[net-alert] Net-Alert Volume 1, Issue 2 (fwd)

Leslie Schentag (wy497@victoria.tc.ca)
Wed, 17 Feb 1999 08:04:31 -0800 (PST)


  Leslie Schentag
  Gremlin Research Consultants
  Web Site: http://firms.findlaw.com/gremlinz


  "When Freedom Is Outlawed, Only Outlaws Will Be Free"
=09=09=09=09=09-F.T.W. Productions, 1992.

 "It is better do die on your feet than live a lifetime on your knees"
=09=09=09=09=09-Emiliano Zapata


---------- Forwarded message ----------
Date: Thu, 18 Feb 1999 01:14:54 +0930
From: Mark Neely <mpn@infolution.com.au>
Reply-To: net-alert-owner@onelist.com
To: net-alert@onelist.com
Subject: [net-alert] Net-Alert Volume 1, Issue 2

From: Mark Neely <mpn@infolution.com.au>


- - - - - - - - - - - - - - - - - - - -=20

Net-Alert
18 February 1999

If you have any questions, comments or other feedback concerning
Net-Alert articles, contact the Editor at <mailto:mpn@infolution.com.au>

____________________

Contents:

##     How safe is your cryptography?
##     Happy99 Internet worm=20
##     Password Safe - keep your passwords secure
##     HotMail attachment scanning problem
##     Free Web-based email security vulnerability
##     Organised crime online?

____________________

H o w  s a f e  i s  y o u r  c r y p t o g r a p h y ?

There is a wide variety of cryptographic software tools on the market
today, used to encrypt important documents, email messages and other
sensitive information.

But how do you know whether your information really is safe? How reputable
is the vendor? Have their security techniques and methodologies been
tested? If so, by whom?

These are the sorts of questions you need to ask yourself (and the vendors)
before you entrust your information to a particular security application.

For pointers on how to differentiate between vendors of good and bad
security products, consult the Snake Oil FAQ.

URL:

Snake Oil FAQ  - http://www.interhack.net/people/cmcurtin/snake-oil-faq.htm=
l

____________________

H a p p y  9 9=20

A new menace, the Happy99 =93worm=94, is doing the rounds of the Internet. =
In
fact, it has been propagating with considerable speed, which is a feature
common to =93worms=94.

A worm is not technically a virus, but rather a program which, having
infected a computer, seeks out other computers to infect.

When run, the Happy99 executable (generally named happy99.exe) displays a
window with exploding fireworks, titled =93Happy New Year 1999 !!=94. Behin=
d
the scenes, the program installs several files (SKA.EXE and SKA.DLL) in the
WINDOWS\SYSTEM directory, and modifies WSOCK32.DLL (the existing copy is
renamed WSOCK32.SKA).

As a result, Happy99 is able to detect when the infected PC is accessing
the Internet, and attach copies of itself to any email message or Usenet
posting the user may make. This happens without the user=92s knowledge.

To delete the worm manually:

1. Delete WINDOWS\SYSTEM\SKA.EXE=20
2. Delete WINDOWS\SYSTEM\SKA.DLL=20
3. Replace WINDOWS\SYSTEM\WSOCK32.DLL with WINDOWS\SYSTEM\WSOCK32.SKA=20

4. Delete the downloaded file, usually named HAPPY99.EXE=20

URLs:

Symantec - http://www.symantec.com/avcenter/venc/data/happy99.worm.html
ZDNet Report - http://www.zdnet.com/zdnn/stories/news/0,4586,2208275,00.htm=
l

____________________

P a s s w o r d  S a f e=20

If you use the Internet extensively,  you have no doubt been issued with a
number of different userids and passwords for accessing various Web sites
and other services. Keeping these details secure can be difficult. But it
need not be.

Counterpane Systems has released Password Safe, a must-have program for
storing all your password and identification details. Instead of
remembering multiple passwords, you can use Password Safe=92s database to
store your information, which is encrypted using the well-regarded Blowfish
encryption system. All you need to remember is the single password that you
use to encrypt the database.

URLs:

Counterpane Systems - http://www.counterpane.com/
Direct Download - http://www.infolution.com.au/software/ps17.exe

____________________

H o t m a i l  a t t a c h m e n t  s c a n n i n g  p r o b l e m s

There have been a number of reports in various security and virus-related
newsgroups that the recently added HotMail feature - which allows users to
scan email attachments sent to Hotmail addresses for viruses before they
are downloaded - may not offer effective virus protection.

It is recommended that readers do not rely solely on this feature for virus
protection until the matter has been fully investigated.

____________________

H o t m a i l  /  Y a h o o !  t i g h t e n  f r e e  e m a i l   s e c u
r i t y

Both HotMail and Yahoo! are tightening the security of their free Web-based
email services after reports of security weaknesses. Both systems had a
flaw which enabled multiple attempts at guessing user passwords. This made
the services susceptible to =93brute force=94 password cracking attempts,
during which hundreds or thousands of different character combinations are
used in an attempt  to guess a user=92s password.

URL:

USA Today - http://www.usatoday.com/life/cyber/tech/cte384.htm

____________________

O r g a n i s e d  c r i m e  g o e s  o n l i n e=20

Network security specialists fear that organised crime is making its
presence felt on the Net.

Reports have surfaced that a new =93hacker=94 tool - Aggressor - was releas=
ed
by organised criminals or professional crackers. This tool, which provides
a user-friendly interface for sophisticated network attacking tools, is
being promoted to amateur and =93wannabe=94 crackers, who use it to scan
Internet hosts for vulnerabilities. Unknown to them, the software secretly
sends copies of its findings to the program=92s authors.

This effectively allows the authors to employ potentially hundreds of
individuals to build an extensive database of vulnerable Internet hosts,
without drawing immediate attention to themselves.

URL:

Techweb - http://www.techweb.com/wire/story/TWB19990216S0008

____________________


If you received this copy of Net-Alerts from a friend, you can subscribe
to Net-Alert by visiting the following URL:


http://www.onelist.com/subscribe/net-alert

____________________

Net-Alert is copyright (c) Mark Neely 1999.

Forwarding this message to friends and colleagues is encouraged,
providing the message is forwarded in its entirety, including this copyrigh=
t
notice.

- - - - - - - - - - - - - - - - - - - -=20

------------------------------------------------------------------------
To unsubscribe from this mailing list, or to change your subscription
to digest, go to the ONElist web site, at http://www.onelist.com and
select the User Center link from the menu bar on the left.
------------------------------------------------------------------------
Please send questions, comments and pointers to <mailto:mpn@infolution.com.=
au>