NEWS

Changes to the Nessus Vulnerability Scanner subscription model
New book: "The Book of IMAP"
IT spending concerns mounting
E-mail mismanagement puts organizations at risk
Majority of U.S. consumers are likely to enroll in voice verification

Video: The Enigma Machine

REVIEWS

Big Book of Windows Hacks
Backup & Recovery
Mac OS X Leopard Phrasebook
The Book of Wireless (2nd Edition)
Mac OS X Leopard: The Missing Manual

WINDOWS

LANguard Network Security Scanner 8 ***
VBOLock 4
Generic Security Service 0.0.23
Data Guardian 1.3.8
QuickWiper 7.8
AEVITA Tracks Eraser 1.5
Clean Disk Security 7.72
WinSCP 4.1.2

ADVISORIES

Mandriva Linux Security Update Advisory - libvorbis (MDVSA-2008:102)
Mandriva Linux Security Update Advisory - rdesktop (MDVSA-2008:101)
US-CERT Technical Cyber Security Alert - Debian/Ubuntu OpenSSL Random Number Generator Vulnerability (TA08-137A)
Newsletter

HNS Newsletter
Issue 418 - 12.05.2008
http://www.net-security.org

================================================================
Free Webcast: Proactive Vulnerability Management
http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194
================================================================
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk
Management, Forrester Research, Inc.

In this talk, Dr. Chenxi Wang, Principal Analyst for Security and
Risk Management at Forrester Research, will cover the key aspects
of proactive vulnerability management and more importantly, the steps
via which you can follow to achieve proactive vulnerability management.

http://www.qualys.com/forms/webcasts/forrester-pvm/?lsid=7194
=========================================================

Table of contents:

1) Security news
2) Advisories
3) Articles
4) Reviews
5) Software
6) Webcasts
7) Conferences
8) Security World
9) Virus News


[ Security news ]


----------------------------------------------------------------

100 E-MAIL BOUNCEBACKS? YOU'VE BEEN BACKSCATTERED
The bounceback e-mail messages come in at a trickle, maybe one or two
every hour. The subject lines are disquieting, apparently from you.
http://www.net-security.org/news.php?id=15896


WHAT'S UP WITH THE SECRET CYBERSECURITY PLANS
The government's new cyber-security "Manhattan Project" is so
secretive that a key Senate oversight panel has been reduced to
writing a letter to beg for answers to the most basic questions, such
as what's going on, what's the point and what about privacy laws.
http://www.net-security.org/news.php?id=15897


IN PELLICANO CASE, LESSONS IN WIRETAPPING SKILLS
The wiretapping trial of Anthony Pellicano, the accused sleuth to the
stars and irrepressible eavesdropper, has offered much fodder for
celebrity watchers over its two-month run.
http://www.net-security.org/news.php?id=15898


CHINA MOUNTS CYBER ATTACKS ON INDIAN SITES
China’s cyber warfare army is marching on, and India is suffering
silently. Over the past one and a half years, officials said, China
has mounted almost daily attacks on Indian computer networks, both
government and private, showing its intent and capability.
http://www.net-security.org/news.php?id=15899


HNS PODCAST: JEREMIAH GROSSMAN'S TOP SECURITY CONFERENCES
Jeremiah Grossman, the founder and Chief Technology Officer of
WhiteHat Security attends quite a number of security conferences
around the globe. A couple of weeks ago we had a chat with him and in
this short podcast he discusses four of his favorite events.
http://www.net-security.org/news.php?id=15900


VIDEO: THE ENIGMA MACHINE
The National Security Agency (NSA) had an Enigma machine in their
booth at the RSA Conference 2008 in San Francisco. Here's a video
that shows the machine and provides some history about it.
http://www.net-security.org/news.php?id=15901


GOVERNMENT WIRETAPS UP 20% FOR 2007
The US last week released its 2007 wiretapping stats, and they show
that such surveillance is up a full 20 percent over the year before.
http://www.net-security.org/news.php?id=15902


HUNDREDS OF LAPTOPS MISSING AT STATE DEPARTMENT
Hundreds of employee laptops are unaccounted for at the U.S.
Department of State, which conducts delicate, often secret,
diplomatic relations with foreign countries, an internal audit has
found.
http://www.net-security.org/news.php?id=15903


ISOHUNT FOUNDER AT CENTER OF U.S. TORRENT-TRACKING LEGAL BATTLE
The Motion Picture Association of America claims in a lawsuit that
Gary Fung is a copyright scofflaw of the highest order - facilitating
the theft of millions of its copyrighted works hosted in tiny pieces
resting on servers and individuals' computers worldwide.
http://www.net-security.org/news.php?id=15904


HACKER KEPT ON NDS PAYROLL AFTER ACCUSED OF PIRACY
A high-ranking News Corp official testified on Tuesday that he kept
two hackers on the payroll for years after one of them was accused of
infiltrating the security system of rival satellite television company
DISH Network Corp.
http://www.net-security.org/news.php?id=15905


BOOK REVIEW: BACKUP & RECOVERY
The undeniable importance of backup is the reason why system
administrators invest time and effort into creating and maintaining a
backup system fit for their infrastructure. While for a home user it
may be enough to burn their files to a DVD from time to time,
professionals and organizations must tackle the problem of possible
data loss with a strong understanding of their needs.
http://www.net-security.org/news.php?id=15906


MICROSOFT MAY BUILD A COPYRIGHT COP INTO EVERY ZUNE
If you like to download the latest episodes of “Heroes” or other NBC
shows from BitTorrent, maybe you shouldn’t buy a Microsoft Zune to
watch them on.
http://www.net-security.org/news.php?id=15907


5 WAYS INSIDERS EXPLOIT YOUR NETWORK
Policing insiders can prove challenging given the privileged access
they require to do their jobs.
http://www.net-security.org/news.php?id=15908


FBI SAYS THE MILITARY HAD BOGUS COMPUTER GEAR
Counterfeit products are a routine threat for the electronics
industry. However, the more sinister specter of an electronic Trojan
horse, lurking in the circuitry of a computer or a network router and
allowing attackers clandestine access or control, was raised again
recently by the FBI and the Pentagon.
http://www.net-security.org/news.php?id=15909

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Mandriva Linux Security Update Advisory - perl (MDVSA-2008:100)
http://www.net-security.org/advisory.php?id=8872


Gentoo Linux Security Advisory - InspIRCd: Denial of Service (GLSA
200805-08)
http://www.net-security.org/advisory.php?id=8871


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2008:011)
http://www.net-security.org/advisory.php?id=8870


Gentoo Linux Security Advisory - Linux Terminal Server Project:
Multiple vulnerabilities (GLSA 200805-07)
http://www.net-security.org/advisory.php?id=8869


Gentoo Linux Security Advisory - Firebird: Data disclosure ( GLSA
200805-06)
http://www.net-security.org/advisory.php?id=8868


Ubuntu Security Notice - gst-plugins-good0.10 vulnerability
(USN-611-3 )
http://www.net-security.org/advisory.php?id=8867


Ubuntu Security Notice - vorbis-tools vulnerability (USN-611-2 )
http://www.net-security.org/advisory.php?id=8866


Ubuntu Security Notice - speex vulnerability (USN-611-1)
http://www.net-security.org/advisory.php?id=8865


Slackware Security Advisory - php (SSA:2008-128-01)
http://www.net-security.org/advisory.php?id=8864


Slackware Security Advisory - mozilla-thunderbird (SSA:2008-128-02)
http://www.net-security.org/advisory.php?id=8863


Gentoo Linux Security Advisory - Wireshark: Denial of Service (GLSA
200805-05)
http://www.net-security.org/advisory.php?id=8862


Gentoo Linux Security Advisory - eGroupWare: Multiple vulnerabilities
(GLSA 200805-04)
http://www.net-security.org/advisory.php?id=8861


Gentoo Linux Security Advisory - Multiple X11 terminals: Local
privilege escalation (GLSA 200805-03)
http://www.net-security.org/advisory.php?id=8860


Turbolinux Security Announcement - thunderbird -> JavaScript garbage
collector (07/May/2008)
http://www.net-security.org/advisory.php?id=8859


Ubuntu Security Notice - ltsp vulnerability (USN-610-1 )
http://www.net-security.org/advisory.php?id=8858


Ubuntu Security Notice - hsqldb, openoffice.org/-amd64
vulnerabilities (USN-609-1)
http://www.net-security.org/advisory.php?id=8857


Mandriva Linux Security Update Advisory - openssh (MDVSA-2008:098)
http://www.net-security.org/advisory.php?id=8856


Mandriva Linux Security Update Advisory - kdelibs (MDVSA-2008:097)
http://www.net-security.org/advisory.php?id=8855


Mandriva Linux Security Update Advisory - emacs (MDVSA-2008:096)
http://www.net-security.org/advisory.php?id=8854


Ubuntu Security Notice - mozilla-thunderbird, thunderbird
vulnerabilities (USN-605-1)
http://www.net-security.org/advisory.php?id=8853


Ubuntu Security Notice - emacs21, emacs22 vulnerabilities (USN-607-1
)
http://www.net-security.org/advisory.php?id=8852


Ubuntu Security Notice - kdelibs vulnerability (USN-608-1)
http://www.net-security.org/advisory.php?id=8851


Debian Security Advisory - roundup (DSA-1554-2)
http://www.net-security.org/advisory.php?id=8850


Debian Security Advisory - cacti (DSA-1569-2)
http://www.net-security.org/advisory.php?id=8849


Gentoo Linux Security Advisory - Horde Application Framework:
Multiple vulnerabilities (GLSA 200805-01)
http://www.net-security.org/advisory.php?id=8848


Gentoo Linux Security Advisory - phpMyAdmin: Information disclosure
(GLSA 200805-02)
http://www.net-security.org/advisory.php?id=8847


Debian Security Advisory - cacti (DSA-1569-1)
http://www.net-security.org/advisory.php?id=8846


Debian Security Advisory - b2evolution (DSA-1568-1)
http://www.net-security.org/advisory.php?id=8845


Debian Security Advisory - blender (DSA-1567-1 )
http://www.net-security.org/advisory.php?id=8844


Ubuntu Security Notice - cupsys vulnerability (USN-606-1 )
http://www.net-security.org/advisory.php?id=8843

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

THE ENIGMA MACHINE
The National Security Agency (NSA) had an Enigma machine in their
booth at the RSA Conference 2008 in San Francisco. Here's a video
that shows the machine and provides some history about it.
http://www.net-security.org/article.php?id=1132


HNS PODCAST: JEREMIAH GROSSMAN'S TOP SECURITY CONFERENCES
Jeremiah Grossman, the founder and Chief Technology Officer of
WhiteHat Security attends quite a number of security conferences
around the globe. A couple of weeks ago we had a chat with him and in
this short podcast he discusses four of his favorite events.
http://www.net-security.org/article.php?id=1131

----------------------------------------------------------------




[ Reviews ]


All reviews are located at:
http://www.net-security.org/reviews.php


----------------------------------------------------------------

BACKUP & RECOVERY
http://www.net-security.org/review.php?id=185

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

AEVITA TRACKS ERASER 1.5 (Windows)
Securely erase your Windows, Internet Explorer and MS Office usage
tracks.
http://www.net-security.org/software.php?id=640


BESTCRYPT 8.04.4 (Windows)
BestCrypt data encryption systems bring military strength encryption
to the ordinary computer user without the complexities normally
associated with strong data encryption.
http://www.net-security.org/software.php?id=173


CLEAN DISK SECURITY 7.72 (Windows)
This program gives you secure file deletion, making sure that deleted
files cannot be undeleted again.
http://www.net-security.org/software.php?id=385


DATA GUARDIAN 1.3.8 (Windows)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more.
http://www.net-security.org/software.php?id=663


DATA GUARDIAN 1.3.8 (Mac OS X)
Data Guardian is a secure, Universal Binary, database application for
storing passwords, credit card numbers, adressses, notes, customer
databases, and more.
http://www.net-security.org/software.php?id=662


GENERIC SECURITY SERVICE 0.0.23 (Windows)
A Generic Security Service (GSS-API) implementation.
http://www.net-security.org/software.php?id=96


QUICKWIPER 7.8 (Windows)
QuickWiper is a file wipe utility with system cleaner.
http://www.net-security.org/software.php?id=177


TUNNELIER 4.26 (Windows)
Tunnelier is a powerful SSH2 port forwarding client with many
features.
http://www.net-security.org/software.php?id=181


VBOLOCK 4 (Windows)
VBOLock is easy to use, easy to implement, powerful copy protection
for all of your Visual Basic, Delphi and C++ Builder software
applications.
http://www.net-security.org/software.php?id=242


WINSCP 4.1.2 (Windows)
WinSCP is an open source SSH file transfer protocol and secure copy
client for Windows using SSH.
http://www.net-security.org/software.php?id=6


WINSSHD 4.26 (Windows)
WinSSHD is an SSH Secure Shell 2 server for Windows NT4, Windows 2000
and Windows XP.
http://www.net-security.org/software.php?id=180

----------------------------------------------------------------



[ Webcasts ]


All webcasts are located at:
http://net-security.org/webcasts.php


----------------------------------------------------------------

Understanding the Payment Application Data Security Standard
Organized by PCI Security Standards Council on 22 May 2008, 11:30 AM
http://www.net-security.org/webcast.php?id=509

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

LayerOne 2008
Organized by LayerOne - 17 May-18 May 2008
http://www.net-security.org/conference.php?id=250


OWASP AppSec Europe 2008 Belgium
Organized by OWASP - 20 May-23 May 2008
http://www.net-security.org/conference.php?id=248


EUSecWest 2008
Organized by dragostech.com inc. - 21 May-21 May 2008
http://www.net-security.org/conference.php?id=254


Hacker Halted USA 2008
Organized by EC-Council - 28 May-4 June 2008
http://www.net-security.org/conference.php?id=244


Shakacon 2008
Organized by Shakacon - 9 June-13 June 2008
http://www.net-security.org/conference.php?id=252


Recon 2008
Organized by recon - 13 June-15 June 2008
http://www.net-security.org/conference.php?id=253


SyScan 2008
Organized by SyScan - 3 July-4 July 2008
http://www.net-security.org/conference.php?id=251


Second International Symposium on Human Aspects of Information
Security & Assurance
Organized by Information Security & Network Research Group,
University of Plymouth - 8 July-10 July 2008
http://www.net-security.org/conference.php?id=238

----------------------------------------------------------------




[ Security World ]


All security world articles are located at:
http://www.net-security.org/secworld_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

Discovery of a crimeserver with over 1.4 gb of stolen data
http://www.net-security.org/secworld.php?id=6112


Compromised file found inside a localized Firefox 2.0 language pack
http://www.net-security.org/secworld.php?id=6111


Free kits for launching phishing attacks
http://www.net-security.org/secworld.php?id=6110


New SDK for multi-biometric face-fingerprint identification systems
http://www.net-security.org/secworld.php?id=6109


Belgium accuses chinese government of cyberespionage
http://www.net-security.org/secworld.php?id=6108


Endpoint security protection for Windows XP Embedded Operating System
http://www.net-security.org/secworld.php?id=6107


New Hitachi hard drive with Bulk Data Encryption
http://www.net-security.org/secworld.php?id=6106


Sendio introduces upgraded I.C.E. Box
http://www.net-security.org/secworld.php?id=6105


McAfee to launch a secure search service
http://www.net-security.org/secworld.php?id=6104


Criminals use free kits for phishing attacks
http://www.net-security.org/secworld.php?id=6103


Windows XP Service Pack 3 released
http://www.net-security.org/secworld.php?id=6102


New video guide: "Cisco Firewall Video Mentor"
http://www.net-security.org/secworld.php?id=6101


10 tips to avoid phishing attacks
http://www.net-security.org/secworld.php?id=6100


IBM Proventia GX6116’s 6Gbps throughput the fastest tested NIPS
http://www.net-security.org/secworld.php?id=6099


AuthenTec wins summary judgment in Atmel patent litigation lawsuit
http://www.net-security.org/secworld.php?id=6098


Yahoo! wants to make search safer
http://www.net-security.org/secworld.php?id=6097


Crimeware double threat menaces Internet
http://www.net-security.org/secworld.php?id=6096


New Motion Computing F5 Tablet PC with a fingerprint sensor
http://www.net-security.org/secworld.php?id=6095


Hosting provider The Planet offers a May firewall discount
http://www.net-security.org/secworld.php?id=6094


Texas has a very high rate of identity theft
http://www.net-security.org/secworld.php?id=6093


More info on the IdentiPHI flagship product
http://www.net-security.org/secworld.php?id=6092


BeyondTrust announces Vista UAC security
http://www.net-security.org/secworld.php?id=6091


Compliance Coach identifies 23 identity theft red flags
http://www.net-security.org/secworld.php?id=6090


NetMotion launches Mobility XE 8.0
http://www.net-security.org/secworld.php?id=6089


Enterprises move to the next level in security needs
http://www.net-security.org/secworld.php?id=6088

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

More April malware trends
http://www.net-security.org/virus_news.php?id=939

----------------------------------------------------------------





Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available
http://www.net-security.org/newsletter_archive.php









Vulnerability Scanning

Network Vulnerabilities

Event Log Security