Professional Documents
Culture Documents
Introduction
Security News
Astalavista Recommends
Free Security Consultation
Enterprise Security Issues
Home Users Security Issues
Meet the Security Scene
Astalavista.net Membership
Webmasters Affiliation
Final Words
01. Introduction
-----------Dear Subscriber,
Welcome to the first issue of Astalavista Group's Security Newsletter.The
main idea behind starting this Newsletter is to educate and entertain
Security interested people, to provide the reader with interesting and
innovative Rubrics, and most importantly - to increase the reader's current
level of Security Awareness.Our Newsletter would be a periodical(monthly)
contribution to the Security Scene and we hope you will find it a quality
reading that was created in order to improve your Security knowledge.Every
subscriber will get access to Free Services and Consultations, various
Astalavista's Promotions, up-to-date Security News, Exclusive Interviews
with famous people that have never been interviewed before and many more.
Your ideas, suggestions, tips and recommendations are highly valued and we
expect hearing from you at security@astalavista.net
Welcome to Astalavista Group's Security Newsletter!
Welcome to the Community!
Editor - Dancho Danchev
dancho@astalavista.net
Proofreader - Yordanka Ilieva
danny@astalavista.net
02. Security News
------------The Security World is a complex one.Every day a new vulnerability is found,
new tools are released, new measures are made up and implemented etc.
In such a sophisticated Scene we have decided to provide you with the most
interesting and up-to-date Security News during the month, a centralized
section that will provide you with our personal comments on the issue discussed.
Your comments and suggestions about this section are welcome at
security@astalavista.net
------------[ SERIOUS SECURITY FLAW IN CISCO'S NETWORK SOFTWARE ]
Cisco Systems Inc. has announced that they have found a serious Security
Flaw in their Network Software, that could literally disable any of the
devices running their Interwork Operation System software.The devices could
be forced to stop processing(routing) any traffic by the time a complete
restart is done.
More information on the problem can be found at:
http://www.eweek.com/article2/0,3959,1196606,00.asp
http://zdnet.com.com/2100-1105_2-1026518.html
http://www.ecommercetimes.com/perl/story/31142.html
http://biz.yahoo.com/djus/030718/1313000600_1.html
Astalavista's Comments:
Most of the Internet traffic worldwide is handled by Cisco's Networking
Products, so you can imagine the effects of this flaw if it's not properly
taken care of.Cisco has released a free software upgrade that fixes the
flaw, but, as always, it's up to the Administrators to take care of their
network before someone else does so.Cisco Systems Inc. has released a
Security Advisory where you can also find information on how to obtain the
free software upgrade.Locate the Advisory here:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
[ ZONEALARM FACES A SERIOUS SECURITY FLAW IN ITS FREEWARE VERSION ]
ZoneAlarm is believed to be the world's most popular firewall for home pcs
and in spite of the many other freeware firewalls on the market, it's still the
most preferred one.However, a recent post on the Bugtraq's Mailing List
indicates a serious flaw in the firewall's core design and the way the
Windows OS operates which results in millions of affected users.
The actual BugTraq's post can be found here:
http://www.securityfocus.com/archive/1/326371
Further information on the news can be located at:
http://www.theregister.co.uk/content/55/31481.html
http://www.extremetech.com/article2/0,3973,1185848,00.asp
http://www.spywareinfo.com/articles/zonelabs/exploit_hoax.php
Astalavista's Comments:
Indeed, ZoneAlarm is used by millions of Windows users worldwide so you can
imagine the scale of the impact for all of them.ZoneAlarm's Executives
blame the Windows OS for the flaw and said that the problem is not in the
way their firewall operates.The steps taken by the Executives can be
defined as a highly inappropriate marketing strategy which could lead to the
loss of thousands of ZoneAlarm users as everyone hates to be forced
in order to purchase a product.You have the right to choose your personal
firewall instead of being forced to use one by the industry, so visit the
following URL and learn more about various personal firewalls:
http://www.firewallguide.com/software.htm
[ THE DEFACEMENT CHALLENGE ]
The United States' Federal Trade Commission has decided to take serious
measures and to pursue companies that promise increased security in order
to obtain personal information, but not to deliver it.
You can find more information on this issue at the following URL:
http://www.securityfocus.com/columnists/171
Astalavista's Comment:
The average Internet user doesn't think twice before giving away personal
information when asked for such and it's probably because of the lack of
understanding on how this information is used later, how insecurely it is
stored etc.FTC's effort on this issue should be highlighted though it's
the company's/organization's responsibility to provide the users with a
a high level of security, if they want to succeed in the electronic
marketplace.
03. Astalavista Recommends
---------------------This section is unique by its idea and the information contained within.Its
purpose is to provide you with direct links to various white papers covering
many aspects of Information Security.These white papers are defined as a must
read for everyone interested in deepening his/her knowledge in the Security fiel
d.The section will
continue to grown with each of the next issues.
Your comments and suggestions about the section are welcome at
security@astalavista.net
----NOTE:Though some of these white papers might be conducted by vendors or with
marketing purposes, we are in no way affiliated with any of these organizations.
We just define these papers as must read and highly interesting ones.
----- General Security "INFORMATION SECURITY MANAGEMENT - AN EXECUTIVE GUIDE"
A highly interesting and comprehensive paper written with the idea to
provide the Executives with an in depth view of the Information Security
issue.Discussing topics like:
Assess Risk and Determine Needs
Establish a Central Management Focal Point
Implement Appropriate Policies and Related Controls
Promote Awareness, and many other...
http://www.astalavista.com/media/files/informationsecuritymanagement.pdf
"BUILDING AN INFORMATION TECHNOLOGY SECURITY AWARENESS AND TRAINING PROGRAM"
One of the best white papers concerning the topic of Building and Implementing
a Security Awareness Program.It represents a summary of recommendations of
the National Institute of Standard and Technology.If you have ever faced the pro
blem
with creating and maintaining such a program, this is definitely a paper
you should read.Covering topics like:
yourself and the organization you are working for against viruses though these
measures apply to all kinds of malicious software(viruses/trojans/worms) as well
.
http://www.astalavista.com/media/files/active_virus_protection.pdf
"ANTI-VIRUS SOFTWARE REVIEWS"
This paper provides the reader with various tests of the most popular
anti-virus packages.The screenshots included will help you understand
the author's point of view.
http://www.astalavista.com/media/files/anti_virus_software.pdf
- Anti-Spam "STOP SPAM NOW"
The paper provides the reader with interesting info on the impact of the spam,
it will also help you with five different strategies for protection against spam
.
http://www.astalavista.com/media/files/stop_spam_now.pdf
- Misc "KNOW YOUR ENEMY - A PROFILE"
This is a must read paper for those somehow interested in the carding scene.
It discusses automated credit card fraud, the actual happenings at the
carding scene and everyone related to credit cards exchange.
http://www.astalavista.com/media/files/ccfraud.pdf
"AN INTRODUCTION TO INTRUSION DETECTION SYSTEMS - ASSESSMENT"
Intrusion Detection Systems basics exposed.The paper also discusses various
topics which might be of interest to the advanced users.If you are somehow
interested in IDSs, this paper will provide you with another point of view.
http://www.astalavista.com/media/files/intrusion.pdf
"PERSONAL FIREWALLS AND INTRUSION DETECTION SYSTEMS"
IBM T.J. Watson Research Center's publication discussing various aspects
of personal firewall and intrusion detection systems.An interesting paper!
http://www.astalavista.com/media/files/iwar2001.pdf
"INTERNET PENETRATION TESTING"
An overview of this issue that will give you an insight view on the process.
Learn more about the ways an ethical penetration is done on someone's
network.
http://www.astalavista.com/media/files/klevinskych05.pdf
"GIAC CERTIFIED FIREWALL ANALYST - PRACTICAL ASSIGNMENT"
Highly recommended white paper consisting of live examples of various
in concrete, with the power turned off and the network cable cut' and you
probably run their operating system.
Astalavista: Is Security through Education the perfect model for any
organization?
Proge: Definitely!I'm still amazed that there are programmers and sys-amins
out there, who think functionality first, security second or not at all.You
need to understand hacking to understand Security, you know the reasons why
you lock your door at night, why you set an alarm, but do you know why you
have a firewall or an intrusion detection system, or did it just sound like
a good idea when you got a glossy leaflet warning you about 'hackers' and
asking your money? You can't just install a product and forget about
Security, but that's what the industry tries to sell.Security is a constant
threat and it isn't game over until you lose.
Astalavista: How real you think is the threat of CyberTerrorism?
Proge: With people like we have in power it gets more real.Like I said,
if you make yourself a target, you've got a problem.
Astalavista: Is BigBrother really watching us, and what's the actual
meaning of the word 'privacy' nowadays ?
Proge: A good question, they're definitely watching us but to what degree,
who knows.It doesn't hurt to have a healthy paranoia.
There're two sides to the privacy argument really.Either you're worried
that government/business is overstepping the mark and intruding on your
personal life for their own benefit, or you've got something to hide.
Unfortunately privacy is being marketed at those with something to hide,
you've seen the ads, cheating on your wife? Grooming underage kids? Erase
your history, don't get caught etc.It's ironic that there are more ethics
in a scene that is largely banded a threat to Security than there are in
government and business.
Astalavista: Thanks for your time, Proge.
Proge: You're welcome!
08. Astalavista.net Membership
-------------------------As I believe, there're still Astalavista.com users who are not aware of the
Astalavista.net's existence, or someone might has just come across this
issue of the newsletter, I've decided to provide the reader with a brief
introduction of Astalavista.net - The World's Best Information Security Portal.
Astalavista.net is world known and highly respected Security Portal offering
an enormous database of very well sorted and categorized Information Security
resources, files, tools, white papers, e-books and many more.At you disposal
there are also thousands of working proxies, wargames servers where all the memb
ers
try their skills and most importantly - the daily updates of the portal.
- Over 3.5 GByte of Security Related data, daily updates and always working
links.
- Access to thousands of anonymous proxies from all over the world, daily update
s
- Security Forums Community where thousands of individuals are ready to share
their knowledge and answer your questions, replies are always received no matter