HNS Newsletter Issue 232 - 27.09.2004
Total Page:16
File Type:pdf, Size:1020Kb
HNS Newsletter Issue 232 - 27.09.2004. http://net-security.org This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. --------------------------------------------------------------------------------------------- IBMSecure World Technical University - November 23-26 - Berlin Do you know how effectively you can protect your IT infrastructure? --------------------------------------------------------------------------------------------- Security has become a very important concern in today’s wireless and network computing business. This conference offers 70 sesions organised around 5 main topics: Security Risk Management, Physical & Logical Security Integration and Recovery, Security Architectures & Solutions, Security Management and Control. In addition, you will also have the possibility to take part to a Technology Solutions Forum, during which IBM and its Partners will demonstrate their latest security solutions. Find out more on http://www.ibm.com/services/learning/conf/europe/securew --------------------------------------------------------------------------------------------- Table of contents: 1) Security news 2) Vulnerabilities 3) Advisories 4) Reviews 5) Software 6) Webcasts 7) Conferences 8) Security World [ Security news ] ---------------------------------------------------------------- A VISUAL HISTORY OF SPAM AND VIRUS EMAILS Raymond chen, a Microsoft employee has kept every single piece of spam since mid-1997. The results were then put into a graph to show a visual representation of spam and viruses received for the last 6 years. http://www.net-security.org/news.php?id=6101 NET SECURITY THREATS GROWING FAST More than 30,000 PCs per day are being recruited into secret networks that spread spam and viruses, a study shows. http://www.net-security.org/news.php?id=6102 A FEAST OF ANTI-SPAM The proliferation of anti-spam offerings has left many businesses bewildered. Which products should they choose? http://www.net-security.org/news.php?id=6103 ARREST MADE IN CISCO SOURCE CODE THEFT Police in the UK have arrested a man in connection with the theft of source code from networking equipment maker Cisco Systems in May, a Scotland Yard spokeswoman confirmed on Friday. http://www.net-security.org/news.php?id=6104 MICROSOFT TRIALS PIRACY LOCK ON DOWNLOAD CENTER New feature locks out pirated copies of Windows. http://www.net-security.org/news.php?id=6105 VMWARE - SECURE ACCESS GOES VIRTUAL VMware offers a new option for controlling access to corporate systems. http://www.net-security.org/news.php?id=6106 4 TIPS FOR A STRONG DEFENSE Agency efforts to tighten system security have evolved in recent months from documenting weaknesses to deploying security safeguards, said experts familiar with federal programs. http://www.net-security.org/news.php?id=6107 FTC BACKS SPAMMER BOUNTIES (FALSE) A program to encourage members of the public to become "bounty hunters" tracking down email spammers received the luke warm backing of the US Federal Trade Commission (FTC). http://www.net-security.org/news.php?id=6108 HACKERS DEPLOYING 'BOTS' ON A MASSIVE SCALE Symantec reports up to 75,000 PCs being compromised daily. http://www.net-security.org/news.php?id=6109 GARTNER: INFORMATION SECURITY IS STILL KEY Despite claims from some quarters that security will cease to be a key issue over the next few years, Gartner stressed today that information security will remain a major executive concern for the foreseeable future. http://www.net-security.org/news.php?id=6112 ORACLE SECURITY PATCHES CAUSING HEADACHES Oracle Corp. released a batch of security patches earlier this month, addressing dozens of vulnerabilities discovered this year. With limited information on each patch, DBAs are being forced to take entire systems out of production. http://www.net-security.org/news.php?id=6113 MICROSOFT-CISCO SECURITY FIGHT HURTS US ALL Microsoft and Cisco pachyderms are fighting over network security standards, and the losers, once again, are the folks on the ground. http://www.net-security.org/news.php?id=6114 SASSER AUTHOR GETS IT SECURITY JOB Securepoint technical director Lutz Hausmann says the teenager deserved a second chance. http://www.net-security.org/news.php?id=6115 AVOID SECURITY TOOLS YOU DON'T NEED Many technologies may be a waste of time and money, researcher says. http://www.net-security.org/news.php?id=6116 CAN ALL-IN-ONE SECURITY APPLIANCES SECURE THE NETWORK? Some might do the job, but consultants recommend a layered security approach. http://www.net-security.org/news.php?id=6117 HACKERS COSTING ENTERPRISES BILLIONS Hackers continued adding billions to the cost of doing business on the Internet in the first half of 2004, despite security executives' efforts to prevent malicious attacks. http://www.net-security.org/news.php?id=6118 NMAP EXAMINATION OF VARIOUS OPERATING SYSTEMS The purpose of this short comparison is to perform some sort of evaluation of the quality of the TCP/IP stack which is implemented differently in various Operating Systems. http://www.net-security.org/news.php?id=6119 SECURE ID TAGS AT AOL Internet provider introduces new service to put a 'dead bolt' on accounts. http://www.net-security.org/news.php?id=6120 THE BUILDING BLOCKS OF A CUSTOMIZED SECURITY SERVICE New IP VPN services can be customized to fit specific user needs, speeding time-to-market without investing in dedicated hardware or applications. http://www.net-security.org/news.php?id=6121 I/O DEVICES ARE TRUSTED WITH PC SECURITY Two new SafeKeeper Trusted Input/Output (I/O) devices are designed to embed security into desktop and notebook computer motherboards. http://www.net-security.org/news.php?id=6122 OFFSHORE SECURITY CAN BE COMPROMISED BY CULTURAL DIFFERENCES Gartner has warned companies that outsource to countries like India and China not to overlook the impact of cultural differences on security. http://www.net-security.org/news.php?id=6123 SECURITY FEARS STILL BLOCKING WLAN ADOPTION Despite the best efforts of the Wi-Fi industry to assure companies wireless networking is safe in the workplace, a new survey of executives finds security remains the leading barrier to WLAN adoption. http://www.net-security.org/news.php?id=6124 BACKING UP YOUR LINUX DESKTOP WITH RSYNC This article explain how to use rsync to backup your computer to a drive attached to your system. http://www.net-security.org/news.php?id=6125 UNCLE SAM DEMANDS ALL AIR TRAVEL RECORDS The US Transportation Security Administration (TSA) has demanded the passenger records of all domestic flights during the month of June, 2004, so that it can test its new "CAPPS Lite" data mining operation before putting it into production, the Associated Press reports. http://www.net-security.org/news.php?id=6126 ACTIVISTS FIND MORE E-VOTE FLAWS More weaknesses appear in the Diebold electronic voting system that activists say could be used to rig the November election. The company says auditing procedures would catch any vote fraud. http://www.net-security.org/news.php?id=6127 THERE'S 100,000 OF THEM... AND THEY'RE AFTER YOU As a new study reveals that the number of malicious computer programs has reached the 100,000 mark for the first time, Adrian Mather looks at the dangers facing us in our own homes and what we can do to ward off an attack. http://www.net-security.org/news.php?id=6128 THE SPY THREAT FROM THE INTERNET Browsing the web can let unwanted visitors into your system - and simple anti-virus software can't catch them. http://www.net-security.org/news.php?id=6129 INFORMATION SECURITY FAILS TO REACH THE BOARDROOM Global security survey shows need for greater awareness still an issue. http://www.net-security.org/news.php?id=6130 DHS EXPANDS BIOMETRIC USE Biometric programs should be expanded to fight terrorism and crime, a Homeland Security Department official said. http://www.net-security.org/news.php?id=6131 EXPLOIT POSTED FOR MICROSOFT JPEG FLAW Customers are urged to install software updates. http://www.net-security.org/news.php?id=6132 HACKERS HIT CREDIT CARD COMPANY DDoS attack on e-commerce service provider is preceded by an extortion note. http://www.net-security.org/news.php?id=6133 BILL WOULD NARROW INTRUDER SURVEILLANCE Senate proposal would scale back a provision of the USA Patriot Act that lets the FBI monitor alleged computer trespassers without a warrant http://www.net-security.org/news.php?id=6134 4 MUST-HAVE SECURITY SOLUTIONS Vulnerability and automated patch management top the list. http://www.net-security.org/news.php?id=6135 IRELAND CRACKS DOWN ON NET SCAMS Calls to 13 other countries will be blocked to thwart auto-dialer software. http://www.net-security.org/news.php?id=6136 P-CUBE GOES HUNTING FOR ZOMBIE PCS P-Cube, the traffic management firm Cisco agreed to buy for $200m last month, is aiming to tackle the problem of spam at source by detecting and quarantining spam zombie machines. http://www.net-security.org/news.php?id=6137 FIRM JUSTIFIES JOB FOR VIRUS WRITER A German computer security firm has defended its decision to hire the self-confessed teenage author of the Sasser and Netsky worms. http://www.net-security.org/news.php?id=6138 NOKIA BREAKS INTO HOME SECURITY MARKET Wireless home monitoring device controlled by text message. http://www.net-security.org/news.php?id=6139 ARE FIREWALLS USEFUL? AND ANOTHER THING... Address spoofing depends crucially on being able to hide the real source address, so why not make that impossible? One way to do it would be to have all the ISPs and network carriers whose connections constitute the Internet certify where packets entering the network come from. http://www.net-security.org/news.php?id=6140 FRENCH DEFENSE MINISTRY COMMISSIONS HIGH-SECURITY LINUX The French Ministry of Defense has awarded an $8.6 million, three-year contract to a consortium of companies, including Linux vendor Mandrakesoft, to develop a highly secure Linux operating system.