Subject: SecurityPortal.com -- May 1, 2000 ******* Vendor Corner ******* ********************************************** WRITE YOUR INFORMATION SECURITY POLICIES IN A DAY! INFORMATION SECURITY POLICIES MADE EASY is a kit, text and CD, of 1000+ already-written security policies by internationally-known consultant Charles Cresson Wood. ISPME has JUST BEEN UPDATED and is now available in Version 7! ISPME v7 is the most comprehensive collection of policies available covering the latest technology developments and infosec topics. Each of these policies is accompanied by commentary detailing policy intention, audience, and the circumstances where it applies. Save weeks of time and thousands of dollars developing policies for information security manuals, systems standards, etc. with no consultant fees. Go to - http://www.baselinesoft.com ******* What's new with SecurityPortal.com ******* Hardening RedHat Linux with Bastille: Securely Installing a Bastion Host This article presents a concise step-by-step approach to securely installing RedHat Linux for use in a firewall DMZ, or other sensitive environment, using Bastille. Linux has progressed rapidly and can be configured to be as secure as, if not better, than commercial UNIX. The focus in this article is on RedHat 6.1 on SPARC and Intel. Mandrake 7.0 was also tested on Intel. We welcome your feedback <mailto:[EMAIL PROTECTED]> on this article Read the full story here <http://securityportal.com/direct.cgi?/cover/coverstory20000501.html> Weekly Security Digests are updated Monday mornings by 3am EST. You can find them here. <http://securityportal.com/direct.cgi?/research/center.cgi?Category=wd> ******* Vendor Corner ******* ============================================================ Sponsored by VeriSign - The Internet Trust Company ============================================================ Running a server farm? If you're managing multiple servers in your organization, securing all of them can quickly become complicated. But now, you can learn how to simplify security administration through a single point of management - with a valuable new guide from VeriSign. Request the FREE Guide "Securing Intranet and Extranet Servers" at: http://www.verisign.com/cgi-bin/go.cgi?a=n016101690150000 ============================================================ ******* Top News ******* May 1, 2000 Welcome to SecurityPortal.com - The focal point for security on the Net Recent postings in our top news <http://www.securityportal.com/framesettopnews.html> : May 1, 2000 Weekly Microsoft Security Roundup <http://securityportal.com/direct.cgi?/topnews/weekly/microsoft20000501.html > - NT Bugtraq postings involving disabling NetBIOS in Windows 2000, and a problem with Microsoft�s hotfix for the "Mixed Object Access" vulnerability. See the tip of the week for information on securing SNMP Weekly Check Point Security Roundup <http://securityportal.com/direct.cgi?/topnews/weekly/checkpoint20000501.htm l> - The mailing list review includes information on Blocking Online Gaming, i.e.Tribe and Quake, a Security Hole Created by Check Point Implicit Rule?, Upgrading FW-1 v4.0 to v4.1, and Detecting Port Sniffing. Tips on what to consider when switching to Linux Weekly Linux Security Roundup <http://securityportal.com/direct.cgi?/topnews/weekly/linux20000501.html> - RedHat�s PostgreSQL stores passwords in plaintext. General advisories on arachNIDS, and LIBSAFE. Caldera OpenLinux updates for LISA and OpenLDAP. Mandrake has a busted OpenLDAP as well. The default password was left in RedHats Piranha. Booboos in one of SuSE�s base packages. BugTraq review includes PostgreSQL, Man (Red Hat 6.1) exploit, Imwheel (Red Hat) exploit, Unsafe fgets() in Sendmail�s mail.local, and Full fix for gpm-root. Tips on how to get multiple layers of security Weekly Axent Security Roundup <http://securityportal.com/direct.cgi?/topnews/weekly/axent20000501.html> - Axent training program for the 6.5 firewall release. Mailing list review includes: The Upgrade Log-jam Begins to Flow, The Black Art of DNS, Will 6.5 Support Legacy RaptorMobiles? Tips on how to administer your DNSd hosts and hosts.pub files by editing them manually LinuxToday: SuSE Security Announcement: Package: aaabase< 2000.1.3 <http://linuxtoday.com/stories/21015.html> - A security hole was discovered in the package mentioned above. Please update as soon as possible or disable the service if you are using this software on your SuSE Linux installation. Other Linux distributions or operating systems might be affected as well, please contact your vendor for information about this issue Apr 28, 2000 ZDNet: Computer worm targets Chinese Windows users <http://www.zdnet.co.uk/news/2000/16/ns-15075.html> - A new computer worm which exploits a hole in Chinese versions of Microsoft Internet Explorer, is currently running riot among China�s computer users, according to Russian anti-virus firm, Kaspersky Labs. According to Kaspersky, the worm is similar to the much talked about Bubbleboy virus because its victims do not need to click an attachment in order for it to take effect ABCNews: Feds to Hacker: Shut Up or Go Back To Jail <http://www.apbnews.com/newscenter/internetcrime/2000/04/28/mitnick0428_01.h tml> - Kevin Mitnick, the notorious computer hacker accused of causing millions of dollars in damage to technology companies, has been ordered to get off the lecture circuit or risk going back to prison. The federal probation department sent word through his probation officer that his activities must stop, Mitnick said NAI: Wscript KillMBR Trojan <http://vil.nai.com/villib/dispvirus.asp?virus_k=98607> - This is a script trojan which exploits a security hole in the running of ActiveX signed objects with the use of VB Script. This trojan will write an .HTA file to the local system for execution at next Windows restart. When this .HTA file executes, it will execute code to overwrite the first sector of the hard drive Newsbytes: White House Security Official Calls for More E-vigilance <http://www.newsbytes.com/pubNews/00/148150.html>- The recent arrest of a Canadian teenager in connection with the distributed denial-of-service attacks that hit several major Web sites earlier this year should not assuage anybody�s vigilance about information security, a senior White House official said today Developing Information Security Needs <http://securityportal.com/direct.cgi?/research/security101/isneeds20000428. html> - Security professionals are constantly looking for ways to balance the need for information security with usability in managing corporate resources. The primary way to accomplish this balance is development of effective security policies that support both security needs and business functions without inconveniencing computer users. A corporate security policy must notify everyone that information security is a priority issue for the organization with everyone both responsible and accountable for achieving that goal CNet: Qualcomm warns of Eudora security hole <http://news.cnet.com/news/0-1005-200-1773077.html> - Qualcomm is urging people who use Eudora to guard against a potentially dangerous security vulnerability. ormally, before Eudora and similar email applications will run an executable file attached to an email message, they will present a warning that asks whether the recipient wants to risk running untrusted code on the computer. But in an exploit devised by bug hunter and anticontent-filtering advocate Bennett Haselton, a hostile email sender can circumvent that warning ZDNet: Beware shopping cart's backdoor <http://www.zdnet.com/zdnn/stories/news/0,4586,2556876,00.html?chkpt=zdhpnew s01> - E-commerce sites using CART32 shopping cart software have a backdoor that allows attackers free reign, says report ZDNet: Intel disables ID tracking in new chips <http://www.zdnet.com/zdnn/stories/news/0,4586,2556671,00.html?chkpt=zdhpnew s01> - There was a firestorm of protest when Intel put ID-tracking technology in Pentium III chips. Now it�s obsolete and being removed Apr 27, 2000 Slashdot: Spooky Quantum Data Encryption <http://slashdot.org/article.pl?sid=00/04/27/103207&mode=thread> - Hardy writes "Imagine an encrypted communications channel that immediately notifies the parties if they are being bugged. The American Institute of Physics site is running an article about exploiting what Einstein described as the "spooky" action at a distance properties of quantum entangled particles. The entanglement process can generate a completely random sequence of 0s and 1s distributed exclusively to two users at remote locations. Any eavesdropper�s attempt to intercept this sequence will alter the message in a detectable way and enabling the users to discard the appropriate parts of the data. This random sequence of digits is then used to scramble the message. This approach solves the problem of distributing a shared key to both parties without it falling into the wrong hands. This diagram might help. " VNUNet: System uses speed to find virus antidote <http://www.vnunet.com/News/723584> - A program which allows antivirus vendors to protect users against rapidly spreading viruses by secure exchange of �urgent� virus samples was launched today. TheRegister: BTopenworld security glitch reveals thousands of customer names <http://www.theregister.co.uk/000427-000028.html> - BTopenworld has suffered a security leak of biblical proportions after the details of tens, nay, hundreds of thousands of customers were published willy-nilly on its Web site. ZDNet: Whose e-mail is it, anyway? <http://www.zdnet.com/zdnn/stories/comment/0,5859,2556098,00.html> - When it comes to responding to the misuse of e-mail, Internet services, and other office resources by employees, there are two kinds of companies: the reasonable, and the unreasonable. ZDNet: AboveNet vows to nab cybervandals <http://www.zdnet.com/zdnn/stories/news/0,4586,2556074,00.html> - Internet service provider AboveNet Communications Inc. and law enforcement officials are on the hunt for the cyberattackers who halted traffic on Tuesday to almost 1,000 businesses that contract Internet services and Web-page hosting through the company. Linuxlock: Interview with Kevin Sexton of Protectix <http://www.linuxlock.org/features/protectix.html> - After first approaching Kevin Sexton from Protectix about an interview, the two of us, started sending mail back and forth. Some of the mail was about the interview, and some of it was just was personal about security in general. Kevin definately gets it. He is committed to Open Source Software and is serious about security. Along with providing the technological edge for keeping his security company at the top of the game, he has been working out business deals, including one with Lynx, the developers of BlueCat embedded Linux. I have a great amount of respect for Kevin and I encourage you to get in touch with Protectix if you want to outsource your security. NandoTimes: Hackers raided Russia's gas monoploy, officials say <http://www.nandotimes.com/technology/story/0,1643,500197283-500270387-50141 8162-0,00.html>- Russian authorities say Gazprom, a huge state-run gas monopoly, was one of a growing number of targets hit by computer hackers last year. Acting with a Gazprom insider, hackers were able to get past the company�s security and break into the system controlling gas flows in pipelines, Interior Ministry Col. Konstantin Machabeli said, according to the Interfax news agency LinuxToday: Update on Red Hat Security Advisory: Piranha web GUI exposure <http://linuxtoday.com/stories/20850.html>- The GUI portion of Piranha may allow any remote attacker to execute commands on the server. This may allow a remote attacker to launch additional exploits against a web site from inside the web server. This is an updated release that disables Piranha�s web GUI interface unless the site administrator enables it explicitly In the Investigative Eye <http://securityportal.com/direct.cgi?/research/investigate20000427.html> - Masters of locating Internet and electronic database information, dossier compilers pursue dirt. If it exists in bits, they convert it into hits on a target�s reputation faster than a luge run in the Winter Olympics. This information may serve as direct intelligence or as a tool for coercion. So, if you�re a possible target, your goal becomes minimizing your exposure in cyberspace. Watch out for Vices, Business Secrets, Travel Arrangements... CNN: Carnegie Mellon establishes anti-hacking institute <http://cnn.com/2000/TECH/computing/04/26/cybersecurity/index.html> - A Pennsylvania university created a research institute this month dedicated to fighting computer attacks like those that besieged major Web sites like eBay, Yahoo! and CNN.com in February ISS Security Advisory: Insecure file handling in IBM AIX frcactrl program <http://xforce.iss.net/alerts/advise47.php3> - ISS X-Force has discovered a vulnerability in the AIX frcactrl program. The Fast Response Cache Accelerator (FRCA) is a kernel module that can be used with the IBM HTTP server to improve the performance of a web server. If the FRCA module is loaded, a local attacker could use frcactrl, a program used to manage FRCA configuration, to modify files CERT Advisory CA-2000-03 Continuing Compromises of DNS servers <http://securityportal.com/direct.cgi?/topnews/ca2000-03.html> - This CERT Advisory addresses continuing compromises of machines running the Domain Name System (DNS) server software that is part of BIND ("named"), including compromises of machines that are not being used as DNS Servers. The Advisory also reports that a significant number of delegated(*) DNS servers in the in-addr.arpa tree are running outdated versions of DNS software, and urges system and network administrators to ensure that they are up-to-date with DNS security patches and workarounds Wired: Anonymity Threatened in Europe <http://wired.com/news/politics/0,1283,35924,00.html>- The European Parliament is weighing a proposal that would limit the use of anonymous email, saying such a requirement would enhance police surveillance of criminals Apr 26, 2000 FCW: DOD pushing forward on Internet disconnect <http://www.fcw.com/fcw/articles/2000/0424/web-dod-04-26-00.asp>- Despite criticism it received last year for a proposal to disconnect from the Internet to bolster security, the Defense Department remains committed to developing a technical architecture that will allow it to do just that, DOD's top cyberdefender said. Techweb: Korean Firms Hit By Chernobyl Computer Virus <http://www.techweb.com/wire/story/reuters/REU20000426S0001> - The so-called Chernobyl computer virus struck South Korea on Wednesday, wiping out hard disks at hundreds of companies, the Ministry of Information and Communication said on Wednesday. InternetNews: Register.com Launches Domain Security Service <http://www.internetnews.com/bus-news/article/0,2171,3_348071,00.html> - Domain registrar Register.com Inc. Wednesday launched Domain Lock Down, a service that protects domain names from being hijacked. With the new service, register.com (RCOM), "locks" names at the registry level, which helps prevent unauthorized alterations to name server and registrar information and blocks deletions of a domain name for the length of the registration term. CNet: Start-up to help businesses get hip to privacy <http://news.cnet.com/news/0-1005-200-1760269.html?tag=st.ne.1002.bgif.1005- 200-1760269>- Riding the wave of Net security fears, a new organization is launching a Web site next week aimed at helping businesses comply with privacy laws worldwide. Privacy Council, founded in October, is getting off the ground with $5 million in venture funding plus help from two major partners: Marsh USA, an insurance brokerage firm, and IBM F-Secure reports CIH virus damage much lighter this year <http://securityportal.com/direct.cgi?/topnews/cih20000426.html> - minimal confirmed reports of damage caused by the CIH virus, set to activate Apr 26, and which caused a large amount of damage in 1999. There are unconfirmed reports of greater damage in Korea NW Fusion: Stolen laptop prompts calls for internal review <http://www.nwfusion.com/news/2000/0425stolentop.html> - Safeware, The Insurance Agency Inc. in Columbus, Ohio, estimates that 319,000 laptops were stolen in the U.S. last year Fairfax: Privacy experts slam Australian effort in EU test <http://www.it.fairfax.com.au/industry/20000425/A17140-2000Apr20.html> - The chairman of the Privacy Foundation, Tim Dixon, says Australia�s proposed privacy legislation does not stand up well compared to foreign counterparts and "clearly fails the EU test" ZDNet: FBI investigating new Web attack <http://www.zdnet.com/zdnn/stories/news/0,4586,2555422,00.html?chkpt=zdhpnew s01> - ISP AboveNet hit by a denial-of-service attack -- blocking customers� Web access for hours. �It was a direct attack on our infrastructure.� PlanetIT: First U.S. Online Privacy Law Takes Effect <http://www.planetit.com/techcenters/docs/security/news/PIT20000424S0017> - The government will start surfing the Web Friday to enforce the first federal statute on online privacy -- a new law that imposes thousands of dollars in fines on marketers who collect personal information from children under 13. Apr 25, 2000 LinuxSecurity.Com: Build a Secure System with LIDS <http://www.linuxsecurity.com/feature_stories/feature_story-12.html> - LIDS ( Linux Intrusion Detection System) is a Linux kernel patch to enhance the Linux kernel. In this article, we will talk about LIDS, including what it can do and how to use it to build a secure linux system. Currents: Motorola Turns to Certicom for Wireless Security <http://www.currents.net/news/00/04/25/news7.html> - Certicom, a Canadian company with marketing operations in Hayward, Calif., said the deal means Certicom�s elliptic curve cryptography technology could be used in Motorola�s pagers, mobile handsets and Web-enabled phones, as well as the building blocks of wireless networks, such as servers offering content via the wireless application protocol, WAP. Silicon: News in View: Hackers get inside jobs <http://www.silicon.com/public/door?REQUNIQ=956639138&6004REQEVENT=&REQINT1= 37117&REQSTR1=newsnow>- Hackers are alive and well - and hard at work within your company. But these people can be the best way of ensuring your security systems are water-tight ComputerNewsDaily: Congress Nears Passage Of Digital Signature Bill <http://199.97.97.16/contWriter/cnd7/2000/04/23/cndin/5068-0014-pat_nytimes. html>- With the flourish of a quill spelling out ``John Hancock�� or with a simple pencil scratching out an ``X,�� Americans have long used their signatures to seal a deal. But in the age of the Internet, business owners say electronic commerce will never reach its full potential unless two parties can complete a contract by using a computer to ``sign�� and send legally binding documents ZDNet: Albright reassigns security after laptop vanishes <http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2554906,00.html?chkpt=p 1bn> - Secretary of State Madeleine Albright ordered new security steps taken on Monday after a laptop computer containing classified information disappeared inside the State Department Wireless Security Overview <http://securityportal.com/direct.cgi?/research/wireless/wirelessgeneral2000 0421.html> - Wireless networks are adopting online commerce at a dizzying pace, reminiscent of the Internet�s adoption of ecommerce during the last two years. Applications such as stock trading, shopping, and banking are now available on wireless networks. It is the market of the future, but wireless is worth paying attention to right now. ISS Advisory: Backdoor Password in Red Hat Linux Virtual Server Package <http://securityportal.com/direct.cgi?/topnews/iss20000424.html> - Internet Security Systems (ISS) X-Force has identified a backdoor password in the Red Hat Linux Piranha product. Piranha is a package distributed by Red Hat, Inc. that contains the Linux Virtual Server (LVS) software, a web-based GUI, and monitoring and fail-over components. A backdoor password exists in the GUI portion of Piranha that may allow remote attackers to execute commands on the server Apr 24, 2000 IBM: Make your software behave: CGI programming made secure <http://www-4.ibm.com/software/developer/library/secure-cgi/> - In a short span of years (since 1992, in fact), the Web has exploded from nonexistence to the gazillions of Web sites found today. As the Web has grown, so too have the capabilities of Web technologies. This article focuses on writing CGI scripts: software that lives on the Web and that, not surprisingly, has critical security implications. ChicagoSunTimes: Field expanding for cyber-sleuths <http://www.suntimes.com/output/weinstein/wein232.html>- First it was Yahoo!, then eBay, followed by Amazon.com, CNN and even the FBI. Cyber-thieves are not only cracking the largest bastions of e-commerce, but the government�s elite sites as well. Hackers have made headlines for a long time, but the recent attacks prove they�ll go to surprising lengths to wreak havoc. ComputerUser: Hackers Bust Into Area 51 Site <http://www.computeruser.com/news/00/04/24/news3.html> - The company that published online satellite photos of the super-secret US Air Force installation known as Area 51 believes that it has solved a hacker problem that surfaced just hours after the pictures were posted. ComputerUser: F-Secure Warns Of Chernobyl Virus Anniversary Meltdown <http://www.computeruser.com/news/00/04/24/news7.html> - F-Secure has issued a warning to its customers about the CIH virus (also known as Chernobyl), which activates every year on April 26. The IT security firm said that when CIH activated last time, in April 1999, it caused the most damage done by one virus. According to the latest statistics, more than 2 million PCs suffered data loss because of the CIH virus last year. SJ Mercury: Palm VII banned from lab as security threat <http://www.sjmercury.com/svtech/news/breaking/merc/docs/001887.htm> - "Lawrence Livermore National Laboratory officials have identified a new security threat -- the Palm VII personal organizer. While the Palm VII gives gadget junkies the power to check e-mail and download stock quotes on the fly, security officers say it also makes it easier for would-be spies to copy and ship guarded information. None of the country�s most sensitive material has been compromised, but the lab is not taking chances" Trend Micro Virus Alert: VBS_KakWorm.A <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KAKWORM. A>- rated as a medium risk, VBS_KakWorm.A is a direct action worm that is compatible with the Windows Scripting Host interpreter. You must have MS IE 5 or a browser that supports Windows Scripting for this worm to execute. This worm modifies your default signature in Outlook Express, embedding itself in the message. This worm is compatible with both the English and French versions of Windows Real Networks patches stack overflow in Real Server <http://service.real.com/help/faq/servg270.html> - The specific exploit involves a stack overflow in the PNA protocol handling scheme that ultimately causes the RealServer to discontinue serving streams until the RealServer is restarted or "rebooted" by the System Administrator ******* What's new with SecurityPortal.com ******* SubDomain - Security Software for Linux There have been a number of recent announcements regarding new security software and enhancements for Linux. SGI has started releasing their patches that will hopefully bring Linux "C2" and "B1" security ratings, as set out by the DoD Orange book standard. These additions will not be ready for production use for quite some time. One of the perceived areas where Linux is behind other operating systems, such as NT, is in it's lack of access control lists (ACL's). Many would argue, myself included, that ACL's are a fine addition to system security if used properly, but because of their complexity this is often a problem. User's can end up with additional access rights to files/directories that they shouldn't have. Another problem is that file system controls, even fine grained ones such as ACL's, do not easily address what files a process can and cannot access. Getting a process to run as a distinct non-root user is sometimes not an easy task and has a tendency of breaking things like time synchronization software. The good news is this is exactly what SubDomain addresses. Read the full story at <http://securityportal.com/direct.cgi?/closet/closet20000426.html> Tell us how we are doing. Send any other questions or comments to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . Michael McCrea SecurityPortal.com - the Focal Point for Security on the Net [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
