Docstoc

Find and fix network vulnerabilities with QualysGuard. Register

Document Sample
Find and fix network vulnerabilities with QualysGuard. Register Powered By Docstoc
					============================================
Find and fix network vulnerabilities with QualysGuard.

Register for a 14-day free trial to access all features that
make it the most accurate and comprehensive vulnerability
management and compliance solution.

http://www.net-security.org/qualysguard
============================================

HNS Newsletter
Issue 453 - 12.01.2009
http://www.net-security.org

Table of contents:

1)   Security news
2)   Advisories
3)   Articles
4)   Software
5)   Conferences
6)   Security World
7)   Virus News


[ Security news ]


----------------------------------------------------------------

ADDRESSING THE CHALLENGES OF IDENTIFICATION AND AUTHENTICATION IN
AMERICAN SOCIETY
How individuals identify themselves in our country grows more complex
by the year.
http://www.net-security.org/news.php?id=16259


14% OF SSL CERTIFICATES SIGNED USING VULNERABLE MD5 ALGORITHM
Netcraft's SSL Survey shows that 14% of valid third party SSL
certificates have been issued using MD5 signatures — an algorithm
that has recently been demonstrated to be vulnerable to attack by
producing a fake certificate authority certificate signed by a
widely-trusted third party certificate authority.
http://www.net-security.org/news.php?id=16261


WHITEPAPER - 4 KEY STEPS TO AUTOMATE IT SECURITY COMPLIANCE
A unified approach for IT, audit and operation teams.
http://www.net-security.org/news.php?id=16260


WHITEPAPER - GOOD ARCHITECTURE AND SECURITY
The Good wireless handheld computing system provides end-to-end
security across three critical links.
http://www.net-security.org/news.php?id=16262


MAJORITY OF COMPANIES SPEND ‘NO TIME’ MANAGING THEIR SECURITY SYSTEMS
Nearly two-thirds of UK businesses do not look after their Internet
security effectively, according to new research. A survey undertaken
by Network Box, found that just over 65 per cent of companies spend
‘no time’ managing their security systems (anti-virus, anti-spam,
content filtering, VPN, intrusion detection and web usage and
bandwidth policies).
http://www.net-security.org/news.php?id=16263


BEST PRACTICES FOR CERTIFICATE EXPIRATION
I was asked by a client to look at best practices for digital
certificates, such as X.509 and the like. I extended that research to
include all types of encryption certificates, SSL/code signing, etc.
http://www.net-security.org/news.php?id=16264


THE IDENTITY THEFT RESOURCE CENTER’S 2008 BREACH REPORT
Reports of data breaches increased dramatically in 2008. The Identity
Theft Resource Center’s 2008 breach report reached 656 reported
breaches at the end of 2008, reflecting an increase of 47% over last
year’s total of 446. In terms of sub-divisions by type of entity, the
rankings have not changed between 2007 and 2008 within the five groups
that ITRC monitors.
http://www.net-security.org/news.php?id=16265


SIEM: THE ANSWER TO AWKWARD SECURITY QUESTIONS
How security information and event management solutions help to
ensure your organization doesn’t get caught off-guard.
http://www.net-security.org/news.php?id=16266


ROUND CUBE WEBMAIL PROBES SPREADING RAPIDLY
The MSI HoneyPoint Security Server deployment has identified a set of
0-day scans and probes against the Round Cube Webmail system.
http://www.net-security.org/news.php?id=16267


CYBERCRIMINAL JAILED FOR 30 YEARS IN TURKEY
According to reports, Maksym Yastremskiy, also known as "Maksik",
sold hundreds of thousands of credit card numbers and other personal
information, and was one of the gang charged in August 2008 with
stealing customer information.
http://www.net-security.org/news.php?id=16268


AN ISRAELI PATRIOT PROGRAM OR A TROJAN?
Recently we have been witnessing a rise of politically motivated
hacking attacks by supporters both sides involved in military actions
in Gaza.
http://www.net-security.org/news.php?id=16269


INFORMATION SECURITY ASSESSMENT RFP CHEAT SHEET
This cheat sheet offers tips for planning, issuing and reviewing
Request for Proposal (RFP) documents for information security
assessments.
http://www.net-security.org/news.php?id=16270


ORACLE CRITICAL PATCH UPDATE TO CONTAIN 41 SECURITY FIXES
Next Tuesday, January 13 2009, Oracle will release a Critical Patch
Update, a collection of patches for multiple security
vulnerabilities. This update will contains 41 security fixes across
hundreds of Oracle products and some of the vulnerabilities affect
multiple products.
http://www.net-security.org/news.php?id=16271


CLOSER LOOK ON THE SPAM URL TLD DISTRIBUTION
ICANN stipulates that all domains must be connected to a registrar,
and all applications for domain names must be submitted through a
registrar. Today there are hundreds of thousands of Web sites
registered. The process is simple and not very costly. However,
spammers can easily register domains, and it is often hard for
registrars to distinguish between spammers and legitimate
organizations and Web site developers.
http://www.net-security.org/news.php?id=16272


APPLICABLE LESSONS FROM THE EMBEDDED WORLD (AKA FORTH RULES)
The core of Forth is a simple loop that does parsing, and executes
Forth words that are responsible for control structures, and this is
the ‘compiler’ for Forth programs.
http://www.net-security.org/news.php?id=16273

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Gentoo Linux Security Advisory - Tremulous: User-assisted execution
of arbitrary code (GLSA 200901-06)
http://www.net-security.org/advisory.php?id=9606
Gentoo Linux Security Advisory - Streamripper: Multiple
vulnerabilities (GLSA 200901-05)
http://www.net-security.org/advisory.php?id=9605


Debian Security Advisory - zaptel (DSA-1699-1 )
http://www.net-security.org/advisory.php?id=9604


Gentoo Linux Security Advisory - D-Bus: Denial of Service (GLSA
200901-04)
http://www.net-security.org/advisory.php?id=9603


Gentoo Linux Security Advisory - pdnsd: Denial of Service and cache
poisoning (GLSA 200901-03)
http://www.net-security.org/advisory.php?id=9602


Gentoo Linux Security Advisory - JHead: Multiple vulnerabilities
(GLSA 200901-02)
http://www.net-security.org/advisory.php?id=9601


Gentoo Linux Security Advisory - NDISwrapper: Arbitrary remote code
execution (GLSA 200901-01)
http://www.net-security.org/advisory.php?id=9600


Mandriva Linux Security Update Advisory - bind9 vulnerability
(MDVSA-2009:002)
http://www.net-security.org/advisory.php?id=9599


Mandriva Linux Security Update Advisory - pam_mount (MDVSA-2009:004)
http://www.net-security.org/advisory.php?id=9598


Mandriva Linux Security Update Advisory - python (MDVSA-2009:003)
http://www.net-security.org/advisory.php?id=9597


SUSE Security Announcement - Sun Java (SUSE-SA:2009:001)
http://www.net-security.org/advisory.php?id=9596


Debian Security Advisory - gforge (DSA-1698-1)
http://www.net-security.org/advisory.php?id=9595


Mandriva Linux Security Update Advisory - openssl (MDVSA-2009:001)
http://www.net-security.org/advisory.php?id=9594
Ubuntu Security Notice - bind9 vulnerability (USN-706-1)
http://www.net-security.org/advisory.php?id=9593


Ubuntu Security Notice - ntp vulnerability (USN-705-1)
http://www.net-security.org/advisory.php?id=9592


Ubuntu Security Notice - openssl vulnerability (USN-704-1)
http://www.net-security.org/advisory.php?id=9591


Debian Security Advisory - iceape (DSA-1697-1)
http://www.net-security.org/advisory.php?id=9590


FreeBSD Security Advisory - OpenSSL incorrectly checks for malformed
signatures (FreeBSD-SA-09:02.openss)
http://www.net-security.org/advisory.php?id=9589


FreeBSD Security Advisory - Cross-site request forgery in
lukemftpd(8) (FreeBSD-SA-09:01.lukemftp)
http://www.net-security.org/advisory.php?id=9588


Debian Security Advisory - icedove (DSA-1696-1)
http://www.net-security.org/advisory.php?id=9587


Cisco Security Advisory - Cisco Global Site Selector Appliances DNS
Vulnerability (cisco-sa-20090107-gss)
http://www.net-security.org/advisory.php?id=9586


Ubuntu Security Notice - mozilla-thunderbird vulnerabilities
(USN-701-2)
http://www.net-security.org/advisory.php?id=9585


Ubuntu Security Notice - thunderbird vulnerabilitie (USN-701-1)
http://www.net-security.org/advisory.php?id=9584


Debian Security Advisory - xterm vulnerability (DSA-1694-2)
http://www.net-security.org/advisory.php?id=9583


Ubuntu Security Notice - xterm vulnerability (USN-703-1)
http://www.net-security.org/advisory.php?id=9582


Slackware Security Advisory - samba (SSA:2009-005-01)
http://www.net-security.org/advisory.php?id=9581


Ubuntu Security Notice - samba vulnerability (USN-702-1)
http://www.net-security.org/advisory.php?id=9580

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

SIEM: THE ANSWER TO AWKWARD SECURITY QUESTIONS
How security information and event management solutions help to
ensure your organization doesn’t get caught off-guard.
http://www.net-security.org/article.php?id=1195

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

AUTOKRYPT 8.14 (Windows)
AutoKrypt is an encryption software designed for automation that will
automatically encrypt or decrypt files and folders.
http://www.net-security.org/software.php?id=726
CRYPTOEXPERT 2008 PROFESSIONAL 7.8.7 (Windows)
CryptoExpert creates encrypted virtual disks and these disks are
visible as usual disks with drive letters.
http://www.net-security.org/software.php?id=305


ERASER 6.03.847 (Windows)
Eraser is a secure data removal tool for Windows.
http://www.net-security.org/software.php?id=155


FILE ENCRYPTION XP 1.5.127 (Windows)
With File Encryption XP, you can encrypt files of any type, including
Microsoft Word, Excel and PowerPoint documents
http://www.net-security.org/software.php?id=728


JSCH 0.1.41 (Windows)
JSch is a pure Java implementation of SSH2.
http://www.net-security.org/software.php?id=417


LUTZ 0.8 (Linux)
Lutz is a small but full-featured portscanner for Linux.
http://www.net-security.org/software.php?id=338


MAILSCANNER 4.74.13-2 (Linux)
MailScanner is a virus scanner for e-mail designed for use on e-mail
gateways.
http://www.net-security.org/software.php?id=144


ROOTKIT HUNTER 1.3.4 (Linux)
This scanning tool ensures you're clean of nasty tools.
http://www.net-security.org/software.php?id=531


SEGATEX 7.00 (Linux)
segatex is a tool to configure SELinux policy with the help of a GUI
http://www.net-security.org/software.php?id=697


SHOREWALL 4.2.4 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


SNORT 2.8.3.1 (Linux)
Snort is a lightweight network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP
networks.
http://www.net-security.org/software.php?id=112


TOR, PRIVOXY AND VIDALIA BUNDLE 0.2.0.32 (Windows)
An anonymous Internet communication system.
http://www.net-security.org/software.php?id=253

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

ShmooCon 2009
Organized by ShmooCon - 6 February-8 February 2009
http://www.net-security.org/conference.php?id=286


Black Hat DC 2009
Organized by Black Hat - 16 February-19 February 2009
http://www.net-security.org/conference.php?id=288


Southern California Linux Expo (SCALE 7x)
Organized by SCALE - 20 February-22 February 2009
http://www.net-security.org/conference.php?id=283


16th International Workshop on Fast Software Encryption (FSE 2009)
Organized by COSIC - 22 February-25 February 2009
http://www.net-security.org/conference.php?id=289


InfoSec World 2009 Conference & Expo
Organized by MIS Training Institute - 7 March-13 March 2009
http://www.net-security.org/conference.php?id=282


The Fourth International Conference on Availability, Reliability and
Security (ARES 2009)
Organized by Vienna University of Technology / Secure Business
Austria - 16 March-19 March 2009
http://www.net-security.org/conference.php?id=260
2009 European Workshop on System Security (EuroSec)
Organized by EuroSec - 31 March-31 March 2009
http://www.net-security.org/conference.php?id=281


RSA Conference 2009
Organized by RSA Conference - 20 April-24 April 2009
http://www.net-security.org/conference.php?id=280


Infosecurity Europe 2009
Organized by Reed Exhibitions - 28 April-30 April 2009
http://www.net-security.org/conference.php?id=290


21st Annual FIRST Conference
Organized by FIRST - 28 June-3 July 2009
http://www.net-security.org/conference.php?id=284


The 9th Privacy Enhancing Technologies Symposium (PETS 2009)
Organized by PET - 5 August-7 August 2009
http://www.net-security.org/conference.php?id=275


HAR 2009
Organized by HAR - 13 August-16 August 2009
http://www.net-security.org/conference.php?id=291


SANS WhatWorks in Virtualization Security Summit 2009
Organized by SANS - 17 August-18 August 2009
http://www.net-security.org/conference.php?id=287

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Closer look on the spam URL TLD distribution
http://www.net-security.org/secworld.php?id=6911
Spammers aren’t finished with Obama just yet
http://www.net-security.org/secworld.php?id=6910


Spam stats for January: origins, categories and percentage
http://www.net-security.org/secworld.php?id=6908


OpenSSL incorrect checks for malformed signatures
http://www.net-security.org/secworld.php?id=6907


D-Link releases 802.11n router with 3.2" LCD monitor and FTP server
for remote access
http://www.net-security.org/secworld.php?id=6906


Fujitsu 2.5-Inch HandyDrive offers backup and password protection
http://www.net-security.org/secworld.php?id=6905


Oracle critical patch update to contain 41 security fixes
http://www.net-security.org/secworld.php?id=6904


Forensic Dossier - new digital forensic data capture device
http://www.net-security.org/secworld.php?id=6903


Feds warn of Chinese and Russian offensives
http://www.net-security.org/secworld.php?id=6902


Cybercriminal jailed for 30 years in Turkey
http://www.net-security.org/secworld.php?id=6901


Netgear unveils home gateways for broadband service providers
http://www.net-security.org/secworld.php?id=6900


New D-Link 802.11n network camera for home and SMB monitoring
http://www.net-security.org/secworld.php?id=6899


Data recovery portal for Apple Service Providers
http://www.net-security.org/secworld.php?id=6898


LaCie 2big Quadra: two bays for performance and protection
http://www.net-security.org/secworld.php?id=6897
First iPhone and iPod touch Internet filter
http://www.net-security.org/secworld.php?id=6896


QNAP unveils enterprise-grade TS-639 Pro Turbo NAS
http://www.net-security.org/secworld.php?id=6895


New book: "Programming in Objective-C 2.0, 2nd Edition"
http://www.net-security.org/secworld.php?id=6894


The Identity Theft Resource Center’s 2008 breach report
http://www.net-security.org/secworld.php?id=6893


Eikon fingerprint reader and 1Password password manager combination
http://www.net-security.org/secworld.php?id=6892


World’s first button backup USB flash drive from SanDisk
http://www.net-security.org/secworld.php?id=6891


FreeBSD 7.1 has been released
http://www.net-security.org/secworld.php?id=6890


The PalmSecure LOGONDIRECTOR Enterprise Edition identity management
solution
http://www.net-security.org/secworld.php?id=6889


Verbatim 8GB Store 'n' Go retractable USB drive for Mac OS X systems
http://www.net-security.org/secworld.php?id=6888


Majority of companies spend ‘no time’ managing their security systems
http://www.net-security.org/secworld.php?id=6887


Yoggie brings true online anonymity to computer users
http://www.net-security.org/secworld.php?id=6886


VeriSign transitions all new RapidSSL certificates to SHA-1 algorithm
http://www.net-security.org/secworld.php?id=6885

----------------------------------------------------------------




[ Virus News ]
All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

22,000 new malware samples created every day in 2008
http://www.net-security.org/virus_news.php?id=1022


New malware emails spoof CNN news item and Adobe player
http://www.net-security.org/virus_news.php?id=1021


New worm affecting corporate networks
http://www.net-security.org/virus_news.php?id=1020

----------------------------------------------------------------




Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available
http://www.net-security.org/newsletter_archive.php

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:27
posted:12/2/2011
language:English
pages:12