******* Vendor Corner ******* ============================================================ Sponsored by VeriSign - The Internet Trust Company ============================================================ Protect your servers with 128-bit SSL encryption! Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here! http://www.verisign.com/cgi-bin/go.cgi?a=n016010400008000 ============================================================ ******* What's new with SecurityPortal.com ******* Security Threats from the Gadgets I freely admit to often watching the cartoons with my children, and often laughing louder than they do. One of my favorites has always been Inspector Gadget, and the seemingly endless number of handy, albeit often inappropriate, devices he could produce from beneath his hat and trench coat. I often feel the same sort of wonder in the real world, as each day brings a new assortment of information appliances and gadgets, aiming to bring simplicity and productivity to the wired among us. As one of many people who has tried too long and too hard to realize all of my productivity gains on the back of an overworked PC, I am happy to try to find other solutions. Personal Digital Assistants and smart phones are the most popular of the new devices that let us take our work with us - that untether us from the corporate LAN and allow for a truly plug-and-play future. This trend towards smart devices, as opposed to running everything through a PC, is likely to provide long term benefits to the cause of information security as well, as simplicity in design is one of the best friends to security. However, as anyone who has had a firecracker blow up in their hand can tell you, size does not matter and many simple gadgets pack an amazing amount of power. With that comes a threat to a corporate LAN, if the issue is not properly understood. In this article, we will look at the most common of these devices, the ubiquitous PalmPilot from 3Com. Read the full story here <http://securityportal.com/cover/coverstory20000703.html> ******* Vendor Corner ******* RSA Keon (r). PKI from the Most Trusted Name in e-Security. You need powerful e-security to deploy e-business applications with confidence. That's where PKI comes in. It's the best way to create and manage the trust relationships that drive e-business. When you're ready for PKI - to secure email, a VPN or Web e-business, you need a vendor you can trust. More than 6,000 organizations already trust their e-security to RSA Security. That's why, to be sure your e-business is secure, RSA Keon PKI is your logical choice. Contact RSA Security, your source for authentication, encryption and PKI. 1-800-495-1095 http://www.rsasecurity.com/go/keon ******* Top News ******* July 3, 2000 Welcome to SecurityPortal.com - The focal point for security on the Net Recent postings in our top news http://www.securityportal.com/topnews: Jul 3, 2000 LinuxToday: Debian Security Advisory: Package: canna <http://linuxtoday.com/news_story.php3?ltsn=2000-07-02-015-04-SC-DB> - The canna package as distributed in Debian GNU/Linux 2.1 can be remotely exploited to gain access. This could be done by overflowing a buffer by sending a SR_INIT command with a very long usernamd or groupname. This has been fixed in version 3.5b2-24slink1, and recommend that you upgrade your canna package immediately. Annanova: British astronaut's life 'endangered by hackers' <http://www.ananova.com/news/story/technology_internet-crime_15033.html> - Roberta Gross, inspector general at NASA, told Panorama: "We had an activity at a NASA centre where a hacker was overloading our systems ... to such an extent that it interfered with communications between the NASA centre, some medical communications and the astronaut aboard the shuttle." Weekly Solaris Security Roundup <http://securityportal.com/topnews/weekly/solaris20000703.html> - Few vulnerabilities were found this week, but there have been many discussions on the FOCUS-SUN and Yassp lists. A few interesting articles were published. The tip of the week looks at chroot'ing BIND. Weekly Microsoft Security Roundup <http://securityportal.com/topnews/weekly/microsoft20000703.html> - One new Microsoft Security Bulletin and patch this week. Read the NTBugtraq Review for postings about a Windows 2000 undocumented registry setting, changing password permission in Windows 2000, and a Web domain validation issue. Weekly Linux Security Roundup <http://securityportal.com/topnews/weekly/linux20000703.html> - The bad things this week: WuFTPD and ISC's DHCP client (both are very common) both have remote root exploits. Not good. Also a nifty problem in vpopmail, an extension for Qmail. Weekly Checkpoint Security Roundup <http://securityportal.com/topnews/weekly/checkpoint20000703.html> - There was quite a bit of Check Point related activity over the last week. Some of the major topics for discussion included SecuRemote configurations; different authentication mechanisms; limiting user access to specific sites, programs, applications, etc; Firewall-1's ability to statefully inspect ICMP transactions; and multiple discussions around IP NAT issues. Weekly Axent Security Roundup <http://securityportal.com/topnews/weekly/axent20000703.html> - Zdnet.com is calling for any and all hackers to do their best to compromise a network fortified by Raptor firewalls. See the news section below for details. The Raptor list this weeks had a regular mix of DNS and versioning upgrade questions as well as a long discussion on the merits of the NT and Solaris firewalls. See the Raptor Mailing List in Review for details. In this week's tech tip, FireTower's Susan Young [EMAIL PROTECTED] provides a quick tour of the new 6.5 firewall featureset and some info on how to use it. Weekly BSD Security Roundup <http://securityportal.com/topnews/weekly/bsd20000703.html> - Relatively quiet week for *BSD. Surprisingly enough, the only updates come from OpenBSD (who just released a new version, 2.7). Jul 1, 2000 IDG: Chat-security concerns cited <http://www.infoworld.com/articles/hn/xml/00/06/30/000630hnthreats.xml> - Chat clients and Internet Relay Chat (IRC) networks are coming under scrutiny in the wake of recent viruses such as the "I Love You" and LifeStages bugs. Both were programmed to take advantage of instant messaging software and chat rooms to spread themselves rapidly across computers and networks. See also the April 19th Kurts closet Wired: Student Admits Government Hacks <http://www.wired.com/news/politics/0,1283,37352,00.html> - A university student admitted in Boston federal court to breaking into U.S. government computers including Defense Department and NASA systems. Ikenna Iffih, a student at Northeastern University's College of Computer Science, pleaded guilty to a series of coast-to-coast cyber attacks before U.S. District Judge Robert Keeton late on Thursday. Jun 30, 2000 TechWeb: Hotmail Is Victim Of E-mail Prank <http://www.techweb.com/wire/story/reuters/REU20000630S0007> - The message, allegedly from a "Jon Henerd" of the "Hotmail Admin. Dept.," tells recipients they will be kicked off the service if they do not prove they actively use their accounts by forwarding the e-mail ZDNet: Clinton to e-sign Digital Signature law <http://www.zdnet.com/zdnn/stories/news/0,4586,2597132,00.html> - On the grounds where the Declaration of Independence was signed with a quill pen, Clinton will use a more modern way of signing the "Digital Signature" bill -- a smart card encoded with numbers. TechWeb: Time May Be Right For Biometrics <http://www.techweb.com/wire/story/TWB20000629S0018> - A new generation of biometric devices -- gadgets that identify you by scanning your face, fingerprint, or voice, have a distinctly futuristic look and feel, but have yet to make much of a wave in the market. But, integrators and vendors at PC Expo's "Biometropolis" exhibit were upbeat about the prospects for such wares InfoWorld: Microsoft pitches smart cards <http://infoworld.com/articles/hn/xml/00/06/29/000629hnsmartcards.xml> - Microsoft CEO and President Steve Ballmer Thursday said smart cards will play an important role in Microsoft's .Net initiative, providing a secure way to access networks and the Internet. "As we move to a Web-based lifestyle, authentication and security become critical," Ballmer said, addressing a partisan crowd at the second annual Smart Card Business Development Conference, which takes place this week at a Microsoft conference center in Bellevue, Wash CNet: Former Intel employee admits to computer fraud <http://news.cnet.com/news/0-1003-200-2174535.html?tag=st.ne.1002.bgif.ni> - A former Intel engineer who managed to put the brakes on chip production at one of the company's fabrication facilities pleaded guilty to computer fraud. Paul Barton, a former software engineer at Intel, pleaded guilty to one count of computer fraud this week in U.S. District Court in Oregon, according to Kent Robinson, an assistant U.S. attorney. In 1997, Intel fired Barton, who managed an automated manufacturing system called Workstream inside Fab 15 in Aloha, Oregon. When the company fired him, Intel revoked his password and took away his computer. What Intel failed to realize, however, was that Barton could log into the system from his home computer Jun 29, 2000 CNN: Philippine officials charge alleged 'Love Bug' virus creator <http://www.cnn.com/2000/TECH/computing/06/29/philippines.lovebug.02/index.h tml> - The Philippine National Bureau of Investigation used a credit-card fraud law on Thursday to charge the man they say unleashed the 'Love Bug' computer virus and recommended that Philippine justice officials prosecute him InfoWorld: Router security hole discovered <http://infoworld.com/articles/hn/xml/00/06/29/000629hnrouterhole.xml> - a defect in several versions of Cisco's Internet Operating System (IOS) can cause the company's routers to crash when they are tested for vulnerabilities by security scanning software ZDNet: Digital spying concerns U.S. lawmakers <http://www.zdnet.com/zdnn/stories/news/0,4586,2596561,00.html> - Fears that U.S. intelligence agencies spy on American citizens could cause old protections to be updated for the digital age CNet: Charges sought against "Love Bug" suspect <http://news.cnet.com/news/0-1005-200-2172041.html?tag=st.ne.1002.thed.ni> - Philippine investigators recommended charges be filed against the college dropout implicated in transmission of the "I Love You" virus that attacked 45 million computer users and caused an estimated $10 billion of damage last month CNN: Consumers fight back for privacy <http://www.cnn.com/2000/TECH/computing/06/28/anonymous.consumers.idg/index. html> - Over the last few years it's become an accepted truth that as technology advances, privacy recedes. E-mail, computer hard drives and Internet surfing trails have become rich fields mined by marketers and law enforcement for information individuals previously assumed was sacrosanct. Now, that may be changing. The tables are turning as new technologies emerge that return to consumers some of the control over their private information once thought lost NAI: QDel109 Virus <http://vil.nai.com/villib/dispvirus.asp?virus_k=98700> - AKA BAT/Simpson.Trojan, this is currently rated as a low risk. This is a trojan which deletes files on selected drives via an extracted .BAT file. This trojan uses the program "deltree.exe" found on Windows 9x systems to do its dirty deed. Deltree does not exist on Windows NT systems ZDNet: Aussie bank records plucked from government site <http://www.zdnet.com.au/zdnn/stories/zdnn_display/au0003700.html> - The bank account numbers of 17,000 Australian businesses were exposed Thursday when a man logged into a government Web site and easily downloaded the data Wired: McCain Renews Porn-Filter Push <http://wired.com/news/politics/0,1283,37259,00.html> - Senator John McCain, who has spent the last few years trying to push blocking software on public libraries, has found a new way to cordon off Internet porn. On Tuesday, the Arizona Republican and erstwhile presidential candidate successfully added a sex-filtering amendment to a spending bill being debated on the Senate floor Trend Micro: TROJ_DUNPWS password stealing trojan <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DUNPWS> - Currently rate a low risk, this Trojan drops the file WINSYS.EXE in the Windows TEMP directory. It also changes some registry entries so WINSYS.EXE gets executed upon Startup. This Trojan may steal your login passwords and send them to a remote location Jun 28, 2000 Wired: The Hacker Generation Gap <http://www.wired.com/news/culture/0,1284,37264,00.html> - If you've been reading Wired News for more than a month, you know we supply you with all the hacker news we can find. So, you already know that malicious coders, formerly known as crackers, are now black-hat hackers, and that there's a rift between the old-guard, elitist hacks and today's young script kiddies. TheRegister: ZDNet hack-contest server disabled <http://www.theregister.co.uk/content/1/11625.html> - ZDNet's eWeek has announced a capture-the-flag challenge to crackers called Openhack, inviting all comers to compromise a system set up for demonstration purposes and win cash prizes "ranging from $500 for defacing the Web server to $1500 for compromising the e-mail server, to $2500 for cracking into the database server," the organisers say. FCW: Report slams DOE counterintelligence <http://www.fcw.com/fcw/articles/2000/0626/web-energy-06-28-00.asp> - The Energy Department's counterintelligence training and awareness program has "failed dismally," a study by an independent panel of security experts concluded, characterizing cyber-based counterintelligence as the department's biggest challenge. IDG: Are the Password's Days Numbered? <http://www.idg.net/ic_194082_1794_9-10000.html> - In the future, you'll have no need to remember passwords or PIN numbers. That's the vision presented by a handful of companies strutting their stuff in PC Expo's Biometropolis section. What are Employees' Privacy Rights? <http://securityportal.com/topnews/employeeprivacy20000628.html> - There is a train wreck coming in the corporate world, which will be caused by a collision between the sometimes diametrically opposed goals of corporate information security and employee rights. The harsh reality that most security compromises are internally based, combined with an increasing awareness of the privacy issues of the Internet and technology in general, will lead to conflicts between the employer/employee compact, with no easy solutions to what fundamental changes must occur. Many organizations are already discovering that the philosophy of employee empowerment and robust security are in conflict in many ways. TechWeb: AOL To FCC: Instant Messaging Security Top Priority <http://www.techweb.com/wire/story/reuters/REU20000627S0012> - America Online has told federal regulators that safeguarding the privacy and security of instant messages sent by its customers is the company's top priority until standards can be developed CNN: Legal system gears up for computer crime cases <http://www.cnn.com/2000/TECH/computing/06/27/computer.law.idg/index.html> - With computer crimes expected to increase in both frequency and destructive power, the legal system will have to beef up its technical savvy to deal with the coming onslaught, according to industry and legal watchers FCW: Secret Service targets e-crime <http://www.fcw.com/fcw/articles/2000/0626/web-secret-06-27-00.asp> - With technology advancing at Internet speed, staying ahead of the learning curve has become a major focus for the government's fastest-growing agency - the U.S. Secret Service Jun 27, 2000 The Standard: U.S.-EU Net Privacy Proposal in Jeopardy <http://idg.net/ic_193394_1794_9-10000.html> - A controversial data-privacy protocol hammered out by the Commerce Department and the European Commission earlier this year could get derailed at the last minute by opponents who say it doesn't go far enough to protect European personal privacy from U.S. companies ITWorld.com: Fear the 'Messenger?'-- Internet chat opens security hole <http://www2.itworld.com/cma/ett_article_frame/0,2848,1_1236,00.html> - Instant messaging applications are spreading throughout computerdom. Will more viruses spread with them? Will the potential for eavesdropping increase? These are questions many IT professionals may soon be asking. In fact, lack of enterprise-scale authentication and encryption may soon become an issue that instant messaging vendors will have to address Trend Micro: TROJ_POKEY.A <http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_POKEY.A > - This is an Internet worm, which uses MAPI to propagate. This worm arrives as an executable with an icon like the Pokeman character, Pikachu. Once executed it modifies Autoexec.bat such that files in certain directories are deleted when the computer is rebooted. It also sends out unsolicited email messages to all addresses in the infected users MS Outlook address book. (Currently rated a low risk, but you wonder about anything with a Pokemon tie-in) Cisco Field Notice: ubr920 Router May Reload If Access List 100 or 101 is Configured <http://www.cisco.com/warp/public/770/fn12755.shtml> - If a Cisco ubr920 Series router is using the affected 12.1T images, and has configured an access list with the access list number 100 or 101, the router may reload. The current workaround is to use access-list-number between 102-199 Time: Could this 23-year-old British programmer unravel the Web? <http://web.lexis-nexis.com/more/cahners-chicago/11407/5999369/5> - "What sets Freenet apart is that information on it travels from PC to PC anonymously. There's no way to tell who posts a document and no way to tell who downloads it. The implications are profound. Dissidents in totalitarian states could use Freenet to post samizdat that once had to be cautiously hand-circulated. Whistle-blowers could safely bring smoking-gun documents to light. But Freenet could also be put to less high-minded use. Critics say it will be a boon to drug dealers, terrorists and child pornographers. And it poses a new threat to intellectual-property rights" CNet: Judge lobs hacker restrictions back to probation officer <http://news.cnet.com/news/0-1005-200-2156235.html?tag=st.ne.1002.lthd.1005- 200-2156235> - A judge today said Kevin Mitnick's probation officer must decide whether the hacker barred from using computers could launch a media career as an industry critic for magazine publisher Steven Brill or as a radio host FCW: FBI doesn't share cyberinfo, exec says <http://www.fcw.com/fcw/articles/2000/0626/web-fbi-06-26-00.asp> - Despite the boss' suggestion that agencies and industry should share information to defend against cyberattacks, the FBI does not play along, according to a senior executive with an information technology security company ComputerWorld: Digital signatures law to speed online B-to-B deals <http://computerworld.com/cwi/story/0,1199,NAV47_STO46350,00.html> - The legislation, which President Clinton is expected to sign into law this week, says contracts "signed" by electronic methods are just as legally valid in all 50 states as those signed by hand on paper. The law takes effect Oct. 1 Jun 26, 2000 SecurityFocus: The Motives and Psychology of the Black-hat Community <http://www.securityfocus.com/frames/?focus=ids&content=/focus/ids/articles/ kye/motives.html> - This paper is a continuation of the Know Your Enemy series. This series is dedicated to learning the tools and tactics of the black-hat community. Unlike the previous papers which focused purely on the "what" and "how" of the black-hat community, specifically the technical tools, their use and implementation, this paper explores the motivation and psychology of the black-hat community, in their very own words. TheTimes: Hacker taps into 24,000 credit cards <http://www.the-times.co.uk/news/pages/sti/2000/06/25/stinwenws01002.html> - A COMPUTER hacker has breached the security of a pioneering internet service provider to obtain the names, addresses, passwords and credit card details of more than 24,000 people. The victims include scientists at the top-secret Defence Evaluation and Research Agency, senior officials in the government, BBC bosses and executives at companies such as Shell, Barclaycard and Halifax. NWFusion: How to protect your network <http://www.nwfusion.com/research/2000/0626featside2.html> - ParaProtect, a network security portal in Alexandria, Va., reports that 90% of the security breaches its technicians work on are based on attacks from within. Even more shocking is that upwards of 50% are caused by the company 's own network administrators. IDG: ILumin renames Digital Handshake technology <http://idg.net/ic_193152_1794_9-10000.html> - ILumin Monday renamed its application suite for digital signatures and announced 40 pilot users and 20 strategic partners for the Digital Handshake technology including Microsoft and Novell. The company plans a full market release of Digital Handshake in early October when U.S. federal digital signature legislation is due to come into effect Wired: More Funding for FBI Snooping <http://wired.com/news/politics/0,1283,37183,00.html> - Congress is poised to give the FBI more money for wiretapping than even its director, Louis Freeh, had hoped for. The proposed 2001 budget approved by a House panel doles out an unprecedented $282 million to rewire U.S. telephone networks to make them readily snoopable, edging closer to the half-billion-dollar estimated price tag for the project ZDNet: Latest viruses exploit human frailties <http://www.zdnet.com/zdnn/stories/news/0,4586,2593514,00.html> - The new challenge for virus writers isn't how creative or damaging their script is, but rather how well they hide the fact that they're launching a virus ******* What's new with SecurityPortal.com ******* Creating and Preventing Backdoors in UNIX Systems Backdoors are by far one of the worst nightmares of many system and network administrators. We all know our networks and hosts will at some point be penetrated, and if we've done our job right we should be able to detect that penetration. However, one problem always rears it's ugly head; do we format the drive, reinstall from trusted media, then patch the system, configure it, and restore data from backups; or do we just try to patch the system up and remove any surprises the attacker may have left. In some cases it is clear cut, for a users workstation with most data stored centrally, rebuilding the system is far faster then trying to fix it. On the other hand what if you have a production email server handling incoming email for 10,000 people and no backup machine to switch to? Like any security problem it's best to understand it completely, which means learning how an attacker can place backdoors on a system. Working from this point it's relatively simple to devise defenses. Because of the complexity in most UNIX systems (network daemons, hundreds of installed programs, etc.) there are many methods and places to squirrel away backdoors. Basically the attacker needs to have some form of network access to the machine, i.e. a telnet account or the ability to send ICMP packets, and compromised software on the machine, i.e. a setuid shell hidden in their home directory, or a trojaned login binary. Read the full story at <http://securityportal.com/closet/closet20000628.html> *******New From SecurityPR.com A Vendor Press Release Site******** LITRONIC FIRST TO COMBINE IRIS BIOMETRICS TECHNOLOGY WITH DIGITAL SIGNATURES FOR ROBUST INTERNET SECURITY <http://securityportal.com/pr/pr.20000701121243.html> - Demonstration at Microsoft Conference Combines Iris Scanning with Public Key Infrastructure. Survey Reveals that Consumers and Tech Professionals Share Concern About Cybercrime, But Only 19.5 Percent of Consumers And 48.9 Percent of Tech Professionals Currently Use a Personal Firewall <http://securityportal.com/pr/pr.20000701115619.html> - Ninety-Four Percent of Tech Professionals and 87 Percent of Consumers Use Anti-Virus Software to Protect Computers. Enter your own Press Releases directly at SecurityPR.com. http://securitypr.com ******************************************* Tell us how we are doing. Send any other questions or comments to <mailto:[EMAIL PROTECTED]> . Michael McCrea SecurityPortal -- the Focal Point for Security on the Net [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
