******* You may leave the list at any time by sending an email to [EMAIL PROTECTED] with the text "SIGNOFF SECURITYPORTAL-L" in the body of the email. We will miss you! ******* Vendor Corner ******* Sponsored by Axent - Security that Means Business How to Protect Against Application Level Attacks Raptor(TM) Firewall delivers the most intuitive management interface and high performance, multi-threaded services, giving you the most secure, manageable, and flexible solution for enterprise security needs. Now through August 20, download your FREE guide, Everything You Need to Know about Network Security at: http://www.axent.com/email/2447/ AXENT is the leading provider of e-security solutions for your business, delivering integrated products and expert services to 45 of the Fortune 50 companies. ******* What's New With SecurityPortal ******* Interview with Jean Chouanard - YASSP Developer Jean Chouanard is the main developer behind the Solaris hardening tool known as YASSP (Yet Another Solaris Security Package). This interview covers everything from Jean's favorite music to all the details about YASSP. Read the full story here: http://securityportal.com/cover/coverstory20000821.html New Feature: Ask Buffy Overflow Do you have questions about information security? Buffy has the answers. Every Thursday Buffy will post answers to your questions about security issues. Please send your questions to [EMAIL PROTECTED] Want to read Buffy's answers to this week's questions? http://securityportal.com/topnews/buffy20000817.html ******* Vendor Corner ******* Is your network really safe from hackers? You may think so if you've got a firewall, but a firewall alone is not enough. If you have remote users accessing your network, even through a VPN, you may be vulnerable to malicious intrusions. Network Ice offers TOTAL INTRUSION PROTECTION and PREVENTION to protect your remote user workstations with 100% capture and analysis accuracy on high-speed networks, central management, aggregated reporting, affordable pricing, and more. Visit http://www.conqwest.com/netice/sp to learn more about Network Ice, request an evaluation and get a FREE white paper, "VPNs: Only Part of the Remote Access Security Solution." ******* Top News ******* Welcome to SecurityPortal - The Focal Point for Security on the Net(tm) Recent postings in our top news http://www.securityportal.com/topnews: Aug 14, 2000 Weekly Axent Security Roundup - Activity on the list was brisk over the last week. The issues that seemed to cause the most headaches (and discussion) were those in which a rule was incorrectly set up, or some esoteric parameter was inadvertently overlooked. Service redirection also raised its ugly head again! And, just for fun, listees blew off a little steam about Microsoft changing its Hotmail servers from UNIX to NT. http://securityportal.com/topnews/weekly/axent20000821.html Weekly BSD Security Roundup - FreeBSD, BSDi, and OpenBSD have all been busy issuing updates. There are a number of problems that affect pretty much all BSD's and Linux platforms, although most of these are in the ports tree in the case of *BSD. Zope, dhcpclient, ntop, cvsweb, proftpd and a few others all have problems ranging in severity up to and including remote root hacks. http://securityportal.com/topnews/weekly/bsd20000821.html Weekly Checkpoint Security Roundup - Discussions this week surrounded issues with using consumer-grade Internet connectivity with VPN technologies, the newly fixed Check Point vulnerabilities, and general systems administration. TUV Data Protect also finally posted a full-disclosure version of their Check Point vulnerability findings, which Check point has fixed in 4.1 SP2 and 4.0 SP7. We've included links to this very important information, including exploit source code and Check Point's response, in this week's digest. http://securityportal.com/topnews/weekly/checkpoint20000821.html Weekly Executive Digest - Another stab at private/public sector cooperation on cybercrime is attempted, security gurus are leaving the U.S. federal government in droves, and a federal appeals court rules against wiretapping regulations. The Reform Party used Internet balloting as part of their nomination process, and the virtues of publicizing security holes are debated. Also, are your techies using legacy protocols on host systems? http://securityportal.com/topnews/weekly/exec20000821.html Weekly Linux Security Roundup - Another messy week. Xlock/Xlockmore (a common screen saver) has a format bug in the processing of a command line option. This affects Linux and BSD versions. Zope has a flaw that allows users to gain additional roles while editing DHTML, and vendors are still releasing updates for problems from last week (rpc, perl, mailx, etc.). A very bad hole in the Lyris list manager's Web interface allows an attacker to trivially gain administrative access to the list. Also, some vendors have made very basic mistakes. http://securityportal.com/topnews/weekly/linux20000821.html Weekly Microsoft Security Roundup - It was a busy week for people dealing with Microsoft security issues. Microsoft released one bulletin this week that fixes a problem with IIS 5. On the NTBugTraq mailing list, people posted messages regarding questions on identifying a program listening on a certain port; local Administrator compromise on Windows 2000, important note to all NT/W2K IIS admins/users, Web Folder issue, Translate:f summary, history and thoughts, Microsoft refuses to fix a security bug in Windows 2000, Win2K PPP dialup scripting bug, and RUNAS CMD files fail under Win2K SP1. See the Tip of the Week for information on determining if you have an insecure setup of IIS. http://securityportal.com/topnews/weekly/microsoft20000821.html Weekly Solaris Security Roundup - Vulnerabilities: ntop and BEA Weblogic. Tools updated: snort, saint. Articles: SSH, Secure backups over insecure networks. Discussions: YASSP & Focus-Sun. Tip of the Week discusses mount options in /etc/vfstab. http://securityportal.com/topnews/weekly/solaris20000821.html Aug 19, 2000 AntiOnline: Carnivore Meets the Grinder - If the geek team down at FBI headquarters had called it Network E- mail Redirection and Detection, or NERD, critics might not have taken it so seriously. If they'd called it Simultaneous Network Observation for Ongoing Probes, SNOOP, it might have generated a few laughs at congressional hearings. http://www.antionline.com/2000/08/19/TUL/0000-1223-KEYWORD.Missing.html AntiOnline: The Forgotten PIN Number: Tips for Remembering Secret Codes - Ever have trouble remembering your personal information number (PIN) for your automated banking teller? If so, you're not alone. http://www.antionline.com/2000/08/20/eca/0017-0690-dpa-SPECIAL-Computers.htm l Linux Today: Red Hat Security Advisory: New Netscape Packages Fix Java Security Hole - New Netscape packages are available to fix a serious security problem with Java. It is recommended that all netscape users update to the new packages. Users of Red Hat Linux 6.0 and 6.1 should use the packages for Red Hat Linux 6.2. http://linuxtoday.com/news_story.php3?ltsn=2000-08-19-001-04-SC-RH ZDNet: e-Commerce Gets Serious About Privacy - It's one thing to post a privacy policy. It's quite another to make it stick. Top-level chief privacy officers show Web-savvy businesses care about protecting consumer data. http://www.zdnet.com/zdnn/stories/news/0,4586,2613078,00.html Linux Today: The OutRider Computing Journal: The Truth About Security - Security is not nearly as hard as one might think. It has been most administrator's belief that pro-active security is actually easier than say setting up a ip forwarding (which could be considered an aspect of security). http://linuxtoday.com/news_story.php3?ltsn=2000-08-19-018-06-SC-HL ZDNet: Napster: Throw out the Case! - Napster tells an appeals court a judge blew it big time by misinterpreting the law. The company also says it's tried to settle, but the record industry won't budge. http://www.zdnet.com/zdnn/stories/news/0,4586,2617445,00.html CNN: Surf-For-Pay Sites Jeopardized by Hackers - Thinking of trying out one of those services that pay you to surf? Better do it soon. Their own popularity--and vulnerability--is threatening their survival. http://www.cnn.com/2000/TECH/computing/08/18/freewebstuff.folds.idg/index.ht ml ZDNet: Jumping the Gun on AOL's Linux OS - A Web site that posted an early version of AOL's operating system for Net appliances claims users are looking for security holes. http://www.zdnet.com/zdnn/stories/news/0,4586,2617324,00.html Ireland.com: No Arrests Imminent in Eircom Hacker Case - Eircom has refused to confirm whether it knows the name of a hacker who breached its Internet service on Wednesday night. Reports today suggested Eircom had managed to track the hacker�s movement on its computer system but a spokeswoman would not confirm this. http://www.ireland.com/newspaper/breaking/2000/0818/breaking24.htm Aug 18, 2000 Wired: The Linux Password is ... 'Embed' - That's the buzzword at the LinuxWorld Conference and Expo here, where startups and industry veterans alike are trying to prove that Linux can run on everything from a wristwatch to an industrial robot. http://www.wired.com/news/technology/0,1282,38257,00.html Silicon.com: Behind the Headlines: Media Blamed for Over-Hyping e-Security - The media has come under attack from ecommerce experts for sensationalising recent online security blunders. http://www.silicon.com/public/door?REQUNIQ=966604994&6004REQEVENT=&REQINT1=3 9169&REQSTR1=newsnow VUNet.com: Hacked Websites 'Didn't Read the Manual' - Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week. http://www.vnunet.com/News/1109143 ZDNet: Napster Fan's Rampage Continues - On Wednesday we covered a story describing one Napster supporter's efforts to spread the word via web site vandalism. Since then, the defacer known as Pimpshiz has knocked off a slew of sites using a Windows NT exploit. Pimpshiz offered his e-mail address for web site administrators to get the news on how they were attacked. Once again, the sites that were attacked don't really have anything to do with the recording industry or the case against Napster. http://dailynews.yahoo.com/h/zd/20000817/tc/napster_fan_hacks_dozens_of_site s_2.html FT.com: Hacker takes Ireland offline - Thousands of Irish computer users were unable to access the internet on Thursday, after the country's largest service provider had to issue new passwords after an overnight hacker attacked the system. http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3EUP7Q0CC&liv e=true&tagid=ZZZC00L1B0C&subheading=information%20technology InformationWeek: Encryption Gets Really Small - Scientists at the University of Geneva are collaborating with the Swiss Ministry of Posts and Telecommunications on an experiment that uses quantum computers to run an unbreakable encryption algorithm. Cryptography could, in fact, be the first commercial application for this technology. http://www.informationweek.com/story/IWK20000818S0002 CRN.com: CA Pushes Security Awareness - Computer Associates wants to raise awareness of its security offerings. The Islandia, N.Y.-based company plans to announce Monday the release of a bundle of five of its eTrust security products for the channel. http://www.crn.com/Sections/BreakingNews/dailyarchives.asp?ArticleID=19407 Netscape 4.75 Available - A new version of Netscape 4.75 is available which fixes the Java security holes present in all previous versions. You are strongly urged to upgrade. http://home.netscape.com/download/index.html TheStandard: The World's Most Secure Operating System - "OpenBSD is probably one of the most secure operating systems out there," says Chris Brenton, author of Mastering Network Security. "The crew does a fantastic job of locking down and being responsive when vulnerabilities are found." Such a good job that the U.S. Department of Justice uses 260 copies of OpenBSD to store and transmit its most sensitive data. http://www.thestandard.com/article/display/0,1151,17541,00.html SecurityPortal: DoS: Why Is It Dangerous, and How Can We Prevent It from Happening? - Regardless of what some people choose to believe, the Internet and e-commerce are growing concerns all across the world. In the past, nothing short of a catastrophic economic collapse or groups of highly vocal protestors could ever hope to affect the course of a large business. The sad fact of the matter is this: Just about anyone with an Internet connection can cause a denial of service attack from the privacy and relative safety of their own home. http://securityportal.com/topnews/dos20000818.html InfoWorld: Privacy Groups Object to FBI's Carnivore Plans - "I just don't consider this expedited, especially since we don't really know what it means in terms of time," said David Sobel, general counsel for the Electronic Privacy Information Center (EPIC), based in Washington. "Under this, they could process one page every 45 days." http://infoworld.com/articles/hn/xml/00/08/17/000817hnepic.xml ComputerWorld: Toysmart, FTC Overruled on Sale of Customer Data - The U.S. Bankruptcy Court in Massachusetts today denied a motion by Waltham, Mass.-based Toysmart.com Inc. to approve a settlement the company reached with the Federal Trade Commission (FTC) last month to sell its customer data http://www.computerworld.com/cwi/story/0,1199,NAV47_STO48699,00.html?OpenDoc ument&~f SJ Mercury: Hollywood Scores Win in Video Hacker Case - Handing film studios a big legal victory in a case they hope will stem video piracy, a federal judge on Thursday barred a journalist from republishing software code that unlocks scrambling on DVDs, enabling movies to be copied and swapped on the Internet http://www.sjmercury.com/svtech/news/breaking/internet/docs/319301l.htm Aug 17, 2000 Civic.com: U-Match Mouse Make Biometrics Easy - With the increasing popularity of biometric security systems, vendors are looking for ways to make the technology easier to use. The U-Match BioLink Mouse from BioLink Technologies International Inc. takes things a step further, making its fingerprint scanner hard to avoid. http://www.civic.com/fcw/articles/2000/0814/web-review-08-16-00.asp InternetWire: Web Privacy: ActivatorDesk(TM) To Respond To Issues On CBS's 60 Minutes - New Internet Desktop Browser System Will Protect Personal Privacy By Blocking In Real-Time The Hidden Surveillance Of Computer Users As They Surf The Web. http://www1.internetwire.com/iwire/release_clickthrough?release_id=15214&cat egory=Technology InformationWeek: MetaSeS Unveils Security-Service Plan - With the market for outsourced security heating up, MetaSeS has introduced a set of security services that it hopes will help revolutionize the way security is delivered and how it's priced. The company is looking to capitalize on a market that International Data Corp. estimates will grow from $7.8 billion this year to $18.5 billion in 2004. http://www.informationweek.com/story/IWK20000817S0002 NewsBytes: Online Banks Losing Confidence Of Customers - Report - Based on its research, ClarITteam, the European managed service provider (MSP), has come to the conclusion that e-banks are fast losing the confidence of their customers. http://www.newsbytes.com/pubNews/00/153788.html CNET: Wireless Web Privacy Hole Still Wide Open - It seems the wireless Web doesn't yet work on Internet time when it comes to privacy issues. Mobile phone Web surfers from several service providers discovered last March that their wireless Web services were distributing their phone numbers to Web sites without telling them. The disclosure enraged privacy advocates and prompted at least one company--Sprint PCS--to promise quick changes. Five months later, little has changed. http://news.cnet.com/news/0-1004-200-2546734.html?tag=st.ne.1002.bgif.ni Civic.com: Online Balloting Thwarts Hackers - An electronic balloting service stopped 35 attempts to hack into the Reform Party�s presidential nomination process in another successful step toward online voting, eBallot.net Inc. officials said http://www.civic.com/civic/articles/2000/0814/web-1reform-08-16-00.asp Wired: MS Server Attack Tool Unleashed - A newly released automated Web-based tool can scan Microsoft's Internet Information Server (IIS) for multiple reported IIS vulnerabilities, according to iDEFENSE Intelligence Services http://wired.com/news/technology/0,1282,38259,00.html SJ Mercury: FBI has 3,000 Documents About e-Mail Surveillance System - The FBI has 3,000 pages of documents about its ``Carnivore'' e-mail surveillance system and expects to begin releasing some to the public in about 45 days, the Justice Department said Wednesday http://www.sjmercury.com/svtech/news/breaking/merc/docs/029343.htm Symantec: VBS.LoveLetter.BD Variant - This worm is a distant variant of VBS.LoveLetter.A. It attempts to email itself to everyone in the Microsoft Outlook address book. This worm comes as an email attachment named "resume.txt.vbs". It also contains the functionality to download a password stealer http://www.symantec.com/avcenter/venc/data/vbs.loveletter.bd.html Lexis-Nexis: GAO Faults EPA Computer Security, Agency Response - The computer information security program at the U.S. Environmental Protection Agency is ineffective and the agency's computers open to attacks by hackers. In fact, they have been repeatedly and successfully attacked by intruders. That s the conclusion in a new General Accounting Office report done for House Commerce Committee Chairman Thomas Bliley(R-Va.), based on an audit in February in which the GAO gumshoes actually hacked into the EPA computers http://web.lexis-nexis.com/more/cahners-chicago/11407/6198929/1 CERT: Current Activity Report - The CERT/CC is receiving reports of Linux systems being root compromised via a recently discovered vulnerability in rpc.statd. Red Hat and Debian have both released advisories and patches for their respective NFS packages http://www.cert.org/current/current_activity.html ComputerWorld: Court Rules for Tougher Surveillance Standards - The Federal Court of Appeals for the District of Columbia ruled yesterday that law enforcement agents seeking to intercept data packets that combine addressing information and the content of communications must meet the higher legal requirements needed for a search warrant. The decision casts doubts on the legality of the FBI's Carnivore Internet surveillance system, where monitoring is approved under the less demanding standard of what's called a pen register order http://computerworld.com/cwi/story/0,1199,NAV47_STO48608,00.html Aug 16, 2000 E-Commerce Times: Microsoft's Monopoly on Security Flaws - Apparently, it will take more than one bug hunter to persuade Microsoft to make its products more secure. Guninsky's latest discovery of a security flaw in Microsoft's software -- which looks a lot like the last one -- will almost certainly have the same effect on Microsoft's inadequate security policy as all the preceding discoveries. Which is to say, not much. http://www.ecommercetimes.com/news/viewpoint2000/view-000817-1.shtml SecurityPortal: Virus Top Twenty Report - A comprehensive ranking of the 20 most important viruses to be aware of and watch out for this week, including profiles, links, and other timely information. http://securityportal.com/research/virus/virustop20.html Newsbytes: Napster Supporters Deface Web Sites, Blast Metallica - A hacker or hackers have defaced Web sites around the world to highlight their anger at attempts by the powerful music industry to close down music file-swapping services such as Napster. http://www.newsbytes.com/pubNews/00/153695.html ZDNet: Do security holes demand full disclosure? - Every once in a while we need to step back and reassess the effects of the release of detailed security information and tools on the real world. And that's what happened recently at DEF CON 8.0, the annual hacking conference held in Las Vegas. http://www.zdnet.com/zdnn/stories/comment/0,5859,2615973,00.html CIAC: Linux Kernel Capability Vulnerability - A vulnerability exists in the setcap(2) call. This call will attempt to break down root permisssions into a series of capabilities. It may be possible to set the capabilities so that a setuid program cannot fully give up its root privileges thus allowing a normal user elevated privileges. Vulnerable: All linux kernels 2.XXX through 2.2.15. http://www.ciac.org/ciac/bulletins/k-064.shtml Newsbytes: ILOVEYOU Virus Rides Again - As A Resume - The ILOVEYOU virus, which caused havoc earlier this year, has resurfaced with a vengeance, says Kasperksy Lab, the Moscow-based IT security company. The firm, which has taken to issuing updates to its antivirus software on a daily basis in recent times, says that a variant of the virus, known as "I-Worm.LoveLetter.bd," was spotted in the wild late on Aug. 15 by PC users in Switzerland and Russia. http://www.newsbytes.com/pubNews/00/153738.html VNUnet: Hacker Attacks UK Government Websites - Several UK government websites have been defaced by a hacker protesting about the dangers of smoking. The nine separate attacks were carried out by a hacker calling himself "Herbless", who managed to breach seven local authority websites in England and Scotland and two government agencies. http://www.vnunet.com/News/1109018 Reuters: U.S. Court Orders FCC to Rewrite Wiretap Rules - A U.S. federal appeals court on Tuesday ordered federal regulators to rewrite rules that would require phone companies to turn over certain data about wireless calls being sought by law enforcement officials for investigations. http://www.sjmercury.com/svtech/news/breaking/reuters/docs/311289l.htm CNet: Experts Corroborate Windows, IE Security Hole - Security experts today confirmed that certain configurations of Microsoft's Windows operating system and its Internet Explorer Web browser are open to a potentially dangerous vulnerability allowing a malicious programmer to take over a computer through local and remote folders http://news.cnet.com/news/0-1005-200-2530362.html?tag=st.ne.1002.bgif.ni Yahoo!: A Bumper Crop of Break-Ins - This morning the press covered a mixed bag of security troubles at Bloomberg, Safeway U.K. and Verizon. The first two suffered embarrassing break-ins; Bloomberg provided a rare happy ending. (Refferences previous posts MSNBC: Verizon Site Exposed Customer Data & Safeway shoppers hit by email hoax) http://dailynews.yahoo.com/h/nm/20000815/wr/industrystandard_dc_4.html NetworkWorldFusion: F-Secure Plans Virus Protection for Phones - F-Secure Corp., which specializes in security and encryption technology, is announcing a virus protection product for mobile devices running on Symbian Ltd.'s EPOC platform. http://www.nwfusion.com/news/2000/0815fsecure.html FCW: FAA to Develop Security Certification - The Federal Aviation Administration is on the verge of awarding a contract to develop a certification program for FAA information systems security workers http://www.fcw.com/fcw/articles/2000/0814/web-faa-08-15-00.asp SJ Mercury: U.S. Court Orders FCC to Rewrite Wiretap Rules - A U.S. federal appeals court on Tuesday ordered federal regulators to rewrite rules that would require phone companies to turn over certain data about wireless calls being sought by law enforcement officials for investigations http://www.sjmercury.com/svtech/news/breaking/reuters/docs/311289l.htm Computerworld: CERT Urges Users to Install Microsoft Patch to Fix IE Hole - Carnegie Mellon University's CERT is urging users to install a recently issued Microsoft Corp. patch relating to a previously discovered vulnerability in the Internet Explorer (IE) browser. http://www.computerworld.com/cwi/story/0,1199,NAV47-68_STO48572,00.html?Open Document&~f Wired: Lieberman's Privacy 'Tap' Dance - The Democratic Party platform that delegates will adopt this week embraces personal privacy despite the checkered voting record of its vice presidential candidate http://wired.com/news/politics/0,1283,38207,00.html Aug 15, 2000 Linux Today: Red Hat Security Advisory: Zope update - This HotFix corrects issues in the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request processing. http://linuxtoday.com/news_story.php3?ltsn=2000-08-15-049-06-SC-RH CNews: Canadian ISP Gets DOSed - The FBI and Canadian Mounties are cooperating in the investigation of a DOS attack on a Canadian ISP. The attack occurred Sunday evening and appeared to originate in Chicago. Canadian authorities want to extradite anyone suspected of conducting the attack. http://www.canoe.ca/TechNews0008/15_hackers.html MSNBC: Verizon Site Exposed Customer Data - Already suffering pressure from an ongoing customer service worker strike, Verizon Communications had to remove a customer service self-help Web site on Sunday because it exposed some customers? private information. http://www.msnbc.com/news/445991.asp?cp1=1 PCWorld.com: Windows 2000 Patch Broke Firewalls - Several popular firewall products rendered ineffective by a Windows 2000 fix are back on the job, with patches from the manufacturers. Zone Labs, Network ICE post updates to keep firewalls running with updated OS. http://www.pcworld.com/pcwtoday/article/0,1510,18051,00.html CNet: Commentary: Microsoft Lacks Motivation to Change Security - Every week, some headline seems to call attention to a security vulnerability in a Microsoft product. Because Microsoft's products are so widely used, they will be the targets of more attacks, so more vulnerabilities will come to light. Nevertheless, Gartner believes this analysis is superficial. The situation is far more complex, and other factors come into play. http://news.cnet.com/news/0-1005-200-2528362.html?tag=st.ne.1430735..ni PCWorld.com: Sigaba Enhances E-Mail Security - Free e-mail plug-in uses 128-bit encryption to secure your messages and track their delivery. http://www.pcworld.com/pcwtoday/article/0,1510,18038,00.html BugTraq: MacroMedia Flash/Shockwave Plug-In on Linux : memcpy Overrun Problem. - A replacement library for checking well-known type of stack overrun caused by memory copy / string copy operations has been made available, namely libsafe. http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist% [EMAIL PROTECTED] co.jp TheStandard: Whose Life Is It, Anyway? - Half a million citizens lose their identity each year to thieves. Armed with a name and a Social Security number, crooks can get credit cards, take out loans or make other fraudulent purchases. http://www.thestandard.net/article/display/0,1151,17533,00.html CNet: Bug Hunter Spies Holes in Windows, IE 5.x - Noted bug hunter Georgi Guninski issued a security alert today warning that Microsoft Windows 2000 and later versions of Internet Explorer may be vulnerable to security problems planted in local and remote network folders. In a security advisory, Guninski said he identified a vulnerability triggered when folders accessed through Microsoft Networking are viewed as Web pages, which occurs in Windows 98 and is the default setting in Windows 2000 http://news.cnet.com/news/0-1005-200-2522411.html?tag=st.ne.1002.bgif.ni Infoworld: HP Preparing Security Appliance - Suggesting that today's corporate firewalls may not provide adequate protection from hacker intrusions and DoS (denial of service) attacks, Hewlett-Packard plans to begin offering what it calls "security appliances" sometime in 2001. http://www.infoworld.com/articles/hn/xml/00/08/14/000814hnhpsecure.xml Trend Micro: TROJ_PERSONAL_ID Trojan Software - This malicious Trojan sends unsolicited email to an unknown number of contacts in the infected user's Microsoft Outlook address book. The executable file (written in Chinese) is sent as an attachment of the mail, which disguises itself as a "Personal ID Number" generator when it is executed http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PERSONAL _ID SunWorld: How to Perform a Secure Remote Backup Over an Insecure Network - What do you do when your site is attacked or your system fails? Backup, Avi Rubin argues, is the most reliable way to ensure that what you've lost can be recovered. Here he takes a look at protecting your backup and recommends some products that can help http://www.sunworld.com/sunworldonline/swol-08-2000/f_swol-0811-remote.html FCW: Security Exodus Continues - The upcoming change in presidential administrations will bring many personnel changes in government, but the security side is beginning to see a drain that many did not expect, as nonpolitical appointees take private-sector jobs http://www.fcw.com/fcw/articles/2000/0814/news-exodus-08-14-00.asp Microsoft Bulletin: Patch Available for Specialized Header Vulnerability - Microsoft has released a patch that eliminates a security vulnerability in Internet Information Server that ships with Microsoft� Windows 2000. Under certain conditions, the vulnerability could cause a web server to send the source code of certain types of web files to a visiting user http://securityportal.com/topnews/ms00-058.html Aug 14, 2000 ZDNet: Two Arrested in Bloomberg Extortion Sting - Two Kazakhstan men were arrested last week in London for allegedly breaking into Bloomberg's Manhattan computer system this spring. The pair are accused of trying to extort $200,000 from the business news service and its owner, Michael Bloomberg, federal prosecutors in Manhattan said Monday http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2615264,00.html?chkpt=p1 bn ABC News.com: Taking a Byte Out of Crime - In an effort to increase the odds of cybercrime prevention, members of both the public and private sectors have created a joint venture to share information on net attacks. The nearly 100 members of the coalition will share the latest information on the threats they face via a secure web site. http://abcnews.go.com/sections/tech/DailyNews/cybercrime000811.html ZDNet: GNOME Linux to Attack Windows - A high-profile group of companies is expected to back the GNOME Linux interface as a serious competitor to Windows on desktop systems. http://www.zdnet.com/zdnn/stories/news/0,4586,2615142,00.html ComputerWorld: Health-Care Industry Looks at Security Risks - Health care officials said alleged data theft last week at a leading cancer center in Boston highlights the security issues the industry faces... http://www.computerworld.com/cwi/story/0,1199,NAV47_STO48493,00.html?OpenDoc ument&~f Wired: These Wires Were Made for Tapping - A new government-approved standard for telecommunications equipment violates the Fourth Amendment's prohibition against unreasonable searches and seizures, critics say http://wired.com/news/politics/0,1283,38170,00.html NewsBytes: EU To OK US E-Signature Plan, Punt On Net Telephony - The EU's European Commission Friday said it would allow the formation of a joint venture between EU and US banks to create a standardized electronic signatures authentication service, while at the same time said it would not change licensing and status rules for Internet telephony companies. http://www.newsbytes.com/pubNews/00/153614.html PCWorld: DSLnetworks Offers Built-In Security - National broadband provider DSLnetworks this week will unveil a free, managed firewall service designed to prevent spoofing attacks against the company's DSL customers. http://www.pcworld.com/pcwtoday/article/0,1510,18019,00.html SecurityPortal: Stupid, Stupid Protocols: Telnet, FTP, rsh/rcp/rlogin - The security weaknesses of several pervasive protocols are covered as well as the means to overcome them and secure your systems http://securityportal.com/cover/coverstory20000814.html Trend Micro: TROJ_QAZ.A Trojan Software - This new backdoor Trojan allows hackers to access and control an infected system. TROJ_QAZ was initially distributed as "Notepad.exe" but might also appear with different filenames. Once an infected file is executed, TROJ_QAZ modifies the Windows registry so that it becomes active every time Windows is started. TROJ_QAZ also renames the original "notepad.exe" file to "note.com" and then copies itself as "notepad.exe" to the Windows folder. This way, the Trojan is also launched every time a user runs Notepad. TROJ_QAZ also attempts to spread itself to other shared drives on local networks. This Trojan does not mass email itself out to lists in the users address book and Trend suspects that it was either downloaded from a website, newsgroups, IRC or chat rooms http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_QAZ.A CNet: Safeway Shoppers Hit by e-Mail Hoax - Safeway has become the latest company to suffer an Internet security breach when customers were sent an email appearing to come from the supermarket chain advising them to shop elsewhere. Up to 1,000 customers telephoned to complain yesterday after a hacker appeared to have accessed a Safeway database containing details on 25,000 shoppers, The Sunday Times reported http://cnet.com/news/0-1005-200-2511703.html?tag=st.cn.1.lthd.ne IDG.net: Red Hat Boosts Linux Security - Red Hat is prepping an upgrade of Linux that lets system managers significantly tighten the security of their networks, as well as more easily install and configure the operating system. http://www.idg.net/ic_215587_1794_9-10000.html Silicon.com: Barclays' Security Gaffe: Oracle Software Behind Upgrade Fault - Silicon.com can exclusively reveal that the failure, which forced the UK high street bank to temporarily close its site, was caused by an upgrade to its 'ibank' application - based on Oracle's 8i ebusiness suite. After the upgrade, some customers were able to read other's bank details. The revelation forced Barclays to reinstall the original software. http://www.silicon.com/public/door?REQUNIQ=966230004&6004REQEVENT=&REQINT1=3 9084&REQSTR1=newsnow ******* What's New With SecurityPortal ******* Carnivore and Other Overblown Hype I've never heard so much misinformed and basically wrong conversation on a subject. People seem to think Carnivore can view all network traffic, block content, or even shut down the Internet. First we'll start off by actually covering how most large ISPs are setup. You typically have one or more datacenters. These datacenters tend to be set up pretty similarly. You have one (hopefully more) routers handling the Internet links; these in turn are usually hooked up to a large data switch with 100 megabit and possibly 1 gigabit ports. The ports are plugged into other switches and routers and ultimately server farms running the email servers. Read the full story at: http://securityportal.com/closet/closet20000816.html ******* New at SecurityPR.com, a Vendor Press Release Site ******** Clicknet Offers Custom Program That Helps MSPS & Web Hosting Firms Shorten Time-to-Market on Security Services - ClickNet today announced the eSP (entercept Service Provider) Program, a comprehensive program that makes it easy for MSPs and web hosting companies to quickly expand the security services they provide their customers. eSP combines ClickNet's entercept 2.0 Web Server Edition, the industry's first proactive web application protection, with guidance and support through the key stages required to offer profitable security services. http://securityportal.com/pr/pr.20000819062635.html Network Security Corp. Teams with Ikon Office Solutions To Offer Computer Security Training - Network Security Corp., a premier provider of Internet security solutions for business, has teamed with IKON Office Solutions, a worldwide business solutions provider, to offer a course in computer security, "Reliable Security in the Internet Age." The three-day security course is scheduled for September 25, 26, and 27 from 8:30 a.m. to 5:00 p.m. each day at Ikon's offices at 2295 Millersport Highway, Amherst. A representative of Network Security Corp. will teach the course, which is open to all information technology (IT) professionals. http://securityportal.com/pr/pr.20000818122348.html Radguard and Baltimore Technologies Interoperate to Offer Best-of-Breed E-Security Solutions - RADGUARD announced today that its cIPro VPN products are fully interoperable with those of Baltimore Technologies, (NASDAQ: BALT; London: BLM). http://securityportal.com/pr/pr.20000814072242.html Enter your own Press Releases directly at SecurityPR.com. http://securitypr.com ******************************************* You may leave the list at any time by sending an email to [EMAIL PROTECTED] with the text "SIGNOFF SECURITYPORTAL-L" in the body of the email. We will miss you! Tell us how we're doing. Send any other questions or comments to [EMAIL PROTECTED] Michael McCrea and Tony Chapman SecurityPortal -- The Focal Point for Security on the Net [EMAIL PROTECTED] [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
