From isn at c4i.org Mon May 2 02:27:47 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 2 02:38:29 2005 Subject: [ISN] Ex-CIA chief warns of EMP nuke threat Message-ID: http://wnd.com/news/article.asp?ARTICLE_ID=44069 By Joseph Farah ? 2005 WorldNetDaily.com May 2, 2005 WASHINGTON - Former CIA chief James Woolsey affirms the work of a special commission investigating the threat of a nuclear-bomb generated electromagnetic pulse attack on the U.S. by rogue states or terrorists and is urging the country to take steps necessary to protect against the potentially devastating consequences. In testimony before the House International Terrorism and Non-Proliferation Subcommittee, chaired by Ed Royce, R-Calif., Woolsey, director of the CIA from 1993 through 1995, referred to the nuclear EMP threat, characterized in intelligence circles, he said, as "a SCUD in a bucket." "That is a simple ballistic missile from a stockpile somewhere in the world outfitted on something like a tramp steamer and fired from some distance offshore into an American city or to a high altitude, thereby creating an electromagnetic pulse effect, which could well be one of the most damaging ways of using a nuclear weapon," he said. Woolsey commended the Commission to Assess the Threat to the United States from EMP Attack for its years of work on the subject and for its dire report concluding that it is a means of attack that could lead to the defeat of the U.S. by a much smaller enemy and utter devastation of the country. "That is a very serious threat," he told the committee. "And one thing we need badly to do is to figure out ways to harden our electricity grid and various types of key nodes so that electromagnetic pulse blasts of nuclear weapons, or other ways of generating electromagnetic pulse, even if it knocks out our toaster ovens will not knock out, for example, our electricity grid." Woolsey, like the commission, specifically mentioned the new dimension a nuclear Iran would add to the risk of such an attack. "We do not have the luxury of assuming that Iran, if it develops fissionable materials, for example, would not share it under some circumstances with al-Qaida operatives," he said. "We don't have the luxury of believing that just because North Korea is a communist state, it would not work under some circumstances to sell its fissionable material to Hezbollah or al-Qaida." There is increasing concern within the administration and Congress over Iran's missile program, which has been determined by a commission of U.S. scientists to pose a serious threat to U.S. security. A report first published in Joseph Farah's G2 Bulletin, a weekly, online, premium, intelligence newsletter affiliated with WND, revealed last week that Iran has been seriously considering an unconventional pre-emptive nuclear strike against the U.S. An Iranian military journal publicly floated the idea of launching an electromagnetic pulse attack as the key to defeating the U.S. Congress was warned of Iran's plans last month by Peter Pry, a senior staffer with the Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack in a hearing of Sen. John Kyl's subcommittee on terrorism, technology and homeland security. In an article titled, "Electronics to Determine Fate of Future Wars," the journal explains how an EMP attack on America's electronic infrastructure, caused by the detonation of a nuclear weapon high above the U.S., would bring the country to its knees. "Once you confuse the enemy communication network you can also disrupt the work of the enemy command- and decision-making center," the article states. "Even worse today when you disable a country's military high command through disruption of communications, you will, in effect, disrupt all the affairs of that country. If the world's industrial countries fail to devise effective ways to defend themselves against dangerous electronic assaults then they will disintegrate within a few years. American soldiers would not be able to find food to eat nor would they be able to fire a single shot." WND reported the Iranian threat last Monday, explaining Tehran is not only covertly developing nuclear weapons, it is already testing ballistic missiles specifically designed to destroy America's technical infrastructure. Pry pointed out the Iranians have been testing mid-air detonations of their Shahab-3 medium-range missile over the Caspian Sea. The missiles were fired from ships. "A nuclear missile concealed in the hold of a freighter would give Iran or terrorists the capability to perform an EMP attack against the United States homeland without developing an ICBM and with some prospect of remaining anonymous," explained Pry. "Iran's Shahab-3 medium range missile mentioned earlier is a mobile missile and small enough to be transported in the hold of a freighter. We cannot rule out that Iran, the world's leading sponsor of international terrorism might provide terrorists with the means to executive an EMP attack against the United States." Lowell Wood, acting chairman of the commission, said yesterday that such an attack - by Iran or some other actor - could cripple the U.S. by knocking out electrical power, computers, circuit boards controlling most automobiles and trucks, banking systems, communications and food and water supplies. "No one can say just how long systems would be down," he said. "It could be weeks, months or even years." EMP attacks are generated when a nuclear weapon is detonated at altitudes above a few dozen kilometers above the Earth's surface. The explosion, of even a small nuclear warhead, would produce a set of electromagnetic pulses that interact with the Earth's atmosphere and the Earth's magnetic field. "These electromagnetic pulses propagate from the burst point of the nuclear weapon to the line of sight on the Earth's horizon, potentially covering a vast geographic region in doing so simultaneously, moreover, at the speed of light," said Wood. "For example, a nuclear weapon detonated at an altitude of 400 kilometers over the central United States would cover, with its primary electromagnetic pulse, the entire continent of the United States and parts of Canada and Mexico." The commission, in its work over a period of several years, found that EMP is one of a small number of threats that has the potential to hold American society seriously at risk and that might also result in the defeat of U.S. military forces. "The electromagnetic field pulses produced by weapons designed and deployed with the intent to produce EMP have a high likelihood of damaging electrical power systems, electronics and information systems upon which any reasonably advanced society, most specifically including our own, depend vitally," Wood said. "Their effects on systems and infrastructures dependent on electricity and electronics could be sufficiently ruinous as to qualify as catastrophic to the American nation." From isn at c4i.org Mon May 2 02:28:01 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 2 02:38:32 2005 Subject: [ISN] Oregon man sentenced for hacking NM system Message-ID: http://www.krqe.com/expanded.asp?ID=9747 4/28/2005 Source: AP ALBUQUERQUE -- An Oregon man has been sentenced to five months in prison for hacking into the computer system of Border Area Mental Health Service Incorporated in Silver City. U.S. Magistrate Richard Puglisi also sentenced Timothy Jason Elder to serve five months home detention after he is released from prison and to pay $38,769 in restitution. Elder was a former network administrator for Border Area Mental Health. He pleaded guilty to illegally accessing the company's computer system from a remote location and corrupting several computer files. From isn at c4i.org Mon May 2 02:28:33 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 2 02:38:36 2005 Subject: [ISN] Chinese Hacker Captured After Taunting Law Enforcement Message-ID: http://www.chinatechnews.com/index.php?action=show&type=news&id=2583 May 2, 2005 A Chinese hacker who was responsible for cracking some local Jingmen government websites was captured in a Wuhan hotel last week. The hacker, whose alias is "Yu Hua", posted his contact details on a website, and police used those details to then track him down. Police say that on April 7 Yu Hua posted the names of 11 websites that we was targetting and he said that he could make those sites collapse within ten minutes. Ten minutes later, he cracked those sites and shut them down. After the sites were closed, Yu Hua posted his QQ instant messenger details for others to contact him, but police then used that information to forensically identify his whereabouts. Yu Hua, whose real name has not yet been released, was arrested at the Wuhan hotel where he was employed. The case is currently being processed and the charges against him have not been released. From isn at c4i.org Mon May 2 02:28:53 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 2 02:38:39 2005 Subject: [ISN] Backup tapes are backdoor for ID thieves Message-ID: http://www.theregister.co.uk/2005/04/29/backup_tapes_are_backdoor_for_id_thieves/ By Robert Lemos SecurityFocus 29th April 2005 Large companies are reconsidering their security and backup policies after a handful of financial and information-technology companies have admitted that tapes holding unencrypted customer data have gone missing. Last week, trading firm Ameritrade acknowledged that the company that handles its backup data had lost a tape containing information on about 200,000 customers. The financial firm is now revising its backup policies and, in the interim, has halted all movement of backup tapes, a spokesperson said this week. Iron Mountain, a company that handles large corporations' data storage, also acknowledged that it had lost track of four sets of customer backup tapes since the beginning of this year. While the company points out such incidents are a tiny fraction of its nearly five million pick-ups and deliveries done annually, its top executive has called on clients to revamp their policies and start encrypting critical data. "It is important to understand that unencrypted information stored on backup tapes is difficult to read, but it is not impossible," Richard Reese, chairman and CEO of the Boston-based data protection service, said in a statement issued last week. "Companies need to reassess their backup strategies and seriously consider encrypting sensitive data to prevent a potential breach of privacy." The reconsideration of backup policies comes as the financial industry is recovering from several high-profile data leaks due to lost or stolen tapes. Bank of America told government officials in February that the company had lost a tape containing account information on a large number of government credit-card holders. A representative of Bank of America could not be reached for comment. It's unknown whether any of the lost tapes resulted in account compromises. "We don't believe that any foul play was involved," said Donna Kush, spokeswoman for Ameritrade. "We were able to recover three (of four) tapes in (our provider's) facility. We think the fourth was lost or destroyed within the facility." Even without evidence of theft, the lack of encryption is disturbing, if entirely expected, said Jon Oltsik, senior research analyst for the Enterprise Strategy Group. The analyst firm polled almost 400 companies and found that, despite renewed focus on securing customer data, more than 60 per cent of the companies do not encrypt any of their backup data, and only seven per cent actually encrypt all their backup data. The financial industry does not set best practices in this case either, Oltsik found. Two-thirds of the financial firms polled by ESG never encrypted the data that they were backing up. The majority of larger firms also failed to encrypt their backup data, with about 56 percent of companies with revenues greater than $5 billion never having encrypted their data before putting it on tape. Online backup services that fail to encrypt information could represent similar security risks as does any information stored on a hard drive that can easily be stolen, Oltsik said, pointing to a recent rash of stolen laptops that contained medical information. The high-profile breaches have executives asking questions about their back up policies and encryption policies. "Two years ago, companies didn't get it," he said. "Now, all the people I know in this business are hearing interest from all quarters." Because backups tend to be done by the least important members of the information technology staff, sometimes disparaged as "tape monkeys," and therefore the tapes are at greater risk of insider attacks as well. Moreover, insiders have the access to know what data is on each tape, information that could help identity thieves target the right tapes. "The process is totally insecure," Oltsik said. "You put you most junior people on this job, and those are the people that are most likely to be bribed and look for another way to make money." While individual companies appear to be tackling the problem, there currently appears to be no federal policy in place, or planned to be implemented, for financial firms according to a representative of the Federal Deposit Insurance Corporation, the government agency that regulates federally insured banks. Following the announcement by the Bank of America of its lost tape, the FDIC and three other federal agencies set guidelines to require that their members notify customers and regulators of any information that might be at risk, essentially adopting a rule similar to the law passed in California that led to the disclosure of so many breaches. However, the rule stopped short of requiring companies to protect such sensitive information with encryption. Yet, those rules may come, as the increasing number of data leaks highlights the insecurity of sensitive information found on backup tapes. "We are working very aggressively to educate our clients about the changing landscape," said Melissa Burman, spokeswoman for Iron Mountain. "The privacy concerns were not there, but now these issues are coming to life." Copyright ? 2005 From isn at c4i.org Mon May 2 02:29:11 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 2 02:38:41 2005 Subject: [ISN] Hushmail DNS Attack Blamed on Network Solutions Message-ID: http://www.eweek.com/article2/0,1759,1791152,00.asp By Ryan Naraine April 29, 2005 Secure e-mail service provider Hushmail Communications plans to pursue a criminal investigation into a hacking attack that redirected users to a defaced Web site. The company pinned the blame for the breach squarely on the shoulders of domain name registrar Network Solutions. Hushmail, which markets PGP-encrypted e-mail, file storage and vanity domain services, has opened a criminal investigation with the Royal Canadian Mounted Police in Vancouver to get to the bottom of a DNS server breach caused by a combination of social engineering, phishing and pharming tactics. Brian Smith, chief technical officer at Hushmail Communications Corp., said in an interview with Ziff Davis Internet News that the attacker or attackers simply called the Network Solutions Inc. support center and gained access to enough customer account information to alter the Hushmail DNS (Domain Name System) settings. "They used a name not associated with Hush Communications and was able to get information from Network Solutions," Smith said. Using the information collected from Network Solutions' customer service, Smith said the DNS information was changed to redirect users visiting the "hushmail.com" URL to a defaced Web site. For a brief period, Hushmail's domain was either unavailable or appeared defaced with an image of Hushmail's logo with the following text: "The Secret Service is watching. - Agent Leth and Clown Jeet 3k Inc." Zone-H.org has archived a screenshot [1] of the defacement. Smith said Network Solutions promised to investigate and issue a statement on the breach, but at press time Friday, Hushmail had yet to receive official communication from the Herndon, Va.-based registrar. Network Solutions spokeswoman Susan Wade confirmed that the breach occurred as a result of certain weaknesses in the registrar's customer-service security measures but declined to provide specifics, citing customer privacy issues. "We're seriously investigating the incident. We are aware that a hacker temporarily altered this customer's [DNS records]. Our security team promptly rectified the situation," Wade told Ziff Davis Internet News. She described the breach as an "isolated incident" and said Network Solutions would immediately institute "additional security measures to ensure it doesn't occur in the future." "We've brought everyone in and gone over the procedures, and we've implemented some additional ones. I can't go into details for obvious reasons, but we are taking this very, very seriously," Wade added. In addition to supporting RCMP's investigation in Vancouver, Wade said a separate criminal investigation is being launched in the United States. At Hushmail's end, Smith said the episode has been frustrating. "We're still waiting for a statement from Network Solutions. We were told by an employee that the attacker was given the DNS information over the telephone, but they've not sent anything official to us. I don't want to comment on what may or may not have happened at their end," Smith said. For now, Hushmail is working to erase the negative perception of an e-mail security provider with a major server breach. "Initially, it was embarrassing but we're pleased that the users and the media have been very sympathetic to what happened here. To nontechnical users, it will take some explaining, but it's quite clear that this could have happened to anyone." "The Internet as a whole is a notoriously nonsecure infrastructure. We're operating within that. This is a big worry for the entire Internet. That's why phishing, pharming and social engineering attacks have become a big issue," Smith said. Hushmail has been upfront about the hacking attack, publishing a daily log [2] with updates for users. "To the best of our knowledge, the DNS issues caused by the caching of the altered addresses should now have ceased. The correct addresses should now have propagated across the Internet, and all users should be able to access Hushmail," the latest entry says. The company said there was no unauthorized access to any of the Hush servers. "Data managed by Hush was not compromised. During this period, e-mail sent to hushmail.com will not have been delivered," Hushmail said. Rick Fleming, chief technology officer at Texas-based security outfit Digital Defense Inc., said the Hushmail nightmare points to a "major weakness" in the way domain name registrars authenticate requests for DNS changes. "We'll continue to see these types of social engineering attacks because it's becoming easier to impersonate someone and collect information. There is definitely a weakness in the way the domain name registrars handle authentication. If they don't have a way to adequately identify who the domain owners are, these attacks will continue to happen," Fleming said. "What's to stop this from affecting a Yahoo or a Google? Nothing. The underlying flaw is the domain name systems work. It's an implied trusted relationship without any authentication or verification and that needs to be fixed," Fleming said. [1] http://www.zone-h.org/defacements/mirror/id=2309823/ [2] http://www.hushmail.com/login-status From isn at c4i.org Mon May 2 02:29:24 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 2 02:38:43 2005 Subject: [ISN] Hackers to test U.K. lawmakers' systems Message-ID: http://news.com.com/Hackers+to+test+U.K.+lawmakers+systems/2110-7355_3-5690318.html By Andy McCue Special to CNET News.com April 29, 2005 Hackers are to be employed to test the effectiveness of the IT security defences for the computer systems in the House of Commons, home of the British parliament. A three-year IT security contract is up for grabs to conduct internal and external penetration testing on routers, firewalls and critical servers using a range of independent vulnerability assessment techniques. The winning contractor will be required to carry out the tests at least twice a year. The House of Commons is also looking to buy an intrusion prevention system -- a combination of intrusion detection software and a firewall -- to reduce the risk of denial-of-service attacks, virus outbreaks and Trojan horses. Andy McCue of Silicon.com reported from London. From isn at c4i.org Mon May 2 02:29:36 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 2 02:38:45 2005 Subject: [ISN] Reminder: 4 weeks left - ACSAC 2005 accepting paper submissions! Message-ID: Forwarded from: program_chair@acsac.org 21th Annual Computer Security Applications Conference (ACSAC) December 5-9, 2005 Tucson, Arizona http://www.acsac.org Greetings, There are now four weeks left to submit papers in the technical track to ACSAC 2005. Please note the dates below and submit your papers! Important dates: May 29, 2005 Technical program: paper submission deadline August 14, 2005 Paper acceptance decisions communicated to authors December 5-9, 2005 Conference in Tucson, AZ Online paper submission system: http://www.acsac.org/openconf Call for papers and detailed submission instructions: http://www.acsac.org/cfp http://www.acsac.org/2005/ACSAC_CFP.pdf We look forward to receiving your submissions! Christoph Schuba, Pierangela Samarati, Charlie Payne 2005 ACSAC program chairs program_chair@acsac.org You are receiving this notice because you joined the ACSAC email notification list at http://www.acsac.org/join_ml.html. You can unsubscribe there if you wish. You can help ACSAC reach people who might benefit from this information. Feel free to forward this message with a personal note to your friends and colleagues. They can sign up at the above URL. ACSAC is sponsored by Applied Computer Security Associates, a not-for-profit all-volunteer Maryland corporation. Our postal address is 2906 Covington Road, Silver Spring, MD 20910-1206. From isn at c4i.org Wed May 4 02:36:41 2005 From: isn at c4i.org (InfoSec News) Date: Wed May 4 02:49:32 2005 Subject: [ISN] Bloggers recover classified info from U.S. report Message-ID: http://www.estripes.com/article.asp?section=104&article=28818 By Lisa Burgess Stars and Stripes European edition May 3, 2005 ARLINGTON, Va. - U.S. commanders in Iraq posted a version of the U.S. investigation into the Italian checkpoint shooting from which it was possible to recover classified information by simple manipulation of the electronic file. The report, issued by Multinational Forces-Iraq, or MNF-I, over the weekend, was heavily redacted, with classified sections obscured by black boxes. The report was posted in a "PDF" format, used by the U.S. government to generate documents of various kinds. While downloading the information, however, the global "blogging" community quickly discovered that the classified information could easily be recovered. MNF-I officials said Monday that the report's full release was an accident, but could not pinpoint how it occurred. "The procedures that we used [to safeguard the classified information] were inadequate," Air Force Col. C. Donald Alston, MNF-I?s chief of strategic communications, said Monday. "We consider this a very serious matter." MNF-I officials took the report down from their own site over the weekend. The classified sections of the report have information about the number and type of insurgents attacks on the road to "Route Irish," the 7.5-mile east-west road along south Baghdad that runs from the International Zone in downtown to Baghdad International Airport. The unclassified portion of the report says that the four-lane road is known as "IED Alley" for the large number of improvised explosive devices that have been planted there by insurgents. The report also delves into the securing of checkpoints, as well as specifics concerning how soldiers manned the checkpoint where the Italian intelligence officer was killed. In the past, Pentagon officials have repeatedly refused to discuss such details, citing security concerns. The information technology community quickly began linking to the report site and discussing the security breach. "There have been many reports in the press of how people have published Microsoft Word documents with their history easily revealed through Word's "track changes' feature," blogger David Berlind commented in his Internet technology blog, "Between the Lines" at ZDNet. "But you rarely hear about problems like this when it comes to PDF files." "It will be interesting to see how this security debacle unfolds, where the finger gets pointed, and how it changes the way PDF files get handled in the future [by organizations of all types]," Berlind wrote. From isn at c4i.org Wed May 4 02:37:17 2005 From: isn at c4i.org (InfoSec News) Date: Wed May 4 02:49:35 2005 Subject: [ISN] Woman held over industrial espionage Message-ID: http://www.news.com.au/story/0,10117,15162906-31037,00.html Correspondents in Versailles, France May 03, 2005 A CHINESE woman had been detained in France over claims she was involved in industrial espionage during an internship with car equipment manufacturer Valeo. The woman has denied charges of "intrusion in an automatic data system" and "abuse of confidence" after allegedly copying features of a number of cars that are still on the drawing board. Police alleged that during a search of her home officers found six computers and two hard drives with a "huge capacity" and containing material considered confidential by the Valeo directors. The young woman, who has a number of degrees including mathematics, applied physics and fluid mechanics, had been an intern since February at the Valeo offices in Guyancourt, a suburb of Paris. An executive apparently noticed her frequently walking around the office carrying her portable computer. A source close to the inquiry described the woman, who speaks German, Spanish, English, French and some Arabic, as "brilliant" and of "exceptional competence". From isn at c4i.org Wed May 4 02:37:40 2005 From: isn at c4i.org (InfoSec News) Date: Wed May 4 02:49:38 2005 Subject: [ISN] Time Warner says data on 600,000 workers lost Message-ID: http://www.computerworld.com/securitytopics/security/story/0,10801,101500,00.html By Lucas Mearian MAY 02, 2005 COMPUTERWORLD Time Warner Inc. reported today that a shipment of backup tapes with personal information of about 600,000 current and former employees went missing more than a month ago during a routine shipment to an offsite storage site. The tapes, part of a routine shipment being taken to the site by off-site data storage company Iron Mountain Inc. didn't include data about Time Warner customers, the company said in a statement. The company told employees today that the data tapes went missing March 22. We are providing current and former employees with resources to monitor their credit reports while our investigation continues. We are working closely and aggressively with law enforcement and the outside data storage firm to get to the bottom of this matter,. said Larry Cockell, Time Warner.s chief security officer. The U.S. Secret Service is working with both Time Warner and Boston-based Iron Mountain to investigate the missing tapes. The $42 billion media company said in a statement that there is no evidence that the data has have been illegally accessed or misused. The company said it has contacted major credit agencies -- Equifax, Experian and Trans Union -- about the data loss. After determining that publicizing the data loss wouldn't interfere with the investigation, Time Warner posted a statement about it on its Web site, as well as a letter to its employees about the incident and an FAQ. In the letter to employees, Time Warner said the missing tapes contained data such as names and Social Security numbers of current and former U.S.-based employees, their dependents and beneficiaries. Cockell said in the statement to employees that the company has made arrangements with Equifax to offer U.S. employees a free subscription to Equifax.s Credit Watch Gold credit monitoring service to help protect identity and credit information for 12 months. Time Warner's disclosure follows on the heels of other high-profile security breaches in the U.S. In March, a laptop containing data on 100,000 graduate students, alumni and applicants from the University of California, Berkeley, was stolen from a campus office. Bart Lazar, a privacy and intellectual property lawyer and partner in the law firm of Seyfarth Shaw Llp. in Chicago, said that as data loss incidents pile up, there?s greater potential that firms found responsible will have to change their data security standards. Most of the pressure, he said, may come not from Congress but from insurance companies that will require more stringent safeguards before signing with a client. Part of the problem, Lazar said, is that companies don't have proper chain-of-custody requirements or encyption technology in place. "I've dealt with many of these companies, and if you ask them what happens with their data ... they can't chart it," he said. "Or the companies know what to do and they just haven't committed the resources to do it. Companies have to deploy their resources. I don't know what SANS [Institute] says the spending on security is, but it's not huge." Lazar said data loss incidents will also likely give rise to more companies turning to internal data protection schemes instead of using third-party service providers or external data processors. These big incidents [are] what leads to consciousness raising and may lead to reasonable security standards, he said. Reuters contributed to this report. From isn at c4i.org Wed May 4 13:26:14 2005 From: isn at c4i.org (InfoSec News) Date: Wed May 4 13:37:29 2005 Subject: [ISN] Hackers start looking at Apple Message-ID: http://www.theinquirer.net/?article=22961 By Nick Farrell 03 May 2005 FOR A LONG time ignored by hackers, Apple's iTune popularity is meaning that the operating system is starting to attract the interest of hackers. According to a survey released on Easter Monday, in the Bulgarian Orthodox calendar, by the SANS institute, hackers are still making hay on VoleWare, but Apple products are starting to become tempting. Hacks of iTunes were an interesting feature of the first three months of 2005, says SANS, along with attacks on RealNetworks RealPlayer, and Nullsoft's Winamp. There more attempts to take on anti-virus software with Symantec, F-Secure, TrendMicro and McAfee as targets. Hackers continued to poke new holes in Microsoft Windows, although SANS seems to think that is becoming harder as more Windows users agreed to receive security upgrades automatically. So instead, hackers are starting to try and take advantage of other software programs that might not be patched as frequently, the survey said. The complete list can be found here [1]. ? [1] http://www.sans.org/top20/Q1-2005update From isn at c4i.org Thu May 5 05:27:37 2005 From: isn at c4i.org (InfoSec News) Date: Thu May 5 05:38:21 2005 Subject: [ISN] IG: Interior faces possible IT security catastrophe Message-ID: http://www.gcn.com/vol1_no1/daily-updates/35743-1.html By Wilson P. Dizard III GCN Staff 05/04/05 Some Interior Department systems that house American Indian trust data are so easy to penetrate, according to the department's inspector general, that they potentially could cause "severe or catastrophic" problems. Poor computer security has been a long-running issue in a federal court case over the government's loss of billions of dollars of assets held in trust for American Indians. An Interior spokesman said she could not comment on legal issues but noted that the department has been consistently upgrading its system security. Interior has released an extensively redacted version of the 86-page report. Computer specialists working for the IG pinpointed 24 servers that hold Indian trust data and said they were able to penetrate two servers and gain full, undetected access to the Bureau of Land Management's internal networks and intranet. The auditors made several systems security recommendations, saying that if BLM did not adopt them quickly, it should disconnect its systems from the department's networks. Scott Miles, a computer security expert Interior hired, earlier this week testified about poor BLM computer security in the case of Cobell vs. Interior secretary Gail Norton. Plaintiffs in the 9-year-old lawsuit contend that the American Indian trust accounts are vulnerable to external attacks as well as a more serious risk of internal theft. Miles said he agreed with Dennis M. Gingold, lead attorney for the plaintiffs, about the severity of the internal threat. Tina Kreisher, Interior's communications director, said, "The thing to remember is that we asked the IG to do this study. We are concerned about IT security. This study was a way of helping to test it. As this plays out and we discover flaws, we fix them." The Cobell plaintiffs seek to convince Judge Royce Lamberth of the U.S. District Court for the District of Columbia that the Interior computers housing trust data should be disconnected from the Internet or shut down until the security flaws are repaired. Gingold and other plaintiff attorneys also contend that the security problems have made it impossible for Interior to properly account for the trust funds. The federal government has been managing revenues from American Indian natural resources such as oil, coal, gas, pipeline rights-of-way and timber since 1887. The Cobell plaintiffs contend that the federal government owes the 500,000 trust beneficiaries upward of $100 billion in restitution for assets stolen or wasted. Lamberth ordered Interior to disconnect almost all its systems from the Internet in December 2001 and considered doing so again last year (see GCN coverage [1]). Lamberth's first disconnection order also was prompted by the discovery of system security flaws. In the intervening years, Interior IT executives have upgraded system security, and Lamberth has progressively allowed more of the systems to be reconnected. [1] http://www.gcn.com/23_6/news/25328-1.html From isn at c4i.org Thu May 5 05:28:39 2005 From: isn at c4i.org (InfoSec News) Date: Thu May 5 05:38:24 2005 Subject: [ISN] Secunia Weekly Summary - Issue: 2005-18 Message-ID: ======================================================================== The Secunia Weekly Advisory Summary 2005-04-28 - 2005-05-05 This week : 69 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ======================================================================== 2) This Week in Brief: Netscape has been found vulnerable to a vulnerability, which was first reported in Mozilla. Currently, no solution is available from the vendor. Refer to referenced Secunia advisory below for additional details. Reference: http://secunia.com/SA15135 -- Apple has released a security update for Mac OS X, which corrects 19 vulnerabilities. Complete details about each issue can be found in referenced Secunia advisory below. References: http://secunia.com/SA15227 VIRUS ALERTS: During the last week, Secunia issued 1 MEDIUM RISK virus alert. Please refer to the grouped virus profile below for more information: Sober.P - MEDIUM RISK Virus Alert - 2005-05-02 22:55 GMT+1 http://secunia.com/virus_information/17688/sober.p/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA15103] Netscape GIF Image Netscape Extension 2 Buffer Overflow 2. [SA14654] Mozilla Firefox Three Vulnerabilities 3. [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability 4. [SA15135] Netscape DOM Nodes Validation Vulnerability 5. [SA15153] Symantec AntiVirus Products RAR Archive Virus Detection Bypass 6. [SA12758] Microsoft Word Document Parsing Buffer Overflow Vulnerabilities 7. [SA15064] Microsoft Windows Image Rendering Denial of Service Vulnerability 8. [SA15023] Realplayer/RealOne RAM File Processing Buffer Overflow Vulnerability 9. [SA14938] Mozilla Firefox Multiple Vulnerabilities 10. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA15192] GlobalScape Secure FTP Command Parsing Buffer Overflow [SA15239] ASP Inline Corporate Calendar "Event_ID" SQL Injection [SA15234] Mercur Messaging Multiple Vulnerabilities [SA15214] MaxWebPortal Multiple SQL Injection Vulnerabilities [SA15190] Ecomm Professional Guestbook "AdminPWD" SQL Injection [SA15178] Ocean12 Mailing List Manager Pro SQL Injection Vulnerability [SA15175] Golden FTP Server Pro Directory Traversal Vulnerability [SA15173] enVivo!CMS SQL Injection Vulnerabilities [SA15242] NetWin DMail Server Two Vulnerabilities [SA15231] 602LAN SUITE Local File Detection and Denial of Service [SA15230] 04WebServer Directory Traversal Vulnerability [SA15171] ICUII Disclosure of Passwords [SA15179] Kerio Products Password Brute Force and Denial of Service [SA15184] NotJustBrowsing Disclosure of Lock Password UNIX/Linux: [SA15236] Fedora update for kdelibs [SA15227] Mac OS X Security Update Fixes Multiple Vulnerabilities [SA15210] Slackware update for xine-lib [SA15203] SUSE Updates for Multiple Packages [SA15202] Gentoo update for pound [SA15199] Ubuntu update for kdelibs [SA15189] Mandriva update for xpm [SA15182] Red Hat update for php [SA15180] Red Hat update for mozilla [SA15243] Ubuntu update for cvs [SA15238] Ubuntu update for kommander [SA15225] Open WebMail Shell Command Injection Vulnerability [SA15211] Avaya Kerberos Telnet Client vulnerabilities [SA15193] GnuTLS Record Packet Parsing Denial of Service Vulnerability [SA15188] Red Hat update for kernel [SA15187] Red Hat update for kernel [SA15183] Fedora update for kdewebdev [SA15177] OpenBSD update for cvs [SA15172] Debian update for ethereal [SA15170] Debian update for prozilla [SA15217] PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities [SA15240] MaraDNS Unspecified Random Number Generator Vulnerability [SA15237] Fedora update for tcpdump [SA15229] Debian update for smartlist [SA15221] SmartList confirm Add-On Arbitrary Addresses Subscribe [SA15194] Gentoo update for horde [SA15228] Ubuntu update for libnet-ssleay-perl [SA15224] Mac OS X pty Permission Security Issue [SA15207] Perl Net::SSLeay Module Entropy Source Manipulation [SA15201] Cocktail Exposure of Administrator Password [SA15198] Gentoo phpmyadmin Installation Script Insecure Permissions [SA15197] Ce/Ceterm Privilege Escalation Vulnerabilities [SA15196] ArcInfo Workstation Format String and Buffer Overflow Vulnerabilities [SA15191] Fedora update for Perl [SA15186] Red Hat update for glibc [SA15185] Mandriva update for perl [SA15252] leafnode Two Denial of Service Issues [SA15204] Linux Kernel Local Denial of Service Vulnerabilities Other: [SA15205] BIG-IP / 3-DNS ICMP Handling Denial of Service Vulnerability Cross Platform: [SA15216] osTicket Multiple Vulnerabilities [SA15213] SitePanel Multiple Vulnerabilities [SA15195] Mtp Target Format String and Denial of Service Vulnerabilities [SA15233] LibTomCrypt Unspecified ECC Signature Scheme Vulnerability [SA15232] FishCart Cross-Site Scripting and SQL Injection Vulnerabilities [SA15220] PRADO Unspecified ViewState Data Vulnerability [SA15219] Woltlab Burning Board JGS-Portal "id" SQL Injection [SA15208] eSKUeL "ConfLangCookie" and "lang_config" Local File Inclusion [SA15206] BirdBlog BB Code Script Insertion Vulnerability [SA15181] ViArt Shop Enterprise Cross-Site Scripting and Script Insertion [SA15226] OpenView Event Correlation Services Unspecified Vulnerabilities [SA15223] OpenView Network Node Manager Unspecified Vulnerabilities [SA15218] Web Crossing "webx" Cross-Site Scripting Vulnerability [SA15215] Symantec Products ICMP Handling Denial of Service [SA15235] GraphicsMagick PNM Image Decoding Buffer Overflow Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA15192] GlobalScape Secure FTP Command Parsing Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2005-05-02 Mati Aharoni has reported a vulnerability in GlobalScape Secure FTP Server, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15192/ -- [SA15239] ASP Inline Corporate Calendar "Event_ID" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-05-04 Zinho has reported a vulnerability in ASP Inline Corporate Calendar, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15239/ -- [SA15234] Mercur Messaging Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2005-05-04 Dr_insane has reported some vulnerabilities in Mercur Messaging, which can be exploited by malicious people to manipulate files and disclose sensitive information. Full Advisory: http://secunia.com/advisories/15234/ -- [SA15214] MaxWebPortal Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-05-03 Soroush Dalili and Crkchat has reported some vulnerabilities in MaxWebPortal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15214/ -- [SA15190] Ecomm Professional Guestbook "AdminPWD" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-04-29 A vulnerability has been reported in Ecomm Professional Guestbook, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15190/ -- [SA15178] Ocean12 Mailing List Manager Pro SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-04-29 Zinho has reported a vulnerability in Ocean12 Mailing List Manager Pro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15178/ -- [SA15175] Golden FTP Server Pro Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information Released: 2005-05-03 Lachlan. H has reported a vulnerability in Golden FTP Server Pro, which can be exploited by malicious users to access arbitrary files on a vulnerable system. Full Advisory: http://secunia.com/advisories/15175/ -- [SA15173] enVivo!CMS SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-04-29 Diabolic Crab has reported some vulnerabilities in enVivo!CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15173/ -- [SA15242] NetWin DMail Server Two Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, System access Released: 2005-05-04 Tan Chew Keong has reported two vulnerabilities in NetWin DMail Server, which can be exploited by malicious people to bypass certain security restrictions or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15242/ -- [SA15231] 602LAN SUITE Local File Detection and Denial of Service Critical: Less critical Where: From remote Impact: Exposure of system information, DoS Released: 2005-05-03 Dr_insane has discovered a vulnerability in 602LAN SUITE, which can be exploited by malicious people to detect the presence of local files and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15231/ -- [SA15230] 04WebServer Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2005-05-03 Dr_insane has discovered a vulnerability in 04WebServer, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/15230/ -- [SA15171] ICUII Disclosure of Passwords Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2005-04-29 Kozan has discovered a security issue in ICUII, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/15171/ -- [SA15179] Kerio Products Password Brute Force and Denial of Service Critical: Not critical Where: From local network Impact: Brute force, DoS Released: 2005-05-02 Javier Munoz has reported two weaknesses in Kerio WinRoute Firewall, Kerio MailServer and Kerio Personal Firewall, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) and brute force passwords. Full Advisory: http://secunia.com/advisories/15179/ -- [SA15184] NotJustBrowsing Disclosure of Lock Password Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2005-05-02 Kozan has discovered a security issue in NotJustBrowsing, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/15184/ UNIX/Linux:-- [SA15236] Fedora update for kdelibs Critical: Highly critical Where: From remote Impact: System access Released: 2005-05-03 Fedora has issued an update for kdelibs. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15236/ -- [SA15227] Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access Released: 2005-05-04 Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. Full Advisory: http://secunia.com/advisories/15227/ -- [SA15210] Slackware update for xine-lib Critical: Highly critical Where: From remote Impact: System access Released: 2005-05-03 Slackware has issued an update for xine-lib. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15210/ -- [SA15203] SUSE Updates for Multiple Packages Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-05-02 SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15203/ -- [SA15202] Gentoo update for pound Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2005-05-02 Gentoo has issued an update for pound. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15202/ -- [SA15199] Ubuntu update for kdelibs Critical: Highly critical Where: From remote Impact: System access Released: 2005-05-03 Ubuntu has issued an update for kdelibs. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15199/ -- [SA15189] Mandriva update for xpm Critical: Highly critical Where: From remote Impact: System access Released: 2005-05-02 Mandriva has issued an update for xpm. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15189/ -- [SA15182] Red Hat update for php Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2005-04-29 Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to access files outside the "open_basedir" root and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15182/ -- [SA15180] Red Hat update for mozilla Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access, Security Bypass Released: 2005-04-29 Red Hat has issued an update for mozilla. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information and perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive and system information, bypass certain security restrictions, trick users into downloading malicious files and compromise a user's system. Full Advisory: http://secunia.com/advisories/15180/ -- [SA15243] Ubuntu update for cvs Critical: Moderately critical Where: From remote Impact: System access Released: 2005-05-04 Ubuntu has issued an update for cvs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15243/ -- [SA15238] Ubuntu update for kommander Critical: Moderately critical Where: From remote Impact: System access Released: 2005-05-04 Ubuntu has issued an update for kommander. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15238/ -- [SA15225] Open WebMail Shell Command Injection Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2005-05-03 A vulnerability has been reported in Open WebMail, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15225/ -- [SA15211] Avaya Kerberos Telnet Client vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2005-05-02 Avaya has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15211/ -- [SA15193] GnuTLS Record Packet Parsing Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-05-02 A vulnerability has been reported in GnuTLS, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15193/ -- [SA15188] Red Hat update for kernel Critical: Moderately critical Where: From remote Impact: Privilege escalation, DoS Released: 2005-04-29 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited to gain escalated privileges or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15188/ -- [SA15187] Red Hat update for kernel Critical: Moderately critical Where: From remote Impact: DoS, Privilege escalation Released: 2005-04-29 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited to gain escalated privileges or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15187/ -- [SA15183] Fedora update for kdewebdev Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-29 Fedora has issued an update for kdewebdev. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15183/ -- [SA15177] OpenBSD update for cvs Critical: Moderately critical Where: From remote Impact: Unknown, DoS, System access Released: 2005-04-29 OpenBSD has issued an update for cvs. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15177/ -- [SA15172] Debian update for ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-04-29 Debian has issued an update for ethereal. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15172/ -- [SA15170] Debian update for prozilla Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-29 Debian has issued an update for prozilla. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15170/ -- [SA15217] PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities Critical: Moderately critical Where: From local network Impact: Unknown, Privilege escalation, DoS Released: 2005-05-04 Two vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/15217/ -- [SA15240] MaraDNS Unspecified Random Number Generator Vulnerability Critical: Less critical Where: From remote Impact: Unknown Released: 2005-05-04 A vulnerability with an unknown impact has been reported in MaraDNS. Full Advisory: http://secunia.com/advisories/15240/ -- [SA15237] Fedora update for tcpdump Critical: Less critical Where: From remote Impact: DoS Released: 2005-05-03 Fedora has issued an update for tcpdump. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15237/ -- [SA15229] Debian update for smartlist Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-05-04 Debian has issued an update for smartlist. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/15229/ -- [SA15221] SmartList confirm Add-On Arbitrary Addresses Subscribe Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-05-04 Jeroen van Wolffelaar has reported a vulnerability in the confirm add-on for SmartList, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/15221/ -- [SA15194] Gentoo update for horde Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-05-02 Gentoo has issued updates for horde, horde-vacation, horde-turba, horde-passwd, horde-nag, horde-mnemo, horde-kronolith, horde-imp, horde-accounts, horde-forwards and horde-chora. These fix a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15194/ -- [SA15228] Ubuntu update for libnet-ssleay-perl Critical: Less critical Where: Local system Impact: Manipulation of data Released: 2005-05-04 Ubuntu has issued an update for libnet-ssleay-perl. This fixes a vulnerability, which can be exploited by malicious, local users to weaken certain cryptographic operations. Full Advisory: http://secunia.com/advisories/15228/ -- [SA15224] Mac OS X pty Permission Security Issue Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2005-05-04 Matt Johnston has discovered a security issue in Mac OS X, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information. Full Advisory: http://secunia.com/advisories/15224/ -- [SA15207] Perl Net::SSLeay Module Entropy Source Manipulation Critical: Less critical Where: Local system Impact: Manipulation of data Released: 2005-05-04 Javier Fernandez-Sanguino Pena has reported a vulnerability in the Net::SSLeay module for Perl, which can be exploited by malicious, local users to weaken certain cryptographic operations. Full Advisory: http://secunia.com/advisories/15207/ -- [SA15201] Cocktail Exposure of Administrator Password Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2005-05-02 sonderling has reported a security issue in Cocktail, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/15201/ -- [SA15198] Gentoo phpmyadmin Installation Script Insecure Permissions Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2005-05-02 A security issue has been reported in phpmyadmin, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/15198/ -- [SA15197] Ce/Ceterm Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-05-02 Kevin Finisterre has reported some vulnerabilities in Ce/Ceterm, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15197/ -- [SA15196] ArcInfo Workstation Format String and Buffer Overflow Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-05-02 Kevin Finisterre has reported some vulnerabilities in ArcInfo Workstation, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15196/ -- [SA15191] Fedora update for Perl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-05-03 Fedora has issued an update for perl. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15191/ -- [SA15186] Red Hat update for glibc Critical: Less critical Where: Local system Impact: Exposure of system information, Privilege escalation Released: 2005-04-29 Red Hat has issued an update for glibc. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of some system information or perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/15186/ -- [SA15185] Mandriva update for perl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-05-02 Mandriva has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15185/ -- [SA15252] leafnode Two Denial of Service Issues Critical: Not critical Where: From remote Impact: DoS Released: 2005-05-05 Two issues have been reported in leafnode, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15252/ -- [SA15204] Linux Kernel Local Denial of Service Vulnerabilities Critical: Not critical Where: Local system Impact: DoS Released: 2005-05-02 Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15204/ Other:-- [SA15205] BIG-IP / 3-DNS ICMP Handling Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2005-05-02 F5 Networks has acknowledged a vulnerability in BIG-IP and 3-DNS, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15205/ Cross Platform:-- [SA15216] osTicket Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access Released: 2005-05-03 James Bercegay has reported some vulnerabilities in osTicket, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to conduct cross-site scripting and script insertion attacks, disclose sensitive information and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15216/ -- [SA15213] SitePanel Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access Released: 2005-05-03 James Bercegay has reported some vulnerabilities in SitePanel, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15213/ -- [SA15195] Mtp Target Format String and Denial of Service Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-05-02 Luigi Auriemma has reported two vulnerabilities in Mtp Target, which can be exploited to malicious people to cause a DoS (Denial of Service) or compromise a user's system. Full Advisory: http://secunia.com/advisories/15195/ -- [SA15233] LibTomCrypt Unspecified ECC Signature Scheme Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2005-05-04 A vulnerability with an unknown impact has been reported in LibTomCrypt. Full Advisory: http://secunia.com/advisories/15233/ -- [SA15232] FishCart Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-05-04 Diabolic Crab has reported some vulnerabilities in FishCart, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/15232/ -- [SA15220] PRADO Unspecified ViewState Data Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2005-05-04 A vulnerability with an unknown impact has been reported in PRADO. Full Advisory: http://secunia.com/advisories/15220/ -- [SA15219] Woltlab Burning Board JGS-Portal "id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-05-03 [R] has reported a vulnerability in the JGS-Portal module for Woltlab Burning Board, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15219/ -- [SA15208] eSKUeL "ConfLangCookie" and "lang_config" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2005-05-04 Gerardo Di Giacomo has reported two vulnerabilities in eSKUeL, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/15208/ -- [SA15206] BirdBlog BB Code Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-05-03 A vulnerability has been reported in BirdBlog, which potentially can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/15206/ -- [SA15181] ViArt Shop Enterprise Cross-Site Scripting and Script Insertion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-05-02 Lostmon has reported some vulnerabilities in ViArt Shop Enterprise, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/15181/ -- [SA15226] OpenView Event Correlation Services Unspecified Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2005-05-03 Some vulnerabilities have been reported in OpenView Event Correlation Services, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15226/ -- [SA15223] OpenView Network Node Manager Unspecified Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2005-05-03 Some vulnerabilities have been reported in HP OpenView Network Node Manager (OV NNM), which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15223/ -- [SA15218] Web Crossing "webx" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-05-03 Dr_insane has reported a vulnerability in Web Crossing, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15218/ -- [SA15215] Symantec Products ICMP Handling Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2005-05-03 Symantec has acknowledged some security issues in various products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15215/ -- [SA15235] GraphicsMagick PNM Image Decoding Buffer Overflow Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2005-05-03 A vulnerability has been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15235/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@secunia.com Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 From isn at c4i.org Thu May 5 14:20:58 2005 From: isn at c4i.org (InfoSec News) Date: Thu May 5 14:32:48 2005 Subject: [ISN] Security, wireless continue to attract investors' money Message-ID: http://www.networkworld.com/news/2005/050405-moneytree.html By Cara Garretson Network World Fusion 05/04/05 Most networking start-ups that received venture capital during the first quarter of 2005 focus on tried-and-true technology, underlining investors' continued apprehension to place risky bets on companies in this sector. According to a special slice done for Network World of the MoneyTree Survey by PricewaterhouseCoopers (PwC), Thomson Venture Economics and the National Venture Capital Association, 335 companies in networking and related sectors received funding during the first quarter, totaling $2 billion. That's down slightly from 2004's fourth-quarter level of 353 companies totaling $2.1 billion. For purposes of this report, the networking industry is defined as companies in telecommunications, networking, software, computer and peripherals. The networking segment "has got a pretty steady-course track record over the last couple years that suggests sustained investments," says Tracy Lefteroff, global managing partner of PwC's venture capital and private equity practice. "The sector is not going away, and is poised to pick up." Areas where investors put their money in the first quarter echoed the trends of the last few years, says Lefteroff. Those areas include just about anything related to security, as well as wireless communications, e-commerce systems and network management and infrastructure. The first quarter's largest deal was a $108 million investment in anti-spyware maker WebRoot, led by Technology Crossover Ventures, Accel Partners and Mayfield, providing evidence that the security sector continues to be a main attraction for investors. Other top investments of the quarter include $32 million in CEH Holdings, an early-stage maker of Internet commerce services, and $30 million in CSM Wireless, an outsourcer of wireless data translation. Despite this continuation of investment trends during the first quarter, some venture capitalists say there are interesting new areas within the networking market that will be worth exploring this year. The convergence of wireless and VoIP networks, as well as the meshing of entertainment and media, will drive the need for innovative start-ups that can produce technology to support these trends, says Lefteroff. While the MoneyTree Survey reports that investments in networking companies remained flat over the past few years, another venture capital report issued last week detailed an up tick in deals involving communications companies. The Quarterly Venture Capital Report by VentureOne and Ernst & Young late last month, tracked 68 investments in communications companies during the first quarter of 2005, a level that hasn't been reached in over two years. This discrepancy among reports is likely caused by differing definitions of the communications sector. From isn at c4i.org Thu May 5 14:21:29 2005 From: isn at c4i.org (InfoSec News) Date: Thu May 5 14:32:51 2005 Subject: [ISN] [HUMOR] Arizona Man Steals Bush's Identity, Vetos Bill, Meets With Mexican President Message-ID: http://www.theonion.com/news/index.php?issue=4118 The Onion VOLUME 41 ISSUE 18 4 MAY 2005 WASHINGTON, DC - Confusion and disbelief reigned at the White House after President Bush announced Monday that an Arizona man, known to authorities only as H4xX0r1337, stole his identity and used it to buy electronic goods, veto a bill, and meet with Mexican President Vicente Fox. "This is incredibly frustrating," Bush told reporters Tuesday. "Not only does this guy have my credit-card information, he has my Social Security number, all my personal information, and the launch codes for a number of ballistic intercontinental nuclear missiles. I almost don't want to think about it." "I feel so violated," Bush added. Bush said he has canceled his credit cards and changed the national-security codes, but he labeled the process a "total nightmare." "It's a huge ordeal," Bush said. "Everything will be straightened out eventually, but my credit rating and political capital are down the tubes. I asked the FBI, and they aren't even sure how long this guy's had my identity. For all I know, he's started up his own oil refinery somewhere in Alaska." Bush said he began to suspect something was wrong when he received a card from Sen. Bill Frist, thanking him for vetoing the Digital Media Consumers' Rights Act of 2005. "I thought I was going crazy," Bush said. "I had no recollection of even reading that piece of legislation, much less killing it. At first, I thought Frist had things mixed up, but I checked the records, and sure enough, someone with my credentials came into the White House in late March while I was on my ranch and vetoed that bill." Bush said he only recognized the full magnitude of the problem last Tuesday, when Mexican President Fox called to thank him for the "incredibly positive and productive summit." "Vicente said I had agreed to an aid package for his country," Bush said. "It was like I was in cuckoo-land. That's when I called [FBI Director Robert] Mueller. I said, 'You may want to sit down for this one, Bob. I think someone stole my identity.'" According to Mueller, examining Bush's recent outgoing e-mail led him to believe that the president's identity was probably stolen about five weeks ago, when he responded to an e-mail from paypal783@hotmail.com asking him to comply with PayPal security measures by entering all 12 of his credit-card numbers, his Social Security number, his passwords, and his personal identification numbers. "It appears that the president is among the many thousands of Americans who have fallen for so-called 'phishing' scams," Mueller said. "One should never give out sensitive personal information in response to an e-mail. If the president had read the memo we sent out a few months ago, he would have known that." Although the FBI has traced H4xX0r1337's now-defunct ISP account to a Mail Boxes, Etc. mailbox in Tempe, AZ, Mueller said apprehending H4xX0r1337 may prove more difficult. "Identity thieves and hackers are notoriously difficult to locate," Mueller said. "They are often highly intelligent and very skilled at covering their tracks. Making it more difficult, H4xX0r1337 seems to have used his credentials to commandeer Air Force One. At this moment, he could be anywhere in the world." Bush said he will likely need to spend the entire week reclaiming his identity, adding that he wished to thank everyone who has already assisted him in the process. "The FBI has been working tirelessly to find this man who hides in the shadows and perpetrates computer terrorism," Bush said. "I'd also like to thank Debrina at Bank One's customer-service center. She was very courteous and super helpful." This is not the first time a hacker has stolen the identity of a political figure. In February 2004, police arrested Columbus, OH's HotGrrrl69 after the 16-year-old was caught campaigning for John Kerry while posing as Sen. Barbara Boxer (D-CA). From isn at c4i.org Fri May 6 09:16:27 2005 From: isn at c4i.org (InfoSec News) Date: Fri May 6 09:28:44 2005 Subject: [ISN] Microsoft revamps security hole approach Message-ID: http://www.techworld.com/security/news/index.cfm?NewsID=3612 By Matthew Broersma Techworld 06 May 2005 Microsoft has a new security service that will provide an immediate response when researchers publicise unpatched vulnerabilities. The pilot programme run by the Microsoft Security Research Center (MSRC) and called simply Microsoft Security Advisories, complements the monthly scheduled Security Bulletins ordinarily accompanied by patches. Unlike the bulletins though, advisories will not have to meet any fixed schedule, being issued instead as soon as possible after a vulnerability is disclosed, Microsoft said. The advisories will be used to address various issues arising between the monthly bulletins, including vulnerability disclosures and phishing scams. The advisories "will address security changes that may not require a security bulletin but that may still impact customers? overall security," said Nick McGrath, Microsoft's head of platform strategy. "Customers have told us that they want more prescriptive and timely guidance on security issues." In the past, Microsoft has limited its detailed comments to the monthly bulletins, responding to other issues with short statements. A noticeable shift came last month when MSRC programme manager Stephen Toulouse used the MSRC blog to discuss a flaw that had been disclosed in Windows 2000 systems. Typically, Microsoft uses such discussions to downplay the severity of unpatched flaws. The advisory system is the latest development in an ongoing debate over how software vendors and security researchers should balance the need for users to be aware of vulnerabilities with the need for discretion. Microsoft has criticised security researchers for discussing flaws before a patch has been released. For their part, many researchers have said they only disclose vulnerability information if they are unable to convince Microsoft to take action. From isn at c4i.org Fri May 6 09:18:01 2005 From: isn at c4i.org (InfoSec News) Date: Fri May 6 09:28:47 2005 Subject: [ISN] How Broad a Data Breach Disclosure Law? Message-ID: http://www.internetnews.com/bus-news/article.php/3502781 By Roy Mark May 5, 2005 WASHINGTON -- And now for the hard part: just how would a national data breach disclosure law work? With bills now in the House and the Senate that would force data brokers and financial institutions to inform consumers of a breach, Congress is looking at the nitty-gritty details of the legislation. "One of my concerns, given the dramatic rise in recent reports on data braches, is there will be a headlong rush for notification in every instance," House Financial Services Committee Chairman Michael Oxley (R-Ohio) said at a Capitol Hill hearing. The problem, Oxley suggested, is overkill. "When no evidence surfaces to indicate their information has been misused, consumers may begin to ignore those notices as just that many more pieces of unsolicited junk mail," he said. According to Oxley, only a small percentage of the highly publicized cases of data breaches have actually resulted in any fraudulent activity. For example, Bank of America recently revealed that data backup tapes containing more than a million records were lost during transport to a backup data center. A total of 15 tapes were shipped to the data center with five disappearing. Two of the lost tapes included customer information while the other three tapes held non-sensitive, backup software. "As to the tapes themselves, sophisticated equipment, software and operator expertise are all required to access the information," said Barbara Desoer of Bank of America. "In addition, specific knowledge of the manner in which the data is stored, that is, the fragmented nature of the data and the steps required to reassemble it would be required." Desoer said the Secret Service has informed Bank of America that no evidence exists to indicate the tapes were wrongfully accessed or their content compromised. Nevertheless, Desoer said, Bank of America supports a national disclosure law. "Our recent actions demonstrate our belief that customers have a right to know when there is reason to believe that their information may have been compromised," she said. Data broker ChoicePoint, which has also suffered embarrassing data breaches, also threw its support to a national law. "We support a pre-emptive national law that would provide for notification to consumers and a single law enforcement point of contact when personally identifiable information has fallen into inappropriate hands," Don McGuffy, a ChoicePoint senior vice president, said. The breach disclosure bills in the House and Senate are based on California's new legislation, which requires a business or government agency to notify an individual in writing or by e-mail when it is believed that unencrypted personal information has been compromised. Sen. Diane Feinstein's bill goes beyond the California law to include encrypted data and allows individuals to put a seven-year fraud alert on their credit report. The legislation proposes a $1,000 per individual civil fine for failure to notify or not more than $50,000 per day while the failure to notify continues. From isn at c4i.org Fri May 6 09:18:41 2005 From: isn at c4i.org (InfoSec News) Date: Fri May 6 09:28:50 2005 Subject: [ISN] Linux Advisory Watch - May 6th 2005 Message-ID: +---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 6th, 2005 Volume 6, Number 18a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, perhaps the most interesting articles include ethereal, prozilla, smartlist, kdewebdev, wireless-tools, gimp, bootparamd, tcpdump, kdelibs, vte, php, words, util-linux, lapack, gnuutils, and glibc. The distributors include Conectiva, Debian, Fedora, Gentoo, and Red Hat. --- ## Internet Productivity Suite: Open Source Security ## Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more! http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml --- Review: The Book of Postfix: State-of-the-Art Message Transport By: Pete O'Hara I was very impressed with "The Book of Postfix" by authors Ralf Hildebrandt and Patrick Koetter and feel that it is an incredible Postfix reference. It gives a great overall view of the operation and management of Postfix in an extremely systematic and practical format. It flows in a logical manner, is easy to follow and the authors did a great job of explaining topics with attention paid to real world applications and how to avoid many of the associated pitfalls. I am happy to have this reference in my collection. The authors have taken the time to clearly answer the key questions that are of real practical value. There is no excessive or superflous material here that, although may good to know, won't divert attention from the topic of configuring a solid MTA. The book is very well focused and the authors' hard work is obvious. There are sections where someone else may have left good enough alone but they went the extra mile to make sure that this book answered the important questions fully. "The Book of Postfix" starts with "A Postmaster's Primer To Email" and continues through all of the key topics in a sensible progression so that even if you are fairly new to administering email you are taught in a sequential manner that promotes understanding. The comprehensive list of topics encompasses single and multiple domain servers, dial-ups, SMTP restrictions, internal and external content filters, mail gateways, SMTP proxy, SMTP authentication, SASL, LDAP, SQL integration, Transport Layer Security, chroots, rate limiting, performance tuning, and trouble shooting. It covers a good amount of ground. The numerous "NOTE" and "CAUTION" sections provide great additional detail to real world scenarious that I found extremely relevant and useful. For each topic there is also an invaluable "TESTING" section so that you can verify for yourself that you are in fact getting the expected behavior. The imperative topic of security is always kept in mind in the confugrations and the accompanying diagrams and flow charts do an excellent job of enhancing the text and providing extra clarity. Read complete review: http://www.linuxsecurity.com/content/view/119027/49/ ---------------------- Measuring Security IT Success In a time where budgets are constrained and Internet threats are on the rise, it is important for organizations to invest in network security applications that will not only provide them with powerful functionality but also a rapid return on investment. In most organizations IT success is generally calculated through effectiveness, resource usage and, most importantly, how quickly the investment can be returned. To correctly quantify the ROI of information technology, organizations usually measure cost savings and increased profits since the initial implementation. Additionally, ROI can also be affected based on the overall impact the investment has on employee productivity and overall work environment of the company. http://www.linuxsecurity.com/content/view/118817/49/ --- Getting to Know Linux Security: File Permissions Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved. Click to view video demo: http://www.linuxsecurity.com/content/view/118181/49/ --- The Tao of Network Security Monitoring: Beyond Intrusion Detection To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant. One of the greatest virtues of this book is that is offers real-life technical examples, while backing them up with relevant case studies. http://www.linuxsecurity.com/content/view/118106/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ * Conectiva: kernel Kernel update 2nd, May, 2005 The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. http://www.linuxsecurity.com/content/view/119036 +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New ethereal packages fix buffer overflow 28th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/119006 * Debian: New prozilla packages fix arbitrary code execution 28th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/119007 * Debian: New ethereal packages fix buffer overflow 28th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/119009 * Debian: New smartlist packages fix unauthorised un/subscription 3rd, May, 2005 Updated package. http://www.linuxsecurity.com/content/view/119045 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 3 Update: kdewebdev-3.3.1-2.1 28th, April, 2005 Updated package http://www.linuxsecurity.com/content/view/119013 * Fedora Core 3 Update: wireless-tools-27-2.2.0.fc3 28th, April, 2005 Fix iwlist command for devices that need more time to scan all their channels (ie Atheros 5212abg cards) http://www.linuxsecurity.com/content/view/119016 * Fedora Core 3 Update: spamassassin-3.0.3-3.fc3 29th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/119020 * Fedora Core 3 Update: gimp-2.2.6-0.fc3.2 30th, April, 2005 Updated package. http://www.linuxsecurity.com/content/view/119025 * Fedora Core 3 Update: bootparamd-0.17-19.FC3 2nd, May, 2005 Updated package http://www.linuxsecurity.com/content/view/119032 * Fedora Core 3 Update: tcpdump-3.8.2-8.FC3 2nd, May, 2005 Updated package. http://www.linuxsecurity.com/content/view/119033 * Fedora Core 3 Update: kdelibs-3.3.1-2.12.FC3 2nd, May, 2005 A buffer overflow was found in the kimgio library for KDE 3.3.1. An attacker could create a carefully crafted PCX image in such a way that it would cause kimgio to execute arbitrary code when processing the image. http://www.linuxsecurity.com/content/view/119034 * Fedora Core 3 Update: vte-0.11.13-1.fc3 2nd, May, 2005 A whole bunch of upstream fixes for speed, rendering glitches and memory use reduction. http://www.linuxsecurity.com/content/view/119037 * Fedora Core 3 Update: perl-5.8.5-12.FC3 2nd, May, 2005 Security and packaging fixes. http://www.linuxsecurity.com/content/view/119038 * Fedora Core 3 Update: php-4.3.11-2.5 3rd, May, 2005 This update fixes a compatibility issue between the PHP "snmp" extension (in the php-snmp package) and the recent upgrade of the net-snmp library=20 to version 5.2.1 http://www.linuxsecurity.com/content/view/119044 * Fedora Core 3 Update: policycoreutils-1.18.1-2.12 3rd, May, 2005 Updated package. http://www.linuxsecurity.com/content/view/119046 * Fedora Core 3 Update: words-3.0-2.3 4th, May, 2005 Updated package. http://www.linuxsecurity.com/content/view/119052 * Fedora Core 3 Update: util-linux-2.12a-24.1 4th, May, 2005 Updated package. http://www.linuxsecurity.com/content/view/119053 * Fedora Core 3 Update: system-config-bind-4.0.0-11 4th, May, 2005 Updated package. http://www.linuxsecurity.com/content/view/119054 * Fedora Core 3 Update: dhcp-3.0.1-42_FC3 4th, May, 2005 Updated package. http://www.linuxsecurity.com/content/view/119055 * Fedora Core 3 Update: lapack-3.0-26.fc3 5th, May, 2005 This update fixes problems in some lapack libraries (problems with compiler optimalization). This version contains all patches present in fc4 lapack version. http://www.linuxsecurity.com/content/view/119060 * Fedora Core 3 Update: system-config-bind-4.0.0-12 5th, May, 2005 Updated package. http://www.linuxsecurity.com/content/view/119061 * Fedora Core 3 Update: gnutls-1.0.20-3.1.1 5th, May, 2005 New gnutls version fixes CAN-2005-1431 problem (possible DOS attack) http://www.linuxsecurity.com/content/view/119062 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Heimdal Buffer overflow vulnerabilities 28th, April, 2005 Buffer overflow vulnerabilities have been found in the telnet client in Heimdal which could lead to execution of arbitrary code. http://www.linuxsecurity.com/content/view/119008 * Gentoo: Pound Buffer overflow vulnerability 30th, April, 2005 Pound is vulnerable to a buffer overflow that could lead to the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/119022 * Gentoo: eGroupWare XSS and SQL injection vulnerabilities 30th, April, 2005 eGroupWare is affected by several SQL injection and cross-site scripting (XSS) vulnerabilities. http://www.linuxsecurity.com/content/view/119023 * Gentoo: phpMyAdmin Insecure SQL script installation 30th, April, 2005 phpMyAdmin leaves the SQL install script with insecure permissions, potentially leading to a database compromise. http://www.linuxsecurity.com/content/view/119024 * Gentoo: Horde Framework Multiple XSS vulnerabilities 1st, May, 2005 Various modules of the Horde Framework are vulnerable to multiple cross-site scripting (XSS) vulnerabilities. http://www.linuxsecurity.com/content/view/119026 * Gentoo: Oops! Remote code execution 5th, May, 2005 The Oops! proxy server contains a remotely exploitable format string vulnerability, which could potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/119063 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Low: glibc security update 28th, April, 2005 Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat http://www.linuxsecurity.com/content/view/119010 * RedHat: Important: kernel security update 28th, April, 2005 Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the seventh regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119011 * RedHat: Important: kernel security update 28th, April, 2005 Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1 for 64-bit architectures. This is the seventh regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119012 * RedHat: Important: Mozilla security update 28th, April, 2005 Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119014 * RedHat: Moderate: PHP security update 28th, April, 2005 Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119015 * RedHat: Low: nasm security update 4th, May, 2005 An updated nasm package that fixes multiple security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119049 * RedHat: Moderate: evolution security update 4th, May, 2005 Updated evolution packages that fix various security issues are now available. This update has been rated as having moderate security impact by theRed Hat Security Response Team. http://www.linuxsecurity.com/content/view/119050 * RedHat: Moderate: PHP security update 4th, May, 2005 Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119051 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ From isn at c4i.org Mon May 9 04:23:56 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 9 04:36:00 2005 Subject: [ISN] Whoops! We Seem to Have Misplaced Your Identity Message-ID: Forwarded from: William Knowles http://www.nytimes.com/2005/05/08/business/08digi.html By RANDALL STROSS Published: May 8, 2005 THE diesel-powered utility van is the unappreciated speed demon of the digital age. Even lumbering along city streets in stop-and-go traffic, it can move a trillion bytes of corporate data across town far faster than if they were sent across the Internet. The homely Ford Econoline 350 is the workhorse of Iron Mountain, the dominating presence in the off-site data protection business. Its customers include more than three-fourths of Fortune 500 companies, and it had revenue of $1.82 billion last year, earned largely out of public sight as its unmarked vans shuttled among the back-office operations of its clients. Last week, however, Iron Mountain lost the luxury of going about its rounds invisibly. Time Warner, one of its clients, disclosed that personal information - including names and Social Security numbers for 600,000 current and former employees - had gone missing six weeks earlier while in the care of an unnamed "leader in data storage." The data had been, in fact, in an Iron Mountain van, and the few details about the incident that it and Time Warner have grudgingly divulged - such as the fact that the pick-up at Time Warner was 1 of 19 the van made bouncing around Manhattan on the fateful day - raise all sorts of questions. To begin with, why would such sensitive information be handled less like a guard-this-with-your-life briefcase entrusted to Brinks than like a fungible bundle handed to the Dy-Dee Diaper Service? Why was the data unencrypted? And why were trucks involved at all? Why wasn't the backup done via a secure online connection, an option that Iron Mountain offers as well as physical pickup? Why doesn't Iron Mountain eliminate the risk of midroute problems and retire its fleet of Econolines? Time Warner blamed Iron Mountain for the potential breach of confidential employee information and would say nothing more about the event. Its tapes were last seen on Iron Mountain's vans, so its position is that it's Iron Mountain's responsibility; end of discussion. Iron Mountain, for its part, gallantly declined to take Time Warner to task. It could have done so by saying how foolish Time Warner had been to send out sensitive personnel files in unencrypted form. Then again, Iron Mountain itself had failed to advise clients to encrypt files until April 21, when it issued a press release on the subject. This was too late to help Time Warner, whose tapes had disappeared a month earlier. Time Warner has now publicly vowed to floss regularly and encrypt always. Iron Mountain has adopted a scattershot approach in its public appeal for exoneration. Disappearing tapes - what its chief executive, C. Richard Reese, calls "inadvertent disclosures" - are a rare problem: 12 instances for every five million pick-ups or deliveries. Mr. Reese said he viewed the rarity of error as exemplary. Jim Stickley, one of the founders and the chief technical officer of Trace Security, a consulting firm based in Baton Rouge, La., is not impressed: "Imagine the Secret Service said that about presidents: 'Well, we protected most of them.' " Another argument pressed by Iron Mountain is that it knows of no instance when the loss of tapes has "resulted in the unauthorized access of personal information." Then again, have previous problems involved tapes filled with 600,000 names and matching Social Security numbers thoughtfully left unencrypted? Iron Mountain also takes too much comfort in the fact that the missing tapes are labeled only with a bar code. The company reasons that a thief in search of Time Warner's employees would not know which van to hit and which tapes to grab. But why assume a crime of planning and cunning? If the tapes landed accidentally in the hands of someone, who knew someone with the technical competence to take a look at their contents - in unencrypted form, not a difficult feat - what person of ill motive would toss aside those 600,000 names and Social Security numbers? Iron Mountain's best defense is that its reliance on trucks, which must be loaded and unloaded by all-too-fallible humans, is unavoidable for technical reasons. Online backups are not feasible for large companies, given the sheer mass of data, which has grown faster than the bandwidth of corporate Internet connections. Illustrative numbers provided by Iron Mountain would seem to settle the question. Consider a customer with 22,500 gigabytes (22.5 terabytes) of data that need to be ready for recovery from a disaster. Compressed - and, one hopes, encrypted - these fit onto 300 backup tapes, easily transported by the Econoline. Now consider the challenge of alternatively moving that data over the wire. Even with a pair of OC3 lines, each with 250 times the bandwidth of a home broadband connection, you would need more than 82 hours to send one set - though let's not forget that 8 to 10 hours are saved because tapes do not have to be created. And if disaster were to strike, it would take 82 hours to send these terabytes back over the wire for restoration. That's why "we're not driving the truck out of the equation," Mr. Reese said. THE example, however, best matches a picture in which the computing resources of the largest corporation consist of a single mainframe, all of its many terabytes of data concentrated in one place, susceptible to a single disaster. Bud Stoddard, the chief executive of AmeriVault, a rival company based in Boston that offers online backup services, says corporate data is distributed across thousands of servers and desktops. "Disasters happen every day, but they hit a server, or a department, or a building." he said. "They do not take out an enterprise's total data set." His company - as well as Iron Mountain - offers online disaster protection by copying data via the Internet to off-site servers. This eliminates the problem of limited bandwidth, as only incremental changes to a file, not the entire file, need to be sent. It also eliminates another potential problem: a faulty tape, discovered only when it is needed for restoration. Because of falling storage and bandwidth costs, it's now economically feasible to prepare for disaster by going digital instead of diesel, using a secure Internet connection to make an offsite mirror image of a corporation's vital data. And should catastrophe strike, a company need not wait hours or days for its backup data to return by wire: AmeriVault can load 500 gigabytes of backed-up data onto a portable drive, then speed it to a client. For that rare emergency, the trusty Econoline can be summoned for duty. Had Time Warner used the Internet to back up its data, the company would not now find itself reassuring its millions of subscribers - 21.7 million on AOL alone - that only employee information was in the missing tapes. The company has offered to the individuals listed in the database a one-year subscription to Equifax's Credit Watch service. Iron Mountain has not stepped forward to pick up the bill. It adheres to the same view as photo processors: if something goes wrong when your film is in their possession, they'll replace the film, but they take no responsibility for the lost photos. "Under standard liability, we are not responsible for the information stored on the tape," said Melissa Burman, an Iron Mountain spokeswoman. "That's because we never know what information is stored on any particular backup tape." But when a missing tape could expose hundreds of thousands of people to identity theft through no fault of their own, many of whom may retain lawyers happy to work on contingency, Iron Mountain and similar companies are probably glad they never know the contents. This unfortunate event, seemingly similar to a long list of recently revealed security incidents involving other companies and organizations, should stand apart for one reason: it could have been avoided so easily. It would have been a nonevent had Time Warner encrypted its personnel files before shipping them. Mr. Stickley of Trace Security advocates making encryption a matter of law: "The government should be stepping in and say, 'You must encrypt information that can ruin people's lives,' " he said. "It's that simple." -=- Randall Stross is a historian and author based in Silicon Valley. E-mail: ddomain (at) nytimes.com *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* From isn at c4i.org Mon May 9 04:24:09 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 9 04:36:02 2005 Subject: [ISN] Michigan State's Wharton Center says computer security breached Message-ID: http://www.freep.com/news/statewire/sw115435_20050506.htm May 6, 2005, 11:39 AM EAST LANSING, Mich. (AP) -- Michigan State University has warned more than 40,000 Wharton Center patrons that a hacker broke into a computer server involved in credit card processing for the performing arts venue. But so far, there has been no indication that credit card data was stolen. "There's no definitive evidence that credit card data was accessed or copied," Kent Love, Wharton Center spokesman, told the Lansing State Journal for a Friday story. The letter was sent to Wharton visitors who used their credit cards as far back as September 2003. Love said the intrusion, which is under investigation, was discovered April 26. -=- EDITOR'S NOTE -- For additional information on the security breach, visit the Wharton Center Web site at http://whartoncenter.com and scroll down to the "Information Intrusion FAQ." From isn at c4i.org Mon May 9 04:24:30 2005 From: isn at c4i.org (InfoSec News) Date: Mon May 9 04:36:05 2005 Subject: [ISN] Google's Accelerator Breaks Web Apps, Security Message-ID: http://www.eweek.com/article2/0,1759,1813761,00.asp By Matt Hicks May 6, 2005 Google's effort to speed the pace of Web browsing quickly aggravated some early users, who say that the software is delivering them Web pages under other users' logins and breaking Web applications. Google Inc.'s Web Accelerator application, launched as a test on Wednesday, uses a combination of local and server-based caching and preloading of Web pages to more quickly serve Web pages to a user's browser. Google's servers, in many ways, act as an intermediary between Web sites and a user's browser. But Google's approach has had some unintended consequences. Google officials Friday confirmed that the company was aware of as many as five sites where Web Accelerator was returning users cached pages under other people's user names. The Mountain View, Calif.-based company has stopped caching pages from those sites, said Marissa Mayer, Google's director of consumer Web. Users of some smaller Web forum sites have complained in online postings that they began receiving Web pages which displayed other people's user names after downloading Web Accelerator. The forum site, Somethingawful.com [1], was among those warning its users to avoid Web Accelerator because of reports that pages from other users' logins were exposed. "It is an unfortunate problem, but it looks worse than it is," Mayer said. "We are caching those pages on the server side with the user name on them- You see it, but it's important to point out that you are not logged in as user and you do not have the session cookies needed to perform operations as [that] user." Mayer said the problem stemmed from the way some sites have implemented their HTTP cache-control headers, which provide information such as language preferences to a browser. Google uses those headers to determine whether a page is meant for an individual user, in which case it would not live on its servers, Mayer said. Google plans to notify the Webmasters of the affected sites about the need to fix their cache-control headers as well as work on a solution within Web Accelerator, Mayer said. Web Accelerator already prevented secure sites using the HTTPS protocol, such as online banking and e-mail sites, from being cached. Web Accelerator's problems appear to extend beyond forum sites, though. Web-based software developer 37Signals LLC began blocking the program after discovering that it was initiating links which performed critical functions, such as account deletions, on 37Signal's Web applications. A few users complained about deleted accounts on 37Signals's Basecamp and Backpack applications, and the company traced the problem to Web Accelerator, said 37Signals President Jason Fried. To make matters worse, the problem occurred the same week that the Chicago-based company launched Backpack, a personal-information management application. "It was serious enough to frighten us, since we had just released a product and it coincided with Google's release," said Fried, who first wrote about the issue in his Weblog [2]. "We became aware of the Web Accelerator issue, and within 30 minutes of figuring it out we instituted a block." As for Web Accelerator's impact on Web applications, Mayer initially said that most of the reports she had seen appeared to be unsubstantiated. When informed about 37Signals' problems, she said that it is possible that some sites are not complying with a Web standard used by Web Accelerator. Web Accelerator ignores links where a question mark appears before the URL string in the HTML code. A question mark is usually included in a string to indicate personally identifiable information such as a user ID and would typically be used in a link that performs a function like a deletion, Mayer said. "The product is in beta," Mayer said. "It could be that our assumption around the question mark and the way sites comply with the standard is incorrect. If that is the case, then we'll have to redesign the prefetch algorithm." Fried acknowledged that the applications do not conform to all standards. For example, functions such as a deletion technically should be handled with buttons rather than links, he said. Google needs to recognize, however, that many sites use methods that vary from standards, he said. "To me, the real test here is not so much that Google may have made mistake but how they respond to it," Fried said. "Are they going to call it a mistake or blame everyone else to [make them] build products the way they should be built in a perfect world?" For other users, Web Accelerator has caused a number of unwanted changes to their Web browsing. Mike Rumble, a Web programmer at U.K.-based Lawton Communications Group Ltd., said he downloaded Web Accelerator on Thursday and soon noticed that about one out of every 20 Web sites were failing to load. Instead, he was redirected to an error page from Web Accelerator, prompting him to try again or to search on Google. Rumble faced more trouble when he visited his Web-based e-mail account from Apple Computer Inc.'s .Mac service. He was continuously logged out of the account, something he blamed on Web Accelerator's preloading of pages. "After signing in it became impossible to get any use out of the service, as every click would lead back to a sign-in page," Rumble said in an e-mail interview. "It appears that the Web Accelerator's prefetching mechanism was signing me out of the service as soon as I had signed in, by 'clicking' on the sign-out link and killing my session." Rumble, who regularly tries out new software for his office, said he decided to disable Web Accelerator because he feared that it could also wreak havoc on his company's Web-based content management system. "Google Web Accelerator appears to be a poorly executed, potentially destructive product," he said. Similar sentiments to Rumble's have been shared in blog postings and online forums across the Web, though other users have said that they are finding that Web Accelerator is saving them time in their Web browsing. To Mayer, part of the backlash against Web Accelerator likely is a result of Google sitting in the middle between users' browsers and Web sites. By caching Web pages on Google's servers, Web Accelerator is following caching methods already in use by ISPs and by many corporate firewalls, Mayer said. But Google is making that activity more visible to users, who often are not aware that their employers or ISP may be serving them earlier versions of a Web page. "It does break the paradigm of how people are used to browsing," Mayer said. "It does change the experience slightly in little ways, and it's worth the tradeoff." [1] http://forums.somethingawful.com/showthread.php?s=935a9fdceab9656b2c04f964336ec06c&threadid=1550986 [2] http://www.37signals.com/svn/ From isn at c4i.org Tue May 10 03:16:13 2005 From: isn at c4i.org (InfoSec News) Date: Tue May 10 03:27:00 2005 Subject: [ISN] Linux Security Week - May 9th 2005 Message-ID: +---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 9th, 2005 Volume 6, Number 20n | | | | Editorial Team: Dave Wreski dave@linuxsecurity.com | | Benjamin D. Thomas ben@linuxsecurity.com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Why Snort makes IDS worth the time and effort," "Five Linux Security Myths You Can Live Without," and "Backups tapes a backdoor for identity thieves." --- ## Internet Productivity Suite: Open Source Security ## Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more! http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml --- LINUX ADVISORY WATCH This week, perhaps the most interesting articles include ethereal, prozilla, smartlist, kdewebdev, wireless-tools, gimp, bootparamd, tcpdump, kdelibs, vte, php, words, util-linux, lapack, gnuutils, and glibc. The distributors include Conectiva, Debian, Fedora, Gentoo, and Red Hat. http://www.linuxsecurity.com/content/view/119064/150/ --- Review: The Book of Postfix: State-of-the-Art Message Transport I was very impressed with "The Book of Postfix" by authors Ralf Hildebrandt and Pattrick Koetter and feel that it is an incredible Postfix reference. It gives a great overall view of the operation and management of Postfix in an extremely systematic and practical format. It flows in a logical manner, is easy to follow and the authors did a great job of explaining topics with attention paid to real world applications and how to avoid many of the associated pitfalls. I am happy to have this reference in my collection. http://www.linuxsecurity.com/content/view/119027/49/ --- Introduction: Buffer Overflow Vulnerabilities Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities. http://www.linuxsecurity.com/content/view/118881/49/ --- Getting to Know Linux Security: File Permissions Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. http://www.linuxsecurity.com/content/view/118181/49/ -------- >> The Perfect Productivity Tools << WebMail, Groupware and LDAP Integration provide organizations with the ability to securely access corporate email from any computer, collaborate with co-workers and set-up comprehensive addressbooks to consistently keep employees organized and connected. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05 --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------+ | Security News: | <<-----[ Articles This Week ]---------- +---------------------+ * Review: Deep Inspection Firewalls 6th, May, 2005 If it were on public display, this portion of our Firewall Blowout would be the geek equivalent of the Chicago Auto Show. Our Chicago Neohapsis partner labs focused on the muscle cars: enterprise-class, gigabit-capable network firewall appliances and turnkey systems that support high-availability stateful failover, VPNs and centralized management as well as DI (deep inspection), which we define as having the ability not only to perform stateful packet filtering, but also to inspect packet payloads higher up the OSI model using specific attack signatures and Layer 7 protocol engines. http://www.linuxsecurity.com/content/view/119072 * In praise of Gentoo 2nd, May, 2005 On the server end, you get the best release schedule in the business for security updates and bug fixes. On the desktop, you get the latest and greatest packages (if you enable 'beta' packages to be used) like KDE 3.4 (which I'm running), X.org with awesome openGL support, and a nicely compiled nvidia driver. Wonderful. Absolutely wonderful. http://www.linuxsecurity.com/content/view/119029 * From Operating System to Application: Web Survey Looks at Malware Trends 5th, May, 2005 "Two years ago, this list was dominated completely by weaknesses in operating systems," said SANS Institute Director of Research Alan Paller. "Now we're seeing more and more vulnerabilities in applications being exploited." The data also reveal that, for the first time, some security Latest News about Security and anti-virus software is vulnerable to hackers, creating a dangerous high-level backdoor into users' systems. http://www.linuxsecurity.com/content/view/119058 * Report: IT shops lax about logging 3rd, May, 2005 If a new report from the SANS Institute is any indication, enterprises are jeopardizing security by taking a sloppy approach to log keeping. As a result, the report recommends some companies abandon home-grown logging systems in favor of commercial tools or simply outsource the task. http://www.linuxsecurity.com/content/view/119043 * Why Snort makes IDS worth the time and effort 5th, May, 2005 The decision of whether to implement an intrusion-detection system (IDS) is a complicated one. Unfortunately, IDS has a well-deserved reputation for requiring a lot of "care and feeding" and commercial systems can be very expensive. However, there is an enterprise-grade open source IDS called Snort that may tip the scales over to a "can't lose" position. http://www.linuxsecurity.com/content/view/119057 * BlueCat Networks Previews its Proteus Enterprise IP Address Management 3rd, May, 2005 Networks, Inc., a leading provider of simple, secure and affordable network security appliances, today announced that it is previewing Proteus, its new enterprise class Internet protocol (IP) Address Management (IPAM) system at Networld+Interop in booth # 1124. http://www.linuxsecurity.com/content/view/119041 * Linux Labs International consolidates SELinux with Bproc 6th, May, 2005 Linux Labs International, Inc. ( LLII ), the world leader in Linux-based clustered supercomputer engineering, announced today a key milestone for security in supercomputing technology. With today's release of Nimbus 4.0, its out-of-the-box Linux cluster distribution, the leading Single System Image cluster architecture ( bproc ) is now seamlessly integrated with SELinux, the Security Enhanced Linux platform ( SELinux ). http://www.linuxsecurity.com/content/view/119068 * Backups tapes a backdoor for identity thieves 2nd, May, 2005 Large companies are reconsidering their security and backup policies after a handful of financial and information-technology companies have admitted that tapes holding unencrypted customer data have gone missing. http://www.linuxsecurity.com/content/view/119030 * Netcraft Phishing Site Feed Available 2nd, May, 2005 Netcraft launched an anti-phishing system at the start of 2005: people install a toolbar and effectively become part of a giant neighbourhood watch system whereby the most experienced members of the community can report phishing sites and effectively block them for the rest of the community. http://www.linuxsecurity.com/content/view/119035 * Infosecurity Europe 2005 Interviews 3rd, May, 2005 Rootsecure.net recently recorded a series of interviews with attendees at .Infosecurity Europe 2005., .Europe's number one, dedicated Information Security event.. Those interviewed include representatives from eEye Digital Security, Zone-H, Forensic Computing Ltd, British Computing Society, and a reformed serial website defacer. They are downloadable in MP3 or OGG Vorbis format http://www.linuxsecurity.com/content/view/119039 * China's largest bank switches to Linux 3rd, May, 2005 The Industrial Commercial Bank of China (ICBC) has decided to switch its servers to the Linux operating system after signing an agreement with Turbolinux. http://www.linuxsecurity.com/content/view/119040 * Moving IT management to a new paradigm 4th, May, 2005 IT management software ranges from hundreds of point solutions to huge integrated bundles for high-end enterprises. Aiming for a target in between is Robert Fanini, co-founder and CEO of GroundWork Open Source Solutions Inc., a startup in Emeryville, Calif., that has built its simple, low-priced IT management package on open source code. In this interview, Fanini explains how open source will open the eyes of now-doubting chief information officers (CIOs). http://www.linuxsecurity.com/content/view/119048 * Is VoIP Service the Next Big Target for Hackers? 5th, May, 2005 Internet telephone service's appeal as a cutting-edge technology for cutting phone costs is convincing more and more people to ditch their landlines and go hi-tech with Voice over Internet Protocol. http://www.linuxsecurity.com/content/view/119056 * Five Linux Security Myths You Can Live Without 6th, May, 2005 Before I wrote this article, I went to some Linux newsgroups to find out what typical concerns among security-conscious Linux users might be. I asked, simply, what they felt were the biggest myths surrounding Linux security. http://www.linuxsecurity.com/content/view/119065 * Sober Hasn't Slowed, Still Accounts For Four Of Five Worms And Viruses 6th, May, 2005 Sober.p, the worm that stormed the Internet Monday, showed no signs of fading away as of Thursday morning, an anti-virus vendor said. http://www.linuxsecurity.com/content/view/119066 * Business inaction could lead to data privacy laws 2nd, May, 2005 U.S. businesses for years have urged the government to let them set computer-security standards of their own, but their inability to do so could now prompt Congress to step in, experts say. http://www.linuxsecurity.com/content/view/119031 * House subcommittee elevates cybersecurity position 6th, May, 2005 A bill that would create a high-level cybersecurity official in the U.S. Department of Homeland Security (DHS) was approved Wednesday by a House of Representatives subcommittee. http://www.linuxsecurity.com/content/view/119071 * How a Bookmaker and a Whiz Kid Took On an Extortionist . and Won 3rd, May, 2005 The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors." http://www.linuxsecurity.com/content/view/119042 * Hackers Widen Their Attacks 4th, May, 2005 Hackers continue to develop new ways to infiltrate computer systems, staying one step ahead of software providers by targeting an array of applications, according to a recent report from the SANS Institute Latest News about SANS Institute. http://www.linuxsecurity.com/content/view/119047 * Spying on the spyware makers 5th, May, 2005 The 25-year-old researcher has spent years analyzing how spyware and adware programs work and publicizing his findings. That often results in red faces and, occasionally, lawsuit threats from companies like WhenU and Claria, formerly known as Gator. http://www.linuxsecurity.com/content/view/119059 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ From isn at c4i.org Tue May 10 03:17:50 2005 From: isn at c4i.org (InfoSec News) Date: Tue May 10 03:27:03 2005 Subject: [ISN] Internet Attack Called Broad and Long Lasting by Investigators Message-ID: http://www.nytimes.com/2005/05/10/technology/10cisco.html By JOHN MARKOFF and LOWELL BERGMAN Published: May 10, 2005 SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet. Now federal officials and computer security investigators have acknowledged that the Cisco break-in last year was only part of a more extensive operation - involving a single intruder or a small band, apparently based in Europe - in which thousands of computer systems were similarly penetrated. Investigators in the United States and Europe say they have spent almost a year pursuing the case involving attacks on computer systems serving the American military, NASA and research laboratories. The break-ins exploited security holes on those systems that the authorities say have now been plugged, and beyond the Cisco theft, it is not clear how much data was taken or destroyed. Still, the case illustrates the ease with which Internet-connected computers - even those of sophisticated corporate and government networks - can be penetrated and also the difficulty in tracing those responsible. Government investigators and other computer experts sometimes watched helplessly while monitoring the activity, unable to secure some systems as quickly as others were found compromised. The case remains under investigation. But attention is focused on a 16-year-old in Uppsala, Sweden, who was charged in March with breaking into university computers in his hometown. Investigators in the American break-ins ultimately traced the intrusions back to the Uppsala university network. The F.B.I. and the Swedish police said they were working together on the case, and one F.B.I. official said efforts in Britain and other countries were aimed at identifying accomplices. "As a result of recent actions" by law enforcement, an F.B.I. statement said, "the criminal activi