GROSSA CREPA NELLO SCUDO DI BLACKICE
Uno dei piu' noti e diffusi firewall personali potrebbe fornire la via d'accesso ai cracker nei PC degli utenti. Patch super raccomandata
URL: http://punto-informatico.com/pi.asp?i=38998

Net Security
IE bug allows full MSN Messenger hijack
I send you this guy's files in order to have a laugh http://www.theregister.co.uk/content/55/24004.html

** SICUREZZA: SI RIPARLA DI MSN E DI IE, MA ANCHE DI OFFICE ** Alla ribalta nuovi bachi che lasciano gli utenti dei prodotti Microsoft alla merce' dei malintenzionati. E' un problema solo per chi usa Windows?
>> di Stefano Barni
http://zeusnews.com/news.php3?cod=1077

Vulnerabilities
Source: Newsbytes
Date Written: February 10, 2002
Date Collected: February 11, 2002
Title: Microsoft Recalls Botched Browser Security Patch Microsoft was forced to recall the amalgamation of patches developed to address all Internet Explorer vulnerabilities and published February 7, 2002 on their web site. A flaw was discovered in the patches, Update Version Q316059, and it fails to address all vulnerabilities. http://www.newsbytes.com/news/02/174366.html

Vulnerabilities
Source: Newsbytes
Date Written: February 11, 2002
Date Collected: February 11, 2002
Title: Browser Security Hole A Conduit To MSN Messenger Contacts A Microsoft Internet Explorer vulnerability known as the 'Document.Open' bug allows hackers to access buddy lists of Internet users running Microsoft instant messenger software. If an infected web site is accessed, the JavaScript-based flaw allows a hacker to manipulate ActiveX Controls and ultimately spoof the e-mail address and instant messenger identity and appear to those on the buddy list as the rightful contact. http://www.newsbytes.com/news/02/174380.html
Also - http://www.nwfusion.com/news/2002/0208msn.html
Also - http://www.theregister.co.uk/content/4/24004.html
Also - http://news.zdnet.co.uk/story/0,,t272-s2104095,00.html
Also - http://www.nwfusion.com/news/2002/0211iebug.html
Also - http://www.msnbc.com/news/702917.asp

Vulnerabilities
Source: Ananova
Date Written: February 9, 2002
Date Collected: February 11, 2002
Title: Serious hole found in popular internet security program Current versions Internet Security Systems' (ISS) BlackIce Defender and Agent running on Microsoft Windows 2000 or XP are vulnerable to cyber attack. The flaw allows a hacker to gain control of the system through a 'buffer overflow' attack, or a modified ping flood attack. The BlackIce programs are intrusion detection and firewall software. ISS developed a patch for the flaw, available on their site. http://www.ananova.com/news/story/sm_516826.html
Also - http://www.theregister.co.uk/content/55/24008.html
Also - http://zdnet.com.com/2110-1105-833827.html

"SecurityFocus Linux Newsletter #67"
http://www.ziobudda.net/news/see_comments.php?id_notizia=5663

"SecurityFocus Newsletter #131" http://www.ziobudda.net/news/see_comments.php?id_notizia=5662

"Linux Security Week - February 11th 2002 (fwd)"
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
http://www.ziobudda.net/news/see_comments.php?id_notizia=5660

"Sicurezza: Microsoft "apre" la porta ai cracker..."
Microsoft ha avvisato gli utenti di due pericolose vulnerabilità che colpiscono i suoi software Exchange 2000 e Telnet remote-access. Il bug presente in Exchange permetterebbe ad un cracker di vedere o alterare il contenuto del registro di sistema... Decisamente gravi le implicazioni.
http://www.ziobudda.net/news/see_comments.php?id_notizia=5672

IL CERT AVVERTE: RETE A RISCHIO
Una debolezza del protocollo SNMP mette a rischio molti device di rete e persino gli utenti. Preoccupazione. L'advisory ufficiale del CERT. Si parla di un tool di attacco che sta gia' circolando. ISP in prima linea
URL: http://punto-informatico.com/pi.asp?i=39041
Also - http://abcnews.go.com/wire/Business/ap20020212_942.html
Also - http://www.cert.org/advisories/CA-2002-03.html

Vulnerabilities
Source: vnunet.com
Date Written: February 12, 2002
Date Collected: February 12, 2002
Title: IE/Access macro bug discovered
A vulnerability that would allow a hacker to access and control a computer has been identified in Microsoft Access 2000 and Internet Explorer, versions 5.01 and 6.0. The flaw is exploited through embedding macro code into an Access file of an e-mail, using an iframe tag or a window.open() command. If the e-mail attachment is opened through Internet Explorer, a hacker can run arbitrary code when the victim attempts to access a Web site or HTML e-mail. http://www.vnunet.com/News/1129183
Also - http://www.internetnews.com/dev-news/article/0,,10_973161,00.html

Vulnerabilities
Source: Ananova
Date Written: February 12, 2002
Date Collected: February 12, 2002
Title: Microsoft offers anti-hacker remedy for browser flaws Six security patches have been issued by Microsoft to address Internet Explorer vulnerabilities. The critical flaws could lead to a buffer overflow attack, or allow a hacker to gain unauthorized access to a system and read files or launch programs, or an HTML header manipulation. This is the second patch issued for these vulnerabilities; the first had errors in the software packaging and was replaced. http://www.ananova.com/news/story/sm_518905.html
Also - http://www.theregister.co.uk/content/4/24027.html
Also - http://www.vnunet.com/News/1129179
Also - http://zdnet.com.com/2100-1104-835027.html
Also - http://www.nwfusion.com/news/2002/0212mshole.html
Also - http://punto-informatico.com/pi.asp?i=39034
Also - http://www.ziobudda.net/news/see_comments.php?id_notizia=5690

"SNMP Vulnerabilities FAQ"
E' il bug del momento. Quello che e' attualmente sulla bocca di tutti e che molti indicano come il piu' imponente e pericoloso. Ecco allora le SNMP Vulnerabilities FAQ (in inglese ovviamente).
http://www.ziobudda.net/news/see_comments.php?id_notizia=5684

-->> Patch per XP
Patch per Windows XP che dovrebbe risolvere un bug relativo al resuming da una condizione di stanby del sistema
URL: http://www.hwfiles.it/news/137.html

Vulnerabilities
Source: ZDNet
Date Written: February 14, 2002
Date Collected: February 14, 2002
Title: Report: MS security patch ineffective
The program released by Microsoft on February 13, 2002 called Visual C++.Net includes a program to prevent buffer overflow attacks. However, cyber security researchers have found that the program, which should have included a patch to address the vulnerability, does not eliminate the potential for buffer overflow attacks. http://zdnet.com.com/2100-1104-837394.html

Malware
Source: Newsbytes
Date Written: February 14, 2002
Date Collected: February 14, 2002
Title: New MSN Messenger Worm Another Reason To Patch IE Browser An instant messenger worm, called CoolNow, is spreading through Microsoft Internet Explorer vulnerabilities. The worm's code was apparently derived from information published by security researchers attempting to demonstrate browser vulnerabilities. The worm sends users an invitation to visit a web site and will attempt to send the same message to all MSN Messenger addresses, and will send the addresses themselves to a mailbox in the Netherlands. The Internet Explorer vulnerability exploited is the use of a JavaScript function imbedded in Web pages to gain unauthorized access to a hard drive. A patch was released by Microsoft that will address the Microsoft Internet Explorer Same Origin Policy Violation security vulnerability.http://www.newsbytes.com/news/02/174501.html
Also - http://www.securityfocus.com/news/331
Also - http://punto-informatico.com/pi.asp?i=39075

g00d reading! 'n' bye
Security News Staff:
The Jackal < -jackal-@libero.it >

E' nato il nuovo Forum di Bismark.it e Gnomixland.com; cosa aspetti a partecipare anche te! Siamo già più di 600! Entra ora: http://forum.gnomixland.com/