan. 1, 2000, a spokesman said. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nandotimes.com/technology/story/0,1643,500295238-500469842-503172996-0,00.html INSIGHTS ON OPEN SOURCE RELEASE ENGINEERING "NetBSD 1.5 was released a few weeks ago, and after the dust has settled a bit now, we were able to get hold of Todd Vierling to tell us more about the 1.5 release engineering process. Todd was one of the release engineers who did most of the work in the "hot" phase of the 1.5 release cycle - here's an interview with him, and your chance to get some insight into the details of the release engineering process of a major Open Source project!" Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.daemonnews.org/200101/interview-tv.html SECURITY'S HARD KNOCKS "A few months ago, I learned a hard lesson about hiring practices. My colleagues and I found ourselves with a technician who just wasn't working out. The fellow was habitually late and didn't take responsibility seriously so we said goodbye. End of story. Or so we thought.Next thing we knew we got a call from a police officer who frequently works with us. "You know that guy who was working for you?" he asked. "Well, he's got a criminal record as long as my arm. Didn't you run a background check?" Whoops. Now that's a security problem, isn't it? Not quite as sexy as the latest IIS exploit, but bad enough." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nwc.com/1201/1201colfeldman.html TEENAGE COMPUTER HACKERS HIRED AS CYBER COPS The National Cyber Cop Committee, which has been set up by the software industry, is to be advised by a group of hackers between the ages of 14 and 19. Dewang Mehta, president of India's National Association of Software and Service Companies, said only a hacker could enter the mind of another hacker. "They will tell us where our soft spots are - where government and industry websites are most vulnerable, thus helping us strengthen our e-security," Mr Mehta told BBC News Online. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/culture/0,1284,40951,00.html OUT-OF-BAND SIGNALING Well, it's the new millennium (for real this time) and we're still alive (what to do with all that canned food?). Much has changed in the last 10 years. The digital computer revolution finally happened, and we are now sticking computer chips in everything from children's toys and toasters to army trucks and body armor, to mention nothing of the spread of desktop, server and appliance computers. And as many of us know, computers are much more useful when networked together. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityportal.com/closet/closet20010103.html MCAFEE: NO VIRUSES REPORTED DURING HOLIDAYS Because many businesses were closed between Christmas and New Year, viruses could have struck as offices went back online this morning. Nothing has happened so far, however. "There was absolutely no outbreak of viruses this morning. We did not get any problem reports at all from Europe or Asia. I expect it to stay quiet," said Marius van Oers, virus research engineer at McAfee, a division of Network Associates. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/computing/01/03/no.christmas.viruses.idg/index.html EMULEX SCAMMER TO SEE SLAMMER A 23-year-old college student faces almost four years in prison after pleading guilty to posting a fake news release which led to one of the Web's biggest- ever stock manipulation frauds. Mark Simeon Jakob, admitted to perpetrating the hoax last August in a bid to avoid losing $97,000 in an investment in Emulex Corp. stock, according to a Reuters report today, which noted that the press release was designed to topple Emulex's share price, netting him more than $241,000 in profits while biting other investors to the tune of $110 million. The scheme caused Emulex to drop by 62 percent on the Nasdaq, plunging to $42 from $110 per share. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/01/03/news3.html IDS EVASION WITH UNICODE Recently, there has been much discussion of the Unicode problem with regard to intrusion detection. Some pundits have gone so far as to claim that Unicode will contribute to the demise of Intrusion Detection Systems (IDS). This article by Eric Hacker will explain what Unicode is, how it complicates IDS and provides opportunities for IDS evasion, and what can be done about it. This discussion will focus particularly on the role of UTF-8, a means by which Unicode code points are encoded, in circumventing IDSs. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/utf8.html VIRUS INFECTION RATES SOAR The number of email viruses soared last year to the point where one in 700 emails was infected, according to a survey by a firm which scans electronic communications for malicious code. MessageLabs, which scans over 3 million emails per day, said it had detected and stopped an average of one email virus every three minutes during 2000. In some months, the number of viruses per email reached one in 700, up from one in 2000 at the start of the year. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/4/15751.html NAVIDAD VIRUS AT LARGE AGAIN A variation of the Navidad virus has been discovered in the wild according to anti-virus vendor Sophos. W32/Navidad-B is a variant of the original W32/Navidad email virus, which arrives in an email message containing an attachment called EMMANUEL.EXE. Once the attached program is launched, it attempts to read new email messages and to send itself to the senders' addresses. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.silicon.com/a41776 CYBER ATTACKS PROVE COSTLY As the computer industry intensifies, so does the amount of cyber attacks. Many Web sites are open to all sorts of "web hacking." According to the Computer Security Institute and the FBI's joint survey, 90% of 643 computer security practitioners from government agencies, private corporations, and universities detected cyber attacks last year. Over $265,589,940 in financial losses were reported by 273 organizations. How do we limit the possibilities of being a victim of a cyber attack? Link: http://www.linux.com/newsitem.phtml?sid=1&aid=11505 WATCH OUT FOR CYBER-TERRORISM AND VIRUS MUTATIONS Cyber-terrorist activity and new delivery mechanisms for the transmission of virus mutations will be among the next wave of significant information security trends to affect businesses, organizations, and even individual users, according to Predictive Systems, a network infrastructure consulting firm. "Advances in technology, insider knowledge, inadequate security precautions - all are contributing to a new generation of criminal cyber behavior that could have a potentially devastating impact on companies and even individuals that fail to take steps to protect themselves," said Dr. Terry Gudaitis, a cyber crime profiler for Predictive Systems. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnetasia.com/news/dailynews/story/0,2000010021,20170094-1,00.htm MACROMEDIA INVESTIGATES FLASH SECURITY Software giant Macromedia is investigating reports that its Flash Player plugin for Internet browsers could allow malicious hackers access to computers connected to the Internet. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/0/ns-20009.html THE SPAM-TASTIC YEAR 2000 Sadly, and despite the best efforts of a few dedicated spam fighters, unsolicited commercial e-mail seems to be getting worse. The average business e-mail user receives three spam messages a day, and in three years that number will swell to 40. According to Ferris Research, in 2003 we'll waste 15 hours deleting e-mail, compared to 2.2 hours in the year 2000. That will cost the average business in the future $400 per in-box, compared to $55 today. Spam can even threaten privacy or bring viruses to your system. Link: http://www.pcworld.com/news/article.asp?aid=37402 FREEBSD IPSEC MINI-HOWTO This document is intended to be a primer on how to get IPsec on FreeBSD up and running, interoperating both with another FreeBSD (or NetBSD or any other KAME-derived stack) machine, and a Windows 2000 machine. IPsec is a means to secure IP layer communications between hosts, and can secure both IPv4 and IPv6 traffic. Only IPsec over IPv4 will be discussed here. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://ezine.daemonnews.org/200101/ipsec-howto.html MALAYSIA PROBES HACKING Malaysian police are investigating how hackers infiltrated parliament's website in an intrusion that was overlooked for days until the opposition pointed it out to the media. The break-in, as well as the delay in discovering it, has some Malaysians criticising what they believe is lax vigilance in a country seeking to be a regional high-tech centre. Link: http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT382ZCTKHC&live=true&tagid=ZZZC19QUA0C&subheading=asia%20pacific MICROSOFT HACKER FIRED The hacker who made Microsoft look foolish in November by breaking into its servers through a known security hole has been fired by his company Getronics. He was fired after a court case. Getronics terminated Dimitri Van de Glessen's one-year contract but there is no Netherlands law that allows a company to fire members of staff for hacking in their private time, so both parties went to court to resolve the issue. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/6/15802.html TECH GIANTS, FBI JOIN FORCES TO COMBAT HACKERS IBM and more than 500 other companies have joined forces with the FBI to fight cybercrime. The system, called InfraGard, lets the FBI and the companies alert each other and share information about attacks by intruders and how to protect against them. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1005-200-4388133.html NASA NOT AMUSED BY WEB VANDALISM NASA said Friday it nabbed an Internet vandal who allegedly broke into one of its Web sites and left a message urging the space agency to beef up security. Link: http://www.zdii.com/industry_list.asp?mode=news&doc_id=ZD2671675 INSTALLING FIREWALL CAN KEEP THE PC BAD GUYS AT BAY Ron Trepanier knew that the Internet could be a dangerous place, but it wasn't until he installed a personal firewall that he realized his home computer was coming under daily attack. The mechanical engineer, who lives outside Toronto, recently documented 30 attempts to gain access to his PC through his high speed DSL connection during a single week. As broadband Internet access becomes more common, cyber-trespassers are increasingly taking advantage of the speedy, "always on" connections to probe for unprotected machines. "People can come in, they can steal, modify or put things on your computer," warns Sam Curry, security architect for McAfee.com, a provider of security software. "They can cause your system to reboot or not talk properly on the Internet." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www0.mercurycenter.com/svtech/news/indepth/docs/fire010701.htm LINUX VENDORS BEGIN KICKING TIRES OF 2.4 KERNEL Linus Torvalds and his merry Linux band released the 2.4 kernel - less than a week after posting one pre-release version but nearly a year behind schedule. The market has been anxiously awaiting the final release, which can be downloaded from kernel.org, even though some of the features found in the kernel have already made their way into vendors' current Linux offerings. However, vendors are being cautious about detailing exactly when the kernel itself will find its way into their lineups. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2671593,00.html FIRST HYPERTEXT VIRUS FOUND Central Command says it has uncovered the first script virus that can execute in a hypertext server environment. The good news is that the virus, PHP.NewWorld, has no payload and is not self-propagating. Steve Sundermeier, Central Command's product manager, told Newsbytes the appearance of the virus is worrisome, since it is a "proof of concept" virus for the hypertext preprocessor (PHP) scripting language. "If you look back at the development of scripting viruses, right through to Loveletter, you'll see that they all started with proof of concept versions," he said, adding that, once a proof of concept edition of a virus has been created, it is a few short steps for other hackers to add payloads and other destructive attributes to the program. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/160115.html CRYPTO Who can resist innovations like mobile phones and networked computers? They put anyone, anywhere, within earshot, and zip information - whether an unabashed declaration of love, a medical chart or a detailed plan for a product rollout - around the globe in a heartbeat. Unfortunately, it’s all too easy for corporate eavesdroppers, nosy neighbors with a nerdy streak or government snoops to snap up those messages and conversations en route to their legitimate recipients. We think we’re whispering, but we’re really broadcasting. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/511696.asp COLLEGE STUDENT ARRESTED Taiwan's Criminal Investigation Bureau (CIB) announced Friday that its computer crimes division had arrested a local college student for allegedly creating and spreading the island's first "trojan" program called BirdSPY. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.chinatimes.com.tw/english/esociety/90010501.htm NEW CONGRESS TO PUSH PRIVACY Though the 107th Congress is evenly split between the two major parties and has the potential to act as a house divided, legislators are confident that they will pass a series of tech bills including one protecting individuals' privacy online. A panel of senators and representatives speaking at the Consumer Electronics Show on Sunday discussed plans to rapidly introduce legislation concerning telemedicine, broadband regulation, the digital divide and encryption. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,40965,00.html CPS-2 ENCRYPTION SCHEME BROKEN Acheon writes at Slashdot: "The CPS-2 arcade board from Capcom uses some hard encryption scheme that has been a very hot issue in emulation for years. Yet finally the code was broken Final Burn, a quite recent arcade emulator, showed concrete results by running previously unsupported games such as Street Fighter Zero using decrypted ROM images. The CPS-2 Shock Team, who managed to reverse engineer the process for scratch, really outdone themselves and it is a very uncommon achievement." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://slashdot.org/articles/01/01/07/0246252.shtml A ROUNDTABLE ON BSD, SECURITY, AND QUALITY Contributing Editor Jack Woehr moderated a roundtable at the recent USENIX Security Symposium 2000. The participants, Theo deRaadt, Todd Miller, Angelos Keromytis, and Werner Losh, discussed several topics, including the evolving distinction between Linux and BSD and the notion that reliability and security are achieved through simplicity. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ddj.com/articles/2001/0165/0165a/0165a.htm BUILD A FLOPPY FIREWALL "Here's how I turned an unused PC into a packet-filtering firewall using a package called floppyfw. The firewall boots off a single floppy, runs completely in RAM, and uses ipchains for the filter rules. It also does IP masquerading, port forwarding, and can log to a remote host using syslog. All this in a machine with as little as 8 MB of RAM and no hard drive!" Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.samag.com/linux/articles/v10/i01/a10.shtml DISTRIBUTED REAL-TIME SECURITY MONITORING Programmers and software developers interested in security applications for component technology should keep tabs on work underway at Stanford Research Institute International (SRI). SRI has been tasked by the Defense Advanced Research Projects Agency (DARPA) to develop ways to use component technology to distribute real-time security monitoring throughout enterprise networks. According to Phillip Porras, program director of network security for SRI, the components emerging from DARPA's project, aptly named the Event Monitoring Enabling Responses to Anomalous Live Disturbances (EMERALD), are capable of providing anomaly and misuse detection for networks of all sizes. Link: http://www-106.ibm.com/developerworks/library/co-emrld.html?dwzone=components ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- WINROUTE PRO MAIL SERVER The problem is that the current version of the WinRoute mail server does not support any form of secure logon authentication. This means that user's Windows logon credentials are being sent to the mail server in plain text. Anyone placing a packet sniffer on the network could totally compromise domain and/or firewall security by capturing traffic destined to the mail server and extracting user logon names and passwords. The problem is even worse if the company is allowing roaming users to access their POP3 mailboxes from the Internet. Link: http://www.net-security.org/text/bugs/978458586,12029,.shtml MAC OS 9 VULNERABILITY Mac OS 9.04 comes with a 'Multiple Users' Control Panel that allows an administrator (called 'Owner') to create user accounts (called 'Normal' users) with limited access to the computer. The problem is that the Owner password can be removed by a Normal user by moving the 'Users & Groups Data File and logging back in using the Owner account, giving full access to the machine. Link: http://www.net-security.org/text/bugs/978491537,95827,.shtml WINDOWS MEDIA PLAYER 7 AND IE VULNERABILITY There is a security vulnerability in Windows Media Player 7 exploitable thru IE which allows reading local files which in turn allows executing arbitratrary programs. This may lead to taking full control over user's computer. Link: http://www.net-security.org/text/bugs/978491554,22622,.shtml WINROUTE PRO AND MEMORY PROTECTION I have discovered that the WinRoute installer disables memory write protection under Windows 2000. WinRoute refuses to run if memory write protection is enable. Memory write protection enabled is the default for Windows 2000. Link: http://www.net-security.org/text/bugs/978491829,39449,.shtml IBM WEBSPHERE COMMERCE SUITE VULNERABILITY IBM WCS is bussiness suite, after install it. A file named admin.config will be produced, The user name and password to access that suite connect database will be include in this file. and this file access right is -rwxr-xr-x, So local usercan access it, and run some aibitrary command to get root right. Link: http://www.net-security.org/text/bugs/978634842,97432,.shtml THE BAT! DIRECTORY TRAVERSAL VULNERABILITY The Bat! doesn't allow filename of attached file to contain '\' symbol, if name is specified as clear text. The problem is, that this check isn't performed then filename specified as RFC's 2047 'encoded-word'. Link: http://www.net-security.org/text/bugs/978700177,39196,.shtml CONECTIVA LINUX - SLOCATE UPDATE "slocate" is a program which catalogues existing files and allows for a quick lookup later. There is a vulnerability present in previous versions. By giving it a crafted database, an attacker could make slocate execute arbitrary code as the "slocate" user. Additionally, a bug which caused slocate to segfault with large pathnames was fixed. Link: http://www.net-security.org/text/bugs/978700190,91550,.shtml NEWS DESK 1.2 CGI VULNERBILITY Adding the string "/../" to an URL allows an attacker to view any file on the server, and also list directories within the server which the owner of the vulnerable httpd has permissions to access. Link: http://www.net-security.org/text/bugs/978700223,88942,.shtml FRONTPAGE PUBLISHING DOS Any current NT server running IIS with Frontpage server extensions (which are installed by default) is vulnerable a remote DoS (Denial of Service). The vulnerability stems from Frontpage improperly handling queries to Frontpage Authoring (author.dll) modules as well as shtml calls. It is possible for a remote attacker to send a malformed query to those modules which will cause Frontpage to crash which will then in turn bring down inetinfo.exe on Windows NT 4.0 systems. Link: http://www.net-security.org/text/bugs/978700238,93337,.shtml VULNERABILITY IN FASTGRAF WHOIS.CGI The whois.cgi script of Fastgraf has almost no metacharcterchecking which enables attackers to execute commands as uid of the webserver. Link: http://www.net-security.org/text/bugs/978806584,91924,.shtml LOTUS DOMINO 5.0.5 WEB SERVER VULNERABILITY Lotus Domino Web Server under Windows 2000 (have not tested other versions) allows reading files outside the web root. The problem are URLs like: http://TARGETDOMINO/.nsf/../winnt/win.ini which read c:\winnt\win.ini. Note that above URL does not work in IE - for some strange reasons IE strips .nsf/../ so try it from Netscape or direct HTTP request. Link: http://www.net-security.org/text/bugs/978806599,44296,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- WRAP-UP OF THE DATA SECURITY YEAR - [02.01.2001] F-Secure, a leader in centrally managed security solutions for the mobile, distributed enterprise, today summarised that the year 2000 was the year when computer safety became a household word. Viruses, worms, trojans and hacking and denial-of-service attacks, not to mention the Y2K scare, induced a state of dread to savvy and novice computer users alike and kept computer security companies on their toes. Unfortunately, the future looks no brighter, says Mikko Hypponen, Manager of Anti-Virus Research at F-Secure Corporation. The "bad guys" and their tricks are here to stay. Press release: < http://www.net-security.org/text/press/978406440,3287,.shtml > ---------------------------------------------------------------------------- CONFERENCE ON E-LAW AND RULES OF CYBERSPACE - [02.01.2001] Michigan Attorney General Jennifer Granholm will keynote Michigan's first ever conference on e-law and the emerging rules of cyberspace, Tuesday, February 6, 2001, at the Kellogg Center at Michigan State University in East Lansing. Granholm, one of the nation's leaders in cyber-law is aggressively enforcing cyber-law violations and is dramatically affecting how business is conducted on the web. Press release: < http://www.net-security.org/text/press/978406520,2839,.shtml > ---------------------------------------------------------------------------- NO CAUSE FOR ALARM - [02.01.2001] Despite recent publicity about computer security breaches, most chief information officers (CIOs) believe their enterprises are relatively safe from internal and external security violations. In a recent survey, 91 percent of CIOs polled said they are confident about the security of their corporate networks. Press release: < http://www.net-security.org/text/press/978406674,54729,.shtml > ---------------------------------------------------------------------------- PNC BANK SELECTS XCERT PKI TECHNOLOGY - [03.01.2001] Xcert, a leading provider of software products for securing business-to- business transactions and communications over the Internet, announced that PNC Bank, a member of the PNC Financial Services Group, has selected Xcert Sentry Public Key Infrastructure (PKI) and digital certificate technology to enable a secure Web interface for 25,000 employees. Press release: < http://www.net-security.org/text/press/978491939,13466,.shtml > ---------------------------------------------------------------------------- ZIXMAIL WINS PC MAG EDITORS' CHOICE AWARD - [03.01.2001] ZixIt Corporation, premier provider of products and services that bring privacy and security to Internet communications, today announced that its flagship product, ZixMail, has won PC Magazine's Editors' Choice award in the email security category. Press release: < http://www.net-security.org/text/press/978491978,24290,.shtml > ---------------------------------------------------------------------------- TOP TEN VIRUSES IN DECEMBER 2000 - [05.01.2001] This is the latest in a series of monthly charts counting down the ten most frequently occurring viruses as compiled by Sophos, a world leader in corporate anti-virus protection. Press release: < http://www.net-security.org/text/press/978699334,25908,.shtml > ---------------------------------------------------------------------------- NETWORK-1 ALLIANCE AGREEMENT WITH EDS - [05.01.2001] Network-1 Security Solutions, Inc., a leader in distributed intrusion prevention solutions for e-Business networks, announced an alliance agreement with EDS, the leading pure-play global services company that offers corporations and government clients a scalable, safe, secure extranet for their growing e-Business strategies. Press release: < http://www.net-security.org/text/press/978699510,3594,.shtml > ---------------------------------------------------------------------------- SECURIFY RECEIVES INVESTMENT FROM ISS - [05.01.2001] Securify, Inc., a leading provider of security services for interconnected businesses, publicly announced an investment from Internet Security Systems (ISS). The investment is part of Securify's $34 million Series "A" private equity financing which closed in October 2000. Other investors include Spectrum Equity Investors, Pequot Capital, GemVentures, the venture fund arm of the smart card solutions provider Gemplus, and Bayview Investors, an affiliate of Robertson Stephens. Press release: < http://www.net-security.org/text/press/978699611,90829,.shtml > ---------------------------------------------------------------------------- RSA KEON CERTIFICATE SERVER AND OPSEC - [05.01.2001] RSA Security Inc., the most trusted name in e-security, announced that RSA Keon Certificate Server 5.5 -- RSA Security's digital certificate management system designed to add trust to e-business applications -- has been certified by Check Point Software Technologies' Open Platform for Security (OPSEC) Alliance. OPSEC certification testifies that RSA Security's Keon Certificate Server is interoperable with Check Point's Secure Virtual Network (SVN) architecture and a wide number of other security components available today. Press release: < http://www.net-security.org/text/press/978699729,61387,.shtml > ---------------------------------------------------------------------------- BIG INTEREST IN MCAFEE.COM .NET SERVICES - [08.01.2001] McAfee.com a leading security Application Service Provider (ASP), announced that over 1,000 companies worldwide have registered to evaluate McAfee.com's .NET services for businesses. Launched in November during the Fall COMDEX show, McAfee.com's .NET Initiative provides corporations a managed application service delivering industrial-strength desktop security, helpdesk and productivity services over the Internet. As a result, McAfee.com became the first company to deliver a comprehensive set of IT-centric application services that allow businesses to effortlessly secure, support and enhance their desktop and mobile computing platforms. Press release: < http://www.net-security.org/text/press/978916365,87133,.shtml > ---------------------------------------------------------------------------- Featured article ----------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org ---------------------------------------------------------------------------- ACTIVISM, HACKTIVISM, AND CYBERTERRORISM: THE INTERNET AS A TOOL FOR INFLUENCING FOREIGN POLICY by Dorothy E. Denning The purpose of this paper is to explore how the Internet is altering the landscape of political discourse and advocacy, with particular emphasis on how it is used by those wishing to influence foreign policy. Emphasis is on actions taken by nonstate actors, including both individuals and organizations, but state actions are discussed where they reflect foreign policy decisions triggered by the Internet. The primary sources used in the analysis are news reports of incidents and events. These are augmented with interviews and survey data where available. Read more: < http://www.net-security.org/text/articles/tool.shtml > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- INTEGRATE LINUX SOLUTIONS INTO YOUR WINDOWS NETWORK In this day of ever-evolving technology, people are looking to migrate and integrate from what they have to something better, faster, and cheaper. These technological advances also make it easier for network administrators to integrate various Linux solutions that best fit their particular situation. For that reason, Integrate Linux Solutions into Your Windows Network offers many ways to use Linux technology to increase the reliability and cost-effectiveness of a network. Inside you will find what you need to know to upgrade gradually so that the process is invisible to the end user. Administrators at all levels will find this book focuses on the issues that face them and is full of sound solutions to make Linux operational in their networks. Book: < http://www.amazon.com/exec/obidos/ASIN/0761527915/netsecurity > ---------------------------------------------------------------------------- LINUX FOR WINDOWS NT/2000 ADMINISTRATORS: THE SECRET DECODER RING In large part, this book comes across as Linux for the Reader Who Has a Clue. Minasi enumerates the tasks that system administrators typically have to carry out. Examples of these include installing software and manipulating the privileges of users and groups. He explains how to do those jobs in various Linux environments, and addresses himself to Windows experts who'll need a bit of background, but don't require babying. Minasi doesn't explain why you'd want to install applications, but rather explicitly the mechanics of installing RPM packages and tarballed source code. He states flatly that most people will be happy with a precompiled kernel - that's what works for Windows, after all - but shows how to build your own, anyway. Topics covered: Linux 2.2, explained in terms that Windows adepts can understand easily. Staying rather distribution-neutral, the book explains how to install Linux, use it in single-user workstation mode, and configure it as a network operating system. System administration tasks-- software maintenance, user management, network troubleshooting, and so on - get top billing, although an ongoing comparison of Linux and the Wintel platform is important, too. Book: < http://www.amazon.com/exec/obidos/ASIN/0782127304/netsecurity > ---------------------------------------------------------------------------- LINUX SYSTEM ADMINISTRATION BLACK BOOK Linux Administration Black Book provides immediate solutions to the most common Linux installation and configuration tasks. The book presents strong coverage of kernel configuration, networking, system security, Internet services, LAN services, file systems, and much more. It also explains the complexities of upgrading an existing Linux installation and rebuilding from source. This book covers use of the most common major Linux servers and utilities, including Apache, Sendmail, majordomo, DHCP, Samba, ISC BIND, and Coda. Book: < http://www.amazon.com/exec/obidos/ASIN/1576104192/netsecurity > ---------------------------------------------------------------------------- MANAGING CISCO NETWORK SECURITY Don't wait until it's too late to find out you have security holes in your Cisco network. As security threats to enterprise networks continue to mount, it is critical that network managers know how to properly deploy and configure the Cisco Secure family of products. This book describes in detail how to detect network security incidents, measure vulnerability and policy compliance, and manage security policy across an extended organization. Readers will find coverage of the following security products which make up the Cisco Secure line: Cisco Secure PIX Firewall, Cisco Secure Access Control Server, Cisco Secure Integrated Software, Cisco Secure Scanner, Cisco Secure Integrated VPN Software. Book: < http://www.amazon.com/exec/obidos/ASIN/1928994172/netsecurity > ---------------------------------------------------------------------------- THE CONCISE GUIDE TO XFREE86 FOR LINUX The Concise Guide to Xfree86 for Linux is the first book on the market that gives you the expert-level information you need to understand, configure and administer Xfree86 (also referred to as "X"). X provides the infrastructure for graphical environments like KDE and Gnome. This book addresses the high- level information need that has arisen as support personnel are required to troubleshoot and support all facets of Linux. Topics covered: All aspects of XFree86 for Linux, including elementary installation and configuration but with emphasis on advanced capabilities and little-known features. Special attention goes to hardware configuration (keyboard, mouse, and video display), the X way of thinking about fonts and colors, and the relationships between XFree86 and various software that runs on top of it. Book: < http://www.amazon.com/exec/obidos/ASIN/0789721821/netsecurity > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- TROJAN SECURITY 1.5 Trojan Security monitors 12 different ports where Trojans are known to be installed. When an intruder attempts to connect to the port, Trojan Security alerts you and relays information about the attack and the attacker. It also disconnects the intruder. Info/Download: < http://net-security.org/various/software/978188506,40891,.shtml > ---------------------------------------------------------------------------- POWER CRYPTO 1.3 From the developer: "Use Power Crypto to secure sensitive files and text messages. It's fast and easily mastered, and it handles even very large text files with grace and ease. Power Crypto provides two basic options -- you can browse for one or more files to encrypt, or paste in a text message. In the first instance, you'll need to select a destination for the encrypted file (you can also choose to overwrite the original), while in the second, you can simply copy and paste the encrypted message as needed, for example into emails. Power Crypto uses keys up to over 130.000 in bit length and gives you a great deal of control over the particulars. A key generator supplies you with superior suggestions for long and complicated keys, which are referenced to by easy-to-remember nicknames. Much is done to optimize the security levels, and you are also encouraged by the "help" to think about what are needed to maintain a high level of security." Info/Download: < http://net-security.org/various/software/978188614,38610,.shtml > ---------------------------------------------------------------------------- DELETING COOKIES 1.00 From the developer: "This program will find all cookies from your hard drive and give you option to delete all with onw click or you can select the cookies you want to delete. It can delete all temporary internet files It will work on Windows 95/98/NT and Windows 2000 in Windows 2000 it will not give you all options. But it works just fine." Info/Download: < http://net-security.org/various/software/978188687,91379,.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [01.01.2001] - Ministerio de Agricultura y Ganadería del Ecuador Original: http://www.mag.gov.ec/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.mag.gov.ec/ [01.01.2001] - JVC (UK) Ltd Original: http://www.jvc.co.uk/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.jvc.co.uk/ [01.01.2001] - Committee of Safety for the USA Original: http://www.committee.org/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.committee.org/ [01.01.2001] - University of Technology, Sydney Original: http://groundwater.ncgm.uts.edu.au/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/groundwater.ncgm.uts.edu.au/ [01.01.2001] - Sony Electronicos de Mexico Original: http://www.sonystyle.com.mx/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.sonystyle.com.mx/ [01.01.2001] - EgyptAir Original: http://www.egyptair.com.eg/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/01/www.egyptair.com.eg/ [02.01.2001] - Indra Gandhi Centre for Atomic Research Original: http://igcar.ernet.in/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/02/igcar.ernet.in/ [03.01.2001] - Pepsi Cola UK Original: http://www.pepsi.co.uk/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/03/www.pepsi.co.uk/ [03.01.2001] - SFOR Original: http://www.sfor.org/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/03/www.sfor.org/ [04.01.2001] - Game News Network - Switzerland Original: http://www.gnn.ch/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.gnn.ch/ [04.01.2001] - Faculty od Economics Skopje, Macedonia Original: http://www.eccf.ukim.edu.mk/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.eccf.ukim.edu.mk/ [04.01.2001] - Belgium State Archives Original: http://www.arch.be/ Defaced: http://www.attrition.org/mirror/attrition/2001/01/04/www.arch.be/ ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org