REALPLAYER, ATTENTI AL BUCO!
RealNetworks ha trovato e gia' patchato un bug presente in diverse versioni del suo player. Rischio sicurezza per gli utenti
URL: http://punto-informatico.it/pi.asp?i=38821

AMD: NESSUN BUG FRA LINUX E ATHLON
AMD smentisce le voci degli scorsi giorni e sostiene che l'instabilita' di Linux con l'Athlon/AGP non e' causata da un bug della CPU. AMD dunque assolta?
URL: http://punto-informatico.it/pi.asp?i=38823

Security Fix for PHP-Nuke 5.4
Due to the high number of problem generated in many web sites and in this one also, is imperative that any webmaster remove the inclusion feature from the index.php file. If you know PHP you know what you need to delete, but if you don't know, please download here the fixes for this security vulnerability (this file has been updated on January 26). This functionality will be added in future versions as a module. The attackers to phpnuke.org has been identified thanks to the logs and we're in touch with the FBI. If your site has been hacked please report it here to the FBI.
http://www.ziobudda.net/Admin/redir_news.php?id=5470

Linux Security Week - January 28th 2002
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
http://www.ziobudda.net/Admin/redir_news.php?id=5495

SecurityFocus Newsletter #129
http://www.ziobudda.net/Admin/redir_news.php?id=5493

»SecurityFocus Linux Newsletter #65
http://www.ziobudda.net/Admin/redir_news.php?id=5492

Net Security
Morpheus application is 'safe' But watch out for those downloads
http://www.theregister.co.uk/content/55/23842.html

Politics-Legislation
Source: Federal Computer Week
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: NIST prepping security guides
Experts from the National Institute of Standards and Technology have released guidelines to address critical security concerns. The general intention of the guides is to eliminate some security vulnerabilities through education and widespread administration of security initiatives.
http://www.fcw.com/fcw/articles/2002/0128/web-nist-01-28-02.asp

Vulnerabilities
Source: ZDNet
Date Written: January 28, 2002
Date Collected: January 28, 2002
Title: Wireless offices - good news for hackers?
As more wireless systems are created, the vulnerability of the new technology becomes more apparent. Without encryption and implementation of security standards, information traveling through the wireless system is relatively open to interception.
http://news.zdnet.co.uk/story/0,,t269-s2103237,00.html
Also - http://www.zdnet.com/anchordesk/stories/story/0,10738,2842639,00.html

Vulnerabilities
Source: Computerworld
Date Written: January 29, 2002
Date Collected: January 29, 2002
Title: Netscape flaw leaves cookies unsecure
Netscape Communication's Navigator web browser has a vulnerability that could allow hackers to view information from cookies stored on user's computers. Due to the flaw, if a user visits a malicious web site, cookies can be stolen. Versions 6 through 6.2 are affected and an upgrade is available from Netscape.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67803,00.html
Also - http://punto-informatico.it/pi.asp?i=38861

Vulnerabilities
Source: Federal Computer Week
Date Written: January 30, 2002
Date Collected: January 30, 2002
Title: Windows 2000 security draft released
On January 28, 2002, the National Institute of Standards and Technology released a guide on processes to secure Microsoft Windows 2000 systems and networks. The guide is intended to compliment sound security practices and provide a checklist of actions that can be taken to secure applications offered with the system. The guide was developed with the help of the National Security Agency.
http://www.fcw.com/fcw/articles/2002/0128/web-nist-01-30-02.asp

Vulnerabilities
Source: Newsbytes
Date Written: January 29, 2002
Date Collected: January 30, 2002
Title: Intrusion Software Maker Snorts At Security Alert
An alleged vulnerability in Snort software, an open-source intrusion detection system (IDS), was published January 28, 2002. The report indicated that the IDS is vulnerable to a denial of service attack that would disable the system. Representatives from Snort posted a message that indicated only Snort users using Linux-based installations with ASCII payload dump enabled would be affected.
http://www.newsbytes.com/news/02/174038.html

Ecco a voi un interessante report sui vari tipi di attacco, il tutto grazie ad una ricerca condotta da riptech.
http://www.riptech.com/securityresources/form9.html

WIN2000, ORA DI SECURITY PACK
Mantenendo una promessa fatta lo scorso ottobre, Microsoft ha rilasciato il primo Security Roll-up Package per Windows 2000. Un concentrato di fix di sicurezza
URL: http://punto-informatico.it/pi.asp?i=38893
Also - http://www.idg.net/ic_796982_1794_9-10000.html
Also - http://www.wininformant.com/Articles/Index.cfm?ArticleID=23928

»LWN.net weekly edition for January 31, 2002 available
http://www.ziobudda.net/news/see_comments.php?id_notizia=5521

g00d reading! 'n' bye
Security News Staff:
The Jackal < -jackal-@libero.it >