Copy Link
Add to Bookmark
Report
Net-Sec Issue 059
HNS Newsletter
Issue 59 - 16.04.2001
http://net-security.org
http://security-db.com
This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured products
5) Featured article
6) Security software
7) Defaced archives
========================================================
Secure Exchange 2000 against email attacks/viruses!
========================================================
GFIs Mail essentials for Exchange 2000 is now available!
It can protect Exchange 2000 from all kinds of email-borne threats, like
viruses, dangerous attachments, email attacks, spam and offensive content.
Download your evaluation copy from:
http://www.gfi.com/secdblanmesnl.shtml
========================================================
General security news
---------------------
----------------------------------------------------------------------------
CISCO SECURE PIX FIREWALL
The Cisco Secure PIX Firewall is the dedicated firewall appliance in Cisco's
firewall family and holds the top ranking in both market share and performance.
The Cisco Secure PIX Firewall delivers strong security and, with market-leading
performance, creates little to no network performance impact. The product line
enforces secure access between an internal network and Internet, extranet,
or intranet links.
Link: http://www.security-db.com/product.php?id=680&cid=152
PORT NUMBERS 7001 THROUGH 65535
A port is a point of connection. In networking, a port acts as the door at
each end of a connection through which client/server/peer programs tranfer
information during a data exchange. Whenever a network program initiates
activity with a remote system, a port is opened up, both locally and remotely,
to allow the exchange to take place. Here are links to TCP/IP port lists, which
are a valuable resource for anyone involved with firewall configuration or
maintenance.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/firewalls/ports/
HACKERS WORK FROM WITHIN
A study of 1,238 companies, conducted by the KPMG consultancy, found that
90 percent of firms expected their e-commerce systems would be breached by
hackers. But KPMG warned that most attacks would be carried out by members
of staff. Norman Inkster, president of KPMG Investigation and Security, said
studies by KPMG over the last decade had found that 70 percent of fraud was
carried out by insiders. "Most security breaches are carried out by individuals
who possess intimate knowledge of the systems which they are attacking,"
he added.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/14/ns-22143.html
AUSTRALIAN HACKERS FACE JAIL TIME
"People who believe causing damage by hacking or spreading viruses to be
trivial or even amusing activities are wrong. These are serious crimes in the
21st century and people can face up to 10 years in jail if convicted," State
Attorney General Bob Debus said in a statement. The NSW Government has
proposed amendments to the Crimes Act to include provisions covering
cyberoffences. "The new offences are based on the latest international
moves to fight cybercrime. They will ensure that NSW criminal laws keep
pace with international technology and that appropriate penalties are in
place," Debus said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2705803,00.html
CONGRESS ADDRESSES CYBER SECURITY ONCE AGAIN
The security of the U.S. government's information technology (IT) systems
is receiving renewed focus in the U.S. Congress. The House Oversight and
Investigations Subcommittee April 5 heard testimony on efforts that various
government agencies are taking to protect these systems. Subcommittee
Chairman Billy Tauzin, a Republican Congressman from Louisiana, opened
the session expressing concern about reports of vulnerabilities across the
government. Tauzin specifically referred to a newly completed independent
auditor's report of the Department of Health and Human Services which
showed that electronic data processing systems were weakly controlled,
leaving them exposed to a variety of potential problems.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://cipherwar.com/news/01/usgov_comp_sec.htm
SECURITY AUDITING TOOLS FOR THE MACINTOSH
"There really aren't any 'security' tools for the Macintosh to ensure secure
passwords. Just lots of text files and reports by hackers on how it's insecure.
We will review two programs created by hackers, which can be used for
security purposes, and can be used by a hacker. The reason we are reviewing
these hackers programs is to bring to light that you need to know the tools
that hackers are using to ensure your own security. Get the programs before
the wrong people do and use them on your unsuspecting computers. We will
review these programs from a system administrators' point of view."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securemac.com/secauditing.cfm
CYPHERPUNK'S FREE SPEECH DEFENSE
Jim Bell took the witness stand in federal court on Friday to argue he was
attempting to document illegal behavior, not stalk government agents. Bell
described his electronic research last year - which the Justice Department
says led federal agents to fear for their safety - as entirely lawful and said
he never intended to hurt or threaten anyone. The 43-year-old chemist
and entrepreneur freely admitted he bought motor vehicle databases and
did Internet searches on the names of Treasury Department agents as part
of his effort to uncover illegal surveillance by the U.S. government. Bell is
charged with five federal counts of interstate stalking.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,42909,00.html
HACKERS TURN RACIST IN ATTACK ON HARDWARE SITE
PC motherboard specialist PC Chips has fallen victim to defacement in an attack
that shows that hackers can be unthinking racists. The home page of the site,
which runs Apache on a Red Hat Linux server, was replaced by a message from
the 1i0n Crew, which contained in its headline the racist remark "Kill all the
Japanese!".
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/18181.html
NEW VIRUS WRITTEN IN LOGO LANGUAGE
A virus that announces itself with lyrics from a song performed by a
Belgiantechno dance band is written in programming language by
Logotron, a educational software publisher, an anti-virus service said
today. The proof of concept I-Worm.LogoLogic.A is the first-ever virus
written using SuperLogo, said Medina, Ohio-based Central Command Inc.
The language is used to train programming students in application
development, the company said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/164290.html
RSA SAYS DEMAND FOR SECURITY SERVICES STILL STRONG
RSA Security Inc. said that demand remains strong for its authentication and
encryption services, despite fears over a slowdown in information technology
spending that has battered the shares of many Nasdaq-listed security vendors.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.siliconvalley.com/docs/news/tech/037891.htm
BRUCE SCHNEIER: 'WE ARE LOSING THE BATTLE'
Cryptographer Bruce Schneier reiterated his managed security services gospel
in a talk here on the opening day of the RSA Security Conference. But if his
message is really being heard, there should be general panic among CIOs in
corporate America. "The future of Internet security is not very good,"
Schneier said. "New methods are being invented, new tricks, and every
year it gets worse. We are not breaking even. We are losing the battle."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2705973,00.html
PGP WORKING WITH NSA ON SELINUX
A division od PGP Security has entered into a partnership with the National
Security Agency and other partners to further develop the NSA's Security
Enhanced Linux prototype. Under a $1.2 million 2-year contract, the NAI
Labs division of PGP Security will focus on research and development to
improve the security of open-source operating system platforms,
particularly Linux, PGP Security said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.infoworld.com/articles/hn/xml/01/04/09/010409hnselinux.xml
COMPUTER FORENSICS
Numerous companies may be battening down their hatches with this or that
security tool, yet more than a few still experience payloads from viruses,
breaches from script kiddies and data theft from internal employees. On the
face of it, a cybercrime treaty that eases the investigative processes for
police agencies around the world may be a move in the right direction, but
for countless victims, just understanding what action they can take to
determine how an assault on their networks happened at all is of more
urgent concern.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.scmagazine.com/scmagazine/2001_04/cover/cover.html
MEET THE CYBER AVENGERS
Kris Haworth pounded away at her keyboard, navigating a labyrinth of computer
data in her search for evidence. The board of directors for a $5 billion company
suspected revenues were being inflated. It was up to Haworth to fish out
incriminating e-mails thought to have been deleted.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/555451.asp
DESIGNING SECURE NETWORKS
It has been asserted that advancements in software development have come
about mainly as a result of the introduction of the software process model or
software lifecycle. SecurityFocus writer Paul Innella argues that, in a similar
manner, network security designers can benefit from using the principles of
the software process model. In this article, the author outlines eight phases
of the software process models as they apply to the design of a secure
network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/basics/articles/netsec.html
INTRODUCTION TO DIGITAL SIGNATURES IN JAVA
In public key cryptography, there are two keys. One is used by the sender and
is usually private. One is used by the receiver and is usually public. The sender
uses the private key to encode a message or data, and the receiver uses the
public key to decode the message. Digital signatures work just like public key
cryptography. The signer encodes data with his own private key, and then
anyone with his public key can decode it. This allows any receiver to verify
the source or signer of data as accurate and guarantee its integrity and
authenticity.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://softwaredev.earthweb.com/java/sdjjavaee/article/0,,12396_630851,00.html
GERMAN THREAT RAISES INFOWAR FEAR
At least, that's the threat that Interior Minister Otto Schily has made, vowing
the German government may resort to denial-of-service attacks as a way to
shut down U.S. and other foreign websites that help German neo-Nazis.
Condemnation of the plan was immediate. But as of Monday afternoon in
Germany, Schily's office had reported no backtracking from his statement,
which has been the focus of recent media attention in Germany.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,42921,00.html
ONLINE FRAUD WORRIES EBUSINESSES
Forty-six percent of global companies doing business online believe that online
fraud is either a "somewhat" or "very" significant problem, according to a recent
survey of 140 members of the Worldwide E-Commerce Fraud Prevention Network.
Only 1 percent do not worry about it. The study found that 70 percent believe
there are prevention tools that can keep e-fraud to a minimum.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.business2.com/content/research/numbers/2001/04/10/29756
FREEDOM2SURF OFFERS FREE PRIVACY SUITE
Freedom2Surf, one of the UK's most advanced ISPs, today built on the security
and privacy already offered to its users by announcing it is the first company in
the UK to offer its subscribers free access to a range of privacy and security
features with the Freedom 2.0 Internet Privacy Suite from Zero-Knowledge
Systems. Freedom 2.0 will be made available to all new and existing
Freedom2Surf subscribers as a free download for a limited time.
Link: http://www.net-security.org/text/press/986894868,73460,.shtml
NFR NETWORK INTRUSION DETECTION
NFR Network Intrusion Detection (NFR NID) is an intrusion detection system that
unobtrusively monitors networks in real time for activity such as known attacks,
abnormal behavior, unauthorized access attempts and policy infringements.
Information associated with activity that may be suspicious is recorded and
alerts raised as necessary.
Link: http://www.security-db.com/product.php?id=688&cid=153
THE SILENCE OF THE HACKED
Almost every day, Internet news sites break stories about newer and ever-more
dangerous breaches in computer security. But unless the story involves a virus
named after a good-looking tennis star, it probably won't make the national
news. This worries Kevin Poulsen, a former hacker who now works as the
editorial director of SecurityFocus.com. Poulsen said that because several
of the biggest hacking stories don't make the headlines, the public is mostly
ignorant about what's been hacked, and what companies are doing to
bolster security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,42945,00.html
SECURITY FLAW FOUND IN ALCATEL DSL MODEMS
The security problems could allow a hacker to bypass users' passwords and alter
the devices, making them temporarily or permanently unusable, researchers said.
A hacker also could potentially install code to gather unencrypted credit card
information or read unencrypted e-mail messages, investigators said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1004-200-5567751.html
GERMAN POL BACKTRACKS ON HACK
Germany Interior Minister Otto Schily has taken at least a half-step back from a
threat to use denial-of-service attacks to shut down neo-Nazi websites in the
United States and elsewhere. The statement Tuesday by Schily's spokesman
was expected, given the furor in Germany and elsewhere over the idea of a
government potentially getting into the hacking business. "It's wrong to talk
about hacking," Schily spokesman Dirk Inger said, suggesting that media
accounts had misinterpreted Schily's previous remarks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,42961,00.html
RUSSIAN HACKER RECRUITED BY AMERICANS
American diplomats in Moscow recruited a local hacker called 'Vers' to break
into computers serving Russia's domestic security agency, the FSB, early this
year, it was claimed yesterday.
Link: http://www.telegraph.co.uk/et?ac=000579381554028&rtmo=gjngwNku&atmo=99999999&pg=/et/01/4/11/whack11.html
CRACKS HAPPEN
The various seminars and exhibits at the computer security show here occupy
not only an entire wing of the Moscone Convention Center, but also the 15
movie theaters across the street at Sony's Metreon entertainment complex.
The RSA Conference is huge; and its size is a testament to the fact that,
given the increasing cost of computerized mischief, tech firms are starting
to devote serious money to securing their data.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/culture/0,1284,42984,00.html
A CHINESE CALL TO HACK U.S.
Chinese crackers are being encouraged to "hack the USA" in retaliation for the
mid-air collision between a U.S. spy plane and a Chinese fighter jet which
claimed the life of a Chinese pilot.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,42982,00.html
MICROSOFT MAKES 'CLEAN BREAK' ON SECURITY POLICY
During his keynote speech at the RSA Security Conference, David Thompson,
vice president for the Windows product server group, stressed that there has
been a companywide focus on improving the security of Microsoft's products
over the last year, from the top of the organization down. "We've made a
clean break with our past policy on security," said Scott Culp, security
program manager at Microsoft. "We recognize that every piece of software
has vulnerabilities and bugs. We have to deal with them."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2706838,00.html
CARE AND FEEDING OF RPM
RPM is a very complex and powerful tool for building software packages. Blindly
downloading and installing RPM's is of course very dangerous (this goes for
installing software on any operating system). If you choose to build foreign
RPM's on your machine then you should inspect the SPEC file for malicious
commands and also verify the source code used and any patches. The good
news is that verifying the origin of RPM's is relatively easy, and as the majority
of your RPM's will likely come from trusted sources, you should not have too
many problems. Lastly, with the use of scripts and triggers you can easily build
RPM's that will notify you when installed (e.g. implement a command to send
mail out so you know when someone has upgraded a machine), or properly
clean up after themselves. Used properly, RPM is a very powerful tool.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010411.html
HACKER TOOLS AND THEIR SIGNATURES, PART ONE: BIND8X.C
This article is the first in a series of papers detailing hacker exploits/tools and
their signatures. This installment will examine the Berkley Internet Name Domain
exploit bind8x.c. The discussion will cover the details of bind8x.c and provide
signatures that will assist an IDS analyst in detecting it. This paper assumes
that the reader has some basic knowledge of TCP/IP and understands the
tcpdump format.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/ids/articles/bind8.html
ANTI-VIRUS WITH SENDMAIL AND FBSD
This is a very nice add on for ISPs or someone that wants to safeguard all
email coming into their system from viruses. The following article will walk
you through installing and setting up several programs, to get this project
done.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.defcon1.org/html/Linux_mode/install-swap/anti-virus-sendmail.html
ALCATEL WORKING WITH CERT
In response to security issues raised by the San Diego Supercomputer Center
Monday regarding certain Alcatel ADSL modems, the French communications
equipment maker said that it is aware of vulnerabilities and is working with the
CERT Coordination Center to resolve the problems. Alcatel also said that it is
not aware of any instance where a Speed Touch Home ADSL modem user's
device has been compromised due to the reported vulnerabilities.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.internetnews.com/prod-news/article/0,,9_741871,00.html
SECURITY FOR WEB DATABASE APPLICATIONS
If you're using a development tool like ColdFusion, ASP, or PHP, your application
developers have probably unknowingly opened holes directly into your database
that could wreak havoc on your system. Not obscure, difficult-to-exploit holes,
but real big delete-everything-from-the-database kind of holes. Today, we're
going to discuss how those security holes arise and more importantly, how to
plug them.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://webreview.com/2001/04_13/developers/index02.shtml
MAKE SSH DO MORE
Presumably you have already installed SSH and are using it to securely log in
to remote systems. However, most people simply connect via SSH, enter their
passwords, and type away. They don't realize that SSH has advanced key
management features that allow them to avoid having to retype their
passwords; that its port-forwarding options can secure other, normally
insecure, packages; and that they can employ little tricks in SSH that
would make their lives easier.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.itworld.com/Comp/2384/LWD010410sshtips/
LINUX SECURITY MODULE INTERFACE
"One of the byproducts of the Linux 2.5 Kernel Summit was the notion of an
enhancement of the loadable kernel module interface to facilitate security
oriented kernel modules. The purpose is to ease the tension between folks
(such as Immunix and SELinux) who want to add substantial security
capabilities to the kernel, and other folks who want to minimize kernel bloat
& have no use for such security extensions. We have started a new mailing
list called linux-security-module. The charter is to design, implement, and
maintain suitable enhancements to the LKM to support a reasonable set of
security enhancement packages. The prototypical module to be produced
would be to port the POSIX Privs code out of the kernel and make it a
module. An essential part of this project will be that the resulting work
is acceptable for the mainline Linux kernel."
Link: http://linuxtoday.com/news_story.php3?ltsn=2001-04-12-021-20-SC-KN
WAR DRIVING BY THE BAY
In a parking garage across from Moscone Center, the site of this year's RSA
Conference, Peter Shipley reaches up though the sunroof of his car and slaps
a dorsal-shaped Lucent antenna to the roof. "The important part of getting
this to work is having the external antenna. It makes all the difference" says
Shipley, snaking a cable into the car and plugging it into the wireless network
card slotted into his laptop. The computer is already connected to a GPS
receiver. He starts some custom software on the laptop, starts the car
and rolls out. Shipley, a computer security researcher and consultant, is
demonstrating what many at the security super-conference are quietly
describing as the next big thing in hacking. It doesn't take long to produce
results. The moment he pulls out of the parking garage, the laptop displays
the name of a wireless network operating within one of the anonymous
downtown office buildings: "SOMA AirNet."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/192
EX-CYBERCOP: HACKERS NOT THE ONLY PROBLEM
Malicious intruders, corporate espionage and uneducated employees all
contribute to make "network security" almost an oxymoron in today's wired
world, four security experts agreed at the RSA Data Security Conference.
"It's not just the hackers who are the threats but all of us who are part of
the problem as well," said Vatis, former executive director of the federal
government's National Infrastructure Protection Center.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-200-5586254.html
CAN MCVEIGH KILLING BE HACKED?
Security experts said it would be difficult, but not impossible, to intercept and
decode the closed-circuit video of Timothy McVeigh's execution. The Justice
Department won't say much about the measures it is taking to ensure that the
pictures of the May 16 execution are not made public. Attorney General John
Ashcroft kept his description of the transmission methods vague when speaking
to reporters. "The broadcast will use the latest encryption technology integrated
with state-of-the-art video-conferencing over high-speed digital telephone lines,"
Ashcroft said. "Federal regulations prohibit any recording of the execution.
Therefore, any closed-circuit transmission will be instantaneous and
contemporaneous." Security experts say Ashcroft was describing ISDN,
short for Integrated Services Digital Network. ISDN lines can transmit
data at least twice as fast as normal telephone lines, although the data
travels through public phone networks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,43040,00.html
CLOSED SOURCE IS MORE SECURE - MS
The head of Microsoft's security response team argued that closed source
software is more secure than open source projects, in part because nobody's
reviewing open source code for security flaws. "Review is boring and time
consuming, and it's hard," said Steve Lipner, manager of Microsoft's security
response center. "Simply putting the source code out there and telling folks
'here it is' doesn't provide any assurance or degree of likelihood that the
review will occur."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/18286.html
BADTRANS VIRUS FAILS TO SPREAD
A virus that monitors a PC's network connections and sends itself in response
to any incoming e-mail has apparently failed to spread, despite, or because
of, warnings issued by several major antivirus software makers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,5081157,00.html
EICAR TEST FILE
In 1996, the European Institute for Computer Antivirus Research (EICAR)
developed the EICAR test file. The EICAR test file tests the functionality
of antivirus software, by giving the antivirus software a chance to detect
the EICAR file during antivirus scans. The test file may render a variety of
results within various antivirus programs but is NOT a virus. All major
antivirus software developers support the EICAR test file. If your antivirus
software detects the EICAR test file it does NOT guarantee that it will
catch all malware. In fact, no single antivirus solution is able to block all
malware. Thus, the EICAR test file, safe computing practices, and updated
antivirus software are just a few of the tools that users will want to employ
to lower the risk of malware infections.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/eicar20010413.html
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
RED HAT LINUX - NTPD REMOTE ROOT EXPLOIT
The Network Time Daemon (ntpd) supplied with all releases of Red Hat Linux is
vulnerable to a buffer overflow, allowing a remote attacker to potentially gain
root level access to a machine. All users of ntpd are strongly encouraged to
upgrade.
Link: http://www.net-security.org/text/bugs/986822554,64400,.shtml
CALDERA - REMOTE ROOT EXPLOIT IN NTPD
Link: http://www.net-security.org/text/bugs/986822600,4830,.shtml
TALKBACK.CGI SECURITY VULNERABILITY
Talkback.cgi may allow remote users (website visitors) to view any file on a
webserver (depending on the user the webserver is running on). Regard this URL:
http://www.VULNERABLE-HOST.com/cgi-bin/talkback.cgi?article= ../../../../../../
../../etc/passwd%00&action=view&matchview=1
This will display the /etc/passwd (if the webserver user has access to this file).
Link: http://www.net-security.org/text/bugs/986899132,17397,.shtml
DEBIAN LINUX - NTP UPDATE
Przemyslaw Frasunek reported that ntp daemons such as that released with
Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote
root exploit. A previous advisory (DSA-045-1) partially addressed this issue, but
introduced a potential denial of service attack. This has been corrected for Debian
2.2 (potato) in ntp version 4.0.99g-2potato2. We recommend you upgrade your
ntp package immediately.
Link: http://www.net-security.org/text/bugs/986899319,43520,.shtml
SUSE LINUX - UPDATED XNTP PACKAGES
Link: http://www.net-security.org/text/bugs/986899379,2605,.shtml
PROGENY - MAILX BUFFER OVERFLOW
Mailx is a simple program to read and send e-mail. Mailx is installed setgid mail
on Progeny and Debian systems. A buffer overflow in mailx allows for a local
user to gain access to the mail group, which would allow that user to read
and write to other mail spools. Debian resolved this problem by no longer
shipping mailx setgid mail. Progeny has decided to use Debian's fix. This
means that on mail systems that do not have world writable mail spools
one will not be able to properly lock one's mailbox.
Link: http://www.net-security.org/text/bugs/986899525,60483,.shtml
VULNERABILITIES IN MULTIPLE FTP DAEMONS
Multiple FTP server implementations contain buffer overflows that allow local and
remote attackers to gain root privileges on affected servers. These vulnerabilities
are contingent upon the remote user having the ability to create directories on
the server hosting the FTP daemon, with the exception of a few cases noted
below. The vulnerabilities presented are all related to the use of the glob()
function, and can be divided into the following two categories:
- glob() expansion vulnerabilities
User input that has been expanded by glob() can exceed expected lengths and
trigger otherwise benign buffer mismanagement problems present in certain FTP
daemons.
- glob() implementation vulnerabilities
Certain implementations of the glob() function contain buffer overflows. These
vulnerabilities are exploitable through FTP daemons that utilize these problematic
implementations.
CVE Candidate numbers for these issues have been assigned and are listed in the
Vulnerable Systems section.
Link: http://www.net-security.org/text/bugs/986909866,42751,.shtml
SOLARIS KCMS_CONFIGURE VULNERABILITY
The problem exists in the parsing of command line options. By exploiting this
vulnerability an attacker can achieve local root privileges. The Kodak Color
Management System (KCMS) packages have contained many vulnerabilities
in the past, we recommend disabling them if you are not currently using them.
Link: http://www.net-security.org/text/bugs/986909911,14102,.shtml
SUSE - MIDNIGHT COMMANDER VULNERABILITY
The Midnight Commander, mc(1), is a ncurses-based file manager. A local
attacker could trick mc(1) into executing commands with the privileges of
the user running mc(1) by creating malicious directory names. This attack
leads to local privilege escalation.
Link: http://www.net-security.org/text/bugs/986980267,29692,.shtml
ORACLE APPLICATION SERVER VULNERABILITY
An exploitable buffer overflow has been identified in a shared library which is
being shipped with Oracle Application Server 4.0.8.2, and used by iPlanet Web
Server if it is configured as external web-listener.
Link: http://www.net-security.org/text/bugs/986980304,50130,.shtml
PGP 7.0 SPLIT KEY/CACHED PASSPHRASE VULNERABILITY
Wkit Security AB has found that if any caching option in PGP Desktop Security
7.0 is activated there is a vulnerability that allows a malicious user to encrypt/
decrypt or sign any file or e-mail with a split key that has been previously
authenticated by an appropriate number of split-key shareholders.
Link: http://www.net-security.org/text/bugs/986980500,97972,.shtml
RED HAT - NEW NETSCAPE PACKAGES
New netscape packages are availabe to fix a problem with the handling of
JavaScript in certain situations. By exploiting this flaw, a remote site could
gain access to the browser history, and possibly other data.
Link: http://www.net-security.org/text/bugs/986999609,13050,.shtml
GHOST MULTIPLE DENIAL OF SERVICE
The first flaw involves the database engine, which isn't a Symantec product,
but it is shipped with Symantec Ghost 6.5 (and possibly older versions as well).
The database engine is the run-time engine by Sybase. Connecting to the
database engine on tcp port 2638 and sending a string of approx. 45Kb will
cause a buffer overflow that results in registers being overwritten. The
database engine needs to be restarted in order to regain functionality.
"State Dump for Thread Id 0x5c8
eax=0063f0e4 ebx=0063f204 ecx=41414141 edx=41414141 esi=00630020
edi=00630000 eip=65719224 esp=08fbfbf0 ebp=00000000
iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206"
The Ghost Configuration Server is running on TCP port 1347. It is periodically
vulnerable to crash triggered the same way as the database engine overflow.
This is not a buffer overflow, and can only be used as a DoS attack.
Link: http://www.net-security.org/text/bugs/987079641,96179,.shtml
PROGENY - EXECVE()/PTRACE() EXPLOIT
This vulnerability exploits a race condition in the 2.2.x Linux kernel within the
execve() system call. By predicting the child-process sleep() within execve(),
an attacker can use ptrace() or similar mechanisms to subvert control of the
child process. If the child process is setuid, the attacker can cause the child
process to execute arbitrary code at an elevated privilege.
Link: http://www.net-security.org/text/bugs/987079790,60855,.shtml
LOTUS DOMINO MULTIPLE DOS
The Lotus Domino Web Server contains multiple flaws that could allow an
attacker to cause a Denial of Service situation.
Link: http://www.net-security.org/text/bugs/987079825,54870,.shtml
CFINGERD REMOTE VULNERABILITY
There is a critical bug in cfingerd daemon <= 1.4.3, (a classic format bug)
that makes possible to acquire full control over the remote machine if it
runs the cfingerd program, the configurable and secure finger daemon.
Link: http://www.net-security.org/text/bugs/987151748,43182,.shtml
IBM WEBSPHERE/NETCOMMERCE3 DOS
Exploit:
http://host/cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
Result:
DTWP029E: Net.Data is unable to locate the HTML block NOEXISTINGHTMLBLOCK
in file /usr/NetCommerce3/macros/en_US/macro.d2w
+DoS with Long URL
Link: http://www.net-security.org/text/bugs/987151822,94005,.shtml
CALDERA - VIM EMBEDDED MODLINE EXPLOITS
There exists a possibility for an attacker to embed special modelines into a text
file which when opened with vim could compromise the account of the user. Also
editing files in world writeable directories like /tmp could lead to a local attacker
gaining access to the editing users account due to possible symlink attacks on
editor backup and swap files.
Link: http://www.net-security.org/text/bugs/987171863,30479,.shtml
OPENSSH SUBJECT TO TRAFFIC ANALYSIS
Solar Designer has conducted a very thorough analysis of several weaknesses in
implementations of the SSH protocol. These weaknesses allow for an attacker to
significantly speed up brute force attacks on passwords. Solar Designer's
complete analysis can be found at the following page:
http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt
In February of 2001, Core SDI released a security announcement which described
ways in which would allow an attacker to compromise the session of an SSH
protocol 1.5 session. The detailed report is at the following URL:
http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm
Link: http://www.net-security.org/text/bugs/987171905,95561,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
SYMANTEC'S SECUREXCHANGE 2001 CONFERENCE - [09.04.2001]
Symantec Corporation opened electronic registration for the company's
Worldwide Users' Conference, SecureXchange 2001, formerly AXENT
Technologies, Inc.'s Users' Conference. The conference focuses on
solutions to organizations' security issues with over 30 classes on
product integration, expert case studies, technical tips, and
e-security strategies and management.
Press release:
< http://www.net-security.org/text/press/986818398,42999,.shtml >
----------------------------------------------------------------------------
SSH SECURE SHELL 3.0 ANNOUNCED - [09.04.2001]
SSH Communications Security, a world-leading developer of Internet security
technologies, announced SSH Secure Shell 3.0, the next-generation of its
leading encryption software product designed to protect end-users, businesses
and developers from the most common break-in method used by hackers -
stealing passwords from the Internet. SSH Secure Shell 3.0's new functionality
includes support for PKI (Public Key Infrastructure), smart cards and the Rijndael
(proposed AES - Advanced Encryption Standard) algorithm. The SSH Secure
Shell 3.0 product provides transparent, strong security over any IP-based
connection for both client and server applications by authenticating and
encrypting terminal connections and file transfers over the Internet.
Press release:
< http://www.net-security.org/text/press/986818611,16882,.shtml >
----------------------------------------------------------------------------
VIGILANTE AND ISS PARTNER - [09.04.2001]
VIGILANTe, a leading provider of automated security assessment services,
and Internet Security Systems, the world's leading provider of security
management solutions for the Internet, today announced a strategic
partnership. The agreement allows VIGILANTe to integrate Internet Security
Systems'market-leading network security assessment software, Internet
Scanner, into their award-winning security assessment service, SecureScan.
SecureScan is an automated service, delivered via the Internet, which
conducts intelligent assessments of Internet security perimeters. The
SecureScan service is updated weekly and available on demand -
providing security assurance when and where it is needed.
Press release:
< http://www.net-security.org/text/press/986818730,92501,.shtml >
----------------------------------------------------------------------------
ALADDIN ANNOUNCES ETOKEN ENTERPRISE 2.0 - [09.04.2001]
Aladdin Knowledge Systems, a global leader in the field of Internet content and
software security, today announced the release of eToken Enterprise 2.0, the
latest set of "out of the box" plug and play 2-factor security solutions that
provides quick implementation for a variety of network security and e-Business
solutions. Using Aladdin's USB-based eToken security key, eToken Enterprise 2.0
allows organizations to implement the use of eTokens with a minimal amount of
effort. eToken Enterprise 2.0 consists of several pre-packaged security clients
that erase the need for organizations to modify their existing software, create
custom applications or write additional code.
Press release:
< http://www.net-security.org/text/press/986818832,29750,.shtml >
----------------------------------------------------------------------------
FREEDOM2SURF OFFERS FREE PRIVACY SUITE - [10.04.2001]
Freedom2Surf, one of the UK's most advanced ISPs, today built on the
security and privacy already offered to its users by announcing it is the
first company in the UK to offer its subscribers free access to a range of
privacy and security features with the Freedom 2.0 Internet Privacy
Suite from Zero-Knowledge Systems. Freedom 2.0 will be made available
to all new and existing Freedom2Surf subscribers as a free download for a
limited time. The suite was developed by Zero-Knowledge Systems, the
leading provider of privacy technologies and services for consumers and
business, and is the only solution that protects and secures the privacy
and personal information of Internet users without requiring users to
trust their data to a third party.
Press release:
< http://www.net-security.org/text/press/986894868,73460,.shtml >
----------------------------------------------------------------------------
RAINBOW SHIPS NEW SENTINEL 7.1.1 - [10.04.2001]
The Digital Rights Management (DRM) group of Rainbow Technologies, Inc.
a leading provider of high-performance security solutions for the Internet,
eCommerce and software protection, is now shipping the newest version
of the industry's leading solution for secure electronic management,
licensing, and distribution. The new SentinelLM 7.1.1's leading-edge
software licensing and management tools are designed to secure
applications from unauthorized execution and software piracy. The
newest version includes new usability features and stronger security
to combat online software piracy.
Press release:
< http://www.net-security.org/text/press/986900556,82853,.shtml >
----------------------------------------------------------------------------
F-SECURE INTEGRATES PRODUCTS WITH HP - [10.04.2001]
F-Secure Corp., a leading provider of centrally managed security solutions for
the mobile, distributed enterprise, today announced integration of its F-Secure
products with the HP OpenView VantagePoint enterprise management system
[EMS] from Hewlett-Packard. By integrating F-Secure applications into HP
OpenView VantagePoint, companies can now control most aspects of the
applications through the familiar HP OpenView console, thus protecting their
existing investment. F-Secure is believed to be the only security vendor
offering true security suite integration for HP's EMS platform.
Press release:
< http://www.net-security.org/text/press/986900647,92025,.shtml >
----------------------------------------------------------------------------
PGP SECURITY'S PARTNERS WITH NSA - [10.04.2001]
NAI Labs, a division of PGP Security, a Network Associates, Inc. company,
announced they are joining with the National Security Agency (NSA) and its
other partners to further develop the NSA's Security-Enhanced Linux (SELinux)
prototype. The $1.2 million will be paid over the life of the two-year contract,
and the work will focus on research and development to improve the security
of open-source operating system platforms, the core of Internet infrastructures
that have become business critical in today's economy.
Press release:
< http://www.net-security.org/text/press/986910796,64451,.shtml >
----------------------------------------------------------------------------
VIGILANTE AND NETWORKS VIGILANCE MERGER - [11.04.2001]
VIGILANTe and Networks Vigilance, a subsidiary of Cyrano, have announced
plans to combine their businesses, with the new company retaining the name
VIGILANTe. The companies signed an agreement on March 31st and intend to
merge no later than April 13th. The deal will create a global company with an
array of security assessment solutions. The combination of VIGILANTe and
Networks Vigilance technology, products, services, and global partners will
allow VIGILANTe to extend security assurance to the widest possible range
of customers in North America, Europe and Asia. VIGILANTe will immediately
combine the companies' award-winning assessment methodologies to extend
its services beyond the Internet to the IT infrastructure. Customers will
benefit from automated real-time security risk analysis of both their internal
and external networks.
Press release:
< http://www.net-security.org/text/press/986979179,92457,.shtml >
----------------------------------------------------------------------------
RAINBOW'S IKEY 2000 IS ENTRUST-READY - [11.04.2001]
The Digital Rights Management group of Rainbow Technologies, Inc., a leading
provider of high-performance security solutions for the Internet and eCommerce,
announced that the company's iKey 2000 series workstation security solution
has been awarded the Entrust-Ready, the leading global provider of Trust
Relationship Management( software and managed services. The Entrust-Ready
designation means that the iKey 2000 PE for Entrust has been tested for
compatibility and interoperability with Entrust's market-leading PKI software.
Press release:
< http://www.net-security.org/text/press/986981381,14396,.shtml >
----------------------------------------------------------------------------
RAINBOW'S SMART TOKENS REACH CRITICAL MASS - [11.04.2001]
The Digital Rights Management group of Rainbow Technologies, Inc.
a leading provider of high-performance security solutions for the Internet,
eCommerce and software protection, today claimed leadership of the
worldwide smart-token security market by announcing that Rainbow has
sold 26 million software security keys, high-security authentication tokens,
and workstation security solutions. Rainbow made the announcement at
today's 2001 RSA Data Security Conference and Software Development
West trade shows.
Press release:
< http://www.net-security.org/text/press/986981568,39553,.shtml >
----------------------------------------------------------------------------
PGP SECURITY AND RAINBOW TECHNOLOGIES PARTNER - [13.04.2001]
PGP Security, a Network Associates Company, announced a partnership with
Rainbow Technologies, a leading provider of Internet and eCommerce security
solutions, to improve security for electronic transactions and communications.
PGP Security's private key technology will be incorporated into Rainbow's iKey
authentication-token family, which enables users to store their private keys
securely on the token rather than on a PC where it is vulnerable to
unauthorized access and privacy.
Press release:
< http://www.net-security.org/text/press/987151028,7348,.shtml >
----------------------------------------------------------------------------
PITBULL LX TECHNOLOGY ON SOLARIS 8 RELEASED - [13.04.2001]
Argus Systems Group, Inc., the global leader in Internet security and intrusion
prevention systems, announces the availability of its award-winning PitBull LX
security technology on the Solaris 8 platform. PitBull LX on Solaris delivers the
strength and power of market-leading PitBull security in a simple to install,
intuitive and non-intrusive implementation. The availability of PitBull LX on
Solaris 8 marks the latest in a series of security developments by Argus this
year, following the release of PitBull LX for Linux and a Trusted Web Server
Appliance software suite.
Press release:
< http://www.net-security.org/text/press/987151117,12009,.shtml >
----------------------------------------------------------------------------
TOP SECURITY FIRMS JOIN MSSPP - [13.04.2001]
Microsoft Corp. announced at RSA Conference 2001 that three of the top names
in computer security - Computer Sciences Corp. (CSC), Foundstone Inc. and
Guardent Inc. - will join with Microsoft to provide security consulting services
as part of the Microsoft Security Services Partner Program. Designed to provide
customers with an online directory of consulting companies with security expertise,
the Microsoft Security Services Partner Program supports a community of technical
professionals - over 50 partners in 16 countries - that specialize in securing
Microsoft environments. Participants have ongoing access to quality security
information and training from Microsoft as well as support for managed security
services that assist customers in securing their individual environments.
Press release:
< http://www.net-security.org/text/press/987151241,64199,.shtml >
----------------------------------------------------------------------------
Featured products
-------------------
The HNS Security Database is located at:
http://www.security-db.com
Submissions for the database can be sent to: staff@net-security.org
----------------------------------------------------------------------------
GUARDIAN FIREWALL-5
Guardian Firewall-5 is a low cost security solution for the small office/home
office (SOHO) market. NetGuard is currently offering Guardian Firewall-5 to
the North and South American market in a concerted effort to ensure that
all companies are secured against malicious attacks. Guardian Firewall-5
allows small networks to achieve the utmost in security while maintaining
the ease of installation that smaller companies require. Guardian Firewall-5
is based on MAC-Layer Stateful Inspection technology to ensure superior
protection and performance.
Read more:
< http://www.security-db.com/product.php?id=135 >
This is a product of NetGuard, for more information:
< http://www.security-db.com/info.php?id=24 >
----------------------------------------------------------------------------
HP IPSEC/9000
HP IPSec/9000 provides secure, private communication over the Internet and
within the enterprise without having to modify a single application. Along with
authentication, data integrity, and confidentiality, IPSec/9000 offers protection
against replays, packet tampering, and spoofingand it keeps others from
intercepting critical data such as passwords and credit card numbers sent
over the Internet. Whether or not a public key infrastructure (PKI) has been
implemented, HP IPSec/9000 easily integrates into the existing enterprise
infrastructure. It has the flexibility to create an authenticated tunnel,
using either digital certificates from Entrust and Verisign or self-generated
pre-shared keys.
Read more:
< http://www.security-db.com/product.php?id=707 >
This is a product of HP Internet Security, for more information:
< http://www.security-db.com/go.php?id=156 >
----------------------------------------------------------------------------
NETRECON
NetRecon is a network vulnerability assessment tool that discovers, analyzes
and reports holes in network security. NetRecon achieves this by conducting
an external assessment of network security by scanning and probing systems
on the network. NetRecon reenacts common intrusion or attack scenarios to
identify and report network vulnerabilities, while suggesting corrective actions.
Read more:
< http://www.security-db.com/product.php?id=303 >
This is a product of AXENT, for more information:
< http://www.security-db.com/info.php?id=60 >
----------------------------------------------------------------------------
SDK SOFTWARE DEVELOPMENT KIT
Veridicom´s software creates and identifies a unique representation of an
individual´s fingerprint-enabling reliable, convenient personal authentication
solutions. Veridicom´s proprietary software is available in modules that
perform image capture, quality control, processing, and one-to-one or
one-to-few verification matching. The Imaging Suite software modules
and Verification Suite modules are based on open architecture standards.
They can be used with either Veridicom 5thSense personal authentication
peripherals or your own hardware based on Veridicom´s solid-state
fingerprint sensors.
Read more:
< http://www.security-db.com/product.php?id=299 >
This is a product of Veridicom, for more information:
< http://www.security-db.com/info.php?id=59 >
----------------------------------------------------------------------------
DISKGUARD
If you are the only person working on your Macintosh, you can protect your
computer by typing in one password. That's all there is to it. If your computer
is shared with other people, give them a second password which limits their
access, according to your own requirements, to certain days of the week
or to specific hours during the day. At start-up, DiskGuard requests a
password. No one will be able to start the Macintosh without supplying the
proper password, even if he tries to boot with a System disk or holds down
the Shift key to bypass extensions. DiskGuard also keeps a close watch on
your computer while you are at work. When you take a moment's leave,
DiskGuard automatically hides your screen from prying eyes. As soon as
someone tries to access the computer, DiskGuard will prompt for the
proper password. DiskGuard also keeps track of valid and invalid access
attempts to your hard disk so you can see at any time if somebody tried
accessing your computer during your absence.
Read more:
< http://www.security-db.com/product.php?id=605 >
This is a product of Highware, for more information:
< http://www.security-db.com/info.php?id=131 >
----------------------------------------------------------------------------
Featured article
----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
----------------------------------------------------------------------------
"LOGIC" WORM - PROOF-OF-CONCEPT MALICIOUS CODE
Recently, some anti-virus vendors have been touting the discovery of a
new Internet-worm "Logic" - the first malicious code written in the Logo
programming language used in a limited number of schools for educational
purposes only. Kaspersky Labs firmly states that this Internet-worm still
has not yet been found "in-the-wild," and poses absolutely no threat to
the majority of computer users, simply because, in order to be activated,
"Logic" requires the Logo interpreter to be installed on the target systems
(for example, SuperLogo for Windows).
Read more:
< http://www.net-security.org/text/articles/viruses/logic.shtml >
----------------------------------------------------------------------------
Security Software
-------------------
All programs are located at:
http://net-security.org/various/software
----------------------------------------------------------------------------
SMARTBLOCK 1.50
SmartBlock offers the ability to filter indecent Web sites in real time, thus
protecting your children from objectionable Internet material. SmartBlock
intercepts all words in real time, restricts your children's access to games,
and protects files and folders from being deleted or renamed. It can also
capture screenshots and save them to the hard disk to help you monitor
computer usage.
Info/Download:
< http://www.net-security.org/various/software/987348093,23594,windows.shtml >
----------------------------------------------------------------------------
IPNETSENTRY
IPNetSentry is a simple and intelligent security application which protects your
Macintosh from outside Internet intruders. This is particularly important for
Macintosh users who have cable modem, DSL, or another high-speed Internet
service where connections can be maintained and left unattended for hours
(or days) at a time. Unlike most other Internet security products, IPNetSentry
does not erect barriers for the safe use of your Internet connection. There is
no need to "punch holes" in a firewall for specific applications you may wish to
run. Instead, IPNetSentry silently and intelligently watches for suspicious
behavior, and when triggered, invokes a solid filter which completely bans
the potential intruder from your Macintosh.
Info/Download:
< http://www.net-security.org/various/software/987349021,10394,mac.shtml >
----------------------------------------------------------------------------
WEBROOT WINGUARDIAN 2.6
Parents, schools, libraries, churches, and anyone else wishing to control
access to the Internet can use WinGuardian to monitor which Web sites
users visit, what they type (via keystroke logging), which programs they
access, and the time they spend using the programs. WinGuardian can
also secure Windows so that users cannot run unauthorized programs or
modify Windows configurations such as wallpaper and network settings. It
also features network support and the ability to display an acceptable-use
policy. Features include screen-shot capturing, enhanced keystroke capturing
(captures lowercase and special characters), America Online support, Opera
support, and the ability to email log files to a specific email address.
Info/Download:
< http://www.net-security.org/various/software/987348286,54994,windows.shtml >
----------------------------------------------------------------------------
BRICKHOUSE
BrickHouse was developed by Brian Hill to ease the process of configuring
MacOS X's built-in Firewall. His hard work has paid off; hundreds of OS X
owners use his program. Changing Firewall settings manually without a GUI
can be tedious and confusing for unexperianced users; this program removes
those barriers. By using BrickHouse to configure your computer's firewall, you
can more effectively keep unauthorized users from gaining access to your
computer via your internet connection. BrickHouse makes it easy to use your
firewall to guard against denial of service or resource-based internet attacks.
Network attacks will bounce off the firewall, preventing your computer from
slowing down or crashing. BrickHouse provides a simple and easy interface to
activate and configure your firewall's filters. It also includes a firewall monitor
window that allows you to see how frequently each filter is used. Filter
settings can be saved and toggled quickly, and can be imported and
exported to and from disk. Settings can be created by knowledgeable
users and admins, who can distribute them to others, quickly disabling
specific or recently discovered attack techniques.
Info/Download:
< http://www.net-security.org/various/software/987349194,20968,mac.shtml >
----------------------------------------------------------------------------
ETHEREAL-0.8.17-A
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you
capture and interactively browse the contents of network frames. The goal
of the project is to create a commercial-quality analyzer for Unix and to give
Ethereal features that are missing from closed-source sniffer. Changes: New
dissectors include CUPS browsing protocol, Cisco HDLC, DCE RPC support,
LMI for frame relay, Wellfleet compression, BACNET, and RWALL. Many other
dissectors were updated and bug-fixed. New 3D logo. The Windows version
can now dynamically load the wpcap.dll at run-time. And a Windows installer
has been added. Add -D flag to tethereal to show list of all network. Added
support for packet data decompression and decoding.
Info/Download:
< http://www.net-security.org/various/software/987348497,42703,linux.shtml >
----------------------------------------------------------------------------
Defaced archives
------------------------
[09.04.2001]
Original: http://www.sony-center.ch/
Defaced: http://defaced.alldas.de/mirror/2001/04/09/www.sony-center.ch/
OS: Windows
Original: http://pbrown.ios.doi.gov/
Defaced: http://defaced.alldas.de/mirror/2001/04/09/pbrown.ios.doi.gov/
OS: Windows
Original: http://www.aiwa.com.pa/
Defaced: http://defaced.alldas.de/mirror/2001/04/09/www.aiwa.com.pa/
OS: Windows
Original: http://www.crackattack.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/09/www.crackattack.com/
OS: Windows
Original: http://dataframe.net/
Defaced: http://defaced.alldas.de/mirror/2001/04/09/dataframe.net/
OS: Windows
[10.04.2001]
Original: http://www.ericsson.ly/
Defaced: http://defaced.alldas.de/mirror/2001/04/10/www.ericsson.ly/
OS: Windows
Original: http://www.ericsson.cbc.dk/
Defaced: http://defaced.alldas.de/mirror/2001/04/10/www.ericsson.cbc.dk/
OS: Windows
Original: http://www.apache.or.kr/
Defaced: http://defaced.alldas.de/mirror/2001/04/10/www.apache.or.kr/
OS: Linux
Original: http://www.pepsi-music.co.uk/
Defaced: http://defaced.alldas.de/mirror/2001/04/10/www.pepsi-music.co.uk/
OS: Windows
Original: http://www.netnanny.com/
Defaced: http://defaced.alldas.de
7;mirror/2001/04/10/www.netnanny.com/
OS: Windows
Original: http://www.honda.ca/
Defaced: http://defaced.alldas.de/mirror/2001/04/10/www.honda.ca/
OS: Windows
[11.04.2001]
Original: http://www.sony-training.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/11/www.sony-training.com/
OS: Windows
Original: http://www.yourcriminalattorney.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/11/www.yourcriminalattorney.com/
OS: Windows
Original: http://www.golfhackers.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/11/www.golfhackers.com/
OS: Windows
Original: http://www.nortel.it/
Defaced: http://defaced.alldas.de/mirror/2001/04/11/www.nortel.it/
OS: Windows
Original: http://www.gatorade.com.ar/
Defaced: http://defaced.alldas.de/mirror/2001/04/11/www.gatorade.com.ar/
OS: Windows
[12.04.2001]
Original: http://www.dortp.gov.tw/
Defaced: http://defaced.alldas.de/mirror/2001/04/12/www.dortp.gov.tw/
OS: Windows
Original: http://www.vipfe.gov.bo/
Defaced: http://defaced.alldas.de/mirror/2001/04/12/www.vipfe.gov.bo/
OS: Windows
Original: http://www.sony-training.de/
Defaced: http://defaced.alldas.de/mirror/2001/04/12/www.sony-training.de/
OS: Windows
Original: http://www.crack3r.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/12/www.crack3r.com/
OS: Windows
[13.04.2001]
Original: http://www.sonymonitor.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/13/www.sonymonitor.com/
OS: Windows
Original: http://www.tech-help.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/13/www.tech-help.com/
OS: Unknown
Original: http://www.drinkpepsi.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/13/www.drinkpepsi.com/
OS: Windows
Original: http://www.fazenda.pbh.gov.br/
Defaced: http://defaced.alldas.de/mirror/2001/04/13/www.fazenda.pbh.gov.br/
OS: Windows
[14.04.2001]
Original: http://www.coca-colaecuador.org/
Defaced: http://defaced.alldas.de/mirror/2001/04/14/www.coca-colaecuador.org/
OS: Windows
Original: http://www.profuturo.com.pe/
Defaced: http://defaced.alldas.de/mirror/2001/04/14/www.profuturo.com.pe/
OS: Windows
Original: http://www.britishembassy.ee/
Defaced: http://defaced.alldas.de/mirror/2001/04/14/www.BritishEmbassy.ee/
OS: Windows
Original: http://www.pepsi-music.co.uk/
Defaced: http://defaced.alldas.de/mirror/2001/04/14/www.pepsi-music.co.uk/
OS: Windows
Original: http://www.linuxtampico.org.mx/
Defaced: http://defaced.alldas.de/mirror/2001/04/14/www.linuxtampico.org.mx/
OS: Linux
[15.04.2001]
Original: http://www.musicworld4u.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/15/www.musicworld4u.com/
OS: Windows
Original: http://www.spytoy.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/15/www.spytoy.com/
OS: Linux
Original: http://www.creative-computer.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/15/www.creative-computer.com/
OS: Windows
Original: http://www.networksensors.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/15/www.networksensors.com/
OS: BSDI
Original: http://www.antiviral.uab.edu/
Defaced: http://defaced.alldas.de/mirror/2001/04/15/www.antiviral.uab.edu/
OS: Windows
----------------------------------------------------------------------------
========================================================
Advertisement - HNS Security Database
========================================================
HNS Security Database consists of a large database of security related
companies, their products, professional services and solutions. HNS
Security Database will provide a valuable asset to anyone interested in
implementing security measures and systems to their companies' networks.
Visit us at http://www.security-db.com
========================================================
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org
http://security-db.com
