NEWS

Spam served as visual poetry
IT security spending on the rise
Aladdin Knowledge Systems acquires SafeWord product line
Secure Computing to acquire Securify
The RFID Security Alliance (RFIDSA) formed

Reverse Engineer's Swiss Army Knife

REVIEWS

Security Power Tools
Network Warrior
Google Apps Hacks
Crimeware: Understanding New Attacks and Defenses
Big Book of Windows Hacks

WINDOWS

LANguard Network Security Scanner 8 ***
Password Safe 3.14
Cute Password Manager Pro 2008.1.3.8
Data Guardian 1.5.1
CryptoExpert 2008 Professional 7.4.3
Cain & Abel 4.9.20
Outpost Firewall Pro 6.5.2358.316.0607
AVG Anti-Virus Free Edition 8.138.1332

ADVISORIES

Mandriva Linux Security Update Advisory - python (MDVSA-2008:186)
Gentoo Linux Security Advisory - MySQL: Privilege bypass (GLSA 200809-04)
Gentoo Linux Security Advisory - RealPlayer: Buffer overflow (GLSA 200809-03)
Newsletter

HNS Newsletter
Issue 434 - 01.09.2008
http://www.net-security.org

================================================================
Information Security whitepapers available for download
================================================================

Free IT/IS whitepapers, including titles such as:

- How to comply with the Payment Card Industry Standard
- Phishing, Phaxing, Vishing and Other Identity Threats: The Evolution
of Online Fraud
- Open Source Security Myths Dispelled
- Good Architecture and Security
- The Essential Requirements: Network Security Appliance

To download, visit http://net-security.tradepub.com
========================================================

Table of contents:

1) Security news
2) Advisories
3) Articles
4) Software
5) Conferences
6) Security World
7) Virus News


[ Security news ]


----------------------------------------------------------------

INSTALL AND CONFIGURE THE NESSUS VULNERABILITY SCANNER IN OPENSUSE
The Nessus vulnerability scanner, is the world-leader in active
scanners, featuring high speed discovery, configuration auditing,
asset profiling, sensitive data discovery and vulnerability analysis
of your security posture.
http://www.net-security.org/news.php?id=16075


SECURITY RISKS FOR MOBILE COMPUTING ON PUBLIC WLANS
This article illuminates the effectiveness of VPN security
mechanisms, data encryption, strong authentication and personal
firewalls and shows how optimal protection can be achieved by
dynamically integrating each of these technologies.
http://www.net-security.org/news.php?id=16076


ROAD TOLLS HACKED
A researcher claims that toll transponders can be cloned, allowing
drivers to pass for free.
http://www.net-security.org/news.php?id=16077


MOST ORGANIZATIONS FAIL TO STOP INTERIOR NETWORK THREATS
A survey by Opine Consulting revealed nearly half of the IT
professionals who responded had endpoints connecting to their
corporate networks without their knowledge. Yet compared to other
security issues, 86 percent of respondents said controlling network
access ranked as a high priority.
http://www.net-security.org/news.php?id=16078


WHITEPAPER - OPEN SOURCE SECURITY MYTHS DISPELLED
Dispel the five major myths surrounding Open Source Security and gain
the tools necessary to make a truly informed decision for your IT
organization.
http://www.net-security.org/news.php?id=16079


DEPLOYING ENTERPRISE SOFTWARE SECURELY
This laundry list of security requirements is a lot to think about
for every application deployment, but vigilance in this area can
drastically improve an organization’s security posture. The
requirements can be put into a standardized template, and at the end
of the process each requirement should have a mark for pass, fail, or
perhaps not applicable. Anything marked as a failure should be noted
and can be escalated or accepted as a risk.
http://www.net-security.org/news.php?id=16080


USE AND MANIPULATE TCSH SHELL VARIABLES FOR FUN AND PROFIT
Tcsh is one of the most popular UNIX shells. Learn how you can use
tcsh shell variables to make your work easier and how to take
advantage of tcsh's advanced security features.
http://www.net-security.org/news.php?id=16081


AUTOMATIC BACKUP FOR SPORADICALLY CONNECTED CLIENTS WITH BOX BACKUP
If you're a frequent business traveler who keeps important company
files on your laptop, using a centralized management solution to back
up files automatically during a fixed time interval won't work.
Instead, consider Box Backup, which backs up files from a laptop
directly to a backup server over an encrypted link.
http://www.net-security.org/news.php?id=16082


BBC DOES A PROFILE ON GARY MCKINNON
Gary McKinnon has lost his appeal in the UK's House of Lords against
extradition to the US on hacking charges. The BBC News website
profiles his history and his motives.
http://www.net-security.org/news.php?id=16083

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Debian Security Advisory - opensc (DSA-1627-2 )
http://www.net-security.org/advisory.php?id=9221


Debian Security Advisory - mt-daapd (DSA-1597-2)
http://www.net-security.org/advisory.php?id=9220


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2008:017)
http://www.net-security.org/advisory.php?id=9219


Slackware Security Advisory - amarok (SSA:2008-241-01)
http://www.net-security.org/advisory.php?id=9218


Mandriva Linux Security Update Advisory - ipsec-tools
(MDVSA-2008:181)
http://www.net-security.org/advisory.php?id=9217


Ubuntu Security Notice - yelp vulnerability (USN-638-1)
http://www.net-security.org/advisory.php?id=9216


Mandriva Linux Security Update Advisory - libxml2 (MDVSA-2008:180-1)
http://www.net-security.org/advisory.php?id=9215


Debian Security Advisory - libxml2 (DSA-1631-2)
http://www.net-security.org/advisory.php?id=9214


Debian Security Advisory - tiff (DSA-1632-1)
http://www.net-security.org/advisory.php?id=9213


Ubuntu Security Notice - Ubuntu Security Notice USN-637-1 (USN-637-1)
http://www.net-security.org/advisory.php?id=9212


SUSE Security Announcement - Sun Java security update
(SUSE-SA:2008:042)
http://www.net-security.org/advisory.php?id=9211

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

APPLICATION SECURITY MATTERS: DEPLOYING ENTERPRISE SOFTWARE SECURELY
This laundry list of security requirements is a lot to think about
for every application deployment, but vigilance in this area can
drastically improve an organization’s security posture. The
requirements can be put into a standardized template, and at the end
of the process each requirement should have a mark for pass, fail, or
perhaps not applicable. Anything marked as a failure should be noted
and can be escalated or accepted as a risk.
http://www.net-security.org/article.php?id=1172


SECURITY RISKS FOR MOBILE COMPUTING ON PUBLIC WLANS: HOTSPOT
REGISTRATION
The article illuminates the effectiveness of VPN security
mechanisms, data encryption, strong authentication and personal
firewalls and shows how optimal protection can be achieved by
dynamically integrating each of these technologies.
http://www.net-security.org/article.php?id=1171

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

AUDIT DAEMON 1.7.5 (Linux)
The audit package contains the user-space utilities for creating
audit rules, as well as for storing and searching the audit records
generate by the audit subsystem in the Linux 2.6 kernel.
http://www.net-security.org/software.php?id=702


BOTAN 1.7.9 (Linux)
Botan aims to be a portable, easy to use, and efficient C++ crypto
library.
http://www.net-security.org/software.php?id=94


CUTE PASSWORD MANAGER PRO 2008.1.3.8 (Windows)
Cute Password Manager is a free form filling software that auto fill
userID and password.
http://www.net-security.org/software.php?id=721


FWKNOP 1.9.7 (Linux)
fwknop implements an authorization scheme called Single Packet
Authorization that requires only a single encrypted packet to
communicate various pieces of information.
http://www.net-security.org/software.php?id=695


NUFW 2.2.16 (Linux)
NuFW is an "authenticating gateway". This means it requires
authentication for any connections to be forwarded through the
gateway.
http://www.net-security.org/software.php?id=526


SAMHAIN 2.4.6 (Linux)
Samhain is an open source file integrity and host-based intrusion
detection system.
http://www.net-security.org/software.php?id=125


SARA 7.8.1 (Linux)
The Security Auditor's Research Assistant (SARA) is a third
generation Unix-based security analysis tool.
http://www.net-security.org/software.php?id=21


STRONGSWAN 4.2.6 (Linux)
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4
and 2.6 kernels
http://www.net-security.org/software.php?id=643

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Forrester Research Security Forum 2008
Organized by Forrester - 4 September-5 September 2008
http://www.net-security.org/conference.php?id=264


NETWAYS Nagios Conference 2008
Organized by Netways - 11 September-12 September 2008
http://www.net-security.org/conference.php?id=263


IT Security World 2008 Conference & Expo
Organized by MIS Training Institute - 13 September-18 September 2008
http://www.net-security.org/conference.php?id=258


VB2008
Organized by Virus Bulletin - 1 October-3 October 2008
http://www.net-security.org/conference.php?id=256


I Digital Security Forum
Organized by FSD - 7 November-8 November 2008
http://www.net-security.org/conference.php?id=255


RUXCON 2008
Organized by RUXCON - 29 November-30 November 2008
http://www.net-security.org/conference.php?id=265


The Fourth International Conference on Availability, Reliability and
Security (ARES 2009)
Organized by Vienna University of Technology / Secure Business
Austria - 16 March-19 March 2009
http://www.net-security.org/conference.php?id=260

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Browser privacy in Internet Explorer 8 Beta
http://www.net-security.org/secworld.php?id=6464


Researchers’ new algorithm significantly boosts routing efficiency of
networks
http://www.net-security.org/secworld.php?id=6463


Logitech video security cameras available in Europe
http://www.net-security.org/secworld.php?id=6462


New book: "High Performance MySQL, Second Edition"
http://www.net-security.org/secworld.php?id=6461


SSH key-based attacks
http://www.net-security.org/secworld.php?id=6460


A third of IT staff snoop at confidential data
http://www.net-security.org/secworld.php?id=6459


Panda Security launches its 2009 antivirus products
http://www.net-security.org/secworld.php?id=6458


BT enhances security monitoring service
http://www.net-security.org/secworld.php?id=6457


Wireless DTCP content protection specification
http://www.net-security.org/secworld.php?id=6456


HNS Book giveaway: "The Best of 2600 - A Hacker Odyssey"
http://www.net-security.org/secworld.php?id=6455


Most organizations fail to stop interior network threats
http://www.net-security.org/secworld.php?id=6454


A multivendor open automation framework
http://www.net-security.org/secworld.php?id=6453


External hard drives with RFID security key data encryption onboard
http://www.net-security.org/secworld.php?id=6452


Security breaches blast through the 2007 record
http://www.net-security.org/secworld.php?id=6451


Best Western releases a statement on the supposed security breach
http://www.net-security.org/secworld.php?id=6450


16GB Lexar JumpDrive Secure II Plus USB flash drive
http://www.net-security.org/secworld.php?id=6449


Application Security Trends Report for Q2 2008
http://www.net-security.org/secworld.php?id=6448


New ZoneAlarm Internet Security Suite 8.0
http://www.net-security.org/secworld.php?id=6447


PGP releases a bunch of updated products
http://www.net-security.org/secworld.php?id=6446


Updated Astaro Security Gateway appliances
http://www.net-security.org/secworld.php?id=6445


Web content filtering engine for Google Safe Search and Safe Browsing
http://www.net-security.org/secworld.php?id=6444

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly malware report: keylogger, autorun worm and exchanger trojan
http://www.net-security.org/virus_news.php?id=981


More malware blocked in July 2008 than in the whole of 2007
http://www.net-security.org/virus_news.php?id=980

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available
http://www.net-security.org/newsletter_archive.php









Vulnerability Scanning

Network Vulnerabilities

Event Log Security