Help Net Security - Newsletter

NEWS

SSH key-based attacks

A third of IT staff snoop at confidential data

Panda Security launches its 2009 antivirus products

BT enhances security monitoring service

Wireless DTCP content protection specification

ARTICLES

Application Security Matters: Deploying Enterprise Software Securely

Security Risks for Mobile Computing on Public WLANs: Hotspot Registration

Reverse Engineering: Smashing the Signature

Internet Terrorist: Does Such A Thing Really Exist?

Reputation Attacks: A Little Known Internet Threat

THE WIRE

Use and manipulate tcsh shell variables for fun and profit

Deploying enterprise software securely

Whitepaper - Open source security myths dispelled

Most organizations fail to stop interior network threats

Road tolls hacked

Reverse Engineer's Swiss Army Knife

REVIEWS

Security Power Tools

Network Warrior

Google Apps Hacks

Crimeware: Understanding New Attacks and Defenses

Big Book of Windows Hacks

MALWARE

More malware blocked in July 2008 than in the whole of 2007

Malware of the week: AIM worm, spammer trojan and fake p2p apps

"New" Madonna video comes with a trojan horse

Spoof P2P applications distribute the Lop adware

Threat Spy: tracking malware across the globe

ADVISORIES

Ubuntu Security Notice - yelp vulnerability (USN-638-1)

Mandriva Linux Security Update Advisory - libxml2 (MDVSA-2008:180-1)

Debian Security Advisory - libxml2 (DSA-1631-2)

VULNERABILITIES

Freeway Multiple Input Validation Vulnerabilities

ESET Smart Security "easdrv.sys" Local Privilege Escalation

GnuTLS "gnutls_handshake()" Function Remote Denial of Service

HNS Newsletter
Issue 433 - 25.08.2008
http://www.net-security.org

================================================================
DOWNLOAD: GFI EventsManager and GFI MailSecurity
================================================================
Detect intruders on your network through event log analysis. It's
easy with GFI EventsManager! Download your free trial.

http://www.gfi.com/eventsmanager/?adv=62&loc=49

Complete email security with 5 anti-virus engines - only with GFI
MailSecurity. Download your free 30 day trial today!

http://www.gfi.com/mailsecurity/?adv=62&loc=55
=========================================================

Table of contents:

1) Security news
2) Advisories
3) Articles
4) Software
5) Conferences
6) Security World
7) Virus News

[ Security news ]

----------------------------------------------------------------

NEW MAGAZINE-SHARING SITE MAY VIOLATE COPYRIGHTS
The magazine industry, already facing a decline in newsstand sales
and falling ad revenue, is being besieged by a new foe: digital
piracy.
http://www.net-security.org/news.php?id=16065

REVERSE-ENGINEERING CHEAT SHEET
This cheat sheet of shortcuts and tips for reverse-engineering
malware.
http://www.net-security.org/news.php?id=16067

REPUTATION ATTACKS: A LITTLE KNOWN INTERNET THREAT
Reputation attacks target both individuals and companies, and their
goal is to ruin the victimâs reputation. While attack techniques are
varied, the consequences are often the same: a damaged reputation
resulting in many cases in financial loss. Attackers can use several
methods to ruin a companyâs reputation.
http://www.net-security.org/news.php?id=16066

CONTROL YOUR IDENTITY
One of the sessions I enjoyed at DefCon was Nathan Hamiel and Shawn
Moyerâs, âSatan is on My Friends Listâ.
http://www.net-security.org/news.php?id=16068

INTERNET TERRORIST: DOES SUCH A THING REALLY EXIST?
In this article, a former CISO discusses the notion of worrying about
the potential risk of terrorism against his organization and how it
seems to be the lowest priority given the choices at hand.
Ironically, terrorism today seems to be an emerging concern in the
commercial world and many are actively pursuing methods and
technology to help combat the problem. As a result, he began to
research this trend to determine its drivers and potential
implications to information security as we know it today.
http://www.net-security.org/news.php?id=16069

GUIDE - THE NEED FOR VULNERABILITY MANAGEMENT
This guide describes the need for vulnerability management. It
introduces the sources of vulnerabilities and their related fallout,
then relates why the nature of modern threats to the network requires
automated technology to counter sophisticated exploits.
http://www.net-security.org/news.php?id=16070

REVERSE ENGINEERING: SMASHING THE SIGNATURE
Many antivirus and antispyware solutions identify malicious programs
by looking for known unique signatures contained inside them. Those
signatures are stored inside a database which is constantly updated.
This tutorial guides you through a number of steps to encrypt the
executable file code section in order to render antivirus signature
checking techniques ineffective against identifying the malicious
code.
http://www.net-security.org/news.php?id=16071

JAIL THE 'GREEDY' SCAM VICTIMS, SAYS NIGERIAN DIPLOMAT
The Nigerian high commissioner says people who are ripped off by
so-called Nigerian scams are just as guilty as the fraudsters and
should be jailed.
http://www.net-security.org/news.php?id=16072

MI5 REPORT CHALLENGES VIEWS ON TERRORISM IN BRITAIN
Sophisticated analysis says there is no single pathway to violent
extremism.
http://www.net-security.org/news.php?id=16073

USE APACHECTL AND HTTPD LIKE A POWER USER
After you have installed Apache2, if you want to use apachectl and
httpd to itâs maximum potential, you should go beyond using start,
stop and restart. The 9 practical examples provided in this article
will help you to use apachectl and httpd very effectively.
http://www.net-security.org/news.php?id=16074

----------------------------------------------------------------

[ Advisories ]

All advisories are located at:
http://www.net-security.org/archive_advi.php

----------------------------------------------------------------

Debian Security Advisory - libxml2 (DSA-1631-1)
http://www.net-security.org/advisory.php?id=9210

Mandriva Linux Security Update Advisory - libxml2 (MDVSA-2008:180)
http://www.net-security.org/advisory.php?id=9209

Mandriva Linux Security Update Advisory - metisse (MDVSA-2008:179)
http://www.net-security.org/advisory.php?id=9208

Debian Security Advisory - linux-2.6 (DSA-1630-1)
http://www.net-security.org/advisory.php?id=9207

Mandriva Linux Security Update Advisory - xine-lib (MDVSA-2008:178)
http://www.net-security.org/advisory.php?id=9206

Mandriva Linux Security Update Advisory - xine-lib (MDVSA-2008:177)
http://www.net-security.org/advisory.php?id=9205

Mandriva Linux Security Update Advisory - mtr (MDVSA-2008:176)
http://www.net-security.org/advisory.php?id=9204

Mandriva Linux Security Update Advisory - yelp (MDVSA-2008:175)
http://www.net-security.org/advisory.php?id=9203

Turbolinux Security Announcement - postfix Rocal privilege escalation
(20/Aug/2008)
http://www.net-security.org/advisory.php?id=9202

Mandriva Linux Security Update Advisory - kernel (MDVSA-2008:174)
http://www.net-security.org/advisory.php?id=9201

Ubuntu Security Notice - xine-lib vulnerabilities (USN-635-1)
http://www.net-security.org/advisory.php?id=9200

Ubuntu Security Notice - postfix vulnerability (USN-636-1)
http://www.net-security.org/advisory.php?id=9199

Mandriva Linux Security Update Advisory - kdegraphics
(MDVSA-2008:173)
http://www.net-security.org/advisory.php?id=9198

Debian Security Advisory - postfix (DSA-1629-2 )
http://www.net-security.org/advisory.php?id=9197

Debian Security Advisory - postfix (DSA-1629-1 )
http://www.net-security.org/advisory.php?id=9196

Mandriva Linux Security Update Advisory - amarok (MDVSA-2008:172)
http://www.net-security.org/advisory.php?id=9195

Mandriva Linux Security Update Advisory - postfix (MDVSA-2008:171)
http://www.net-security.org/advisory.php?id=9194

----------------------------------------------------------------

[ Articles ]

All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org

----------------------------------------------------------------

REVERSE ENGINEERING: SMASHING THE SIGNATURE
Many antivirus and antispyware solutions identify malicious programs
by looking for known unique signatures contained inside them. Those
signatures are stored inside a database which is constantly updated.
This tutorial guides you through a number of steps to encrypt the
executable file code section in order to render antivirus signature
checking techniques ineffective against identifying the malicious
code.
http://www.net-security.org/article.php?id=1170

INTERNET TERRORIST: DOES SUCH A THING REALLY EXIST?
In this article, a former CISO discusses the notion of worrying about
the potential risk of terrorism against his organization and how it
seems to be the lowest priority given the choices at hand.
Ironically, terrorism today seems to be an emerging concern in the
commercial world and many are actively pursuing methods and
technology to help combat the problem. As a result, he began to
research this trend to determine its drivers and potential
implications to information security as we know it today.
http://www.net-security.org/article.php?id=1169

REPUTATION ATTACKS: A LITTLE KNOWN INTERNET THREAT
Reputation attacks target both individuals and companies, and their
goal is to ruin the victimâs reputation. While attack techniques are
varied, the consequences are often the same: a damaged reputation
resulting in many cases in financial loss.
http://www.net-security.org/article.php?id=1168

----------------------------------------------------------------

[ Software ]

Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5

----------------------------------------------------------------

CAIN & ABEL 4.9.20 (Windows)
Cain & Abel is a password recovery tool for Microsoft operating
systems.
http://www.net-security.org/software.php?id=110

CRYPTOEXPERT 2008 PROFESSIONAL 7.4.3 (Windows)
CryptoExpert creates encrypted virtual disks and these disks are
visible as usual disks with drive letters.
http://www.net-security.org/software.php?id=305

DATA GUARDIAN 1.5.1 (Windows)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more.
http://www.net-security.org/software.php?id=663

DATA GUARDIAN 1.5.1 (Mac OS X)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more.
http://www.net-security.org/software.php?id=662

NTOP 3.3.7 (Linux)
ntop is a network traffic probe that shows the network usage, similar
to what the popular top Unix command does.
http://www.net-security.org/software.php?id=36

OUTPOST FIREWALL PRO 6.5.2358.316.0607 (Windows)
This is a comprehensive solution for online protection.
http://www.net-security.org/software.php?id=276

PRELUDE MANAGER 0.9.14.2 (Linux)
Prelude Manager is the main program of the Prelude Hybrid IDS suite.
http://www.net-security.org/software.php?id=264

SAMHAIN 2.4.5 (Linux)
Samhain is an open source file integrity and host-based intrusion
detection system.
http://www.net-security.org/software.php?id=125

----------------------------------------------------------------

[ Conferences ]

All conferences are located at:
http://net-security.org/conferences.php

----------------------------------------------------------------

Forrester Research Security Forum 2008
Organized by Forrester - 4 September-5 September 2008
http://www.net-security.org/conference.php?id=264

NETWAYS Nagios Conference 2008
Organized by Netways - 11 September-12 September 2008
http://www.net-security.org/conference.php?id=263

IT Security World 2008 Conference & Expo
Organized by MIS Training Institute - 13 September-18 September 2008
http://www.net-security.org/conference.php?id=258

VB2008
Organized by Virus Bulletin - 1 October-3 October 2008
http://www.net-security.org/conference.php?id=256

I Digital Security Forum
Organized by FSD - 7 November-8 November 2008
http://www.net-security.org/conference.php?id=255

RUXCON 2008
Organized by RUXCON - 29 November-30 November 2008
http://www.net-security.org/conference.php?id=265

The Fourth International Conference on Availability, Reliability and
Security (ARES 2009)
Organized by Vienna University of Technology / Secure Business
Austria - 16 March-19 March 2009
http://www.net-security.org/conference.php?id=260

----------------------------------------------------------------

[ Security World ]

All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org

----------------------------------------------------------------

Fedora and Red Hat servers compromised
http://www.net-security.org/secworld.php?id=6443

CompTIA Security+ achieves 50,000-certified milestone
http://www.net-security.org/secworld.php?id=6441

UK National Gateway Security Survey 2008
http://www.net-security.org/secworld.php?id=6440

Automated assessment solution for Requirement 1 of the PCI DSS
http://www.net-security.org/secworld.php?id=6439

New solution to combat piracy problems
http://www.net-security.org/secworld.php?id=6438

APWG and IEEE partner for Electronic Crime Research Conference
http://www.net-security.org/secworld.php?id=6437

Internal network security threats online encyclopedia
http://www.net-security.org/secworld.php?id=6436

Confidential school records made available online
http://www.net-security.org/secworld.php?id=6435

Code signing certificates for Adobe AIR applications
http://www.net-security.org/secworld.php?id=6434

Deep packet inspection testing methodology videos and documentation
http://www.net-security.org/secworld.php?id=6433

New version of SifoML e-mail gateway appliance
http://www.net-security.org/secworld.php?id=6432

Summary of changes to next version of PCI Data Security Standard
http://www.net-security.org/secworld.php?id=6431

Personal data of 92,095 credit applicants exposed in a security
breach
http://www.net-security.org/secworld.php?id=6430

Symantec to acquire PC Tools
http://www.net-security.org/secworld.php?id=6429

Detect and prevent data loss due to misdirected email
http://www.net-security.org/secworld.php?id=6428

OTS Red Flag examination procedures
http://www.net-security.org/secworld.php?id=6427

Protect applications within virtual environments
http://www.net-security.org/secworld.php?id=6426

----------------------------------------------------------------

[ Virus News ]

All virus news are located at:
http://www.net-security.org/viruses.php

----------------------------------------------------------------

Malware of the week: AIM worm, spammer trojan and fake p2p apps
http://www.net-security.org/virus_news.php?id=979

"New" Madonna video comes with a trojan horse
http://www.net-security.org/virus_news.php?id=978

Spoof P2P applications distribute the Lop adware
http://www.net-security.org/virus_news.php?id=977

Threat Spy: tracking malware across the globe
http://www.net-security.org/virus_news.php?id=976

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available
http://www.net-security.org/newsletter_archive.php

Vulnerability Scanning

Network Vulnerabilities

Event Log Security