HNS Newsletter Issue 65 - 28.05.2001 http://net-security.org http://security-db.com This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Current subscriber count to this digest: Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured products 5) Featured article 6) Security software 7) Defaced archives ======================================================== Help Net Security T-Shirt available ======================================================== Thanks to our affiliate Jinx Hackwear we are offering you the opportunity to wear a nifty HNS shirt :) The image speaks for itself so follow the link and get yourself one, summer is just around the corner. Get one here: http://207.21.213.175:8000/ss?click&jinx&3af04db0 ======================================================== General security news --------------------- ---------------------------------------------------------------------------- ENCRYPTED TUNNELS USING SSH AND MINDTERM Businesses, schools, and home users need more secure network services now more than ever. As online business increases, more people continue to access critical company information over insecure networks. Companies are using the Internet as a primary means to communicate with travelling employees in their country and abroad, sending documents to various field offices around the world, and sending unencrypted email; this communication can contain a wealth of information that any malicious person can potentially intercept and sell or give to a rival company. Good security policies for both users and network administrators can help to minimize the problems associated with a malicious person intercepting or stealing critical information within their organization. This paper will discuss using Secure Shell (SSH) and MindTerm to secure organizational communication across the Internet. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/feature_story-88.html IIS: TIME TO JUST SAY NO It's been a difficult year for IIS (Internet Information Server), Microsoft's flagship Web sever. The most import question that needs to be asked regarding IIS is, "Why are so many large corporations still using this highly insecure, flawed product?" Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/iis20010521.html THE FIRST ANNIVERSARY OF INDIA’S CYBERLAW May 17, 2000 is an important landmark in the legislative history of India - that was the day Parliament passed India’s first cyberlaw, the Information Technology Act 2000. It’s one year after the event which was greeted with tremendous enthusiasm and vigour. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.economictimes.com/today/20know02.htm HOW SLACKERS HELP VIRUS HACKERS The latest attempt to bring the Bleeding Edge computer system to its knees came, as usual, from an unexpected source - this time, an electrical products manufacturer in Keysborough. We can't recall having bought anything from this company and we have not the slightest interest in its financial activities, which is why we were surprised to receive an e-mail attachment purporting to be a worksheet of its debenture activities. In fact, it contained a copy of the W32.Magistr virus. The person who runs the computers at Keysborough, for instance, had taken the precaution of installing a virus checker on the in-house system. But he failed to make any arrangements for the laptops used by staff on company business. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://it.mycareer.com.au/news/2001/05/17/FFXB5F5ZRMC.html WANTED: A FIREWALL TO PROTECT OPEN DOORS There has been another security bug found in IIS - a nasty one. A buffer overrun allows you to execute your own code on the server, which can include such delicious things as running a remote command prompt. Applying the Microsoft fix is not hard - it just installs and away you go. Naturally the Linux Taliban have been hooting, saying that it proves Microsoft can't be trusted for internet-facing services. That's if we ignore the recent BIND disaster or the current crop of Linux worms which are causing havoc. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/Features/1121832 SCHOLARSHIP PLAN RECRUITS SECURITY WORKERS The U.S. government said Tuesday it would provide $8.6 million in scholarships for a "cybercorps" of 200 computer security students who would agree to take government jobs upon graduating. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-200-6008345.html FIREWALLING Firewalling: everybody does it. Some because of concern for their networks, others because of peer pressure. Most of us have carefully chosen our firewalling technology, ensuring that it can not be tricked by wily hackers using packet fragmentation or other dirty tricks to slip data past it. Then, carefully crafting our networks, we have created chokepoints and placed firewalls in-between various networks. We have made up our rule list, and checked it twice (or more in some cases) and carefully implemented these rules on our firewalls. At this point many people sit back with a sigh of relief and move on to other tasks. Unfortunately, there are a number of issues considered all too rarely by firewall administrators. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010523.html HARDENING WINDOWS 2000, PART ONE This is the first article in a three part series by SecurityFocus writer Tim Mullen devoted to hardening Windows 2000 across the enterprise, as opposed to focusing on single units, such as isolated servers or workstations. In this installment, the author discusses some of the security-enhancing tools that Windows 2000 offers, such as: Active Directory, Organizational Units, Security and Group Policies, and Security Configuration and Analysis. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/microsoft/2k/harden2k.html A 'WHITE HAT' GOES TO JAIL Max Butler lived three lives for five years. As "Max Vision," he was an incredibly skilled hacker and security expert who boasted that he'd never met a computer system he couldn't crack. As "The Equalizer," he was an FBI informant, reporting on the activities of hackers who considered him a colleague and, in some cases, a friend. As Max Butler, he was a family man in Santa Clara, California who ran a Silicon Valley security firm. At Max Vision Network Security, he specialized in running "penetration tests," attempting to break into corporate networks to prove that their security wasn't as good as it could be. And now Max is a number in the federal prison system. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,44007,00.html APACHE 1.3.20 RELEASED The Apache Software Foundation and The Apache Server Project announced the release of version 1.3.20 of the Apache HTTP server. This version of Apache is principally a security fix release which closes a problem under the Windows and OS2 ports that would segfault the server in response to a carefully constructed URL. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://httpd.apache.org/dist/httpd/ RUNNING MACROS WITHOUT WARNING By embedding a macro in a template, and providing another user with an RTF document that links to it, an attacker could cause a macro to run automatically when the RTF document was opened. The macro would be able to take any action that the user herself could take. This could include disabling the user’s Word security settings so that subsequently-opened Word documents would no longer be checked for macros. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.microsoft.com/technet/security/bulletin/MS01-028.asp U.S.'S DEFENSELESS DEPARTMENT When the U.S. government created the National Infrastructure Protection Center in February 1998 to thwart "cyber criminals," officials couldn't stop talking about how the feds were finally fighting back against the hacker menace. Former Attorney General Janet Reno said at the time that the new agency would "pursue criminals who attack or employ global networks" -- and that without the NIPC, "the nation will be at peril." Three years later, it's the NIPC that's in peril -- of being dubbed a poorly-organized, ill- conceived bureaucracy that more established agencies routinely ignore and that has not lived up to the promises its proponents once made. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,44019,00.html KGB VET HELPS PUT NEW LIGHT ON WEB SECURITY The one-time head of KGB overseas code scrambling and an ex-director of the CIA released what they called a revolutionary way of hiding Internet communications from prying eyes and would-be intruders. The new system can change the IP addresses on a network faster than once a second, cloaking them from all but authorized parties, said Victor Sheymov, chief executive of Invicta Networks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2763770,00.html CERT WEBSITE HIT BY DoS A denial of service attack was launched on the CERT Coordination Center at Carnegie Mellon University at about 11:30 a.m. Tuesday. The connection between the Internet service provider and www.cert.org was clogged with data until about 4 p.m. Wednesday. Access to the Web site, which provides reports about the latest security holes and viruses to affect government agencies, was slowed down and e-mail was also affected. The site was not defaced and no data was stolen, Carpenter said. "We get attacked every day. This is just another attack," said Richard D. Pethia, director of Carnegie Mellon's Networked Systems Survivability Program. "The lesson to be learned here is that no one is immune to these kinds of attacks. They cause operational problems, and it takes time to deal with them." Link: http://www.worldtechnews.com/?action=display&article=7370140&template=technology/stories.txt&index=recent SURVEILLANCE IN THE WORKPLACE The issue of surveillance of employee Internet and e-mail activity continues to be a source of great debate in the Internet community. This article by Ben Malisow will take a look at the debate, including a brief overview of employers' concerns, different philosophies on monitoring of activities, and the necessity of finding a mutually-acceptable, practical solution. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ih/articles/wpprivacy.html VIRUSES? FEH! FEAR THE TROJAN There may be a ghost in your machine - a hidden program known as a Trojan horse - that allows a malicious hacker to spy on you, ruin your data and computer and, in extreme cases, wreck your business or your life. Attackers have used Trojans to surreptitiously observe the users of infected machines over their webcams, and can also listen to conversations transmitted via the infected computer's microphone. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,43981,00.html BUILDING ELECTRONIC CITADEL The Software & Information Industry Association (SIIA) is working on a concept called Electronic Citadel. They say that many of the ideas in the approach are taken from the builders of military fortifications in the 1800s. The Electronic Citadel method is very much in draft stage, even though many of the cryptographic techniques it applies are well-established. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/19180.html FBI'S "OPERATION CYBER LOSS" Assistant Director Ruben Garcia, FBI, and Deputy Attorney General Larry D. Thompson, DOJ, were joined by the National White Collar Crime Center (NW3C) to announce that criminal charges have been brought against approximately 90 individuals and companies as part of a nationwide series of investigations into Internet fraud, code named "Operation Cyber Loss". The fraud schemes exposed as part of this operation represent over 56,000 victims who suffered cumulative losses in excess of $117 million. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.fbi.gov/cyberlossconf.htm THERE'S A VIRUS IN MY WINXP SYSTEM, PART TWO The Office XP virus has now been successfully captured and identified, thanks to Menache Eliazer of Finjan Software's Malicious Code Research Center, who also came up with some useful information for those of you worried about the block settings of Outlook 2002 interfering with your distribution of attachments. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/4/19192.html RUSSIAN HACKERS ARRESTED The group of about five people used Internet cafes in Moscow to steal around 300 credit card numbers from people in Western countries, the chief of Moscow police's computer crime unit said. Dmitry Chepchugov, quoted by The Associated Press, said they then used the cards to make false purchases through an online company they had created. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://europe.cnn.com/2001/TECH/internet/05/24/russia.hackers/index.html REMOTE-OFFICE FIREWALLS If you're supporting telecommuters or moving to broadband for remote small office sites, you need a firewall to protect the network. You can't count on "security by obscurity" to protect you, nor can you lean on the old belief that your network is too small to be of interest. The data on your network may not be important to an attacker, but your network could be very useful for obscuring a hacker's tracks on the way to his or her final destination. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nwc.com/1211/1211buyers2.html TEMPORARY COMMITTEE ON ECHELON Working document in preparation for a report on the existence of a global system for intercepting private and commercial communications - the Echelon interception system. This working document summarises the findings from the hearings in committee, private discussions with experts and systematic consideration of the available material by the rapporteur. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cryptome.org/echelon-ep.htm NEW WORM - "NOPED" - TAKES ON KIDDIE PORN A new e-mail worm that's just beginning to wiggle its way across the Internet scours infected computers for image files containing child pornography, and alerts government agencies if any suspicious files are discovered. The alert e-mail contains an attached copy of one of the files that allegedly contain child pornography discovered during the worm's search of infected hard drives, and also identifies the porn possessor's e-mail address. Vigilinx, a security assessment firm, said in a statement that the specific criteria Noped uses to identify the .jpg and .jpeg files as child pornography is not yet known. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,44112,00.html THE WEEK IN REVIEW: HACK ATTACKS AND HANDHELD WARS Just when you thought it was safe to surf the Internet, hackers and scammers are nipping at sites and surfers alike to make the experience somewhat less than a day at the beach. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2765370,00.html INTERNET ARCHITECTS ZERO IN ON RELIABILITY, SECURITY As the architects of the future Internet struggle to define underlying technologies for providing a range of new network services, reliability and security are again moving to the top of the agenda. According to experts at a meeting here this week sponsored by the Global Internet Project and the Cross-Industry Working Team, the reliability issue lends itself to market driven technology solutions. However, network security on a future Internet carrying everything from voice to video raises difficult architectural and policy questions that will take longer to resolve. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.eetimes.com/story/OEG20010525S0086 TWO NEW SITES ALLOW PEOPLE TO ESCAPE NET TRACKING Under pressure to protect privacy better, the advertising industry has set up two new Web sites that let computer users refuse to have their personal data collected and profiled when they visit popular commercial Internet sites. In the past, users typically would have had to visit each Web site individually and "opt out" of the profiling, a growing practice that has been criticized by privacy advocates and some lawmakers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/internet/05/25/internetprivacy.ap/index.html A COMMON LANGUAGE FOR SECURITY VULNERABILITIES When hackers want to breach your systems, they typically look for well-known security flaws and bugs to exploit. In the past, vendors and hackers gave different names to the same vulnerabilities. One company might package a group of five vulnerabilities into a patch or service pack and call it by one name, while another vendor might call the same group by five separate names. This confused IT decision makers who evaluated security products. It was difficult to compare scanning and intrusion detection tools because the vulnerabilities and exposures that they checked for had different names depending on the vendor's naming conventions. Fortunately, MITRE is changing that. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/enterprise/stories/main/0,10228,2765107,00.html DoS ATTACKS HIT ANYONE, NOT JUST CORPORATIONS DoS attacks against big Internet players like Amazon.com draw media attention, but according to a new study, these assaults frequently are targeted against individual personal computers. Attackers attempt to hide their tracks by using false source addresses. Network researchers at the University of California, San Diego's Jacobs School of Engineering, and the San Diego Supercomputer Center performed the study which measured three one-week periods with short breaks between the monitoring times. The researchers counted over 12,000 DoS attacks against 5,000 targets during the study period. Some attackers directed more than 600,000 message packets per second at their victims. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computeruser.com/news/01/05/25/news6.html OPEN SOURCE AND IT SECURITY This is a presentation converted to HTML, it has over 35 pages. If you're curious about security issues businesses face, this is an interesting overview that covers network sniffing (with screenshots of ethereal in action against a hypothetical CEO's POP client) and other internal threats and offers some resources for where to start looking for open source security tools. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.aeonxe.com/scspresentation ---------------------------------------------------------------------------- Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- NETSCAPE ENTERPRISE SERVER 4 VULNERABILITY By sending an invalid method or URI request of 4022 bytes Netscape Enterprise Server will stop responding to requests. Link: http://www.net-security.org/text/bugs/990444164,22079,.shtml SPYANYWHERE AUTHENTICATION VULNERABILITIES The SpyAnywhere application allows a user to remotely control a system through a HTTP daemon listening on a user-defined port. The problem lies in the authentication of such a session, where the authentication data is not correctly validated. During login the user is presented with a form which submits the variables "loginpass", "redirect" and "submit" to the function "pass". Link: http://www.net-security.org/text/bugs/990624387,52686,.shtml LINUX-MANDRAKE: OPENSSH UPDATE A problem was introduced with a patch applied to the OpenSSH packages released in the previous update. This problem was due to the keepalive patch included, and it broke interoperability with older versions of OpenSSH and SSH. This update removes the patch, and also provides the latest version of OpenSSH which provides a number of new features and enhancements. Link: http://www.net-security.org/text/bugs/990624483,1464,.shtml UNIXWARE 5.X - VI AND CRONTAB -E /TMP ISSUES vi makes poor use of /tmp. File names are very predictable. as a user ln -s /etc/passwd /tmp/Ex04161 wait for root to run vi and viola when he does he will clobber /etc/passwd with a null file. Link: http://www.net-security.org/text/bugs/990624516,13854,.shtml UNIXWARE 5.X - SCOADMIN /TMP ISSUES scoadmin makes poor use of /tmp. File names are very predictable. As a user: ln -s /etc/passwd /tmp/tclerror.1195.log Wait for root to run scoadmin from xwindows and viola! When he does, he will clobber /etc/passwd with a garbage file. In order to get the /tmp/tclerror.pid.log you need for root to have an improper term or cause some other error to happen. A good way to force an error is to stop xm_vtcld from opening... kindly leave a file where it wants its socket and it will complain. Link: http://www.net-security.org/text/bugs/990624537,88881,.shtml ORACLE E-BUSINESS SUITE ADE VULNERABILITY A potential security vulnerability has been discovered in Applications Desktop Integrator (ADI) version 7.X for Oracle E-Business Suite Release 11i. A debug version of the FNDPUB11I.DLL was inadvertently released with a patch to Applications Desktop Integrator (ADI) version 7.X. This DLL writes a debug file to the client machine that includes the clear text APPS schema password. A malicious user could use this DLL to obtain the APPS schema password and thereby gain elevated privileges. Link: http://www.net-security.org/text/bugs/990624992,53623,.shtml HP OPENVIEW NNM V6.1 BUFFER OVERFLOW HP OpenView NNM v6.1 has a buffer overflow in the suid-root file ecsd located in the /opt/OV/bin/ directory. ecsd is not used in NNM, but is shipped and installed suid-root as default. Link: http://www.net-security.org/text/bugs/990649162,82033,.shtml VULNERABILITY IN VIEWSRC.CGI A vulnerability exists which allows a remote user to view any file on the server. Link: http://www.net-security.org/text/bugs/990699222,79829,.shtml LINUX-MANDRAKE: SAMBA VULNERABILITY A vulnerability found by Marcus Meissner exists in Samba where it was not creating temporary files safely which could allow local users to overwrite files that they may not have access to. This happens when a remote user queried a printer queue and samba would create a temporary file in which the queue's data was written. Because Samba created the file insecurely and used a predictable filename, a local attacker could cause Samba to overwrite files that the attacker did not have access to. As well, the smbclient "more" and "mput" commands also created temporary files insecurely. Link: http://www.net-security.org/text/bugs/990699271,74902,.shtml 3COM NETBUILDER II SNMP ILMI COMMUNITY It seems to exist an undocumented read-only SNMP community in 3Com Netbuilder II Routers. The same happens in cisco and olicom routers. I checked this feature in Netbuilder II with CEC20 processor. CPU version 9.3 and serial card firmware is 2.5 Its really an old router. Link: http://www.net-security.org/text/bugs/990699746,38100,.shtml IPC@CHIP SECURITY VULNERABILITIES Sentry Research Labs did a security audit on the IPC@Chip (developed by Beck GmbH) using a DK40 Evaluation Board. Their conclusion: Warnings: 8 and Flaws: 3. Link: http://www.net-security.org/text/bugs/990733767,69798,.shtml NORTON ANTIVIRUS 2000 POPROXY.EXE PROBLEM While messing around with this i crashed the server by sending it too many characters (269 or more). Once the program crashes the user is unable to receive email until the next reboot (or poproxy.exe is run again) Link: http://www.net-security.org/text/bugs/990733863,94186,.shtml WIN2K ELEVATION OF PRIVILEGES WITH DEBUG REGISTERS If someone can execute programs on a target Win2K system then he may elevate his privileges at least to extent which gives him write access to C:\WINNT\SYSTEM32 and HKCR. Link: http://www.net-security.org/text/bugs/990734134,3636,.shtml ---------------------------------------------------------------------------- Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- "INTRODUCTION TO COMPUTER & NETWORK SECURITY" COURSE - [20.05.2001] Network Security Corp., a premier provider of Internet security solutions for business, has teamed with Element K Learning Center, Rochester, New York's premier computer training facility, to offer a course in computer security, "Introduction to Computer & Network Security." The three-day security course is scheduled for June 20-22 from 8:30 a.m. to 5:00 p.m. each day at Element K Learning Center, 140 Canal View Blvd, Rochester, NY. A representative of Network Security Corp. will teach the course, which is open to all information technology (IT) professionals. Press release: < http://www.net-security.org/text/press/990369589,56820,.shtml > ---------------------------------------------------------------------------- TELEHUBLINK WILL FOCUS ON WIRELESS ENCRYPTION - [21.05.2001] TeleHubLink Corporation, a pioneering company in wireless encryption and broadband secure communications, announced today that the company is modifying its strategy. The Company will focus the resources on its core wireless encryption business and close the WorldWide Assist division. WorldWide Assist was involved with internet customer resource management and located in Montreal Canada. The Company will continue with the Telecom business, which provided over $10 million in net revenue during fiscal 2001. Press release: < http://www.net-security.org/text/press/990443883,26480,.shtml > ---------------------------------------------------------------------------- VIGILANTE AND UNISYS PARTNER - [21.05.2001] VIGILANTe, a pioneer and leader in security assurance services, and Unisys Corporation, a leading provider of full life cycle, integrated security solutions, announced a strategic alliance. Under the terms of this agreement, Unisys will include SecureScan(TM), VIGILANTe's award-winning automated vulnerability assessment service, in the Unisys Security Management Solution. Unisys will offer SecureScan to clients on a subscription basis, enabling proactive risk mitigation through ongoing vulnerability testing. Press release: < http://www.net-security.org/text/press/990444070,54114,.shtml > ---------------------------------------------------------------------------- DEVELOPING SECURE TRANSACTION SERVICES - [23.05.2001] Cyota, a leading payment security company, announced today a cross-licensing agreement with Microsoft Corp., giving Cyota a license to Microsoft patents in the area of proxy number technology. The companies will also be working together to develop secure transaction services, based on Microsoft .NET technologies, designed to help businesses deliver a new, richer customer experience. Press release: < http://www.net-security.org/text/press/990619177,54391,.shtml > ---------------------------------------------------------------------------- CLEARTRUST SECURECONTROL WINS NC AWARD - [23.05.2001] Securant Technologies - the company that secures e-business - announced that its Web access management system, ClearTrust SecureControl, has earned the coveted Editor's Choice award from Network Computing magazine. In a review of Web-based policy management products that will appear in the May 28 issue, ClearTrust SecureControl was judged to be the best access management solution in a head-to-head comparison with products from Baltimore Technologies, Entegrity Solutions, Entrust Technologies, and OpenNetwork Technologies. Netegrity declined to participate; telling the magazine its product is too complex to be accurately tested in a competitive review. Press release: < http://www.net-security.org/text/press/990619273,74419,.shtml > ---------------------------------------------------------------------------- RESEARCH ON WORLDWIDE MAGNITUDE OF DoS ATTACKS - [23.05.2001] Asta Networks, a network reliability company, announced today research that provides a breakthrough for understanding the scope and dimensions of the problem of Denial-of-Service (DoS) attacks plaguing the global Internet. Over the course of a three-week period, the study showed that 12,805 attacks were launched against more than 5,000 distinct targets, representing a conservative glimpse into the actual number of DoS attacks that occur on the Internet. The targets ranged from well-known companies such as Amazon.com and AOL to small foreign ISPs and broadband users. Press release: < http://www.net-security.org/text/press/990621990,56505,.shtml > ---------------------------------------------------------------------------- SK TELECOM SELECTS UNISECURITY - [23.05.2001] UniSecurity Inc., a rapidly emerging technology company in the Internet security industry, has announced that SK Telecom, Korea's largest telecommunications company with over 15 million subscribers, will adopt UniSecurity's SecuForce Security Suite to secure its e-Procurement System for e-business between SK Telecom and its suppliers. Press release: < http://www.net-security.org/text/press/990622031,13625,.shtml > ---------------------------------------------------------------------------- INTERNET SECURITY SYSTEMS SHIPS REALSECURE 6.0 - [23.05.2001] Internet Security Systems (ISS), a leading provider of security management solutions for the Internet, announced a significant new version of its leading network and server-based intrusion detection solution, RealSecure 6.0. Delivering powerful new scalability capabilities critical to securing digital assets and ensuring business continuity, the latest version of RealSecure sets a new standard in enterprise intrusion protection. Press release: < http://www.net-security.org/text/press/990622653,42197,.shtml > ---------------------------------------------------------------------------- NEW SUPERSCOUT WEB FILTER ANNOUNCED - [24.05.2001] SurfControl, The Internet Filtering Company, today announced a new version of SuperScout Web Filter as part of the continued development and enhancement of its patented filtering technology that has kept SurfControl at the leading edge of the filtering market. SuperScout for VPN-1/FireWall-1 Solaris version 2.0 seamlessly integrates with Check Point Software Technologies' industry-leading VPN-1/FireWall-1. Press release: < http://www.net-security.org/text/press/990659724,16367,.shtml > ---------------------------------------------------------------------------- FOURTH HOPE CONFERENCE CONFIRMED - [24.05.2001] H2K2 will take place July 12, 13, and 14 2002 at the Hotel Pennsylvania in New York City - with one major difference. While we will once again have the entire 18th floor for speakers and presentations, we have secured an additional 35,000 square feet on the ground floor for the network and related activities. To give you an idea of just what this means, the entire conference area for our previous event (H2K) was approximately 12,000 square feet. We now have this PLUS the additional space which gives us nearly 50,000 square feet to play with. Press release: < http://www.net-security.org/text/press/990693161,33299,.shtml > ---------------------------------------------------------------------------- FORRMING INFORMATION SECURITY POWERHOUSE - [24.05.2001] AtomicTangerine, a leading provider of information security services, announced that it has joined with SecurityPortal, Inc., to form the most comprehensive solution available to help companies stay ahead of evolving security risks. The combined companies provide complementary services, tools and resources in the security marketplace, forming - under the name AtomicTangerine - a unique provider of end-to-end solutions, from vulnerability assessment to monitoring of, and responses to, security threats both from the inside and the outside. Press release: < http://www.net-security.org/text/press/990712414,8736,.shtml > ---------------------------------------------------------------------------- SOPHOS WARNS OF RTF FILES VULNERABILITY - [25.05.2001] Sophos Anti-Virus, a world leader in corporate anti-virus protection, is warning users of a recently discovered security vulnerability in Microsoft Word. The flaw can allow viral macros to execute automatically simply by opening Rich Text Format documents, something which was not thought to be possible until now. Press release: < http://www.net-security.org/text/press/990789586,84882,.shtml > ---------------------------------------------------------------------------- SECURE WAP GATEWAY POWERED BY RSA BSAFE - [25.05.2001] RSA Security Inc., the most trusted name in e-security, announced that Ajaxo Inc., a leading provider of WAP development tools for enterprise applications, has chosen RSA BSAFE WTLS-C and RSA BSAFE SSL-C encryption software for inclusion in its Ajaxo Secure WAP Gateway. This wireless gateway is designed to provide users with end-to-end secure communication when using WAP mobile applications. By adopting RSA Security's software, Ajaxo is able to offer its clients complete WAP-based security, while delivering high performance and scalability. Press release: < http://www.net-security.org/text/press/990790435,14352,.shtml > ---------------------------------------------------------------------------- SONICWALL EXPANDS SSL ACCELERATION PRODUCT LINE - [25.05.2001] SonicWALL, Inc., a leading provider of Internet security solutions, announced the expansion of its Secure Sockets Layer (SSL) acceleration product line with the introduction of the SSL-R3 and SSL-R6 products. Offloading up to 1200 secure transactions per second, these new products offer greater web server performance for data centers, large web server farms and application service providers. Press release: < http://www.net-security.org/text/press/990790547,42233,.shtml > ---------------------------------------------------------------------------- Featured products ------------------- The HNS Security Database is located at: http://www.security-db.com Submissions for the database can be sent to: staff@net-security.org ---------------------------------------------------------------------------- EXTRACTOR Extractor is another weapon that investigators and forensic scientists can use to help recover important data and evidence deleted by savvy criminals. Read more: < http://www.security-db.com/product.php?id=9 > This is a product of WetStone Technologies, Inc., for more information: < http://www.security-db.com/info.php?id=3 > ---------------------------------------------------------------------------- F-SECURE SSH F-Secure SSH Client and Server enable remote systems administrators and telecommuters to access corporate network resources without revealing passwords and confidential data to possible eavesdroppers. It protects TCP/IP-based terminal connections in UNIX, Windows and Macintosh environments. Read more: < http://www.security-db.com/product.php?id=56 > This is a product of F-Secure, for more information: < http://www.security-db.com/info.php?id=12 > ---------------------------------------------------------------------------- GLOBAL SECURE TECHNICAL SERVICES LIMITED Global Secure Technical Services Limited (GSTS) offers monitored and managed IT Security Services. Organisations today recognise the need for improved communications through the Internet, they also realise that they do not have the technical expertise to implement a secure connection. Read more: < http://www.security-db.com/product.php?id=501 > This is a product of Global Technology Associates Limited, for more information: < http://www.security-db.com/info.php?id=109 > ---------------------------------------------------------------------------- Featured article ---------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org ---------------------------------------------------------------------------- THE ATTRITION.ORG DEFACEMENT MIRROR IS NO MORE The Attrition staff has decided to stop updating their defacement mirror. There's a lot of reasons for this, you can read their statement below. Alldas will continue working on the mirroring, along with the cooperation from the Attrition staff. Read more: < http://www.net-security.org/text/articles/attrition-evolution.shtml > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- FAENA MYID 1.1.43 Faena MyID is a super high security user ID and password keeping program. Encrypt your usernames and passwords. Even if hacker gets your password file, without your PIN in your mind, nobody can decrypt the data. Supports multi-user if you are using Windows NT4/2000/Xp. Transfer your ID password lists between home and work by email, using Export/Import function. AutoHide to tasktray. This is a full function free demo version. Info/Download: < http://www.net-security.org/various/software/991039142,23894,windows.shtml > ---------------------------------------------------------------------------- PASSWORD 2000 2.6.1 E-mail at work, e-mail at home, the alarm to the house, log-on at the office, all these things require PASSWORDS. How can you remember them all? Well, it is not always easy. You could make them all the same password. But then it would be just that much easy for any nosey parties to gain access to all of you personal information. Instead, you can use the Password 2000. Info/Download: < http://www.net-security.org/various/software/991039251,65686,windows.shtml > ---------------------------------------------------------------------------- SAMHAIN V.1.1.12 Samhain (development branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6. The devel version has more advanced features, but not all options are thoroughly tested yet. Changes: Now detects Linux LKM rootkits. Problems with repetitive reports by the daemon have been fixed, the installation has been streamlined, init scripts for Linux (SuSE, Redhat, and Debian) have been added, and the docs have been revised. Info/Download: < http://www.net-security.org/various/software/991039413,81505,linux.shtml > ---------------------------------------------------------------------------- NEW MOD_SSL PACKAGE mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc. Changes: Updated to work with Apache 1.3.20. Info/Download: < http://www.net-security.org/various/software/991039519,17500,linux.shtml > ---------------------------------------------------------------------------- Defaced archives ------------------------ [21.05.2001] Original: http://www.toshiba.com.mx/ Defaced: http://defaced.alldas.de/mirror/2001/05/21/www.toshiba.com.mx/ OS: Windows Original: http://www.as/ Defaced: http://defaced.alldas.de/mirror/2001/05/21/www.as/ OS: Windows Original: http://www.cinemaxx.de/ Defaced: http://defaced.alldas.de/mirror/2001/05/21/www.cinemaxx.de/ OS: Windows Original: http://www.soccer.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/21/www.soccer.com/ OS: Windows [22.05.2001] Original: http://www.fm/ Defaced: http://defaced.alldas.de/mirror/2001/05/22/www.fm/ OS: Windows Original: http://www.daewoo.com.pe/ Defaced: http://defaced.alldas.de/mirror/2001/05/22/www.daewoo.com.pe/ OS: Windows Original: http://www.sfpc.gov.cn/ Defaced: http://defaced.alldas.de/mirror/2001/05/22/www.sfpc.gov.cn/ OS: Windows [23.05.2001] Original: http://www.don-imit.navy.mil/ Defaced: http://defaced.alldas.de/mirror/2001/05/23/www.don-imit.navy.mil/ OS: Windows Original: http://www.ecgd.gov.uk/ Defaced: http://defaced.alldas.de/mirror/2001/05/23/www.ecgd.gov.uk/ OS: Windows Original: http://www.yoko.npmoc.navy.mil/ Defaced: http://defaced.alldas.de/mirror/2001/05/23/www.yoko.npmoc.navy.mil/ OS: Windows [24.05.2001] Original: http://www.in.nrcs.usda.gov/ Defaced: http://defaced.alldas.de/mirror/2001/05/24/www.in.nrcs.usda.gov/ OS: Windows Original: http://www.kashmir.net/ Defaced: http://defaced.alldas.de/mirror/2001/05/24/www.kashmir.net/ OS: Unknown Original: http://palmspring.org/ Defaced: http://defaced.alldas.de/mirror/2001/05/24/palmspring.org/ OS: Windows [25.05.2001] Original: http://www.mazda.com.sg/ Defaced: http://defaced.alldas.de/mirror/2001/05/25/www.mazda.com.sg/ OS: Windows Original: http://www.serverattack.com/ Defaced: http://defaced.alldas.de/mirror/2001/05/25/www.serverattack.com/ OS: Solaris Original: http://www.sdny.gov.cn/ Defaced: http://defaced.alldas.de/mirror/2001/05/25/www.sdny.gov.cn/ OS: Windows Original: http://www.reikicenter.dk/ Defaced: http://defaced.alldas.de/mirror/2001/05/25/www.reikicenter.dk/ OS: Linux [26.05.2001] Original: http://www.tv3.dk/ Defaced: http://defaced.alldas.de/mirror/2001/05/26/www.tv3.dk/ OS: Windows Original: http://www.delmar.cec.eu.int/ Defaced: http://defaced.alldas.de/mirror/2001/05/26/www.delmar.cec.eu.int/ OS: Windows Original: http://republican.assembly.ca.gov/ Defaced: http://defaced.alldas.de/mirror/2001/05/26/republican.assembly.ca.gov/ OS: Windows [27.05.2001] Original: http://animalscience.ucdavis.edu/ Defaced: http://defaced.alldas.de/mirror/2001/05/27/animalscience.ucdavis.edu/ OS: Windows Original: http://www-isds.jpl.nasa.gov/ Defaced: http://defaced.alldas.de/mirror/2001/05/27/www-isds.jpl.nasa.gov/ OS: Windows Original: http://www.printer.ch/ Defaced: http://defaced.alldas.de/mirror/2001/05/27/www.printer.ch/ OS: Windows ---------------------------------------------------------------------------- ======================================================== Advertisement - HNS Security Database ======================================================== HNS Security Database consists of a large database of security related companies, their products, professional services and solutions. HNS Security Database will provide a valuable asset to anyone interested in implementing security measures and systems to their companies' networks. Visit us at http://www.security-db.com ======================================================== Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org http://security-db.com