Weekly Newsletter from Help Net Security Issue 18 - 19.06.2000 - Covers weekly roundups of security related events. In this issue: Remote dos attack in NAI pgp certificate server, SmartFTP daemon v0.2 vulnerability, Microsoft revises ms00-035, remote dos attack in AnalogX Simpleserver WWW v1.05, MS00-031 patch re-release, Dragon Server v1.00 and 2.00 remote dos attacks, AOL instant messenger dos. Also linux security techniques, kernel basics, and much more.
370cba453102d1a90e1f04d927c9700faca6b6b3ad60c541ebf6dea08cb96e37
Net-Sec newsletter
Issue 18 - 19.06.2000
http://net-security.org
Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week.
Visit Help Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/news/mailing_list
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Defaced archives
General security news
---------------------
----------------------------------------------------------------------------
RETROSPECTIVE ON LOVE LETTER
Sun World published Brian Martin's article which is a retrospective on the "Love
bug" fever. Article is entitled "Social aspects of the Love Bug virus".
Link: http://www.sunworld.com/sunworldonline/swol-06-2000/swol-06-lovebug.html
TECHNOLOGY FABLE
Bruce Sterling offers you his imaginate predictions about future of technology,
which could be a scenario for some Hollywood movie producers. "..Picture this
scene from the near future: organized crime gets hold of encryption technology
so powerful even IRS supercomputers can't crack it. An underground electronic
economy emerges, invisible to U.S. tax code..."
Link: The http://www.time.com/time/magazine/articles/0,3266,47159,00.html
SECURITY PICTURE NOT TOO PRETTY
When it comes to security in the Internet age, the picture is not too pretty.
That was the message Bruce Schneier, founder and chief technology officer
of Counterpane Internet Security Inc., gave during a session Monday at
NetSec2000 conference.
Link: http://www.crn.com/dailies/digest/breakingnews.asp?ArticleID=17456
TECHNIQUES TO SECURE YOUR LINUX SYSTEM
"Linux, despite its incredible stability, is insecure in its generally distributed
form. Almost all major distributions - including Red Hat, Corel, Caldera, Debian,
SuSE, TurboLinux, and others - have major unpatched vulnerabilities. Staying
on top of security alerts for your distribution is one half of keeping your
system secure."
Link: http://www.geeks404.com/networking/articles/net.061400.securelinux1.php
MAC SECURITY NEWS
Logik (developer of Caem and xCGI) has released his latest project,
Silo, to the public. The program, which can be downloaded for free from
Logik's website, is a remote system analysis tool designed specifically for
macintosh. The software features remote concept directory and passwd
generation, OS fingerprinting, along with full address, protocol, client,
system, and network analysis reports.
Link: http://logik.accesscard.org/project.html
US ENERGY DEPARTMENT IS INSECURE
Audit project showed that several unclassified computer networks belonging
to the U.S. Energy Department are so vulnerable that anyone could gain
control of them.
Link: http://news.excite.com/news/r/000613/18/crime-nuclear-computers
CRACKED! PART 5: REBUILDING
This is the fifth part of the story of a community network that was cracked
and what was done to recover from it. By this point we have realized that
we must get the cracker off of our machines before it is to late. It is only
a matter of time before he trashes our system to clean up his tracks,
gets a sniffer running under a different architecture or uses us to launch
some denial of service attack.
Link: http://www.rootprompt.org/article.php3?article=536
KERNEL BASICS
Having a basic knowledge of the internal mechanisms of the Linux kernel is
important. This article describes what the kernel effectively is and what it does.
Link: http://www.linuxpapers.org/show_article.html?KERNEL_BASICS
SOFTWARE THAT CAN SPY ON YOU
Why did Mattel include technology that can encrypt and send data to and
from your PC in its children's CD-ROMs?
Link: http://www.salon.com/tech/col/garf/2000/06/15/brodcast
MORE ON RIP BILL
by BHZ Friday 16 June 2000 on 12:34 PM
Bob Satchwell, director of the Society of Editors, said the RIP Bill was only
one of four pieces of forthcoming legislation that will adversely affect the
ability of journalists to do their jobs.
Sunday Times article
http://www.sunday-times.co.uk/news/pages/tim/2000/06/16/timmdamda01005.html
What is RIP bill?
http://net-security.org/cgi-bin/reports/fullnews.cgi?newsid957739742,92588,
FIGHTING PEDOPHILES
ABC News reporter Sascha Segan did an article on anti child porn groups
that are fighting on-line pedophiles. Articles features groups like Condemned,
ACPO and EHAP.
Link: http://abcnews.go.com/sections/tech/DailyNews/antiporn000616.html
CONTROL
According to the State Department, China has created "special police units
to monitor and increase control of Internet content and access." Since last
year, Human Rights Watch reports, the Ministry of State Security "has been
able to track individual e-mail accounts through monitoring devices on
Internet Service Providers. Internet bulletin boards were subject to
round-the-clock monitoring; several were closed for hosting political discussions
or postings critical of government policies."
Link: http://www.washingtonpost.com/wp-dyn/articles/A10217-2000Jun16.html
LOOKS LIKE SUB7 HAS DoS CAPABILITIES
by BHZ Monday 19 June 2000 on 4:14 AM
After last weeks' article by in The Register, which was dealing with "Serbian
trojan" case, where the author ranted on NETSEC company who said that it
has DoS capabilities, they learned that NETSEC was on the right track after all..
"Sub7 Trojan can launch distributed attacks"
http://www.theregister.co.uk/content/6/11424.html
iDefense report on the trojan
http://www.idefense.com/pages/ialertexcl/eccentric0001.Sub7.pdf
"VIRAL WARS"
Viruses and other wildlife, so far, have been the product of mischievous
wanton boys, not nihilists. The weaponrys been conventional, not nuclear.
And, self-limited in destructive power, no virus yet has sought the annihilation
of the Information Society or the Internet. Probably, virus designers dont want
to destroy their own playground.
Link: http://www.securityportal.com/cover/coverstory20000619.html
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities could be found on:
http://net-security.org/text/misc/bugs
Note:
Please pay attention when browsing to following links - the comma ( , ) at the
end of the URL is part of the URL and the link won't work without it.
----------------------------------------------------------------------------
REMOTE DOS ATTACK IN NAI PGP CERTIFICATE SERVER
The Ussr Labs team has recently discovered a null memory problem in the PGP
Certificate Server, The issue we found is if anyone connect to the PGP Certificate
Server Command Port (used for manage Server operations) default (Port 4000) and
the server is unable to resolve your IP address to a host name it will cause the
process containg the services to crash.
Link: < http://net-security.org/cgi-bin/bugs/fullnews.cgi?newsid960997097,57620, >
SMARTFTP DAEMON V0.2 VULNERABILITY
There is a bug in the SmartFTP-D Server which will give an attacker full access to
the server, if he has the right to write files on the server. For every user, the
program is checking if a special Userfile exists (Sample: Username=hacker &
Userfile=hacker.FTP_User). If it exists, the configuration, like password, rights,
etc. will be read out of this file.
Link: < http://net-security.org/cgi-bin/bugs/fullnews.cgi?newsid961010462,37358, >
PATCH AVAILABLE FOR "DTS PASSWORD" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability in a
component that ships with Microsoft(r) SQL Server 7.0. If the component is
configured improperly, the vulnerability could allow passwords to be compromised.
Link: < http://net-security.org/cgi-bin/bugs/fullnews.cgi?newsid961021876,58518, >
MICROSOFT SECURITY BULLETIN #35 - REVISION
On May 30, 2000, Microsoft released the original version of this bulletin, to
announce the availability of a patch that eliminates a security vulnerability in
Microsoft(r) SQL Server(r) 7.0 Service Packs 1 and 2 installation routine. When
run on a machine that is configured in a non-recommended mode, the routines
record the administrator password in a log file, where it could be read by any
user who could log onto the server at the keyboard. On June 15, 2000, the bulletin
was updated to note that, under the same conditions as originally reported, the
password also is recorded in a second file.
Link: < http://net-security.org/cgi-bin/bugs/fullnews.cgi?newsid961102919,60318, >
REMOTE DOS ATTACK IN ANALOGX SIMPLESERVER WWW VERSION 1.05
The Ussr Labs team has recently discovered a null memory problem inthe
SimpleServer WWW Version 1.05 What happens is by preforming an attack with
a malformed urlinformation to port 80 it will cause the proccess containg the
services to stop responding.
Link: < http://net-security.org/cgi-bin/bugs/fullnews.cgi?newsid961102735,89375, >
RE-RELEASE OF IIS 5.0 PATCH FOR MS00-031
"On May 10, 2000, we released Microsoft Security Bulletin MS00-031
(http://www.microsoft.com/technet/security/bulletin/ms00-031.asp), discussing
a pair of vulnerabilities affecting Internet Information Server (IIS) 4.0 and 5.0.
Both of the vulnerabilities, known as the "Undelimited HTR Request" and "File
Fragment Reading via .HTR" vulnerabilities, should have been eliminated by
the patches discussed in the bulletin. In the case of the IIS 4.0 patch, this
was the case. However, we have recently discovered that the IIS 5.0 patch
only eliminated the "Undelimited HTR Request" vulnerability, and not the "File
Fragment Reading via .HTR" vulnerability. "
Link: < http://net-security.org/cgi-bin/bugs/fullnews.cgi?newsid961264302,50180, >
MULTIPLE REMOTE DOS ATTACKS IN DRAGON SERVER V1.00 AND V2.00
The Ussr Labs team has recently discovered a null memory problem in the
Dragon Server, Ussr Labs found multiple places in Dragon Server where they
do not use proper bounds checking. The following all result in a Denial of Service
against the servicein question.
Link: < http://net-security.org/cgi-bin/bugs/fullnews.cgi?newsid961149637,24205, >
AOL INSTANT MESSENGER DENIAL OF SERVICE
The bug in the program comes about when one user (We will call the user Foo
for now) attempts to send a file to another user (which we will refer to as Bar).
When Foo tries to send the file to Bar, Bar's aim crashes. Bar does not even
see any indication that Foo has attempted to send a file, or anyone has
attempted to send a file for that matter.
Link: < http://net-security.org/cgi-bin/bugs/fullnews.cgi?newsid961379795,80441, >
----------------------------------------------------------------------------
Security world
--------------
All press releases could be found on:
http://net-security.org/text/press
Note:
Please pay attention when browsing to following links - the comma ( , ) at the
end of the URL is part of the URL and the link won't work without it.
----------------------------------------------------------------------------
BULL ANNOUNCES METHODOLOGIES RELATED TO SMART CARDS - [13.06.2000]
On the eve of the conference on smart card security organised by EuroSmart
in Marseilles (France), Bull announces its plan to release a new generation
of cards offering unprecedented levels of security. The new cards, due for
release in 2001, will address the growing security demands of card issuers
and consumers.
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid960891662,76571, >
----------------------------------------------------------------------------
WINROUTE PRO FIREWALL FOR U.S. NAVAL AIR SYSTEMS - [14.06.2000]
Tiny Software Inc., a leader in router and firewall software solutions for
small- to medium-sized networks, today announced that it has supplied its
award-winning, ICSA-certified WinRoute Pro to the U.S. Naval Aviation
Systems Team. "The Naval Air Systems Team has selected WinRoute Pro for its
profound security features within its certified firewall," said Brandon
Talaich, vice president of marketing at Tiny Software.
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid961011015,10555, >
----------------------------------------------------------------------------
MARSH OFFERS E-BUSINESS SECURITY ASSESSMENTS ONLINE - [14.06.2000]
Marsh, the world's leading insurance broker and risk advisor, is offering
South Carolina companies e- business security assessments and the
opportunity to apply for related insurance coverage over the Internet
through a dedicated Web site at netsecuresite.com. Available free of charge,
the e-business security assessments gauge a company's responses to 67
multiple-choice questions, covering such areas as security policy and
organization; assets and related controls; personnel; third-party
relationships; physical and environmental security; systems, networks and
applications; and business continuity planning and compliance.
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid961011158,11815, >
----------------------------------------------------------------------------
RELIABLE SOFTWARE TECHNOLOGIES RELEASES JUSTBEFRIENDS - [15.06.2000]
To help businesses avoid productivity and financial loss resulting from
e-mail viruses, Reliable Software Technologies (RST) today announced that it
has developed a software program that can stop viruses from automatically
propagating via Microsoft Outlook e-mail. JustBeFriends.dll supports and
enhances Microsoft's recently announced Outlook E-mail Security Update by
monitoring the Visual Basic scripting engine's interactions with Microsoft
Outlook and immediately identifying and terminating any virus attempting to
propagate via e-mail. With this simple program, businesses can apply added
security to their e-mail systems and avert the exponential spread of viruses
and the resulting disruption of e-mail service and networking.
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid961063793,68189, >
----------------------------------------------------------------------------
TREND MICRO CHANGES ORGANIZATIONAL STRUCTURE - [15.06.2000]
Trend Micro, Inc., a leading provider of Internet content security, today
announced that its Tokyo headquarters has modified its organizational
structure by establishing new departments and reorganizing existing
departments.
Trend Micro provides centrally controlled server-based virus protection and
content-filtering products and services. By protecting information that
flows through Internet gateways, email servers, and file servers, Trend
Micro allows companies worldwide to stop viruses and other malicious code
from a central point before they ever reach the desktop.
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid961064181,5585, >
----------------------------------------------------------------------------
ECOMCARD SECURITY WILL BOOST INTERNET PURCHASES - [15.06.2000]
Allnet Secom Inc. of Markham, Ontario, through EcomCard Inc., a Delaware
Corporation, announces the launch of the EcomCard, a safe, secure and
universal way to make purchases on and off the Internet. The EcomCard allows
everyone, including teens and others without access to credit cards, to
conduct e-commerce. There is no need for expensive credit checks, processing
time or fees for financial institutions. The cards may be made available at
the corner store for activation.
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid961064398,52049, >
----------------------------------------------------------------------------
OBERTHUR CARD SYSTEMS TEAMS UP WITH ACTIVCARD - [15.06.2000]
Oberthur Card Systems today announced a partnership with ActivCard, a world
leader in the delivery of digital identity and electronic certification
technology for e-business communications and transactions. The partnership
will bring together Oberthur's expertise in the field of advanced smart card
e-business technology and ActivCard's proven excellence in the development
of digital identity software and management tools to develop a range of
secure, integrated transaction solutions for e-business and e-commerce.
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid961064587,85605, >
----------------------------------------------------------------------------
WIN INVESTS IN LATEST BIOMETRICS SYSTEM FROM NEC - [19.06.2000]
NEC Technologies, Inc., a biometrics pioneer and world leader in the development,
marketing and implementation of Automated Fingerprint Identification System
(AFIS) technology for law enforcement, today announced that the Western
Identification Network (WIN) has upgraded its current NEC AFIS to NEC's
AFIS21(TM) product. WIN is the country's first multi-state AFIS network and
supports combined databases of more than 17 million fingerprint records. NEC
completed the upgrade last month, and the system is now operational.
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid961423207,48874, >
----------------------------------------------------------------------------
AXENT OFFERS FREE SECURITY WEBCAST - [19.06.2000]
AXENT Technologies, Inc. (NASDAQ: AXNT), one of the world's leading Internet
security solutions providers for e-business, today announced "Everything you
Need to Know About Intrusion Detection." In this Webcast on intrusion detection,
attendees will discover what measures can be taken to help keep intruders where
they belong--out of organizations' confidential digital assets--in just 60 minutes
from the convenience of their own office
Press release:
< http://www.net-security.org/cgi-bin/press/fullnews.cgi?newsid961423564,64949, >
----------------------------------------------------------------------------
Defaced archives
------------------------
[12.06.2000] - CNT: Computer Network Technology
Original: http://www.cnt.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/06/12/www.cnt.com/
[12.06.2000] - Telecommunications Reports International
Original: http://www.brp.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/06/12/www.brp.com/
[12.06.2000] - Corporate Intranet @ Black & Decker
Original: http://www.bdk.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/06/12/www.bdk.com/
[14.06.2000] - Bulgarian Posts
Original: http://www.bgpost.bg/
Defaced: http://www.attrition.org/mirror/attrition/2000/06/14/www.bgpost.bg/
[15.06.2000] - National Archives of Canada
Original: http://www.archives.ca/
Defaced: http://www.attrition.org/mirror/attrition/2000/06/15/www.archives.ca/
[16.06.2000] - U.S. Office of Special Counsel
Original: http://www.osc.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/06/16/www.osc.gov/
[18.06.2000] - Texas School for the Blind and Visually Impaired
Original: http://www.tsbvi.edu/
Defaced: http://www.attrition.org/mirror/attrition/2000/06/18/www.tsbvi.edu/
HNS staff
staff@net-security.org
http://net-security.org
---------------------------------------------------------------------
To unsubscribe, e-mail: news-unsubscribe@net-security.org
For additional commands, e-mail: news-help@net-security.org