******* Vendor Corner ******* Sponsored by Entrust Technologies - We make it safe to do business over the Internet When delivering new e-business solutions, what will set you apart in the mind of your audience? Security. You see, realizing the value of e-business rests with your ability to facilitate "business as usual" ... online. To find out more about providing electronic equivalents for traditional trusted symbols of business - like a handshake or a binding signature - think Entrust Technologies. We make it safe to do business over the Internet. Now available: Entrust XML Solution presentation. Register to learn all about this valuable digital signature technology: http://www.entrust.com/events/webcasts/xml.htm. ******* What's new with SecurityPortal.com ******* Who Pays for Bad Security? When the love bug virus struck Matrix Direct, Inc., two weeks ago, one of the first things the company's CIO did was call an attorney. "I wanted to find out what our liability was," says Robert Thomas, CIO for the San Diego-based insurance marketing firm. Liability was also an issue two months earlier when DDOS attacks temporarily shut down Yahoo, e-Bay and other e-businesses. Because the DDOS attacks were launched from unwitting "main-in-the-middle" victims (mostly .edu's), many IT professionals blamed these man-in-the-middle organizations for lax security that contributed to these attacks. Just a month before this, a number of Web businesses had failed to properly secure their customers' credit cards by patching some common operating system and Web server vulnerabilities. As a result, they lost large caches of customer credit cards to crackers who posted thousands of these credit card numbers on the Web. "Liability issues are different in the cyber world because of the ease of access to information and data, the ability to copy, and the fact that some people don't understand that things on the Web aren't all free for the taking," explains says Larry Zanger, head of the information technology and electronic practice group at the Chicago-based law firm, McBride, Baker and Coles (MBC). "IT managers used to just worry about keeping machines running. Now they have to consider e-marketing issues, e-mail, customer management, and the protection of databases full of intellectual property and customer information." Read the full story here <http://securityportal.com/cover/coverstory20000522.html> ******* Vendor Corner ******* How to establish and maintain an effective e-security program Learn about SNCi's integrated approach to lifecycle security, including risk assessment, security roadmaps, incident response & recovery, security policies, standards, procedures, and more. Now through June 4, download your FREE copy, "The Guide to Lifecycle Security" at http://www.snc-inc.com. SNCi is a subsidiary of AXENT, the leading provider of e-security solutions for your business, delivering integrated products and expert services to 45 of the Fortune 50 companies. ******* Top News ******* May 22, 2000 Welcome to SecurityPortal.com - The focal point for security on the Net Recent postings in our top news <http://www.securityportal.com/topnews> : May 22, 2000 Weekly Solaris Security Roundup <http://securityportal.com/topnews/weekly/solaris20000522.html> - The mailing list review covers: Solaris netpr Buffer Overflow Vulnerability, Netscape Communicator /tmp Symlink Vulnerability, Matt Wright FormMail Environmental Variables Disclosure Vulnerability, Netscape Navigator and Communicator Invalid SSL Certificate Warning Bypass Vulnerability. Tip of the Week covers the Solaris7 mount option attime and logging mount feature Weekly Microsoft Security Roundup <http://securityportal.com/topnews/weekly/microsoft20000522.html> - Two MS Security Bulletins: Frame Domain Verification, Unauthorized Cookie Access, Malformed Component Attribute, IP Fragment Reassembly. NTBugtraq: Windows 2000 IPSec, Outlook ILOVEYOU, Directory and file auditing, and Exchange Server Anti-Virus problems. Tip of the week: Administer Windows boxes from Unix Weekly Linux Security Roundup <http://securityportal.com/topnews/weekly/linux20000522.html> - General Advisories include the following: Nessus, Apache, Kerberos, Linux FTP IP masquerading module problem, Postfix. There are Vendor Advisories for Mandrake, SuSE, and TurboLinux. Want more detail on the general advisories? Read the As Seen on BugTraq section Weekly Check Point Security Roundup <http://securityportal.com/topnews/weekly/checkpoint20000522.html> - The mailing list review covers: Setting up Anti-Spoofing, Patching Worm Holes in MS Software, How to Redirect http-Traffic to a Proxy Server, MS 2000 Proxy vs. CSM Proxy, Mail Checking Program Solutions. Need a cost effective load balancing solution? Read Tip of the Week at the end of the digest Weekly Axent Security Roundup <http://securityportal.com/topnews/weekly/axent20000522.html> - The mailing list review contains information on the following: 6.5 UDP-GSP Hogging Processor Cycles, VPNs: Ports or Protocols?, Sniffing the Network for Solutions. Need a review of distinctions between VPN traffic and TCP or UDP based traffic? Read Tip of the Week at the end of the digest May 21, 2000 ZDNet: Time to catch the virus copycats <http://www.zdnet.com/zdnn/stories/comment/0,5859,2573299,00.html> - It's the call of the wild for copycat virus writers worldwide: "You too can cause the next viral epidemic!" Heeding that call, the creators of more than 30 variants of the ILOVEYOU worm plagiarized and modified the original worm to create -- sometimes slightly different and sometimes very different -- versions of the original worm May 19, 2000 Currents: Montreal Teen Guilty In NASA, MIT, Harvard Hacks <http://www.currents.net/news/00/05/19/news1.html> - A teenage hacker has reportedly pleaded guilty in a Montreal court to illegally penetrating the computer systems of several Canadian and foreign institutions, including NASA, Harvard University and the Massachusetts Institute of Technology, among others. TheRegister: Bill Clinton associates Love Bug with terrorism <http://www.theregister.co.uk/000517-000031.html> - Commander-in-Chief Bill Clinton fretted about cyber-security during a US Coast Guard Academy commencement speech which he delivered in Connecticut today. "This is a highly appropriate place to give what is, for me, a very nostalgic address. It is the last speech I will ever give as President to a graduating class of one of our military service academies," he said in his most polished tones of affected sincerity. TechWeb: Microsoft Confirms IE Bug, No Fix In Sight <http://www.techweb.com/wire/story/TWB20000519S0004> - Microsoft is scrambling to put together a patch that will address the latest security flaw discovered this week in its Internet Explorer browser. The flaw lets hackers track websites IE users visit and even redirect them to other sites through cookies PCWorld: Standards Group Updates Privacy Proposal <http://www.pcworld.com/pcwtoday/article/0,1510,16786,00.html>- With a key proof-of-concept event looming in June, the leaders of a World Wide Web Consortium working group on Tuesday outlined changes to an Internet privacy proposal they expect to finalize later this year. The newly released working draft of the W3C's Platform for Privacy Preferences Project, which offers Web sites a way to communicate their privacy policies in a standard machine-readable format, calls for online users to receive a snapshot of a site's privacy policy before they send any data to the site. They also would receive a warning if any health care information will be requested. BeOpen: Security Beyond the Garden of Eden <http://www.beopen.com/features/articles/security_article.html> - For security-conscious IT managers, choosing between Linux and Windows NT is like a return trip to the Garden of Eden. On the one hand, you've got the blissful ignorance of trusting your company's security to the proprietary Windows NT operating system. That is, until some university student exposes that ignorance by uploading a Visual Basic script in between classes. F-Secure: NewLove virus not nearly as widespread as LoveLetter <http://securityportal.com/topnews/newlove-df-20000519.html> - "This worm is too destructive to go very far", comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure Corporation. "When people were hit by LoveLetter, they didn't notice it until they were contacted by people who they had sent the virus to. With NewLove, your computer crashes immediatly and you loose (sic) your files. It's difficult to miss that." Business World: NSC drafts battle plan against cyber crime <http://web.lexis-nexis.com/more/cahners-chicago/11407/5856401/2> - If there is one lesson both the government and the private sector can learn from the world's continuing million-dollar bout with various strains of the "Love Bug" - as the "I LOVE YOU" virus is known alternatively - it is that a group of teenage students and fresh college graduates can pose a threat to a nation's economic well-being. So said Fidel R. Anonuevo, Jr., head of the National Security Council's (NSC) sociopolitical cluster, after presenting the agency's plan for fighting crimes committed through the Internet and computer-related offenses during the National Information Technology Committee meeting last Tuesday at the Department of Education, Culture and Sports headquarters in Pasig City Wired: New Privacy Threat: Genealogy? <http://wired.com/news/politics/0,1283,36442,00.html> - Just when you thought there was nothing new to say about the oft-cited privacy threats that Americans face, along comes Congress with another worry: genealogy Currents: "Lets Watch TV" Virus Hoax on the Rampage <http://www.currents.net/news/00/05/18/news2.html> - IBM has issued a warning about a hoax alert, apparently originating from IBM itself, that advises about a new virus, possibly as virulent as the Melissa virus Symantec Alert: VBS.NewLove.A <http://www.symantec.com/avcenter/venc/data/vbs.loveletter.fw.a.html> - Dangerous new LoveLetter variant. "The VBS.NewLove.A is a worm, and spreads by sending itself to all addressees in the Outlook address book when it is activated. The attachment name is randomly chosen, but will always have a .Vbs extension. The subject header will begin with "FW: " and will include the name of the randomly chosen attachment (excluding the .VBS extension) Upon each infection, the worm introduces up to 10 new lines of randomly generated comments in order to prevent detection" May 18, 2000 Currents: Philippines: Is Local Hacker Group Accessing ISPs? <http://www.currents.net/news/00/05/18/news17.html> - GrammerSoft, an alleged underground group of Filipino hackers who are being implicated in the creation and spread of the Love Letter Virus, has allegedly hacked into major Internet service providers on several occasions ComputerWorld: G8 agree to reinforce cooperation on cybercrime <http://www.idg.com.hk/cw/readstory.asp?aid=20000518005> - The G8 group of nations, representing the world's leading industrialized countries and Russia, agreed today to increase cooperation to fight cybercrime at the conclusion of their Paris meeting ComputerWorld: Virus threat found on love bug suspect's disks <http://www.idg.com.hk/cw/readstory.asp?aid=20000518006> - Confiscated diskettes from the house of Onel De Guzman, the 23-year-old suspect in the "Love Bug" computer virus case, uncovered an earlier virus allegedly written by his college buddy, Michael Buen CNN: Computer crimes on the rise in Russia, police official says <http://cnn.com/2000/TECH/computing/05/17/russia.hackers.ap/index.html> - The number of computer-related crimes continues to rise in Russia, with more than 200 cases of hacking reported in the first three months of the year, a news agency quoted a top police official as saying Wednesday FCW: Privacy fears prompt study, delay <http://www.fcw.com/fcw/articles/2000/0515/web-privacy-05-17-00.asp> - The House of Representatives is considering legislation to create a privacy commission to study the issue for 18 months ZDNet: MS flags Mac IE 5 security gap <http://www.zdnet.com/zdnn/stories/news/0,4586,2571633,00.html?chkpt=zdhpnew s01> - Microsoft Corp. acknowledged Wednesday that a potential security gap has resurfaced in the Mac version of Internet Explorer after a three-year hiatus CERT Advisory CA-2000-06 Multiple Buffer Overflows in Kerberos Authenticated Services <http://www.cert.org/advisories/CA-2000-06.html> - The CERT Coordination Center has recently been notified of several buffer overflow vulnerabilities in the Kerberos authentication software. The most severe vulnerability allows remote intruders to gain root privileges on systems running services using Kerberos authentication. If vulnerable services are enabled on the Key Distribution Center (KDC) system, the entire Kerberos domain may be compromised May 17, 2000 Slashdot: The Slashdot DDoS: What Happened? <http://slashdot.org/article.pl?sid=00/05/17/1318233&mode=nocomment> - What follows this introduction is a rough summary of the crazy hell that we endured with the intermittant DDoS attacks we experienced last Thursday through Saturday. I'm sorry it took this long to put this together and tell you what happened, but as these things go, we were too busy trying to solve the problem to waste time talking about it. Big thanks to Andover.Net's Netops PatL, Martin and Liz, as well as Slashcode-wranglers PatG, Chris, Marc, Kurt and CowboyNeal, plus scoop (from freshmeat) and others who chimed in along the way. Tomorrow is part2: A good description of how the new Slashdot @ Exodus works. Wired: Phone Phreaks to Rise Again? <http://www.wired.com/news/business/0,1367,36309,00.html> - Back before there were hackers, phreakers ruled the underground. They may be making a comeback, to the chagrin of those on whom they prey. A phreaker explores the telephone system. Some are just electronic voyeurs who want to understand how telecom structure works. Others exploit vulnerabilities in the system to get free long-distance service, re-route calls, change phone numbers, or eavesdrop on conversations. OttawaCitizen: Vast database details every Canadian's life <http://www.ottawacitizen.com/national/000517/4116449.html> - The federal government has quietly created a massive computer database with intimate details about millions of Canadians, including income, employment, education and family status, federal Privacy Commissioner Bruce Phillips revealed yesterday. Currents: FTC Access & Security Committee Issues Report <http://www.currents.net/news/00/05/17/news12.html> - The Federal Trade Commission (FTC) released a report on Monday outlining a broad range of policies that Web sites could one day adopt to give consumers access to the data collected about them online. Currents: Computer Associates Warns Over new DDoS Attacks <http://www.currents.net/news/00/05/17/news11.html> - The fun and games over the ILOVEYOU virus this past few weeks may have pushed the topic of Distributed Denial of Service (DDoS) attacks to the bottom of the agenda, but Computer Associates has warned that a new and devastating DDoS hacker attack tool is now under development. Currents: Symantec Aims to Keep Yahoo's Mail Virus-free <http://www.currents.net/news/00/05/17/news6.html> - Symantec Corp., makers of the Norton Anti-Virus family of PC-security software, said Tuesday that it has signed up Web portal Yahoo Inc. as its first major customer for what it calls "carrier-grade" virus protection for e-mail. ITPlanet: Tortoise-And-Hare Race Against Cybercrime <http://www.planetit.com/techcenters/docs/security/news/PIT20000517S0007> - As soon as the crime goes cross-border, however, a jungle of national laws waits to slow police down as the issue slips from cyberspace into the diplomatic orbit where international law and regional jealousies are just as important as hot pursuit ABCNews: Man Admits Stealing Military Credit Accounts <http://www.apbnews.com/newscenter/internetcrime/2000/05/17/creditcard0517_0 1.html> - A New Jersey man has admitted to a scheme in which he used personal information gleaned from the Internet to create hundreds of fake credit card accounts in the names of the nation's highest-ranking military officers CNet: AOL says Netscape upgrade plugs security hole <http://news.cnet.com/news/0-1005-200-1888141.html?tag=st.ne.1430735..ni>- America Online responded to a major browser security alert, saying people should upgrade to an updated version in which the problem is already fixed BBC: Hackers get backdoor access <http://news.bbc.co.uk/hi/english/sci/tech/newsid_752000/752180.stm> - In the wake of the havoc caused by the Love Bug virus, leading industrial nations are debating how best to tackle the rising tide of computer crime at a G8 conference in Paris. But their efforts could be undone by a law being adopted by US states which allows software makers to put backdoors into programs so they can be remotely disabled Reflections on Java <http://securityportal.com/topnews/onjava20000517.html> - Much like electron microscopes opened the world of biological viruses, "scouts" such as firewalls, specialized routers, and guardian software provided reconnaissance of mobile code. In a universe of growing e-business, keeping a constant eye on hostile Java applets, ActiveX controls, and Trojan executables becomes more critical and more vexing. This large tapestry of insidious agents causes problems for one's concentration, so to simplify let's focus on Java. Not that Java is exceptionally evil or prone to abuse; on the contrary, its security design offers insight into the rigors of software engineering. What then can a hostile Java Applet do? Netsurf: Quake 3 Arena Serious Security Problem <http://www.netsurf.com/nsd/nsd.06.17.html> - All players of Id Software's Quake 3 Arena game need to be aware of a security problem in version 1.16. That version introduced an auto-update feature that lets the server send updated files to the game on your PC, without necessarily telling you it's happening Trend Micro: TROJ_WINCRASH.B Trojan <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WINCRAS H.B> - TROJ_WINCRASH.B is a Backdoor Trojan that is used to manipulate a remote PC. It has two components: the client program (used to hack the server computer), and the server program (run in the computer intended to be hacked Sophos: XM97/Jini-A Excel Macro Virus <http://www.sophos.com/virusinfo/analyses/xm97jinia.html> - XM97/Jini-A is an Excel macro virus. Upon infecting a workbook the virus may delete all other sheets but the active one. After the infected worksheet has been open for two minutes the virus renames all the items in the File menu Cisco Advisory: IOS HTTP Server Vulnerability <http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml> - A defect in multiple releases of Cisco IOS software will cause a Cisco router or switch to halt and reload if the IOS HTTP service is enabled and browsing to "http:///%%" is attempted. This defect can be exploited to produce a denial of service (DoS) attack. This defect has been discussed on public mailing lists and should be considered public information ZDNet: MS again slammed on security <http://www.zdnet.com/zdnn/stories/news/0,4586,2570727,00.html?chkpt=zdhpnew s01> - Experts question robustness of Windows scripting system after discovery of hole that lets intruders break in via 'back door.' Article refers to Microsoft Security Advisory MS00-034, in May 13 Top News May 16, 2000 ABCNews: Microsoft Outlook to Include Virus Safeguards <http://www.apbnews.com/newscenter/internetcrime/2000/05/16/email0516_01.htm l> - Charged with enabling easy access for computer viruses like the Love Bug, Microsoft is altering its popular Outlook e-mail software to prevent users from running any "executable" program attachments, good or bad ZDNet: 'ILOVEYOU' bug may have over 40 authors <http://www.zdnet.com/zdnn/stories/news/0,4586,2570175,00.html> - Philippine investigators said on Tuesday a diskette seized in a Manila flat from where the "Love" bug is suspected to have spread has a program with characteristics of the destructive computer virus. It also credits more than 40 people for creating the program, investigators said TechWeb: Net Industry Wary About New Cybercrime Rules <http://www.techweb.com/wire/story/reuters/REU20000516S0007> - Internet industry groups urged the Group of Eight (G8) industrialized nations on Tuesday not to overregulate the global computer network as they try to stamp out cross-border cybercrime such as the recent "Love Bug" virus BBC: Global plan to fight cybercrime <http://news.bbc.co.uk/hi/english/world/europe/newsid_748000/748597.stm> - The world's most powerful nations are drawing up an action plan to take on cybercriminals. This week detectives, internet security experts and government officials from the Group of Eight nations are meeting in Paris to discuss ways of tackling the rising tide of computer crime PC World: Are Web Phones Next Security Threat? <http://www.pcworld.com/pcwtoday/article/0,1510,16703,00.html?cp=reuters> - The next threat to Internet security could come from mobile phones, as hackers taking advantage of third generation high-speed access will be able to disguise their location, a Web security firm says Using Passwords in Public <http://securityportal.com/topnews/passwordsinpublic20000516.html> - Even today, many Internet services that require a password, such as FTP and Telnet, involve just typing the password in at your computer, and sending it, unchanged, over the Internet. Although this is well known among hackers (since it is a basic fact about how these Internet protocols work) so far, it appears that it has not led to too many attacks. Perhaps this is because eavesdropping on the Internet requires considerable effort, and more valuable targets are available to hackers through that technique. But this may change, and it does represent a way to obtain that first password to a new computer system with which a hacker might begin other attacks May 15, 2000 FCW: Security draws extra millions <http://www.fcw.com/fcw/articles/2000/0515/web-senate-05-15-00.asp> - The Senate last week responded to the growing menace of cyberattacks by adding $76.8 million to the fiscal 2001 Defense authorization bill to kick-start a new information security scholarship program and a security institute Standard: France Urges Ban on 'Digital Havens' for Hackers <http://www.thestandard.com/article/display/0,1151,15125,00.html>- The world's leading industrialized states, struggling against Love Bug-style computer attacks from the most unexpected places, opened a cybercrime conference on Monday with a call to prevent lawless "digital havens" from springing up around the globe InternetNews: Experts Applaud Microsoft's Security Moves <http://www.internetnews.com/prod-news/article/0,2171,9_362501,00.html> - To combat future versions of the recent "Love Bug" assault, which wreaked havoc in Windows and Office platforms and paralyzed e-mail systems worldwide last week, Microsoft plans to modify its software ZDNet: Microsoft's Outlook: Cloudy security <http://www.zdnet.com/zdnn/stories/news/0,4586,2568904,00.html?chkpt=zdhpnew s01> - IT managers and security experts, increasingly cynical and sharply critical over virus assaults through Microsoft Corp.'s Outlook e-mail client, are questioning not only Microsoft's technology but also its reaction to the latest attacks ******* What's new with SecurityPortal.com ******* How to Hack I'm currently at the Vanguard Security Expo, it's a pretty amazing event. The people here are very good, the classes are generally quite good, and the tradeshow even had some interesting products worth mentioning. So anyway, yesterday I attended the "How to Hack" class, given by Ira Winkler of ISAG. Start with a room full of PC's running Windows NT workstation (they wanted server as well) and some Linux servers, the idea being to have a relatively "real world" network setup. The point of the "How to hack" workshop, and of this article isn't so much to teach people how to break into systems, it's to show people how brutally easy it is to find the information and software needed to break into most systems online. We started by covering what hacking is, and Ira had some interesting points. Hacker is a bastardized term, and the current popular usage means a malicious computer attacker. If you don't like that definition (many don't), well to bad, it's what CNN and Time are using. Hackers are not geniuses, usually, more often they are people with a little computer knowledge and a lot of spare time to spend. So with these and a few other points in mind we started hacking. I was sitting next to a nice lady from a large company that I shall rename Nameless (I don't think they'd appreciate being mentioned), but chances are you drink several cans a day of something they produce. I skipped over using Altavista to search for websites for "hacker" tools and went straight to some of my favorites. Please note, these tools are like any tool, used with good intent they can be very helpful in administering or securing a network. When used with malicious intent, well, they can be very helpful in administering a network you shouldn't be on =). Read the full story at <http://securityportal.com/closet/closet20000517.html> *******New From SecurityPR.com******** Microsoft to Deliver Major Outlook Security Solution To Help Protect Customers Against Computer Viruses <http://www.microsoft.com/presspass/press/2000/May00/SecurityUpdatePR.asp> - Microsoft Partners With ISVs, Antivirus Vendors, Customers and Security Experts to Provide Security Solution for Customers. Rainbow Ships ASP Solution for Fast, Secure Electronic Software Distribution and Licensing Over the Internet <http://www.rainbow.com/invest/pr000515.html> - SentinelExpress 2.1 Provides New Measures of Flexibility and Security While Reducing Piracy. BrainTree's Database Security Manager Receives 5 Stars in Secure Computing Review <http://www.bti.com/Events/Press_Releases/5_Star_Rating/5_star_rating.html> - BrainTree Security Software announced today that its Database Security Manager product received 5 Stars in a recent review by Secure Computing Magazine. Database Security Manager allows for the safe management of users and security policy across multiple databases and environments. Enter your own Press Releases directly at SecurityPR.com. http://securitypr.com ******************************************* Tell us how we are doing. Send any other questions or comments to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . Michael McCrea SecurityPortal.com - the Focal Point for Security on the Net [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
