HNS Newsletter Issue 52 - 26.02.2001 http://net-security.org http://security-db.com This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured books 5) Security software 6) Defaced archives General security news --------------------- ---------------------------------------------------------------------------- THE TERRORISM ACT 2000 The Terrorism Act 2000 is designed to prevent dissident political groups from using the United Kingdom as a base for terrorism and recognises a new threat from cyberterrorists for the first time. But the Act also significantly widens the definition of terrorism to include those actions that "seriously interfere with or seriously disrupt an electronic system". Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/7/ns-21060.html BIOMETRICS: THE TIGHTROPE At first look, biometrics is a mighty fortress. Or, does that initial impression overlook some subtle problems with the technology? If the prime directive of all security practice dictates that no security system is perfect, then biometrics definitely has shortcomings. To understand those problems, explaining two concepts becomes essential. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/biometrics20010220.html THE SM0KED CREW FAQ "With all the recent media attention that the "sm0ked crew", an online group of web defacers, has been getting it was time to ask a couple of important questions. We've never done an interview of defacers before, but my curiousity gets the best of me quite often." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cipherwar.com/news/01/sm0ked_crew.htm EASY INTERNET SHARING NHF: VERSION 1.0 "This is a tutorial on sharing your Internet connection by configuring a Linux machine as your gateway/firewall. I've made this tutorial as easy as possible so that the average newbie can have a running and secure mini-home network. I'm sure you've probably been told that setting up firewall rules and IP masquerading can be difficult. Not so, as you will find out. In fact, we won't even be learning a single firewall rule." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://linuxnewbie.org/nhf/intel/network/eznetshare.html PGP CREATOR ZIMMERMAN JOINS HUSH One of the founding fathers of modern cryptography, Phil Zimmermann - who created PGP and thus introduced a generation of computer users to email encryption - has left the security firm Network Associates to join Irish-based encryption startup Hushmail. Zimmermann was at the forefront of the battle to give ordinary Internet users access to email encryption in the 1990s. When he released the first version of PGP in 1991, Zimmermann faced a three-year FBI investigation. Encryption was still viewed as a threat to the US government's intelligence operations and classified military munitions. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/7/ns-21079.html THE STATE OF MUSIC SECURITY Recently, the digital rights management crowd got a sharp lesson from the entertainment industry. No more proprietary systems and hard-to-use digital rights management systems that consumers can't understand. Instead, they want clearinghouses where their content can be safely stored and streamed to end users who don't have to decipher which media player will work. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/business/0,1367,41874,00.html THEY REVEAL HIDDEN MESSAGES U.S. government agencies, including the NSA and the Pentagon, are quietly funding research into steganalysis: the study of detecting hidden messages inserted into MP3 or JPEG files. What have they found? Current steganography programs don't work that well at all. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,41861,00.html CONFIGURING A QUICK-AND-DIRTY ROUTER AND PROXY Setting up an unsecured router and proxy using IP Masquerading; plus, contrary to popular belief, Linux can play nice with PCI modems. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://linuxworld.com/linuxworld/lw-2001-02/lw-02-geek_2.html ZIXMAIL SECURE DOCUMENT DELIVERY ZixMail is a secure document delivery, private email and message tracking service that enables you to easily send encrypted and digitally signed communications to any email address in the world. This means that only your intended email recipients will be able to open messages that you have sent. Link: http://www.security-db.com/product.php?id=324&cid=65 NSA CHIEF SAYS BIN LADEN HAS SUPERIOR TECHNOLOGY Islamic terrorist Osama bin Laden has superior technology at his disposal than the National Security Agency, the head of the super-secretive spy agency has told an American documentary programme. Superior technological capabilities helped bin Laden to mastermind the simultaneous 1998 bombings of US embassies in Kenya and Tanzania that killed 224 people, said General Mike Hayden, head of the NSA, during an interview to be broadcast tonight on CBS' 60 Minutes II news show. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17072.html PANIC OVER VULNERABILITIES The recent discovery of vulnerabilities in BIND quickly escalated from a reasonable security concern to widespread panic. In this week's Unix Security, Dev Zaborav looks at the increasing sensationalism that surrounds Internet security and worries that too many cries of emergency will leave administrators distrustful when critical situations actually arise. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sunworld.com/unixinsideronline/swol-02-2001/swol-0216-unixsecurity-dv.html NET ANONYMITY FIRMS SEEK THEIR MARKET As an Internet user and online shopper, you may have more in common with your friendly neighborhood spook at the CIA than you think - both you and the agents who look out for your national security are concerned about remaining anonymous online. Unlike the CIA, you probably won't have to pay for it in the next few years - as long as the companies offering these tools can stay in business... Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/02/20/news15.html IS YOUR WEB SERVER RUNNING UNNECESSARY SOFTWARE? This article quickly shares some ideas on how beginning webserver administrators can improve server efficiency, ease management and, hopefully, improve security as well. It gives a few examples of processes that don't need to be running, required programs and some ideas for BSD and System V-type systems for disabling startup scripts. This article doesn't go into great detail, but will give the newbie administrator some basic ideas. Link: http://apachetoday.com/news_story.php3?ltsn=2001-02-20-003-06-PS-LF-AD FBI AGENT SOLD SURVEILLANCE/NUKE DATA TO RUSSIA FBI Special Agent Robert Philip Hanssen, aged 56, was placing a packet of classified information at a dead drop site near his residence in suburban Virginia Sunday night when the Feds collared him, much to his surprise. Hanssen gave his Russian handlers over 6,000 pages of secret and top secret documents, according to a detailed, 103-page FBI affidavit in support of a request for search and arrest warrants. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17078.html VENDOR KEY MANAGEMENT Times sure do change. I remember when Linux was new, a "hacker's" OS. We had to walk 10 miles, uphill, to get install floppies for it. (Actually I was lucky, I only had to copy them my friend downloaded the Slackware images over a 9600 modem.) Back then security wasn't much of an issue for most Linux users. We used telnet, and we liked it. Software updates either consisted of downloading the source and compiling it, or using extremely simple package management such as Slackware provides (although calling tarballs package management does seem kind). GnuPG didn't exist, and PGP was still only used by a minority (an even smaller minority than today, if you can believe that). Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010221.html BIOMETRIC SECURITY FOR E-BUSINESS Computer Associates International and DataTreasury Corp. said they have formed an alliance to provide biometric security – which uses identifying traits like fingerprints, iris scans and voice patterns – to protect e-business transactions. The two companies said they hope to market the system to businesses that manage information worldwide, including healthcare organizations that hold sensitive data about patients. Computer Associates describes itself as an e-business management company, while DataTreasury said it is a data broker that operates a biometrics information clearinghouse. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/162257.html EARTHLINK SLOW TO ADMIT ATTACK Crackers broke into Internet service provider Earthlink's network last week, but the company kept it quiet because it claims customer data was not compromised. A company spokesman said that it did not alert subscribers because the main security system remained intact, but a Wired News tipster said the crackers created a potentially dangerous backdoor to the system. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/business/0,1367,41934,00.html SECURING YOUR SOLARIS SERVER Systems administrators are often too busy with their day-to-day work to concern themselves with system security. That means servers may end up without the latest security patches or fixes, offering easy ways for attackers to gain entry into their systems. In this Unix Insider feature, Jamie Wilson helps you secure your Solaris server by demonstrating how to disable inetd, secure su, find and secure setuid and setgid files, and install and configure ipfilter. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sunworld.com/unixinsideronline/swol-02-2001/swol-0216-hardening.html STUDYING FTP TRAFFIC This is the second article in a three-part series devoted to studying normal traffic. Many intrusion detection analysts concentrate on identifying the characteristics of suspicious packets. However, it is also important to be familiar with what normal traffic looks like. A great way to do this is to generate some normal traffic, capture the packets and examine them. The first article in this series explained how to capture packets using WinDump and reviewed some simple examples of normal TCP/IP traffic. In this article, we will be examining FTP traffic, which, from a traffic flow standpoint, is more complicated than many other protocols. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/normaltraf2.html PRACTICE SAFE INTERNET SHOPPING If there is one thing to blame for the slow adoption of Internet commerce, it's the age-old credit card. Many consumers are simply afraid to use it online. And they have reason. A report released Monday by the European Commission revealed that credit card fraud ballooned last year by approximately 50 percent in Europe amid an increase in Internet commerce transactions. The study follows repeated news reports of attacked credit card databases and failed security at a number of high-profile Internet sites. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.upside.com/Ebiz/3a9454365.html NET FILTERING LAW DRAWS FINAL COMMENTS Regulators accepted final public comments on a new law requiring libraries and schools that accept federal funds to install computer filters aimed at blocking access to adult material online. Librarians and educators criticized the law, saying it may be impossible to enforce. But conservative groups praised the plan, saying it will save children from finding pornography on the Internet. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2689132,00.html ELIMINATING IP ADDRESS FORGERY "It seems that eliminating IP address forgery is now all the rage because it is now affecting enough people who are important enough to get the whole Internet to take action. And it is indeed gratifying to see this - despite the frustration I suffer over the lack of citation to my original paper on the subject and my firewalls course that has covered this subject in detail for the last five years." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.all.net/journal/netsec/0005.html NETMAX FIREWALL WORTH THE FICKLE INSTALLATION NetMAX FireWall from Cybernet Systems is a smooth-running, easily configurable firewall, if you can get past its annoying setup and installation. I'd like to mention some useful-looking features that I was unable to test. NetMAX FireWall includes a traffic monitor that logs and graphically displays all traffic over the network. That kind of monitoring could be very useful -- not only for ISPs, but in almost any corporate setting. If the quarterly report is due in an hour, but bandwidth seems a little slow, pop up the bandwidth report and find out that Johnny is on Napster again. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxworld.com/linuxworld/lw-2001-02/lw-02-netmax.html DECSS UPDATE In a filing submitted to the 2nd U.S. Circuit Court of Appeals in New York, the Justice Department lashed out at hackers and praised a lower court ruling that bans hacker magazine 2600 from publishing a code known as DeCSS. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2689144,00.html ENGINEER PLEADS SELF DEFENCE IN HACKING CASE The Criminal Investigation Bureau referred to prosecutors a computer engineer who allegedly hacked into a computer server in what he called "self-defense." The Hsinchu computer engineer, surnamed Fan (S), said he thought that the other side attacked his computer first, while the truth was that the other side was an innocent party which had been attacked by a Trojan horse. A man last year reported to the police that a Web site which teaches magic and is run by him, had been hacked. He said some Web pages had been altered and some registered users' access to the Web site blocked. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.taipeitimes.com/news/2001/02/21/story/0000074560 TIME TO UN-BIND YOUR NETWORK! This post by D. J. Bernstein, author of djbdns, a "secure" DNS server, wrote this message prompted by the recent problems experienced with BIND 9 and its "300000 lines of bad code." "BIND 9 is good code, you say? The BIND programmers learned their lesson from these security disasters and rewrote everything from scratch?" Professor Bernstein's opinion differs... Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/articles/server_security_article-2566.html WEF HACKER ARRESTED Swiss police arrested a man today on suspicion of hacking into the computer systems of the World Economic Forum and stealing private information about participants. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://abcnews.go.com/sections/scitech/DailyNews/hacker010223.html STORY OF MICROSOFT 'HACK' A top Microsoft executive revealed how a hacker was able to view some of the company's top-secret source code last October. The attacker gained broad access because an employee forgot to create a password when configuring a server, leaving the password blank. Link: http://seattletimes.nwsource.com/cgi-bin/WebObjects/SeattleTimes.woa/wa/gotoArticle?zsection_id=268448455&text_only=0&slug=hack23&document_id=134269414 FIGHTING CHILD PORN Tony Blair and George Bush are to lead a global crusade against the internet perverts who peddle child porn. The Prime Minister and the President sealed the deal during late night talks at Camp David at the end of their two-day summit. Mr Blair's government will immediately reinforce the deal with new tough laws on Internet paedophiles, to be announced in the House of Commons on Monday. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsoftheworld.co.uk/news/4165837 INSURANCE AGAINST CYBER ATTACKS An internet user or ISP in India, so far, has no option if threatened by an attacker except to lodge a police complaint and change the profile of the internet service. Soon, Net users and ISPs can have insurance cover against cyber attacks. For the first time in India, insurance is being offered against all kinds of cyber crime, including loss of airtime, to the extent of $25 million. The insurance package, which was introduced in the US, UK and Japan last year, will be brought to India by Tata-AIG, a joint venture by the Tatas and American Insurance Group Incorporate. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.indian-express.com/ie/daily/20010226/ina26039.html SURFINGATE AGAINST MALICIOUS WEB CONTENT SurfinGate provides proactive gateway security for malicious Web content including ActiveX, Java, Visual Basic Script and JavaScript. Using a sophisticated real-time content-inspection process, SurfinGate identifies and blocks malicious code without relying on database updates. Centrally managed, SurfinGate allows companies to tailor policies for departments and users and enables secure e-business. Link: http://www.security-db.com/product.php?id=606&cid=132 IDS REVIEW: INTRODUCTION IDSes as we know them today are a relatively new phenomenon in the computer security field, but they have been improving rapidly and quickly becoming more complex, making them difficult for non-specialists in security to understand, and similarly difficult to judge when you are entertaining the thought of purchasing one. This article is intended to help you understand what these boxes are and give you some hopefully :-) informed opinions about the leading products on the market and what applications make sense for each. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/idsintroduction20010226.html ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- RED HAT LINUX - NEW VIXIE-CRON PACKAGES New vixie-cron packages are available that fix a buffer overflow in the 'crontab' command; this could allow certain users to gain elevated privileges. Link: http://www.net-security.org/text/bugs/982685081,35659,.shtml IMMUNIX OS - VIXIE-CRON UPDATE Immunix has tested the versions of the vixie-cron packages that are shipped with Immunix OS 6.2, 7.0-beta, and 7.0 and they are not vulnerable to the buffer overflow (due to the use of the StackGuard compiler). However, we are making updated packages available for those users who want to upgrade. Link: http://www.net-security.org/text/bugs/982754741,49344,.shtml SECURITY FLAW IN TELOCITY'S "GATEWAY MODEM" Telocity provides DSL to their customers through what they call the Telocity "Gateway Modem". In the modems, you can connect to them through your web browser to view usage statistics, your assigned IP, the DHCP server IP (Modems IP), Management's IP (Modem's IP, different than the previous), DNS IP, and the hardware software version information. In the older model modem, it is possible to remotely view the "Details" section of the modem, thus reveling all the above mentioned information to a possible intruder. Telocity has numbered their gateways in sequential order, so it would be possible to write a script that would search for http://123.123.123.1/stats in a range of addresses. Link: http://www.net-security.org/text/bugs/982781361,33018,.shtml LINUX MANDRAKE - VIXIE-CRON UPDATE A buffer overflow exists in the 'crontab' command if it was called by a user with a username longer than 20 characters. If the system administrator has created usernames of that length, it would be possible for those users to gain elevated privileges. Link: http://www.net-security.org/text/bugs/982858260,74013,.shtml NT DRIVERS AND FORMAT STRING BUG Many NT drivers are potentially vulnerable to "format string bug". The problem is concerned with DbgPrint function that is used for debug messages. Some drivers instead of directly call of this function use additional intermediate functions. Those functions add a prefix to an outputted string, resolve a string format and pass the final string to DbgPrint. Note the DbgPrint also additionally resolves format specifications. Link: http://www.net-security.org/text/bugs/982858351,64712,.shtml WIN2K DIRECTORY SERVICES WEAKNESS "We came across one security issue; which may be critical for large organizations planning to deploy Windows 2000 and Active Directory in one forest. Imagine that there is a forest with more than one domain. (Tree hierarchy does not matter in this situation.) Every domain has its own set of administrators. In Active directory there is one Configuration Container for the whole forest. So every domain controller has its own copy of Configuration Container and is able to change it and replicate changes to other domain controllers. The only obstruction for changing configuration are ACLs. But ACLs are checked on local system and if you somehow modify it to avoid this checking, you can modify this Container." Link: http://www.net-security.org/text/bugs/982858422,97626,.shtml TURBOLINUX - BIND UPDATE Two vulnerabilities have been discovered in ISC BIND 8. Please update the packages in your installation as soon as possible. Link: http://www.net-security.org/text/bugs/982910525,58182,.shtml LINUX MANDRAKE - CUPS UPDATE A number of problems were found by the SuSE security team recently during an internal audit of the CUPS printing package. These problems have been resolved with the latest CUPS release which include temp file creation vulnerabilities, potential buffer overflows, and other security enhancements. It is highly recommended that all Linux-Mandrake users upgrade to this new version of CUPS. Link: http://www.net-security.org/text/bugs/982910560,1837,.shtml SEDUM V2.1 HTTPD - DENIAL OF SERVICE SEDUM v2.1 is vulnerable to a nasty Denial of Service attack where it can be flooded with useless junk until the server crashes promptly. Once it has been crashed it needs to be restarted again for it to work properly. All windows versions apear to be affected. Link: http://www.net-security.org/text/bugs/983031499,96065,.shtml MERCUR MAILSERVER 3.3 BUFFER OVERFLOW By default SMTP server is installed to be run from LocalSystem account. This makes it easy to make any action on the target system if an attacker could gain control over the code execution flow of the product. Link: http://www.net-security.org/text/bugs/983031584,54993,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- ITALIAN PETROLEUM GIANT CHOSES SECURE COMPUTING - [21.02.2001] Secure Computing announced that its SafeWord Plus authentication and authorization solution will be used by the Italian petroleum company, AgipPetroli Spa, to add strong security to all of its present and future intranet applications. AgipPetroli, an ENI Group company, operates in the oil, natural gas, petrochemicals, oilfield services and engineering industries, and is one of the largest natural gas companies in the world with operations in many countries. Press release: < http://www.net-security.org/text/press/982725334,11543,.shtml > ---------------------------------------------------------------------------- BALTIMORE TECHNOLOGIES CHOSEN BY EORIGINAL - [21.02.2001] Baltimore Technologies, a global leader in e-security, announced it has been chosen by eOriginal, the leading provider of Electronic Negotiable Instrument Software Solutions, to be included in the development of a trusted security infrastructure for the real estate financing, equipment and vehicle leasing, and the trade and transportation industries. Baltimore's award winning technology will enable eOriginal to deliver a secure and trusted environment for eOriginal's business partners to execute critical transactions, and trade or transfer legally enforceable electronic negotiable instruments and securities such as electronic mortgages, leases, bills of lading, letters of credit, regulatory filings and stock certificates. Press release: < http://www.net-security.org/text/press/982755394,25511,.shtml > ---------------------------------------------------------------------------- ZERO-KNOWLEDGE SYSTEMS INTRODUCES PRIVACY EYE - [21.02.2001] Study after study indicates that consumers value their privacy, but they are often unaware of personal privacy intrusions and unsure of how to protect themselves. To empower individuals with valuable privacy information, Zero-Knowledge Systems today introduced Privacy Eye, a digital source of privacy news and commentary edited by author, journalist and privacy expert Tom Maddox. Whether they are average citizens with questions and concerns or informed privacy advocates, readers of Privacy Eye will find valuable privacy resources from the Web site (http://privacy.zeroknowledge.com/privacyeye/), including: * Expert commentary on privacy issues from Editor-in-Chief Tom Maddox * The most recent privacy headlines * Information about how consumers can protect their privacy online Press release: < http://www.net-security.org/text/press/982848200,50350,.shtml > ---------------------------------------------------------------------------- CISCO TEAMS UP WITH VIGILANTE - [22.02.2001] The E-Business Security Forum 2001 is organized by Cisco and associated companies involved in the European data security market (VIGILANTe, RSA, MIMEsweeper, Arthur Andersen, Websence, Netforensics, Tripwire). The goal of the roadshow is to bring together speakers from a variety of technology, consulting and related backgrounds to provide customers with a clear set of perspectives on how to secure their data networks in the E-Business world. The roadshow is FREE for all attendees and will be visiting a total of 12 European cities over the course of 3 weeks during Feb-Mar 2001. Be one of the expected 2,500 people to experience this exciting and informative event! Press release: < http://www.net-security.org/text/press/982851597,49360,.shtml > ---------------------------------------------------------------------------- ODYSSEY - DEPLOYING CA'S UNICENTER TNG - [22.02.2001] Computer Associates International, Inc. announced that Odyssey Technology, Inc. (Odyssey), an innovative developer of IT-focused business solutions for the retail industry, is deploying CA's Unicenter TNG to manage a revolutionary turnkey Web-based marketing solution. By providing a fully integrated solution for controlling Odyssey's highly dynamic eBusiness infrastructure, Unicenter TNG will ensure a highly available and secure environment in which consumers, retailers, manufacturers and national brands can conveniently exchange information and efficiently conduct transactions. Press release: < http://www.net-security.org/text/press/982852099,26710,.shtml > ---------------------------------------------------------------------------- SAFENET - SECURE 3 REMOTE ACCESS PROGRAM - [22.02.2001] SafeNet, Inc., a leading provider of Internet security technology that is the de facto standard in the VPN industry, today announced the introduction of the SafeNet Secure 3 Program. Through this program, preferred customers can be assured that they have continued access to SafeNet's industry-leading remote access client software. Program participants will get SafeNet's new product, SoftRemote, which includes several important new features like support of industry-standard Smart Cards, full-featured personal firewall capabilities, centralized management, and enhanced interoperability. In addition, preferred customers will have the ability to input into the future direction of SoftRemote. Press release: < http://www.net-security.org/text/press/982875227,80539,.shtml > ---------------------------------------------------------------------------- TUMBLEWEED GRANTED PATENT FOR PRIVATE URLS - [23.02.2001] Tumbleweed Communications Corp., a leading provider of mission critical messaging solutions, today announced that the U.S. Patent and Trademark Office granted the company patent no. 6,192,407, which protects private, trackable URLs for directed document delivery. The private URL technology is included in Tumbleweed Integrated Messaging ExchangeTM (IMETM), a platform and set of applications for creating secure communications channels between a business and its customers, partners, and suppliers. Tumbleweed IME generates a private URL for each secure delivery. The private URL that IME creates is unique, tied to the sender of the package or transaction, to the content being sent, and to the intended recipient. In practice, the private URL binds the recipient's e-mail identity to the content being sent, assuring that the information being sent is delivered only to the intended recipient. The private URL also binds a recipient's e-mail identity to an on-line transaction, facilitating authentication for both business-to-consumer and business-to-business online commerce. Press release: < http://www.net-security.org/text/press/982910862,83436,.shtml > ---------------------------------------------------------------------------- CAMELOT'S NETWORK INTELLIGENCE TECHNOLOGY - [24.02.2001] Camelot today announced the launch of Hark! automated access control solution into the marketplace. Based on groundbreaking Network Intelligence technology, Hark! solves the problem of defining, managing and enforcing access control in today's interconnected e-business world. Developed by Israel-based Camelot, the Network Intelligence technology utilizes proprietary, advanced discovery algorithms to analyze network events and deduct the functional structure of an organization, extracting and mapping the relationship between users and various network resources. Press release: < http://www.net-security.org/text/press/983031879,1997,.shtml > ---------------------------------------------------------------------------- Featured books ---------------- The HNS bookstore is located at: http://net-security.org/various/bookstore Suggestions for books to be included into our bookstore can be sent to staff@net-security.org ---------------------------------------------------------------------------- INFORMATION SECURITY RISK ANALYSIS Risk is a cost of doing business. The question is, "What are the risks, and what are their costs?" Knowing the vulnerabilities and threats that face your organization's information and systems is the first essential step in risk management. This book shows you how to use cost-effective risk analysis techniques to identify and quantify the threats - both accidental and purposefu - that your organization faces. You can find books that cover risk analysis for financial, environmental, and even software projects, but you will find none that apply risk analysis to information technology and business continuity planning or deal with issues of loss of systems configuration, passwords, information loss, system integrity, CPU cycles, bandwidth, and more. Information Security Risk Analysis shows you how to determine cost effective solutions for your organization's information technology. Book: < http://www.amazon.com/exec/obidos/ASIN/0849308801/netsecurity > ---------------------------------------------------------------------------- SECURITY ENGINEERING: A GUIDE TO BUILDING DEPENDABLE DISTRIBUTED SYSTEMS The first quick reference guide to the do's and don'ts of creating high quality security software. Ross Anderson, one of the world's foremost authorities on security design for such companies as Microsoft, Intel, and VISA, presents a comprehensive security design tutorial that covers the complete suite of security applications referred to as "end2end" security. Designed to meet a growing, critical need among today's programmers, most of whom have no security training but need to build better "mousetraps", this book illustrates basic concepts of security engineering through real-world examples, including system design successes and failures. It provides security designs tips, tricks, and, sometimes, even secrets from military and medical records to Internet intrusion detection and burglar alarms. The author explains how to use a wide range of security tools, including cryptography, DES, AES, Skipjack, Unix passwords, hash functions, stream ciphers, and public keys to build secure, crime-fighting, virus-proof security systems for industry. Book: < http://www.amazon.com/exec/obidos/ASIN/0471389226/netsecurity > ---------------------------------------------------------------------------- CRYPTOGRAPHY AND E-COMMERCE: A WILEY TECH BRIEF Cryptography basics for non-technical managers working with e-business products and services. With more and more companies vying for e-commerce market share, the competitive edge belongs to those who can offer the best and most secure services over the Internet. This book offers a handy, quick reference guide to cryptography--the enabling technology for secure Internet based transactions. The author takes the mystery out of the math, injects humor, and provides clear, easy-to-understand explanations and case studies. Graff responds to the growing need among managerial and sales and marketing staff for a brief, non-technical version of Bruce Schneier's Applied Cryptography. The author draws on a successful presentations given at Cylink, Amdahl, Wells Fargo, KPMG Peat Marwick, Deliotte & Touche, and NetReliance.Topics covered include keys & management, Kerberos, Window 2000 security, PKI, cryptography protocols, certificates, digital signatures, and government policy. Book: < http://www.amazon.com/exec/obidos/ASIN/0471405744/netsecurity > ---------------------------------------------------------------------------- THE INTERNET SECURITY GUIDEBOOK: FROM PLANNING TO DEPLOYMENT This book provides a complete analysis of an enterprise's Internet security. Strategies, steps, and procedures for conducting business securely on the Internet are discussed and reviewed. Very few organizations take the needed precautions to protect their Internet enterprise. Protection is not simply a firewall or technology; it is a strategy that encompasses risk, trust, business goals, security processes, and technology. The holistic approach offered in this book evaluates security needs in relation to business goals and the current attacks on the global Internet. The goal of The Internet Security Guidebook is to protect the business-computing environment by keeping our online enterprises functioning correctly and securely. Unlike other books available, this book contains a complete guide to Internet security that is accessible to both novices and computer professionals. The specific steps discussed and illustrated show the reader how to implement security from the individual process to the complete corporate enterprise. The reader will also learn about resources that can help such as the CERT, the FBI, and even their own software vendors. Book: < http://www.amazon.com/exec/obidos/ASIN/0122374711/netsecurity > ---------------------------------------------------------------------------- INFORMATION HIDING: STEGANOGRAPHY AND WATERMARKING - ATTACKS AND COUNTERMEASURES (ADVANCES IN INFORMATION SECURITY, VOLUME 1) This book deals with information hiding. With the proliferation of multimedia on the Internet, information hiding addresses two areas of concern: privacy of information from surveillance (steganography) and protection of intellectual property (digital watermarking). Steganography (literally, covered writing) explores methods to hide the existence of hidden messages. These methods include invisible ink, microdot, digital signature, covert channel, and spread spectrum communication. Digital watermarks represent a commercial application of steganography. Watermarks can be used to track the copyright and ownership of electronic media. In this volume, the authors focus on techniques for hiding information in digital media. They analyze the hiding techniques to uncover their limitations. These limitations are employed to devise attacks against hidden information. The goal of these attacks is to expose the existence of a secret message or render a digital watermark unusable. In assessing these attacks, countermeasures are developed to assist in protecting digital watermarking systems. Book: < http://www.amazon.com/exec/obidos/ASIN/0792372042/netsecurity > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- AVX FOR ICQ AVX for ICQ is a FREE utility which uses new technology to intercept; filter, and virus scan all files sent during an ICQ chat session. The new proprietary technology incorporates features found on enterprise-class corporate firewalls. AVX for ICQ uses the same powerful virus protection scan engine incorporated into the AntiVirus eXpert Professional (AVX), a full-featured virus protection application for desktops. Info/Download: < http://www.net-security.org/various/software/983140894,72643,windows.shtml > ---------------------------------------------------------------------------- SAFEMAIL V.2.1 SafeMail allows you to communicate and exchange information securely with other people. Based on well known standards, SafeMail will allow you to easily "digitally sign" all messages and files. SafeMail protects your data against any prying eyes while your messages travel trough the Internet. In addition, SafeMail automatically compresses messages and files thus saving valuable transmission time. Info/Download: < http://www.net-security.org/various/software/982874633,89644,mac.shtml > ---------------------------------------------------------------------------- OPENSSH 2.5.1P1 This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. Changes: Added support for RSA pubkeys, Agent forwarding, remote forwarding, and SFTP. Also includes many bug fixes. Info/Download: < http://www.net-security.org/various/software/983140424,48189,linux.shtml > ---------------------------------------------------------------------------- PASSVAULT 3.1 PassVault is a database that will enable you to keep your all your Passwords, Account Numbers, PIN Numbers, Locker Combinations, Credit Card Numbers and more in a consolidated place. Info/Download: < http://www.net-security.org/various/software/983140266,5770,windows.shtml > ---------------------------------------------------------------------------- NMAP 2.54 BETA 19 Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Info/Download: < http://www.net-security.org/various/software/983140545,60712,linux.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [20.02.2001] - Iraki Satellite Television Original: http://www.irakitv.com/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/20/www.irakitv.com/ [20.02.2001] - Kolinska Original: http://www.kolinska.si/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/20/www.kolinska.si/ [20.02.2001] - Pension Fund of America Original: http://www.pensionfundofamerica.com/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/20/www.pensionfundofamerica.com/ [20.02.2001] - Laser Technology Original: http://www.laser-printer-tech.com/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/20/www.laser-printer-tech.com/ [20.02.2001] - Tatung Netherlands Original: http://www.tatung.nl/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/20/www.tatung.nl/ [20.02.2001] - ICQ Groups Original: http://groups.icq.com/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/20/groups.icq.com/ [21.02.2001] - Adidas de Mexico Original: http://www.adidas.com.mx/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/21/www.adidas.com.mx/ [21.02.2001] - Best Buy Internet Original: http://www.bestbuyinternet.com/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/21/www.bestbuyinternet.com/ [21.02.2001] - Internet Communication Network Original: http://klaatu.fusive.com/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/21/klaatu.fusive.com/ [21.02.2001] - Toshiba International Corporation Original: http://www.toshiba.com.au/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/21/www.toshiba.com.au/ [21.02.2001] - Hacker (HK) Original: http://www.hacker.com.hk/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/21/www.hacker.com.hk/ [21.02.2001] - Kentucky State Government Original: http://kydisweb1.state.ky.us/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/21/kydisweb1.state.ky.us/ [22.02.2001] - Governo do Estado de Sao Paulo Original: http://www.procon.sp.gov.br/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/22/www.procon.sp.gov.br/ [22.02.2001] - Le Ministre de l'Agriculture Original: http://www.agr.gouv.qc.ca/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/22/www.agr.gouv.qc.ca/ [22.02.2001] - Hewlett-Packard Company Original: http://www.netserver.hp.com/ Defaced: http://www.attrition.org/mirror/attrition/2001/02/22/www.netserver.hp.com/ ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org http://security-db.com