HNS Newsletter Issue 307 - 06.03.2006. http://net-security.org This ...

cuttlefishblueΔιαχείριση Δεδομένων

16 Δεκ 2012 (πριν από 4 χρόνια και 8 μήνες)

270 εμφανίσεις

HNS Newsletter

Issue 307
-
06.03.2006.

http://net
-
security.org


This is a newsletter delivered to you by Help Net Security. It

covers weekly roundups of security events that were in the

news the past week.


----------------------------------------------------------------

INFOSECURITY EUROPE 2006

----------------------------------------------------------------

Infosecurity Europe is Europe's number one, dedicated Information Security

event held on the 25th
-

27th April 2006, Grand Hall, Olympia. Now in its

11th year, the event continues to provide an unrivalled education programme,

new products & services, exhibitors and visitors from every segment of the

industry.

-----------------------------------------
-----------------------

For further information www.infosec.co.uk/hns

----------------------------------------------------------------


Table of contents:


1) Security news

2) Vulnerabilities

3) Advisories

4) Articles

5) Software

6) Conferences

7) Security
World

8) Virus News



[ Security news ]



----------------------------------------------------------------


SIX RULES FOR ENCRYPTING YOUR ENTERPRISE DATA

Regulatory compliance requirements for protecting sensitive data have

led many companies to consider encryption. This document provides six

fundamental rules that should be considered prior to data encryption

deployment.

http://www.net
-
security.org/news.php?id=10368



SECURITY WARS: NOVELL SELINUX KILLER RATTLES RED HAT

Nove
ll has released the source code for its recently acquired

open
-
source Linux security application, AppArmor, and has also set up

a project site in hopes of attracting outside developers to further

refine the program.

http://www.net
-
security.org/news.php?id=
10369



HOW SECURE IS OPEN SOURCE?

Do open source systems provide a better way of preventing bugs, or

are their developers just cultural elitists?

http://www.net
-
security.org/news.php?id=10370



ERNST & YOUNG LOSES FOUR MORE LAPTOPS

Ernst and Young appears set on establishing a laptop loss record in

February. The accounting giant has lost four more systems, according

to a report in the Miami Herald.

http://www.net
-
security.org/news.php?id=10371



RUNNING APACHE2 WITH PHP5 AND PHP4 AT
THE SAME TIME

This tutorial shows how to install and configure Apache2 with PHP5

and PHP4 enabled at the same time.


http://www.net
-
security.org/news.php?id=10372



BETTER FINGERPRINT BIOMETRICS?

University of Buffalo researchers say they have put their fi
ngers on

a way to improve security of wireless handheld devices and Web sites.

http://www.net
-
security.org/news.php?id=10373



HACKERS EYEING INTERNET TELEPHONY

Messaging security company MessageLabs's Asia
-
Pacific vice
-
president

James Scollay says the lik
elihood of increased threats against VoIP

networks means MessageLabs will introduce services for net phone

management and security later this year or early next year.

http://www.net
-
security.org/news.php?id=10374



POLITICALLY MOTIVATED ATTACKS SOAR IN 200
5

Web server attacks and website defacements rose 16 per cent last

year, according to an independent report. Zone
-
h, the Estonian

security firm best known for its defacement archive, recorded 495,000

web attacks globally in 2004, up from 393,000 in 2003.

http://www.net
-
security.org/news.php?id=10375



HOTBAR BOWS TO LOW RISK ADWARE LABEL

Symantec secures right to detect and remove adware application.

http://www.net
-
security.org/news.php?id=10376



FTC SETTLES WITH CARDSYSTEMS OVER DATA BREACH

Forced to tig
hten security measures and undergo audit.

http://www.net
-
security.org/news.php?id=10377



COMMON INSECURITY

What do people who renew their driver's licenses, buy hard liquor or

donate to a home for elderly and disabled veterans have in common? In

New Hamps
hire, people who did any of those things within the past six

months may have had their credit card numbers stolen because of

computer security issues.

http://www.net
-
security.org/news.php?id=10378



MANAGE YOUR OWN IDENTITY ONLINE

Computer users' identity
information is managed online today by

several different data collection agencies. But imagine the freedom

people would feel changing their address with one keystroke?

http://www.net
-
security.org/news.php?id=10379



IBM TARGETS THE ENEMIES WITHIN

Security application knows if users have been good or bad.

http://www.net
-
security.org/news.php?id=10380



IMPROVED DESKTOP SECURITY IN 5 STEPS

Many organizations have the best of intentions when it comes to

defending the desktop, however the majority of p
roduction hosts still

fall short.

http://www.net
-
security.org/news.php?id=10381



CYBERTHIEVES SILENTLY COPY YOUR PASSWORDS AS YOU TYPE

Most people who use e
-
mail now know enough to be on guard against

"phishing" messages that pretend to be from a bank or
business but

are actually attempts to steal passwords and other personal

information.

http://www.net
-
security.org/news.php?id=10382



HELP SOUGHT TO BREAK FINAL ENIGMA CODES

Scientists are appealing for help to break the last three coded World

War Two mess
ages sent by the Germans using the Enigma code.

http://www.net
-
security.org/news.php?id=10383



COMPLIANCE WITH THE PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

Explains the purpose of the PCI
-
Data Security Standard, how to define

the 12 major requirements of the standard, and how Symantec solutions

can help demonstrate compliance with these requirements to satisfy an

audit.

http://www.net
-
security.org/news.php?id=10384



VIRUSES PLAGUE BRITISH BUSINESSES

Computer viruses are the si
ngle biggest cause of security problems

for UK businesses, a survey by the Department of Trade and Industry

shows.

http://www.net
-
security.org/news.php?id=10385



USERS: PLM APPS LACK SECURITY

The spread of product life
-
cycle management applications may be

slowed by manufacturers' need to safeguard crucial intellectual

property.

http://www.net
-
security.org/news.php?id=10386



IRS NEEDS TO TIGHTEN SECURITY SETTINGS: TIGTA

The IRS has not consistently maintained the security settings it

established and deploy
ed under a common operating environment.

http://www.net
-
security.org/news.php?id=10387



SECURITY ISSUES DELAYED SUN GRID ROLLOUT

'Our servers are considered munitions by the federal government,'

says Sun's president.

http://www.net
-
security.org/news.php?id=10388



ORACLE PUBLISHES OUT
-
OF
-
CYCLE SECURITY FIX

A critical security patch to the company's E
-
Business Suite software

has been issued.

http://www.net
-
security.org/news.php?id=10389



SPREADING SECURITY AWARENESS FO
R OS X

Robert Lemos interviews Kevin Finisterre, founder of security startup

Digital Munition, who created the three recent versions of the InqTana

worm to raise awareness of security in Apple's OS X. Finisterre

discusses his reasons for creating the worms
, the problems with Mac

OS X security, and why he does not fear prosecution.

http://www.net
-
security.org/news.php?id=10390



NEW THREATS OUTFLANK IT DEFENSES

Thomas Noonan is president and CEO of Internet Security Systems. In

an interview with Computerworl
d at RSA Conference 2006 here this

month, Noonan spoke about what he described as the "continuously"

changing security threats faced by corporate users.

http://www.net
-
security.org/news.php?id=10391



EBAY DISPUTES REPORT OF RAMPANT FRAUD

If users were being exposed to fraud an undue amount, it would create

a drag on eBay's growth and create opportunities for more secure

trading platforms to gain a foothold, said Forrester Research Vice

President and analyst Carrie Johnson.

http://www.net
-
s
ecurity.org/news.php?id=10392



ADWARE FIRM 180SOLUTIONS ADMITS ERROR

180solutions, the controversial adware marketer admitted last week

that it was initially unable to identify the rogue affiliate that was

installing its Zango software illegally, and in f
act found a pair of

sites adding Zango to PCs without users' consent.

http://www.net
-
security.org/news.php?id=10393



PASSWORD
-
STEALING TROJAN MASS MAILED

The worm targets PayPal users, and anyone who opens it risks having

their PC kidnapped.

http://www.ne
t
-
security.org/news.php?id=10394



MICROSOFT ANTI
-
CROSS SITE SCRIPTING LIBRARY 1.0

This page contains the redistributable files for the Microsoft

Application Security Anti
-
Cross Site Scripting Library.

http://www.net
-
security.org/news.php?id=10395



NEW VI
RUS CAN PASS FROM PCS TO MOBILE DEVICES

Security group says virus not threatening users yet.

http://www.net
-
security.org/news.php?id=10396



APACHE .HTACCESS TWEAKING TUTORIAL

In this tutorial we are going to improve our website by tweaking out

the .htaccess file.

http://www.net
-
security.org/news.php?id=10397



IDENTITY THEFT DEMYSTIFIED

Like so many things in today's complex world, taking a broad
-
brush

approach to a difficult topic does a disservice to anyone who needs

to know more. In the case
of identity theft, that includes just about

all of us. One of the primary goals of the ID Theft Prevention Special

Interest Group is to provide a forum for frank and open discussion of

the topic.

http://www.net
-
security.org/news.php?id=10398



HOW TO SOLVE
SIX COMMON NETWORK PROBLEMS

This on
-
demand webcast describes how to solve six common network

problems which include issues such as remote office application

performance, SNMP security risks, excessive broadcasts from infected

devices, and server communica
tion.

http://www.net
-
security.org/news.php?id=10399



ANALYST CRITICIZES SECURITY VENDORS FOR EXPLOITING APPLE FLAWS

It's no coincidence that not long after security vendors began

beating the drum about possible exploits of the Mac OS X operating

system, unpatched flaws were uncovered, an analyst suggested Monday.

http://www.net
-
security.org/news.php?id=10400



SYSTEM ADMINISTRATORS TOOLKIT: PROCESS ADMINISTRATION TRICKS

Discover how to get the information you want on UNIX processes.

http://www.net
-
security.org/news.php?id=10401



ZERO TO IPSEC IN 4 MINUTES

This short article looks at how to get a fully functional IPSec VPN

up and running between two fresh OpenBSD installations in about four

minutes flat.

http://www.net
-
security.org/news.php?id=1040
2



CLAGGER TROJAN SPARKS AV INDUSTRY WAR OF WORDS

Handbags at dawn over new malware.

http://www.net
-
security.org/news.php?id=10403



FOUR LOSE JOBS AFTER DATA BREACH AT OREGON HEALTH CARE FACILITY

Providence Home Services says it has new data integrity pr
ocedures in

place.

http://www.net
-
security.org/news.php?id=10404



REVIEW: 802.1X AUTHENTICATION SERVERS

Affordable WLAN authentication is out there. We evaluate the market

and test four port
-
based servers and services.

http://www.net
-
security.org/news.php?id=10405



AOL SUES THREE PHISHING ORGANIZATIONS

AOL has filed three civil lawsuits against major phishing "gangs,"

seeking $18 million from the groups, the company said Tuesday.

http://www.net
-
security.org/news.php?id=
10406



BRITISH BUSINESS PICKS UP ON PATCHING

But still slow on antivirus signatures, finds DTI survey.

http://www.net
-
security.org/news.php?id=10407



OPPOSITION TO AOL'S 'EMAIL TAX' GROWS

AOL annoys gun owners, greens, farm unions...almost everyone...

ht
tp://www.net
-
security.org/news.php?id=10408



MEN PLEAD GUILTY OVER WEB PIRACY

Four men have pleaded guilty to being part of a ring that distributed

illegal copies of music on the internet.

http://www.net
-
security.org/news.php?id=10409



AOL SUES MYSTERY P
HISHERS FOR $18M

AOL filed three civil lawsuits against several major phishing gangs

on Tuesday as part of the ISP's wider fight against identity theft

scams and other internet security threats.

http://www.net
-
security.org/news.php?id=10410



HAS YOUR NETWORK MANAGEMENT APPROACH KEPT UP WITH YOUR NETWORK?

On average, the network causes 15% of all problems, only 2% are

caused by actual networking hardware failures: The other 13% are due

to different issues like human error, mis
-
configurations, r
outing

failures, etc.

http://www.net
-
security.org/news.php?id=10411



RACING BODY CUTS INTERNET MISUSE

Security system helps GRA protect network bandwidth.

http://www.net
-
security.org/news.php?id=10412



STING NETS TWO SPAM SCAM SUSPECTS

The US secret serv
ice has arrested two men over accusations that they

sent massive quantities of spam emails to more than 1.2m AOL

subscribers.

http://www.net
-
security.org/news.php?id=10413



MYSTERY SURROUNDS PC
-
TO
-
MOBILE VIRUS

Antivirus group said to be demanding membersh
ip before code share.

http://www.net
-
security.org/news.php?id=10414



THE BIG DRM MISTAKE

Digital Rights Managements hurts paying customers, destroys Fair Use

rights, renders customers' investments worthless, and can always be

defeated. Why are consumers and publishers being forced to use DRM?

http://www.net
-
security.org/news.php?id=10415



UK PARENTS TO GET ONLINE CHECK OF 8M CHILD WORKERS RECORDS

Monumental security and privacy disaster ahoy...

http://www.net
-
security.org/news
.php?id=10416



RFID: SIGN OF THE (END) TIMES?

Katherine Albrecht is on a mission from God. The influential consumer

advocate has written a new book warning her fellow Christians that

radio frequency identification may evolve to become the "mark of the

bea
st"
--
meaning the technology is a sign that the end
-
times are

drawing near.

http://www.net
-
security.org/news.php?id=10417



APPLE OS X UPDATE PLUGS 20 SECURITY HOLES

Apple released security update 2006
-
001 that patches twenty security

holes in Mac OS X an
d bundled applications.

http://www.net
-
security.org/news.php?id=10418



VENDOR WAITED SIX WEEKS TO NOTIFY OHIO OFFICIALS OF DATA BREACH

A laptop with data on 4,600 state workers and dependents was stolen

in December.

http://www.net
-
security.org/news.php?id=10419



TOP TEN VIRUSES AND HOAXES REPORTED IN FEBRUARY 2006

The report reveals that a Trojan horse, Clagger
-
G, has infiltrated

the chart this month, demonstrating that today's financially

motivated threats use a com
bination of malware and spam technology.

http://www.net
-
security.org/news.php?id=10420



IDENTITY THEFT VICTIMS TO SUE NCSOFT

Online games giant faces potential $230m lawsuit.

http://www.net
-
security.org/news.php?id=10421



TEENAGER CLAIMS TO FIND CODE FLA
W IN GMAIL

Supposed flaw may already have been fixed.

http://www.net
-
security.org/news.php?id=10422



POLICE CAMERAS SPARK PRIVACY DEBATE

Testing of Chicago's new speed surveillance SUVs began recently, just

as the Illinois State Police debuted their own a
nti
-
speeding plan

based on high
-
resolution cameras. The cameras enhance the

productivity of troopers who are writing tickets by 16 times, the

State Police said.

http://www.net
-
security.org/news.php?id=10423



THE ADVANTAGES OF IDENTITY BASED ENCRYPTION

Enterprises are becoming interested in easy
-
to
-
use email encryption,

as privacy and data protection regulations apply to organizations

across a wide variety of industries. Read this whitepaper to learn

about the advantages of identity
-
based encryption.

htt
p://www.net
-
security.org/news.php?id=10424



MAKING SECURITY A SHARED RESPONSIBILITY

As enterprise IT executives embrace the concepts of open, logical,

Web
-
based computing, they also must rethink their security best

practices.

http://www.net
-
security.org/n
ews.php?id=10425



SOCIAL SECURITY NUMBERS FOUND ON STATE WEBSITES

The disclosure of Ohio residents' Social Security numbers on the

state government's website highlights what many privacy experts

and

criminals

already know: Such information is readily
available to

anyone with an Internet connection.

http://www.net
-
security.org/news.php?id=10426



IRS SLIPS ON KEEPING WORKERS

COMPUTERS SECURE

System administrators are being blamed for weak security settings.

http://www.net
-
security.org/news.php?id=10427



HOW TO PUNCH THROUGH SPAM FILTERS

Tips for making sure your legitimate bulk e
-
mail gets through to its

recipients, and doesn't end up in the garbage.

http://www.net
-
security.org/news.php?id=10428



U.S. OFFICIALS INVESTIGATING SOURCEFIRE PURCHASE

The Associated Press is reporting that Check Point is facing a

full
-
blown investigation over its plans to purchase open
-
source rival

Sourcefire, makers of the widely popular Snort intrusion detection

system.

http://www.net
-
security.org/news.php?id=10429



MALWARE
-
SPEAK SPOOKS SYMANTEC

Symantec said Wednesday it plans to tweak the behavior of its Norton

Internet Security and Norton Personal Firewall products so that they

are no longer vulnerable to an annoying but otherwise harmless prank

that "script kiddie
" hackers have been using for the past week or so

to knock users off online chat channels.

http://www.net
-
security.org/news.php?id=10430



PASSWORD SECURITY: WHAT USERS KNOW AND WHAT THEY ACTUALLY DO

Password protected accounts are very common and widely u
sed for a

variety of online applications including instant messaging, personal

and business e
-
mail, and online banking and retail purchasing

accounts.

http://www.net
-
security.org/news.php?id=10431



INDIA BECOMES SPAM TARGET

Malware writers are starting to target regions with growing numbers

of new Internet users in a belief that computer users in those areas

are less likely to protect themselves from spam and viruses,

according to MessageLabs Ltd.

http://www.net
-
security.org/
news.php?id=10432



FEDEX KINKO

S SMART CARDS HACKED

The ExpressPay stored
-
value card system used by FedEx Kinko

s is

vulnerable to attack.

http://www.net
-
security.org/news.php?id=10433



HOUSE VOTE
-
LAST BAR TO USA PATRIOT ACT RENEWAL

On or before March
10, President Bush is expected to renew the law

that broadens the power of the U.S. government to obtain private

records and to conduct wiretaps and searches, despite the deep

bipartisan misgivings of some in Congress.

http://www.net
-
security.org/news.php?
id=10435



COMMUNICATING WITH CONFIDENCE: CHOOSING A SECURE, FLEXIBLE WORKING

SOLUTION

Along with the benefits of networked systems

easy information

sharing and the ability to work wherever and whenever

comes

responsibility. Professionals in all industries have the

responsibility to protect their customers

(and their own)

confidentiality. When professionals access their office networks and

exchange information with other organisations, confidentiality is

param
ount, though not always easy to achieve.

http://www.net
-
security.org/news.php?id=10436


----------------------------------------------------------------





[ Vulnerabilities ]



All vulnerabilities are located here:

http://www.net
-
security.org/vulnerabili
ties.php



----------------------------------------------------------------


vBulletin editpassword Function Email Field XSS

http://www.net
-
security.org/vulnerability.php?id=23614



Gallery GalleryUtilities.class 'X_FORWARDED_FOR' HTTP Header Field

XSS

htt
p://www.net
-
security.org/vulnerability.php?id=23596



Gallery GallerySession.class 'sessionId' Variable File Deletion

http://www.net
-
security.org/vulnerability.php?id=23597



Lighttpd Crafted Filename Request Script Source Disclosure

http://www.net
-
security.org/vulnerability.php?id=23542



TOPo inc_header.php gTopNombre Variable XSS

http://www.net
-
security.org/vulnerability.php?id=23541



M4 Project enigma
-
suite Windows Client Default Account

http://www.net
-
security.org/vulnerability.p
hp?id=23572



StoreBot 2005 Professional Edition MgrLogin.asp Pwd Variable SQL

Injection

http://www.net
-
security.org/vulnerability.php?id=23575



StoreBot 2002 Standard Edition manage.asp ShipMethod Variable XSS

http://www.net
-
security.org/vulnerability.ph
p?id=23574



bttlxeForum failure.asp err_txt Variable XSS

http://www.net
-
security.org/vulnerability.php?id=23540



Parodia agencyprofile.asp AG_ID Variable XSS

http://www.net
-
security.org/vulnerability.php?id=23548



PHP mb_send_mail() Function Parameter Restriction Bypass

http://www.net
-
security.org/vulnerability.php?id=23534



PHP imap_open() Function Restriction Bypass

http://www.net
-
security.org/vulnerability.php?id=23535



DirectContact Server Traversal Arbitrary
File Access

http://www.net
-
security.org/vulnerability.php?id=23519



Issue Dealer Local Weblog Publisher Issue Disclosure

http://www.net
-
security.org/vulnerability.php?id=23502



iGENUS Webmail config_inc.php SG_HOME Variable Local File Inclusion

http://ww
w.net
-
security.org/vulnerability.php?id=23530



ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS

http://www.net
-
security.org/vulnerability.php?id=23512



LanSuite LanParty Intranet System index.php fid Variable SQL

Injection

http://www.net
-
security.org/vulnerability.php?id=23533



FreeBSD nfsd Malformed NFS Mount Request Remote DoS

http://www.net
-
security.org/vulnerability.php?id=23511


----------------------------------------------------------------





[ Advisories ]



All a
dvisories are located at:

http://www.net
-
security.org/archive_advi.php



----------------------------------------------------------------


US
-
CERT Technical Cyber Security Alert
-
Apple Mac Products are

Affected by Multiple Vulnerabilities (TA06
-
062A)

http
://www.net
-
security.org/advisory.php?id=6019



Mandriva Linux Security Update Advisory
-
mozilla
-
thunderbird

(MDKSA
-
2006:052)

http://www.net
-
security.org/advisory.php?id=6018



Debian Security Advisory
-
xpdf, poppler, kdegraphics vulnerabilities

(DSA 984
-
1)

http://www.net
-
security.org/advisory.php?id=6017



Ubuntu Security Notice
-
irssi
-
text vulnerability (USN
-
259
-
1)

http://www.net
-
security.org/advisory.php?id=6016



Debian Security Advisory
-
new bmv packages fix arbitrary code

execution (DSA 98
1
-
1)

http://www.net
-
security.org/advisory.php?id=6015



Debian Security Advisory
-
New tutos package fixes several

vulnerabilities (DSA 980
-
1)

http://www.net
-
security.org/advisory.php?id=6014



Fedora Legacy Update Advisory
-
Updated perl
-
DBI package fixes

security issue (FLSA:178989)

http://www.net
-
security.org/advisory.php?id=6013



Cisco Security Notice
-
Response to AAA Command Authorization by
-
pass

(68840)

http://www.net
-
security.org/advisory.php?id=6012



FreeBSD Security Advisory
-
Remote denial of service in NFS server

(FreeBSD
-
SA
-
06:10.nfs)

http://www.net
-
security.org/advisory.php?id=6011



FreeBSD Security Advisory
-
Remote denial of service in OpenSSH

(FreeBSD
-
SA
-
06:09.openssh)

http://www.net
-
security.
org/advisory.php?id=6010



SUSE Security Announcement
-
gpg,liby2util signature checking

problems (SUSE
-
SA:2006:013)

http://www.net
-
security.org/advisory.php?id=6009



Mandriva Linux Security Update Advisory
-
Updated gettext packages

fix temporary file vu
lnerabilities (MDKSA
-
2006:051)

http://www.net
-
security.org/advisory.php?id=6008



Mandriva Linux Security Update Advisory
-
squirrelmail

(MDKSA
-
2006:049)

http://www.net
-
security.org/advisory.php?id=6007



Debian Security Advisory
-
pdftohtml (DSA 983
-
1)

http://www.net
-
security.org/advisory.php?id=6006



Mandriva Linux Security Update Advisory
-
unzip (MDKSA
-
2005:050)

http://www.net
-
security.org/advisory.php?id=6005



Fedora Legacy Update Advisory
-
Updated gnutls packages fix a

security issue (FLSA:181014
)

http://www.net
-
security.org/advisory.php?id=6004



Fedora Legacy Update Advisory
-
Updated mod_auth_pgsql package fixes

security issue (FLSA:177326)

http://www.net
-
security.org/advisory.php?id=6003



Fedora Legacy Update Advisory
-
Updated udev packages
fix a security

issue (FLSA:175818)

http://www.net
-
security.org/advisory.php?id=6002



Fedora Legacy Update Advisory
-
Updated PostgreSQL packages fix

security issues (FLSA:157366)

http://www.net
-
security.org/advisory.php?id=6001



Mandriva Linux Security U
pdate Advisory
-
mplayer (MDKSA
-
2005:048)

http://www.net
-
security.org/advisory.php?id=6000



Debian Security Advisory
-
gpdf (DSA 982
-
1)

http://www.net
-
security.org/advisory.php?id=5999



SUSE Security Announcement
-
kernel, openssh (SUSE
-
SA:2006:012)

http://www.net
-
security.org/advisory.php?id=5998



Ubuntu Security Notice
-
postgresql
-
7.4, postgresql
-
8.0, postgresql

vulnerability (USN
-
258
-
1)

http://www.net
-
security.org/advisory.php?id=5997



Fedora Legacy Update Advisory
-
Updated perl packages fix se
curity

issue (FLSA:176731)

http://www.net
-
security.org/advisory.php?id=5996



Fedora Legacy Update Advisory
-
Updated gaim package fixes security

issues (FLSA:158543)

http://www.net
-
security.org/advisory.php?id=5995



Fedora Legacy Update Advisory
-
Update
d nfs
-
utils package fixes

security issues (FLSA:138098)

http://www.net
-
security.org/advisory.php?id=5994


----------------------------------------------------------------


----------------------------------------------------------------

INFOSECURITY EUROPE 2006

----------------------------------------------------------------

Infosecurity Europe is Europe's number one, dedicated Information Security

event held on the 25th
-
27th April 2006, Grand Hall, Olympia. Now in its

11th year, the
event continues to provide an unrivalled education programme,

new products & services, exhibitors and visitors from every segment of the

industry.

----------------------------------------------------------------

For further information www.infosec.co.uk
/hns

----------------------------------------------------------------



[ Articles ]



All articles are located at:

http://www.net
-
security.org/articles_main.php


Articles can be contributed to articles@net
-
security.org



----------------------------------
------------------------------


COMMUNICATING WITH CONFIDENCE: CHOOSING A SECURE, FLEXIBLE WORKING

SOLUTION

Along with the benefits of networked systems

easy information

sharing and the ability to work wherever and whenever

comes

responsibility. Professionals in all industries have the

responsibility to protect their customers

(and their own)

confidentiality. When professionals access their office networks and

exchange information with other organisations, confidentiality is

param
ount, though not always easy to achieve.

http://www.net
-
security.org/article.php?id=903


----------------------------------------------------------------





[ Software ]



Windows software is located at:

http://net
-
security.org/software_main.php?cat=1


L
inux software is located at:

http://net
-
security.org/software_main.php?cat=2


Pocket PC software is located at:

http://net
-
security.org/software_main.php?cat=3


Mac OS X software is located at:

http://net
-
security.org/software_main.php?cat=5



----------------------------------------------------------------


CONSOLE PASSWORD MANAGER (CPM) 0.21 Beta (Linux)

cpm is a small console tool to manage passwords and store them public

key encrypted in a file
-
even for more than one person.

http://www.net
-
security.org/software.php?id=287



CRIPPIN 2.8 (Pocket PC)

Crippin was designed to protect confidential files in case a Pocket

PC is lost or stolen.

http://www.net
-
security.org/software.php?id=544



MAILSCANNER 4.51.4
-
1 (Linux)

MailScanner is a virus scan
ner for e
-
mail designed for use on e
-
mail

gateways.

http://www.net
-
security.org/software.php?id=144



PROSHIELD 3.7.46 (Linux)

ProShield is a security program for Debian Linux.

http://www.net
-
security.org/software.php?id=282



RUBY/PASSWORD 0.5.3 (Linux)

R
uby/Password is a set of useful methods for creating, verifying, and

manipulating passwords.

http://www.net
-
security.org/software.php?id=162



SSL
-
EXPLORER 0.1.16 (Windows)

The 3SP SSL
-
Explorer is the world's first open
-
source SSL
-
based VPN

solution of its kind.

http://www.net
-
security.org/software.php?id=579


----------------------------------------------------------------





[ Conferences ]



All conferences are located at:

http://net
-
security.org/conferences.php



------------------------
----------------------------------------


ISESTORM 2006

Organized by ISECOM
-
1 April
-
8 April 2006

http://www.net
-
security.org/conference.php?id=158



InfoSec World 2006

Organized by MIS Training Institute
-
3 April
-
5 April 2006

http://www.net
-
security.org/conference.php?id=155



LayerOne 2006

Organized by LayerOne
-
15 April
-
16 April 2006

http://www.net
-
security.org/conference.php?id=154



Infosecurity Europe 2006

Organized by Reed Exhibitions
-
25 April
-
27 April 2006

http://www.
net
-
security.org/conference.php?id=156



DallasCon Information & Wireless Security Conference 2006

Organized by DallasCon
-
1 May
-
6 May 2006

http://www.net
-
security.org/conference.php?id=160



InfoSeCon 2006

Organized by Infosecon Association and ZIK
-
8 M
ay
-
10 May 2006

http://www.net
-
security.org/conference.php?id=157



iTrust 2006

Organized by IIT
-
CNR
-
16 May
-
19 May 2006

http://www.net
-
security.org/conference.php?id=152



Eurocrypt 2006

Organized by IACR
-
28 May
-
1 June 2006

http://www.net
-
security.org/conference.php?id=153



OWASP AppSec Europe 2006

Organized by OWASP Foundation
-
29 May
-
31 May 2006

http://www.net
-
security.org/conference.php?id=159



The Third Conference on Email and Anti
-
Spam (CEAS 2006)

Organized by CEAS
-

27 July
-
28 July 2006

http://www.net
-
security.org/conference.php?id=161


----------------------------------------------------------------





[ Security World ]



All press releases are located at:

http://www.net
-
security.org/press_main.php


Send your press
releases to press@net
-
security.org



----------------------------------------------------------------


O'Reilly Releases "C in a Nutshell"

http://www.net
-
security.org/press.php?id=3906



Pointsec Signs Contract with Swedish Armed Forces

http://www.net
-
security.org/press.php?id=3905



Aladdin HASP HL v1.30 Offers Unmatched Software Security, Ease
-
of
-
Use

http://www.net
-
security.org/press.php?id=3904



3M Exhibits Computer Privacy Filters at Infosecurity Europe 2006

http://www.net
-
security.o
rg/press.php?id=3903



SAINTexploit Provides Means to Verify Network Security

http://www.net
-
security.org/press.php?id=3902



Panda GateDefender Provides Simple,

Connect And Forget

Network

Protection

http://www.net
-
security.org/press.php?id=3901



Elemen
tal Earns Category Breaker Award From Network World Magazine

http://www.net
-
security.org/press.php?id=3900



Sourcefire Wins NetEvents

Technology Leaders 2006

Award

http://www.net
-
security.org/press.php?id=3899



F
-
Secure Signs With Italian Operator Wind To Ensure Safe Surfing On

The Internet

http://www.net
-
security.org/press.php?id=3898



Top Management Support Essential For Effective Information Security

Program, Says Auburn University Study

http://www.net
-
securi
ty.org/press.php?id=3897



(ISC)2 Wins Sc Magazine Award For

Best Professional Training

Program


http://www.net
-
security.org/press.php?id=3896



Trend Micro Enhances Multi
-
layered Anti
-
Spyware Protection for

Enterprises

Introduces InterScan Web Security
Appliance

http://www.net
-
security.org/press.php?id=3895



Secure Data Group Launches New Services and IT Initiatives

http://www.net
-
security.org/press.php?id=3894



Internet Security Systems Expands Proventia Access Control for

Enterprise Customers with Network Admission Control (NAC) Integration

http://www.net
-
security.org/press.php?id=3893



AEP Networks

VPN Solution Revolutionises Remote Working for Tower

Publishing's Staff, Suppliers and Customers

http://www.net
-
security.org
/press.php?id=3892



Sophos Launches New Anti
-
Virus Software To Support Intel
-
Powered Macs

http://www.net
-
security.org/press.php?id=3891


----------------------------------------------------------------





[ Virus News ]



All virus news are located at:

h
ttp://www.net
-
security.org/viruses.php



----------------------------------------------------------------


Weekly Report on Viruses and Intruders
-
Trojan: RedBrowser.A

http://www.net
-
security.org/virus_news.php?id=612



Top ten viruses and hoaxes reported to Sophos in February 2006

http://www.net
-
security.org/virus_news.php?id=611



RedBrowser sends SMS to premium rate numbers

http://www.net
-
security.org/virus_news.php?id=610


---------------------------------------------
-------------------



----------------------------------------------------------------

INFOSECURITY EUROPE 2006

----------------------------------------------------------------

Infosecurity Europe is Europe's number one, dedicated Information Security

eve
nt held on the 25th
-
27th April 2006, Grand Hall, Olympia. Now in its

11th year, the event continues to provide an unrivalled education programme,

new products & services, exhibitors and visitors from every segment of the

industry.

-------------------
---------------------------------------------

For further information www.infosec.co.uk/hns

----------------------------------------------------------------



Questions, contributions, comments or ideas go to:


Help Net Security staff

staff@net
-
security.or
g

http://net
-
security.org


----------------------


Unsubscribe from this weekly digest on:

http://www.net
-
security.org/subscribe.php


The archive of the newsletter in TXT and PDF format is available

http://www.net
-
security.org/newsletter_archive.php