**************
You may leave the list at any time by sending an email to
[EMAIL PROTECTED] with the text
"SIGNOFF SECURITYPORTAL-L" in the body of the email. We will miss you!
******* Vendor Corner *******
Sponsored by Entrust Technologies - We make it safe to do business
over the Internet
When delivering e-business solutions, what will set you apart in the
mind of your audience? Security. You see, the transition to a successful
e-business rests with your ability to facilitate "business as usual" ...
online. When you're thinking about providing electronic equivalents for
traditional trusted symbols of business - like a handshake or a signature -
think Entrust Technologies. We make it safe to do business over the
Internet.
Now shipping: Entrust/TruePass(tm), our new zero-footprint Web
security and privacy solution that enables trusted relationships between
online businesses and their customers, suppliers and partners -
http://www.entrust.com/truepass/index.htm
******* What's new with SecurityPortal.com *******
Shredding Access in the Name of Security: Set UID Audits
Almost every time I read an article on securing a Unix/Linux box, I find a
glaring omission. They all discuss turning off unneeded services, like ftp
and telnet, but rarely do they cover the next step of performing a SUID
audit. Just as most services are a danger because they often run as root,
SUID root programs always run as root. The danger here is that if someone
obtains an account on your computer, legitimately or otherwise, SUID root
programs present them a potential means for grabbing root access.
In this article, I'll introduce Linux/Unix file permissions, root privilege
and the SUID path to root. Then I'll help you run a SUID audit on your
system, using Red Hat 6.2 as an example. While Bastille Linux also runs an
audit, there are some really great concepts and practices here for your
everyday use; furthermore, you have more options doing this manually. Let's
start by discussing Unix/Linux file permissions.
Read the full story here
<http://securityportal.com/cover/coverstory20000626.html>
******* Vendor Corner *******
One minute- That's how long it took one e-mail attachment infected with the
"Stages" virus to clog one company's network, costing the company three
hours of productivity and hundreds of customer e-mail messages that the
company did not receive during the attack.
Learn how you can protect your valuable information system from becoming a
victim of the next malicious virus attack. Visit http://www.conqwest.com/
to download a FREE white paper "The Future of Information Security:
Integrated Border Security", written by Trend Micro, experts in corporate
virus protection.
******* Top News *******
June 26, 2000
Welcome to SecurityPortal.com - The focal point for security on the Net
Recent postings in our top news
http://www.securityportal.com/topnews:
Jun 26, 2000
Weekly Solaris Security Roundup
<http://securityportal.com/topnews/weekly/solaris20000626.html>
- No new Solaris vulnerabilities this week, but a few Application
Vulnerabilities popped up: Veritas Volume Manager 3.0.x and Netscape FTP
server. There's quite a few interesting articles and the SunScreen 3.1 Lite
is available for free download. The tip of the week looks at the "ok"
prompt.
Weekly Linux Security Roundup
<http://securityportal.com/topnews/weekly/linux20000626.html>
- Vendors have finally caught up on the INN and Kernel issues. A lot more
exploit code has been released for a number of packages, so if you are not
up to date you might want to spend the weekend installing AutoRPM or setting
up a dpkg script. Mandrake also wins (hands down) the "easiest distribution
to break into remotely" and "easiest distribution to break into locally",
having finally released 8 fixes for very severe security bugs in 7.1 (their
latest, not so greatest distribution).
Weekly Checkpoint Security Roundup
<http://securityportal.com/topnews/weekly/checkpoint20000626.html>
- There was quite a bit of Check Point related activity over the last week.
In particular, the mailing list saw an above average number of postings,
mostly of a technical nature. If you haven't implemented Check Point's
workaround for fragmented packet DOS attacks, you'll want to do so.
Weekly Axent Security Roundup
<http://securityportal.com/topnews/weekly/axent20000626.html>
- It looks like Raptor Firewall Administrators might be getting an early
case of the summertime blues. Questions on the Raptor List were as sparse as
fish in a pond full of acid rain this week. Anyways, we've dug up a few
nuggets on upgrading vs. a fresh installation of the 6.5 software, a
comparison of Raptor, Cisco, and Checkpoint, and also a DNSd question. So if
you're not at the beach drinking a frosty tall boy, enjoy the column.
Weekly Microsoft Security Roundup
<http://securityportal.com/topnews/weekly/microsoft20000626.html>
- Microsoft rereleased one security bulletin and patch this week, for
Windows Media Encoder.
NTBugtraq: Passfilt.dll problems, change password permission in Win2k,
Phantom Deleted Files in NT 4.0 SP4, and NT 4.0 Static Routes disappearing.
Read the tip of the week for information on email privacy.
Jun 25, 2000
ZDNet: Famed hacker Mitnick barred from e-zine
<http://www.zdnet.com/zdnn/stories/news/0,4586,2593948,00.html>
- Kevin Mitnick, once the world's most notorious computer hacker and a man
who has spent more than five years behind bars for his activities, has been
barred from writing a column for a start-up e-business venture. Mitnick will
be in court on Monday to fight the ban, imposed by his probation officer,
arguing that the judge who imposed the terms of his three-year probation
following his release from prison in January, never meant them to be so
sweeping.
Jun 24, 2000
ComputerUser: Sophos Debunks Mobile Phone Virus Hoax
<http://www.computeruser.com/news/00/06/24/news5.html>
- Anti-virus specialist Sophos has reported a hoax virus message "doing the
rounds." The message's text warns of a virus which displays the message
"!?UNAVAILABLE!?" on your a phone screen and falsely references Sophos
Anti-Virus and intY, an Internet service provider (ISP), in an attempt to
make the hoax seem genuine.
Ananova: Nuclear lab hit by fresh security breaches
<http://www.ananova.com/news/story/technology_nuclear-plants-us_104009.html>
- The nuclear laboratory already under scrutiny for the way it handled the
disappearance of top secret information has reported two more possible
security breaches. Two 10-year-old floppy disks containing classified
information were reported missing from the Los Alamos National Laboratory in
New Mexico on Wednesday during an inventory, the Santa Fe New Mexican
reported.
Jun 23, 2000
IDG: U.K. government pulls back on cybersnoop bill
<http://idg.net/ic_192613_1794_9-10000.html>
- In the face of increasing pressure from privacy groups, business groups
and Internet service providers (ISPs), the U.K. government is backing away
from some of the more controversial aspects of its e-mail surveillance bill
currently under consideration in the House of Lords
EPIC: Pretty Poor Privacy
<http://www.epic.org/reports/prettypoorprivacy.html>
- This whitepaper by the Electronic Privacy Information Center provides
harsh criticism of the recently announced Platform for Privacy Preferences
(P3P), a protocol developed by the World Wide Web Consortium (W3C)
NAI Virus Hoax Alert: Cell Phone Virus
<http://vil.nai.com/villib/dispvirus.asp?virus_k=98695>
- This hoax has been forwarded due to misinformation related to an Internet
worm named VBS/Timofonica
InfoWorld: Net enables global crime sprees
<http://infoworld.com/articles/hn/xml/00/06/22/000622hnglobal.xml>
- "Risk is now chaotic and complex in a way that a small incident in one
place can become a major incident in another place that you hadn't even
thought of," said Nick Beale, research and development officer for
intelligence services group Infrastructure Defense U.K.
FCW: Energy orders tighter security
<http://www.fcw.com/fcw/articles/2000/0619/web-alamos-06-22-00.asp>
- Energy Secretary Bill Richardson told Congress Wednesday that he has
ordered tough new security measures in the wake of the lost-and-found saga
at Los Alamos National Laboratory
Jun 22, 2000
TheStandard: Hackers Just Do It to Nike.com Again
<http://www.thestandard.com/article/display/0,1151,16261,00.html>
- Just when Nike.com thought it had nipped Wednesday's hack attack in the
bud, residual problems prevented some visitors from accessing the popular
site for several hours today.
ZDNet: White House admits privacy breach
<http://www.zdnet.com/zdnn/stories/news/0,4586,2592302,00.html?chkpt=zdhpnew
s01>
- Just hours after endorsing the P3P plan, the White House reveals that its
own sites may have violated federal privacy policies
FCW: Army opening biometrics center
<http://www.fcw.com/fcw/articles/2000/0619/web-bio-06-21-00.asp>
- The Biometrics Center will be a research and development facility for
designing and developing advanced biometrics technologies
TechWeb: Software Acts As Robotic Hacker
<http://www.techweb.com/wire/story/TWB20000621S0013>
- Wednesday, Sanctum rolled out an automated audit tool that analyzes Web
applications, points to security glitches, and provides advice on how to fix
any vulnerability
ZDNet: P3P privacy technology slammed
<http://www.zdnet.com/zdnn/stories/news/0,4586,2591856,00.html>
- Consumer groups say P3P technology allows companies to collect more
consumer information, not less
CERT Incident Note IN-2000-08: Chat Clients and Network Security
<http://www.cert.org/incident_notes/IN-2000-08.html>
- Internet chat applications, such as instant messenging applications and
Internet Relay Chat (IRC) networks, provide a mechanism for information to
be transmitted between computers within a network and computers at remote
sites across network borders in both directions. Chat clients provide groups
of individuals the means to exchange dialog, Web URL's, and in many cases,
files of any type. As with any similar networked application (e.g., email),
chat applications pose security risks when used in a networked environment
ISS: Insecure call of external program in AIX cdmount
<http://xforce.iss.net/alerts/advise55.php>
- The AIX cdmount program allows regular users to mount CD-ROM filesystems.
This program is basically a SUID to root wrapper of the mount command.
Insecure handling of the arguments to cdmount may allow a local regular user
to execute commands as root
Jun 21, 2000
NandoTimes: Hackers take over Nike Web site
<http://www.nandotimes.com/technology/story/0,1643,500219236-500312244-50174
2874-0,00.html>
- The Nike corporate Web site was taken over Wednesday by hackers who
replaced the content with a message about the "inequality" of the global
economy. A Web page posted by a group calling itself "S-11" appeared when
the www.nike.com address was requested.
NTSecurity: South American Man Claims to Have Created Stages Worm
<http://www.ntsecurity.net/forums/2cents/news.asp?IDF=151&TB=news>
- A South American man who goes by the name of Zulu may have been the
person who wrote the recent Stages worm. The worm shut down mail systems for
numerous large corporations, including Microsoft, Delta Airlines, Visa
International, and CNN news. The worm does no damage to system files, but
only serves to seriously clog mail servers while it propogates itself to
other users.
CNet: Microsoft embraces tool to boost Web privacy
<http://news.cnet.com/news/0-1005-200-2120950.html?tag=st.ne.1002.thed.ni>
- Microsoft said it will include support for the Platform for Privacy
Preferences (P3P) specification in its Windows operating system and Internet
Explorer Web browser next year. The P3P support will be part of the next
version of Windows, code-named Whistler. The new version will be based on
Windows 2000 and targeted at both home and business users
Securing Your Network With OpenBSD </closet/closet20000621.html> - An
OpenBSD box or two loaded up with free software can help you secure your
network and make collecting information significantly easier
ZDNet: 'Stages' worm traced to Argentina
<http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2591370,00.html?chkpt=p
1bn>
- An e-mail worm masquerading as a joke about the stages of life may be the
work of a secretive software writer living in Argentina who has taken credit
for key virus developments of recent years, computer experts said
IDG: Committee takes time with Internet Security Bill
<http://idg.net/ic_191326_1794_9-10000.html>
- The U.S. Senate Judiciary Committee is revising a bill that responds to a
variety of concerns about Internet security and privacy, and the committee
chairman plans to schedule a vote on it before the July 4 holiday recess, a
committee lawyer said Tuesday
Microsoft Re-releases Media Encoder Security Patch
<http://securityportal.com/topnews/ms00-038-upd.html>
- A patch associated with bulletin ID MS00-038 was released to eliminate a
security vulnerability in Microsoft Windows Media Encoder, which ships as a
component of the Windows Media Technologies. On June 20, 2000, Microsoft
re-released this patch to fix a regression that was introduced by the
original patch
ComputerUser: Reno Announces new Effort to Reduce Cyber Insecurity
<http://currents.net/news/00/06/20/news3.html>
- Speaking at a "cyber crime summit" at EDS Corp. headquarters in Herndon
Monday, Attorney General Janet Reno announced yet another initiative
designed to make private industry leaders more comfortable in sharing
information about cyber attacks with law enforcement authorities. Reno said
she had asked U.S. attorneys in the 93 districts across the country to sit
down with industry leaders in their communities to develop a rapport that
might facilitate cooperation in the event of a crisis
SJMercury: Mexico Party hires hackers to probe bank secrets
<http://www.sjmercury.com/svtech/news/breaking/internet/docs/118303l.htm>
- Mexico's leading leftist party has hired computer hackers to crack a
secret list of beneficiaries of a controversial $100 billion bank bailout
that followed a currency crisis in 1994 and 1995
Jun 20, 2000
vnunet: Soap could slip up on security
<http://www.vnunet.com/News/1103805>
- Microsoft is championing a protocol for cross-platform communication that
can bypass firewall defences and could leave companies open to what experts
describe as a fresh class of security vulnerabilities.
ComputerWorld: Microsoft, CERT disagree on Internet Explorer patch
<http://www.computerworld.com/cwi/story/0,1199,NAV47_STO46085,00.html>
- 2000 A Microsoft Corp. patch aimed at fixing a previously discovered
ActiveX flaw may not fully protect users against the vulnerabilty, according
to an advisory issued yesterday by Carnegie Mellon University's Computer
Emergency Response Team (CERT). See earlier Top News postings for June 20th
and June 3rd
ZDNet: States may launch privacy suits
<http://www.zdnet.com/zdnn/stories/news/0,4586,2590915,00.html>
- Law enforcement agencies are contemplating lawsuits against companies
that secretly share consumers' personal information
vnunet: Hacking the hackers
<http://www.vnunet.com/Features/1103762>
- Interview with Chris Rouland the director of X-Force at Internet Security
Systems
ComputerUser: Reno Announces new Effort to Reduce Cyber Insecurity
<http://www.computeruser.com/news/00/06/20/news3.html>
- When faced with incidents of cyber crime, both the government and the
private sector have one common objective: Damage control. Yet, these two
very distinct animals are still worlds apart on how they prefer to go about
controlling the fallout from violations of information security.
The New Police: High-Tech Crime Units
<http://securityportal.com/topnews/newpolice20000620.html>
- Police units continue to evolve with the demands of the Information Age.
In Austin, Texas, the home of Dell and "silicon hills," the Austin Police
Department seeks to serve the growing number of high-tech companies who fall
prey to rising criminal entrepreneurs.
VBS.Stages.A Worm
<http://securityportal.com/research/virus/profiles/vbsstagesa.html>
- This virus will show up as an email attachment entitled
"Life_Stages.Txt.SHS". And will send email to the entire Outlook address
book.
LinuxToday: TurboLinux Security Announcement: Package: kernel-2.2.15 and
earlier
<http://linuxtoday.com/news_story.php3?ltsn=2000-06-20-005-04-SC-TL>
- Originally this security bug was reported by Sendmail. An unsafe fgets()
usage in sendmail's mail.local exposes the setuid() security hole in the
Linux kernel. This vunlnerability allows local users to obtain root
privilege by exploiting setuid root applications.
ComputerUser: SIIA: Internet Identity Theft--Watch Out!
<http://currents.net/news/00/06/19/news6.html>
- The Software & Information Industry Association (SIIA) has posted a white
paper which supplies an analysis of Internet identity theft from consumer,
Web site operator, and public policy perspectives
CRN: Hackers As Consultants Risky Business, Warns Service Firm
<http://web.lexis-nexis.com/more/cahners-chicago/11407/5971880/1>
- When a client of PricewaterhouseCoopers Technology Risk Services hired a
well-known hacker as a security consultant, an executive at the client
company was later shocked to see his company featured in a hacker magazine's
cover story on breaking into corporate systems
TechWeb: Cybercrime Concerns Build Among Consumers
<http://www.techweb.com/wire/story/TWB20000619S0017>
- The majority of Americans are concerned about, or even feel threatened,
by cybercrime, according to a nationwide poll by the Information Technology
Association of America and EDS. About 67 percent of the 1,000 people
surveyed said they were concerned, and 62 percent believe not enough is
being done to protect Internet consumers against cybercrime
ZDNet: Biometric security -- at what cost?
<http://www.zdnet.com/zdnn/stories/news/0,4586,2584484,00.html>
- As companies forever look for ways to improve their network security,
biometric technology is fast gaining ground ... but is the pricetag in
dollars and customer goodwill too high?
CERT Incident Note IN-2000-07
<http://www.cert.org/incident_notes/IN-2000-07.html>
- There have been a number of recent malicious programs exploiting the
default behavior of Windows operating systems to hide file extensions from
the user. This behavior can be used to trick users into executing malicious
code by making a file appear to be something it is not
Jun 19, 2000
CERT Advisory CA-2000-12 HHCtrl ActiveX Control Allows Local Files to be
Executed
<http://securityportal.com/topnews/ca-2000-12.html>
- The HHCtrl ActiveX control has a serious vulnerability that allows remote
intruders to execute arbitrary code, if the intruder can cause a compiled
help file (CHM) to be stored "locally." Microsoft has released a security
bulletin and a patch for this vulnerability, but the patch does not address
all circumstances under which the vulnerability can be exploited
******* What's new with SecurityPortal.com *******
Securing Your Network With OpenBSD
An OpenBSD box or two loaded up with free software can help you secure your
network and make collecting information significantly easier. If possible,
try to have an OpenBSD box on each network segment between firewalls so you
can completely monitor the network, also have an offsite box or two that
will allow you to conduct scans with access equivalent to what most
attackers would have. Old cast-off Pentium machines are perfect for the
task, and since the software is free, usually the main obstacle is getting
permission to conduct potentially hazardous scans on your network(s).
Probably the easiest way to convince management is by pointing out that
attackers will do it anyway, and if you are feeling particularly brave do it
and present them with the findings (and the fact that you probably went
undetected). .
Read the full story at
<http://securityportal.com/closet/closet20000621.html>
*******New From SecurityPR.com A Vendor Press Release Site********
Genuity Delivers Secure Remote Access Suite - One-stop for Integrated VPN
and Connectivity Services for Medium and Large Enterprises
<http://securityportal.com/pr/pr.20000621220901.html>
- All-in-One Managed Service Enables Secure Enterprise Intranets from
Single Global Provider.
Sanctum Introduces AppScan: Industry's First Automated Web Application
Security Audit Tool
<http://securityportal.com/pr/pr.20000621232113.html>
- Revolutionary New Software Helps eBusinesses Extend Security Capabilities
in Application Development, Deployment and Maintenance.
ZDNet Offers Exclusive Demo Download of McAfee Retail Software's Student
Survival Kit
<http://securityportal.com/pr/pr.20000620184023.html>
- New Suite Includes Comprehensive File Backup and Recovery, Anti-Virus
Protection and System Cleanup for Optimizing Students' PC Performance.
Enter your own Press Releases directly at SecurityPR.com.
http://securitypr.com
*******************************************
Tell us how we are doing. Send any other questions or comments to
<mailto:[EMAIL PROTECTED]> .
Michael McCrea
SecurityPortal.com - the Focal Point for Security on the Net
[EMAIL PROTECTED]
--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
