******* Vendor Corner ******* Enterprise Security Manager (ESM) and NetRecon assessment solutions deliver scalable security policy compliance and assessment while checking for vulnerabilities from inside and outside your firewall. Now through May 22, download your FREE evaluation copy of NetRecon to test your firewall at http://www.axent.com/netrecon. AXENT is the leading provider of e-security solutions for your business, delivering integrated products and expert services to 45 of the Fortune 50 companies. ******* What's new with SecurityPortal.com ******* Electronic Forensics When most people think of electronic forensics the first thing that comes to mind is usually retrieving data from hard drives or similar media. Electronic forensics includes this, and much more. The amount of records stored online, and accessible to investigators is quite comprehensive. The number of "electronic footprints" left online by the average person is usually enough to track them down, and potentially prove they committed certain actions, or convict them if these actions were criminal. Companies are taking an increasing interest in the actions of their employees online, especially since they can be held responsible for them in some cases, or because they can seriously impact a companies image. Imagine if employees of an insurance company were found to be selling medical records online for $5 a pop. In addition to investigating security incidents, online research can reveal information about a person. If you were hiring someone for a sysadmin position at a major bank you would probably do some online searches to make sure they did not advocate that the rich be turned into Soylent Green, or that they felt stealing money from large companies was justifiable if you gave some to charity. Read the full story here <http://securityportal.com/cover/coverstory20000508.html> ******* Vendor Corner ******* Strategic Security Summit 2000 In just three days, one group will reset the strategic roadmap for doing business online - Safely. Security has become the great equalizer for all business online. If you are ultimately responsible for conducting business online globally, you need to join us at Strategic Security Summit 2000 (SSS2000) in Helsinki on June 24-26,2000. You will share best practices with industry leaders and discuss global policy, technology, and business strategy, across industries and around the world. Speakers include the CIO's from Microsoft and AOL, CEO of CyberSafe, leaders from Bank of America, Hewlett-Packard, and the ALA. To learn more about the event, and to register, visit our Web site at www.sss2000.com. ******* Top News ******* May 8, 2000 Welcome to SecurityPortal.com - The focal point for security on the Net Recent postings in our top news <http://www.securityportal.com/topnews> : May 8, 2000 BSD Weekly Security Roundup <http://securityportal.com/topnews/weekly/bsd20000508.html> - NetBSD DoS Security Advisory: Receipt of IP packets with certain sequences of malformed IP options can cause an unaligned access in kernel mode. BugTraq: Unaligned IP Timestamp option causes kernel panic in NetBSD Microsoft Weekly Security Roundup <http://securityportal.com/topnews/weekly/microsoft20000508.html> - More NetBIOS over TCP/IP in Win2K: TCP/IP NetBIOS Helper, not just for NetBIOS? Reminder: MaxClientRequestBuffer. WinNTMag: NTFS Access Control Security Enhancements. ZDNet: Biometrics to bolster Windows security. LoveLetter Virus Analysis from Security Portal. Want to protect your Windows NT 4.0 systems from buffer overflow attacks? Read the Tip of the Week. Linux Weekly Security Roundup <http://securityportal.com/topnews/weekly/linux20000508.html> - Buffer overflows in DMailWeb and DNewsWeb. SuSE aaa_base problems fixed. Buffer overrun in LSoft�s ListServ, exploitable SuSE 6.3 setuid (gnome-pty-helper), Exploiting tcpdump, Hole in sniffit, OOPSing the kernel nfsd, pam_consol Bug, Race Condition in "rm -r". Check Point Weekly Security Roundup <http://securityportal.com/topnews/weekly/checkpoint20000508.html> - Check point announces Check Point Provider-1 2000. Check Point Support Alternatives, Password Issues with FW-1 Ver 4.0 SP6, Asymmetric Routing, LoveLetter Worm, a response to last weeks post on Security Hole Created by a Check Point FW-1 Implicit Rule. Read Tip of the Week for information on how to block the LoveLetter worm. Official and Unofficial Check Point References. Axent Weekly Security Roundup <http://securityportal.com/topnews/weekly/axent20000508.html> - - CNBC�s Hal Plotkin writes a favorable review of AXENT. IPsec and Free VPN Solutions. Raptor 6.5 Questions begin to Trickle-In. Blocking the ILOVEYOU virus. Tip of the Week - how to take advantage of Anti-relay Anti-spam capabilities on Raptor 6.0+. MSNBC: Police ready to arrest virus suspect <http://www.msnbc.com/news/403350.asp?cp1=1> - As they awaited a judge's warrant to move in, Philippine police said Sunday the computer suspected of being used to launch the "Love Bug" virus is owned by a female computer college student May 7, 2000 NandoTimes: FBI investigates e-mails sent to virus author <http://www.nandotimes.com/technology/story/0,1643,500201388-500278198-50147 8088-0,00.html>- U.S. government agents are going over logs of angry e-mails sent by victims of the "ILOVEYOU" computer virus to its creator, who used Philippine e-mail addresses, a Philippine Internet service provider said Sunday Currents: Most Workers Don�t Mind Workplace Online Monitoring <http://www.currents.net/news/00/05/07/news4.html> - Even though study after study reflects the concern of consumers about the privacy of their personal information and Internet usage, a new poll indicates that 51 percent of Americans with online access at work are aware their companies have policies regulating on-the-job Net usage. And they don�t care Currents: The Love Bug Worm And Spam: Evil Twins? <http://www.currents.net/news/00/05/07/news3.html> - E-mail viruses, such as the so-called "Love Letter" that crippled millions of e-mail servers over the past two days, carry the same type of identifying digital "fingerprints" that allow computer security experts to track down and eventually block unsolicited e-mail--or "spam"--campaigns, a leading computer security expert said on Friday May 5, 2000 Dataloss.net: How we defaced www.apache.org <http://www.dataloss.net/papers/how.defaced.apache.org.txt> - This paper does _not_ uncover any new vulnerabilities. It points out common (and slightly less common) configuration errors, which even the people at apache.org made. This is a general warning. Learn from it. Fix your systems, so we won�t have to. LinuxWorld: Linux goes Unloved <http://www.linuxworld.com.au/news.php3?tid=1&nid=19> - The "I LOVE YOU" virus has hit Microsoft Outlook users around the world with anything but love. Once opened as a Visual Basic Script attachment by an Outlook mail client, the virus is executed on the local machine. It affects image and music files, such as JPEGs and MP3s, and also tries to download malicious software from around the Internet, to allow crackers to enter affected systems. At the same time, the virus mails itself to all addresses in the Outlook address book. Sendmail.net: Sendmail Releases Blocking Feature for LoveLetter Worm <http://sendmail.net/?feed=lovefix> - Sendmail has released a blocking configuration feature for the LoveLetter worm infecting users of Microsoft Exchange, Outlook, and Outlook Express. Email administrators can help prevent the spread of this worm by adding this configuration feature to Sendmail Switch, Sendmail Pro, Sendmail for NT, or open source sendmail. InfoWorld: European Union: Love bug underscores security needs <http://www.infoworld.com/articles/en/xml/00/05/05/000505eneubug.xml> - AS EUROPEAN INDUSTRY sits down to review the damage brought by the "I Love You" software worm, the European Commission on Friday said international cooperation prevented the havoc from being even worse than it was. WinNTMag: NTFS Access Control Security Enhancements <http://www.winntmag.com/Articles/Content/8452_01.html> - In Windows 2000 (Win2K), Microsoft redesigned how NTFS handles access control to files and other objects. You might have noticed that Security Configuration Manager (SCM), which Microsoft released in Windows NT 4.0 Service Pack 4 (SP4), handles access control like Win2K does. The new NTFS access control model takes a while to get used to, but it adds some important features. The redesign changes access control in three areas. First, permissions are much more granular, which means you can fine-tune user access. Second, if you come from the Novell NetWare world and like NetWare�s dynamic inheritance, the dynamic way Win2K and SCM handle the inheritance of permissions will especially impress you. Third, Microsoft completely revamped the access control dialog boxes. Wired: Mother�s Day Worm Worse? <http://www.wired.com/news/technology/0,1282,36152,00.html>- The "Love Bug" that wormed its way into millions of computers is now spawning variants far worse than the original. The worst of the lot appears to be one with a timely "Mother�s Day Order Confirmation" subject line and, like the "Love Bug," a .vbs attachment. If the attachment is opened, it can cripple the user�s computer. PCWorld: Microsoft: Don�t Blame Us for Virus <http://www.pcworld.com/pcwtoday/article/0,1510,16598,00.html?cp=reuters> - Microsoft says that the author of the devastating "Love Letter" virus probably targeted its software because it is broadly used, but analysts point to what they call inherent weaknesses in the software titan�s products as a possible factor in the attack. CNN: Internet provider in Philippines homes in on virus author <http://cnn.com/2000/TECH/computing/05/05/iloveyou.01/index.html> - An Internet service provider in Manila, Philippines, has confirmed to CNN.com that a 23-year-old male from the Pandacan area of Manila has two e-mail addresses through their service and is believed to be the author of the "ILOVEYOU" virus ZDNet: ILOVEYOU worm keeps mutating <http://www.zdnet.com/zdnn/stories/news/0,4586,2562652,00.html?chkpt=zdhpnew s01> - Experts say the world�s fastest-moving bug is likely to spawn even more versions and linger for a couple of weeks Daily Telegraph: Hackers vs Crackers <http://web.lexis-nexis.com/more/cahners-chicago/11407/5801705/4> - Hackers have got a bad name for themselves. Popular belief has it that they disrupt and deface computer systems, but true hackers - as opposed to these "crackers" and vandals - are said to be innocent and there for our benefit. So why the misconception? Jon Katz, the media critic with slashdot.org and Wired magazine, claims that "when the media use the term �hacker�, they are really talking about vandals FCW: GSA joins smart card group <http://www.fcw.com/fcw/articles/2000/0501/web-gsa-05-05-00.asp>- The General Services Administration has joined GlobalPlatform, an organization that promotes the implementation of multiple-application smart card services by advancing international standards SJ Mercury: Technology Security Risks Growing <http://www.sjmercury.com/svtech/news/breaking/ap/docs/37011l.htm> - The latest outbreak of a computer virus exposes technology�s darker side: As machines get better, smarter and more popular, the security risks multiply May 4, 2000 Details on the ILoveYou E-mail Worm <http://securityportal.com/research/virus/vbslovelettera.html> - Reports regarding this worm were received as early as May 4, 2000 GMT. This worm appears to originate from the Manila, Philippines. This worm has wide-spread distribution and hundreds of thousands of machines are reported infected. This includes some removal information. More to come. PCWeek: Analysis: Worm underscores limits of firewalls <http://www.zdnet.com/pcweek/stories/news/0,4153,2561866,00.html> - From Hong Kong comes the definitive comment on the rapid spread of VBS.Loveletter.A, as the currently thriving e-mail attack is dubbed by Symantec Corp.�s virus center. In the words of a Dow Jones spokeswoman quoted by the Associated Press, "I don�t know how it got through the firewall." ZDNet: Businesses shut down e-mail servers <http://www.zdnet.com/zdnn/stories/news/0,4586,2562060,00.html> - It�s a �last-resort� option, but some corporations are shutting down their e-mail servers to stop the �ILOVEYOU� worm from spreading. Latest victim: Department of Defense. Linux.com: Linux Security: TCP-Wrappers? <http://www.linux.com/articles.phtml?sid=93&aid=8518> - Linux, like any operating system, is only as secure as you make it. Any computer that is connected to a network, and especially the Internet, is susceptible to being compromised. Security is an issue that affects everyone from home users who may have credit card information and such to businesses that may have business plans and product design specifications stored on these systems. TCP-Wrappers is a software package available for Linux that greatly simplifies securing these systems. MSNBC: 'Love' virus infects e-mail systems <http://www.msnbc.com/news/403350.asp> - another story about the "LoveLetter" virus, this one focusing on the user impact and reports of damage LoveLetter Virus Analysis from F-Secure </topnews/love20000504.html> - LoveLetter VBS virus is currently sweeping the world in Melissa-like fashion. Do NOT open messages with subject line of ILOVEYOU and do not execute attachments in any message called LOVE-LETTER-FOR-YOU-TXT.vbs Netscape: JavaScript Cookie Exploit <http://home.netscape.com/security/jscookie.html> - An exploit has recently been reported and confirmed across platforms for Netscape Communicator 4.72 and earlier in which a hostile site can read the links in a user�s bookmark file if the user�s profile name and the Communicator installation directory path are known to the hostile site Its All In the Cards <http://securityportal.com/research/inthecards20000504.html> - Mundane objects, like hotel key cards, gaming arcade cards, metro transit passes, and slot machine courtesy cards, all manifesting the cultural code phrase from the 1960�s film, The Graduate, that the future was in "Plastics", serve today�s computer criminals well Wired: Cybercrime Solution Has Bugs <http://wired.com/news/politics/0,1283,36047,00.html>- -- U.S. and European police agencies will receive new powers to investigate and prosecute computer crimes, according to a preliminary draft of a treaty being circulated among over 40 nations CERT: May Issue of Infosec Outlook now online <http://www.cert.org/infosec-outlook/infosec_1-2.html> - A joint monthly publication of the Information Technology Association of America and the CERT Coordination Center, this issue contains articles regarding the EU Change in Encryption Exports and Defining Risk: Security and Survivability May 3, 2000 Currents: Entrust Launches Zero Footprint Security Technology <http://currents.net/news/00/05/03/news13.html> - "Entrust Technologies has taken the wraps off the world�s first "zero footprint" Web security technology. Known as TruePass, the firm said that the technology will make life easier for firms wanting to offer e-commerce to their customers" OpenSSH now supports SSH protocol version 2.0 <http://www.openssh.com/> - OpenSSH (a subset of the OpenBSD project) has now added SS protocol version 2.0 support (previously it supported 1.0 and 1.5 only). With this added support you can now interoperate with the commercial version of SSH. Sophos: W95/Smash.10262 executable file virus <http://www.sophos.com/virusinfo/analyses/w95smash.html> - On the 14th of any month from June onwards, this virus will patch the IO.SYS system file so that on the next restart the hard disk will be overwritten with garbage Civic.com: Washington coalition attacks Internet crime <http://www.civic.com/civic/articles/2000/0501/web-law-05-02-00.asp>- Federal, state and local law enforcement agencies in Washington have joined together to fight Internet crime, saying each agency alone does not have the expertise or resources to respond to Internet complaints CERT: mstream Distributed Denial of Service Tool <http://www.cert.org/incident_notes/IN-2000-05.html> - In late April 2000, we began receiving reports of sites finding a new distributed denial of service (DDOS) tool that is being called "mstream". The purpose of the tool is to enable intruders to utilize multiple Internet connected systems to launch packet flooding denial of service attacks against one or more target systems. See May 2 Top News CNet: Filemaker hit with Web software bug <http://news.cnet.com/news/0-1003-200-1803773.html?tag=st.ne.1002.thed.1003- 200-1803773>- Software publisher Filemaker confirmed today that there is a bug in one of its programs that potentially allows unauthorized access to databases posted to the Internet ZDNet: Stiff penalties sought for computer crime <http://www.zdnet.com/zdnn/stories/news/0,4586,2559889,00.html> - Jail time and sentencing terms recommended for credit card and identity theft, using computers to solicit or sexually exploit minors and violating copyrights or trademarks online Currents: Teen Sentenced in Columbine Web Threat <http://www.currents.net/news/00/05/02/news2.html> - A judge in Denver has reportedly handed down a four-month prison sentence to an 18-year-old Florida man convicted of sending a chat-room message threatening violence at Columbine High School, scene of a shooting spree last year which claimed 15 lives ComputerWorld: Moving COBOL to the Web - Safely <http://www.computerworld.com/home/print.nsf/idgnet/000427d956> - As they move more of their business online, companies are stripping away security mechanisms inherent in Cobol and mainframe access controls ZDNet: Biometrics to bolster Windows security <http://www.zdnet.com/zdnn/stories/news/0,4586,2559787,00.html?chkpt=zdhpnew s01> - Microsoft Corp. has agreed to include in future versions of its Windows operating system a type of software that uses "biometric" devices such as fingerprint or eye scanners to boost online security Conducting Effective Security Meetings <http://securityportal.com/research/meetings20000502.html> - You arrive at the office with a million tasks to accomplish that day and a meeting is called to discuss security. You need to attend a meeting, in the middle of everything, like you need a hole in your head. Whether you are conducting security meetings or enduring them, we have all experienced effective ones and those that simply wasted our time. Meetings that provide a collective exchange of ideas to solve a specific problem are an effective use of resources in developing security solutions. Meetings that simply meet a regular schedule, devoting little to promoting security or utilizing the talents of attendees, are another matter and require reconsideration CNet: Expert warns of powerful new hacker tool <http://news.cnet.com/news/0-1003-200-1798064.html?tag=st.ne.ron.lthd.ni>- A potent new software tool has emerged for launching attacks similar to, but more lethal than, the ones that took down Yahoo and other major Web sites in February TrendMicro: VBS_KILLMBR Trojan <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KILLMBR> - VBS_KILLMBR is compatible with the Windows Scripting Host interpreter. You must have MS IE 5 or a browser that supports Windows Scripting for this to execute. When executed this script overwrites the MBR of drive C: TrendMicro: TROJ_ANTI-RS <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ANTI-RS &VSect=T>- This trojan implements the same concept as other flooders where it sends packets of data, 413 bytes each, to a host IP using port 7070. This can cause disconnection of the user from the network or cause slowdown in the system speed May 1, 2000 Currents: Always-on Internet Security <http://www.currents.net/articles/1905,5,14,1,0501,00.html> - The two best things about those fast Internet connections you get from cable, DSL, and ISDN are that you don�t have to dial a number to connect to the Internet, and they are also easy to share over a network. That�s also the worst thing about them--the Internet�s a two-way street, and when you�ve got always-on access to the Net, the Net has the same access to your hard disk. And as for networking... well, that presents its own set of problems, especially in the telecommuter home office and the satellite corporate bureau. ZDNet: Web startup stirs up privacy concerns <http://www.zdnet.com/zdnn/stories/news/0,4586,2558316,00.html> - A new Web company, Predictive Networks, has developed software that can track every site a Web surfer visits and can build a profile based on those movements SeattleTimes: Internet security: Just how safe is your e-mail? <http://www.seattletimes.com/news/technology/html98/inbo30_20000430.html>- Whether your ISP is small - like Arthur�s shop - or large like America Online and MSN, the technology exists for someone to intercept, read and pass along any message - all without your knowledge Wired: The Epidemic of Cyberstalking <http://www.wired.com/news/politics/0,1283,35728,00.html> - Deborah has been stalked in a chat room for over six months, during which time detailed personal information and a doctored pornographic photograph with her likeness has been posted on a website. The cyberstalker has threatened to rape and kill her. "He told people that I was on drugs, that I was looking for sex," said Deborah, not her real name. "He enlisted Internet friends to harass me". Frightening scenarios like this are increasingly common as more people use the Internet and blindly trust those they meet online SJ Mercury: Britain plans to build Internet surveillance centre <http://www.sjmercury.com/svtech/news/breaking/internet/docs/481988l.htm> - British government plans to build a $39.17 million Internet surveillance center would not allow security services to examine everybody�s e-mail, the Home Office said Sunday CERT: Denial of Service Attacks using Nameservers <http://www.cert.org/incident_notes/IN-2000-04.html> - We are receiving an increasing number of reports of intruders using nameservers to execute packet flooding denial of service attacks. The most common method we have seen involves an intruder sending a large number of UDP-based DNS requests to a nameserver using a spoofed source IP address. Any nameserver response is sent back to the spoofed IP address as the destination. In this scenario, the spoofed IP address represents the victim of the denial of service attack. The nameserver is an intermediate party in the attack. The true source of the attack is difficult for an intermediate or a victim site to determine due to the use of spoofed source addresses ******* Vendor Corner ******* Introducing Entrust/TruePass(tm), the new "zero footprint" Web security and privacy solution from Entrust Technologies that can help accelerate the deployment of B2B and B2C transactions over the Internet. Dial in on May 16th to find out how Entrust/TruePass can make the deployment of trusted online financial services using digital signatures fast and easy. Or dial in on May 25th to learn how Entrust/TruePass can be used to secure and add trust to your B2B transactions. For more information visit http://www.entrust.com/events/telebriefings.htm Entrust Technologies is the leader in bringing trust to e-business relationships. We make it safe to do business over the Internet ******* What's new with SecurityPortal.com ******* Online Protests and Civil Disobedience (and Some Privacy Issues) I was watching the news tonight, something I only do while in hotel rooms (I'd watch the pay channels but they won't list them on the bill as laundry expenses at this hotel =). One article was cool, it covered CyberPatrol, and the whole fooferaw surrounding the cp4break program that allowed people to actually find out what the program was blocking for the first time. CBC, one of the national Canadian channels, whose news I was watching, seemed a bit miffed that CyberPatrol was blocking access to some of their web sites. Now that this progrm is available, you can decrypt old versions of the software. CyberPatrol has changed the encryption scheme so that cp4break will not work on newer versions, but they are still pursuing people hosting the software If you wanted to protest this there are several options that come to mind. First, you could host the software, and then fight Mattel in the courtroom, which is exactly what peacefire.org in conjunction with the ACLU is doing. However, this is a potentially expensive option (Mattel ain't poor, and they got a lot of lawyers). A second option would be to create a file called cp4break.zip, the same size as the "real" cp4break.zip, and fill it up with all 0's and distribute it far and wide. If Mattel chooses to keep pursuing this file and the people hosting it, you can easily make their life miserable, in a perfectly legal manner. Another method would be to break into their web server and deface it, this is most definitely not a legal, or remotely justifiable, method for getting your message out but it hasn't stopped people from doing it. Read the full story at <http://securityportal.com/closet/closet20000503.html> *******New From SecurityPR.com******** Expose Your Secret Admirer's Hiding Places with BindView's bv-Control for Microsoft Exchange <http://www.bindview.com/news/2000/0504.html> - Product Immediately Assesses Magnitude of Problem for Companies Hit by the ILOVEYOU Virus. RapidStream Unveils Fastest Full-Feature, Hacker-Resistant Network Security Appliance <http://www.rapidstream.com/release_6000.htm> - Highest performing firewall and VPN server in its class. NBCi's AllBusiness.com and McAfee.com Join Forces to Deliver Online Solutions for Small Business Owners <http://www.mcafee.com/about/press_releases/pr05040001.asp> - Using McAfee Clinic, small-business owners and entrepreneurs will be able to scan for viruses, clean their hard drives and update their anti-virus software through the AllBusiness.com Web site. Enter your own Press Releases directly at SecurityPR.com. http://securitypr.com ******************************************* Tell us how we are doing. Send any other questions or comments to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . Michael McCrea SecurityPortal.com - the Focal Point for Security on the Net [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
