Vulnerabilities
Source: The Register
Date Written: January 31, 2002
Date Collected: February 1, 2002
Title: Crackers exploit Cisco LAN switch flaw
Catalyst LAN switches series 4000, 5000 and 6000 and also 2948G and 2900
models, running CatOS may be susceptible to denial of service (DoS) attacks
by use of a buffer overflow vulnerability in Telnet. Cisco is offering free
software upgrades to the switches affected by the vulnerability.
http://www.theregister.co.uk/content/55/23900.html

Vulnerabilities
Source: Network World Fusion
Date Written: January 31, 2002
Date Collected: February 1, 2002
Title: Flaw in Win 2000, NT 4.0 makes domains 'too trusting'
Microsoft posted a 'serious' warning on January 30 that a flaw in the
Windows 2000 and the NT 4.0 server OS authenticates users across domains
and could allow system administrators to extend privileges to other domains. A
software fix is available to those at risk.
http://www.nwfusion.com/news/2002/0131win2kflaw.html

QUANDO I DDOS DISTRUGGONO UN PROVIDER
Uno dei pionieri della rete in Gran Bretagna chiude i battenti dopo aver
sofferto per lungo tempo la violenza di un attacco denial-of-service
distribuito. Sulla questione indagano i cybercops inglesi. Anche Tiscali UK
colpita da DDoS
URL: http://punto-informatico.it/pi.asp?i=38923

Net Security
MS fixes Win2K with 17MB security patch
Only 39 million lines of code to go....
http://www.theregister.co.uk/content/4/23909.html

Net Security
DoS risks against Cisco storage routers routed
Get your fix now!
http://www.theregister.co.uk/content/55/23916.html

Divx 4.50? no è un trojan..
Il sito Divx.com ha segnalato che online circola un software spacciato per
una nuova versione del Divx (ver. 4.50)
URL: http://www.hwfiles.it/news/117.html
Also - http://punto-informatico.com/pi.asp?i=38952

"SecurityFocus Newsletter #130"
http://www.ziobudda.net/news/see_comments.php?id_notizia=5585

"SecurityFocus Linux Newsletter #66"
http://www.ziobudda.net/news/see_comments.php?id_notizia=5584

"Linux Security Week - February 4th 2002"
Thank you for reading the LinuxSecurity.com weekly security newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's most relevant Linux security headlines.
http://www.ziobudda.net/news/see_comments.php?id_notizia=5582

"Coverage in Intrusion Detection Systems"
Un interessantissimo PDF che tratta gli "Intrusion Detection Systems",
sistemi software che stanno prendendo piede sempre di piu'.
http://www.ziobudda.net/news/see_comments.php?id_notizia=5578

IL NUOVO MIRC TAPPA LE FALLE
Il popolare shareware per connettersi ai server IRC soffre di un megabug,
che sembra pero' gia' risolto dalla versione 6.0
URL: http://punto-informatico.it/pi.asp?i=38934

Cybercrime-Hacking
Source: Federal Computer Week
Date Written: February 4, 2002
Date Collected: February 4, 2002
Title: Online symposium tackles security
A web based cyber security symposium is being offered to address issues
faced by local government. Papers will be released on issues including
cyber security, technology information, and privacy matters. The symposium
is intended to foster increased communication and understanding between
local officials. Papers will be presented at
www.riskinstitute.org/symposium.asp.
Notice at: http://www.fcw.com/geb/articles/2002/0204/web-pti-02-04-02.asp

Technology
Source: PC World
Date Written: February 4, 2002
Date Collected: February 4, 2002
Title: Beefing Up 802.11b Security
The 802.11a and 802.11b wireless networking standards have become popular
wireless communications products, but are vulnerable to exploitation by
cyber attackers. The Temporal Key Integrity Protocol security algorithm was
developed and is currently being tested. The tool is based on RC4
encryption, but generates a new encryption key for every ten kilobytes of
data transmitted.
http://www.pcworld.com/news/article/0,aid,82563,00.asp

Vulnerabilities
Source: Newsbytes
Date Written: February 4, 2002
Date Collected: February 4, 2002
Title: MIRC Chat Users Vulnerable To New Attack
There is a security vulnerability in the mIRC online chat program, versions
5.91 and earlier, that could allow a cyber attacker to remotely run
malicious programs on the computers running the software. An exploit was
published detailing the means to exploit the buffer over-flow flaw. The
individual who discovered the flaw alerted the company that developed the
program, and waited to publish the exploit until mIRC version 6 was released
February 3, 2002.
http://www.newsbytes.com/news/02/174185.html
Full advisory: http://www.uuuppz.com/research/adv-001-mirc.htm

Vulnerabilities
Source: Newsbytes
Date Written: February 1, 2002
Date Collected: February 4, 2002
Title: Top News Sites Close Script Hacking Hole
Popular news sites have been forced to address a security vulnerability in
their sites. The cross-site scripting (CSS) security glitch was identified
more than two years ago in a warning from the Computer Emergency Response
Team (CERT). The flaw enabled a security expert to create a phony story and
post it to news sites, demonstrating the vulnerability of news sites to
subversion of information attacks. The flaw does not allow attackers to
deface web pages, but to create a link to a site of the attacker's choosing.
The New York Times, the Washington Post, and MSMBC have addressed and
corrected the vulnerability.
http://www.newsbytes.com/news/02/174173.html

Il Nist ha appena pubblicato un interessante paper sulle metodologie
di penetration testing
http://csrc.nist.gov/publications/drafts/security-testing.pdf

DoS Vulnerability found in ISS BlackICE Defender
The thread can be found at:
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-02-02&end=2002-02-08&threads=1&tid=253997
Also ISS has issued a statement regarding this
vulnerability. They are in process of producing a fix,
however until then they have provided a work-around
for the affected product(s) you can view that
information at the following URL:
http://xforce.iss.net/alerts/advise109.php

WINDOWS E' PIU' SICURO DI LINUX?
Ha fatto molto discutere l'interpretazione fornita da alcuni organi di
informazione in merito alle statistiche di vulnerabilita' pubblicate da
SecurityFocus. Ma Windows e' davvero piu' sicuro di Linux?
URL: http://punto-informatico.com/pi.asp?i=38950
Also - http://www.vnunet.com/News/1128950
Also - http://www.vnunet.com/News/1128907
Also - http://www.ziobudda.net/news/see_comments.php?id_notizia=5605

LE PERICOLOSE RIVELAZIONI DI MSN MESSENGER
Un esperto sostiene che con poche righe di codice si possono estorcere a MSN
Messenger informazioni sull'utente e sulla rubrica. I dettagli
URL: http://punto-informatico.com/pi.asp?i=38951
Also - http://www.theregister.co.uk/content/55/23936.html

L' SMS CINESE CHE CRASHA CERTI SIEMENS
Xfocus non ha dubbi: un certo tipo di SMS confezionati in cinese possono
colpire alcuni cellulari Siemens. Che pare stia indagando la faccenda
URL: http://punto-informatico.com/pi.asp?i=38961

Vulnerabilities
Source: C-Net News
Date Written: February 5, 2002
Date Collected: February 6, 2002
Title: Chat-program bugs could bite millions
Recent flaws in popular Internet chat programs, such as mIRC or AOL Instant
Messenger, highlight that these tools remain highly vulnerable to cyber
attacks. These vulnerabilities in instant messaging systems could open up
business networks to hackers, resulting in substantial damage and
disruption. One way to utilize these tools before robust security features
are developed is to close the systems to the Internet, using them only
internally within an organization.
http://news.com.com/2100-1001-829887.html

Vulnerabilities
Source: Internet Security Systems
Date Written: February 5, 2002
Date Collected: February 6, 2002
Title: Remote Denial of Service Vulnerability in BlackICE Products
According to a security alert by Internet Security Systems, all current
versions of BlackICE Defender, BlackICE Agent, and RealSecure Server Sensor
running on Windows 2000 or Windows XP are vulnerable to a modified ping
flood attack that could crash the security software.
http://www.iss.net/security_center/alerts/advise109.php
Also - http://www.newsbytes.com/news/02/174282.html

Vulnerabilities
Source: ZDNet
Date Written: February 6, 2002
Date Collected: February 6, 2002
Title: Morpheus security hole disputed
In response to recent media reports claiming that the popular file-sharing
program Morpheus leaves users' computers vulnerable to unauthorized access,
StreamCast Networks, the creators of Morpheus, has categorically denied the
existence of a security breach in the peer-to-peer tool. The company claims
that only those files that the user has designated as 'shares' will be
accessible on his machine.
http://zdnet.com.com/2100-1106-830431.html

Politics-Legislation
Source: Federal Computer Week
Date Written: February 7, 2002
Date Collected: February 7, 2002
Title: NIST guide gets into security routine
The National Institute of Standards and Technology released a report
entitled "Guideline on Network Security Testing" on February 4, 2002. The
guide is intended to provide information about testing for security
vulnerabilities and recommendations to network administrators on priorities,
testing tools, and standardization of techniques.
http://www.fcw.com/fcw/articles/2002/0204/web-guide-02-07-02.asp

Malware
Source: Newsbytes
Date Written: February 7, 2002
Date Collected: February 7, 2002
Title: New Twist On Web-Forms Hack Scarfs Browser Cookies
An exploit was published by a researcher known as 'Obscure' called an
Extended HTML Form Attack. Using the exploit an attacker can capture an
Internet user's cookies, and gather any information contained in the cookie,
such as user names or passwords. The exploit utilizes Internet server
software to communicate with web servers and hijack the cookies.
http://www.newsbytes.com/news/02/174306.html

Vulnerabilities
Source: C-Net News
Date Written: February 7, 2002
Date Collected: February 7, 2002
Title: Mac Office vulnerable, Microsoft warns
Security experts from Microsoft issued a warning about a vulnerability for
Microsoft Office software running on Macintosh computers. Mac Office v. X's
anti-piracy mechanism, Network Product Identification Checker, contains a
flaw that will not correctly handle a malformed announcement. If an
attacker utilizes this vulnerability, the feature will fail, and Mac Office
will shut down. All applications that are running will fail and users will
lose unsaved data. The software is intended to check for duplicates of
serial numbers running on the same network, and will shut down the
additional programs. However, if the flaw is exploited, not only can an
individual IP address be attacked, but an attacker could also direct the
attack against an entire network, amounting to a denial of service attack.
http://news.com.com/2100-1001-831539.html
Also - http://punto-informatico.com/pi.asp?i=38984
Also - http://www.infoworld.com/articles/hn/xml/02/02/07/020207hnmacofffice.xml

Vulnerabilities
Source: The Register
Date Written: February 7, 2002
Date Collected: February 7, 2002
Title: MS bitten by old .NET vulnerability
A cross-site scripting (SCC) vulnerability exists for Microsoft ASP.NET that
would allow a malicious URL to be placed into an e-mail or Web site. If
this occurs, a user accessing the malicious web page could be vulnerable to
the machine being compromised through various cyberattacks. According to
the researcher that discovered the vulnerability, Microsoft was contacted
prior to shipping the software and was aware of the hole but neglected to
fix it.
http://www.theregister.co.uk/content/55/23967.html

UNO STOP DI SICUREZZA PER MICROSOFT
L'azienda conferma a Punto Informatico di prendersi ora una pausa operosa,
un tempo necessario a rivedere il codice di tutti i propri principali
prodotti, da Windows a Office. Obiettivo: sicurezza e blindatura
URL: http://punto-informatico.com/pi.asp?i=38981

NESSUNO HA BUCATO BUCAILSITO.IT
Il concorsone per hacker indetto lo scorso mese da una societa' milanese non
ha vincitori. Bucailsito.it proclama cosi' la sua inviolabilita'
URL: http://punto-informatico.com/pi.asp?i=38986

"The LWN weekly edition for February 7, 2002 is available."
http://www.ziobudda.net/news/see_comments.php?id_notizia=5616

g00d reading! 'n' bye
Security News Staff:
The Jackal < -jackal-@libero.it >

<Spot>
In collaborazione con Bismark.it e GnomixLand.com nasce il nuovo Forum sulla sicurezza italiana. Per maggiori informazioni http://forum.gnomixland.com
</Spot>