Vulnerabilities
   Source:   The Register
   Date Written:  February 22, 2002
   Date Collected: February 22, 2002
   Title: Three new MS security holes - two nasty Vulnerabilities in Microsoft's Internet Explorer, Windows XP, SQL Server 2000 and Commerce Server 2000 have been addressed, and Microsoft has made patches available.  The first is a problem with the Core Services (MSXML) application of Microsoft XML that would allow a hacker to request data from a user's hard drive.  The second is a flaw in the ISAPI filter of Commerce Server 2000, that could lead to a root compromise.  There is also a flaw in the VBscript in Internet Explorer 5.1, 5.5, and 6.0 that would allow a hacker to read files of a hard drive, or monitor a browsing session.
http://www.theregister.co.uk/content/4/24168.html
Also - http://www.infoworld.com/articles/hn/xml/02/02/22/020222hnmsflaws.xml
Also - http://punto-informatico.it/pi.asp?i=39184

»Linux Advisory Watch - February 22nd, 2002
http://www.ziobudda.net/Admin/redir_news.php?id=5821

IL KEYGEN CHE BEFFA LA PRODUCT ACTIVATION Piu' piccolo, intuitivo ed efficace di un crack, il primo generatore di chiavi pirata per Windows e Office XP rischia di scuotere la Product Activation Microsoft. Ecco perche'
URL: http://punto-informatico.it/pi.asp?i=39181

Software
Most SNMP vulns quietly lurking. All quiet - not all clear http://www.theregister.co.uk/content/4/24167.html

From !pc-facile mailing list:
***Oracle invulnerabile?***
Oracle è considerato da tutti il database più sicuro al mondo. Anzi in molti casi viene "venduto" come inespugnabile. Mentre considero gli sforzi della compagnia lodevoli dobbiamo ricordarci che NESSUNA applicazione è sicura al 100%, non credete a chi vi dice il contrario:
finché esisterà una porta qualcuno troverà il modo di falsificare la chiave.
Il documento che segue ci fa vedere quanto vulnerabile sia invece Oracle se non viene gestito correttamente. Un documento per amministratori di database, ma molto utile per tutti.
http://www.theregister.co.uk/content/4/23979.html

Net Security
Steve Gibson invents broken SYNcookies. GRC SYN-flood cure is worse than the disease http://www.theregister.co.uk/content/55/24189.html

UN'ALLEANZA PER NORMALIZZARE LA SICUREZZA Un nutrito gruppo di aziende del settore IT ha dato vita ad un'alleanza attraverso cui standardizzare le modalita' con cui le falle di sicurezza vengono rivelate. La politica scelta e' quella del non disclosure
URL: http://punto-informatico.it/pi.asp?i=39204

"Fix The Bugs, Secure The System"
Il talk di Louis Bertrand, MUSESS 2002, è finalmente online. Nella talk si è parlato di *BSD 4.4, Format String Ugliness, Buffer Overflows e di altre questioni relative alla sicurezza.
http://www.ziobudda.net/news/see_comments.php?id_notizia=5834

Vulnerabilities
   Source:   Computerworld
   Date Written:  February 25, 2002
   Date Collected: February 25, 2002
   Title: Pointed Questions
Software called a proxy hunter has been developed that probes for security vulnerabilities.  Hackers can use the software can to probe sites and systems for means of access.  In one incident, a hacker utilized the software to attack Comcast Business Communications' Web site and downloaded a database of potential customers and used common log-ins and passwords to gain server access.  The article asks a series of questions designed to help administrators determine the security of their systems.
http://www.computerworld.com/itresources/rcstory/1,4167,STO68578_KEY73,00.html

Vulnerabilities
   Source:   Newsbytes
   Date Written:  February 22, 2002
   Date Collected: February 25, 2002
   Title: Microsoft Patches IE But Leaves PopUp Attack For Later On February 21, 2002, Microsoft issued patches to repair the critical security flaws in the Internet Explorer 6, which include the IE6 bug and the VBScript that has yet to be published. The Popup Object vulnerability problem, which allows attackers to execute any program on a remote system, has yet to be addressed by Microsoft despite it having been initially reported more than five weeks ago.
http://www.newsbytes.com/news/02/174723.html

Vulnerabilities
   Source:   Newsbytes
   Date Written:  February 22, 2002
   Date Collected: February 25, 2002
   Title: Sites Revealed Passwords For Thousands Of Ameritech Users SBC-Ameritech.net customers' passwords and other sensitive information were available to anyone with a Web browser and the proper Internet address until today.  Any intruder could simply plug the data into their Microsoft Outlook Express account and download all of the user's private e-mail, while individual customer usage information would be available despite the fact that the government is not even privy to such information without a court order.  Normally rogue "proxies," machines that allow users to route through
- or into - networks, provide such access to intruders by moving past firewalls.  Yet, in Ameritech's case, the customer data pages were facing the Internet completely unsecured.  Ameritech spokesperson Denise Koenig does not know why the sites were left unsecured, and for how long they were unsecured.
http://www.newsbytes.com/news/02/174719.html

FIREWALL ROUNDUP
Zonker takes a look at firewall offerings from SuSE, Mandrake, and Coyote Linux. He notes the strengths, weaknesses, and most appropriate use for each firewall solution.
http://www.unixreview.com/documents/s=2424/uni1014152480113/0202i.htm

FREE CISCO ROUTER SECURITY TOOL RELEASED A free software-analysis tool and benchmark guidelines to help make widely used Cisco Systems routers more secure from attacks and other vulnerabilities were released by a consortium of security groups.
http://www.infoworld.com/articles/hn/xml/02/02/20/020220hnciscosecure.xml

CHECKPOINT FW1 HTTP SECURITY HOLE
A quite known proxy vulnerability was found for FW1 V4.1 SP5 (plus hotfixes).
Link: http://www.net-security.org/text/bugs/1014305924,17479,.shtml

THREE SECURITY ISSUES IN THE SQUID-2.X
Three security issues have recently been found in the Squid-2.X releases up to and including 2.4.STABLE3.
a) A memory leak in the optional SNMP interface to Squid, allowing an malicious user who can send packets to the Squid SNMP port to possibly perform an denial of service attack on the Squid proxy service if the SNMP interface has been enabled (disabled by default).
b) A buffer overflow in the implementation of ftp:// URLs where users who are allowed to proxy ftp:// URLs via Squid can perform an denial of service on the proxy service, and possibly even trigger remote execution of code (not yet confirmed).
c) The optional HTCP interface cannot be properly disabled from squid.conf even if the documentation claims it can. The HTCP interface to Squid is not enabled by default, but can be enabled at compile time using the --enable- htcp configure option and some vendors distribute Squid binaries with HTCP enabled.
Link: http://www.net-security.org/text/bugs/1014383220,10427,.shtml

"Linux Security Week - February 25th 2002"
http://www.ziobudda.net/news/see_comments.php?id_notizia=5844

-->> Patch per Windows XP
Microsoft ha rilasciato una patch per l'ultimo sistema operativo rilasciato, Windows XP, abilita il CHKDSK con hd EIDE e partizioni NTFS.
URL: http://www.hwfiles.it/news/152.html

Malware
   Source:   ZDNet News
   Date Written:  February 22, 2002
   Date Collected: February 26, 2002
   Title: Beware of Gator bug
Eyeonsecurity.com discovered a security flaw with the operation of Gator, an application that fills in Website passwords and forms, leaving user files vulnerable.  In essence, Gator is downloaded by the ActiveX plug-in and can be manipulated by programmer to install back-door software, including a Trojan horse virus.  Eyeonesecurity.com will issue a patch for this problem by February 29, 2002.
http://zdnet.com.com/2110-11-843700.html

Vulnerabilities
   Source:   Network World Fusion
   Date Written:  February 26, 2002
   Date Collected: February 26, 2002
   Title: CERT, ISS urge users to patch Internet Explorer CERT and Internet Security Systems (ISS) both issued a warning to Internet Explorer users to apply the latest security patch to address application vulnerabilities. The patch addresses the flaw in Microsoft Internet Explorer version 5.01 and higher. The buffer overflow vulnerability enables hackers to execute arbitrary code on a system that is not patched through malicious code embedded in HTML documents. If there is a buffer overflow, the hacker can execute code with privileges of the user viewing the document.
http://www.nwfusion.com/news/2002/0226iepatch.html
Also - http://www.dsosac.org/edb/cyber/news/story.cfm?KEY=7572
Also - http://www.cert.org/advisories/CA-2002-04.html
Also - http://www.iss.net/security_center/alerts/advise111.php

Vulnerabilities
   Source:   Computerworld
   Date Written:  February 25, 2002
   Date Collected: February 26, 2002
   Title: ICANN Panel Weighs DNS Vulnerabilities ICANN, formed a new security group to assess the DNS security holes that includes BIND vulnerabilities.  Stephen Crocker, who helped develop protocols for Arpanet, was designated to head up the new committee.  Crocker clarified that the current vulnerability status of DNS is not known, there are thirteen root servers worldwide and the goal of the committee will be to make sure there is uniform DNS security. When asked about BIND vulnerabilities, he stated that not all servers are operating on BIND, however, those older, lower-level servers highly vulnerable.
http://www.computerworld.com/storyba/0,4125,NAV65-663_STO68588,00.html

-->> Nuova patch per Win2000 e SMTP
Microsoft ha rilasciato un aggiornamento per il sistema operativo Windows 2000, risolto un bug nel servizio SMTP.
URL: http://www.hwfiles.it/news/157.html

Malware
   Source:   ZDNet
   Date Written:  February 27, 2002
   Date Collected: February 27, 2002
   Title: Critics squash bug-reporting plan The report released by the Internet Engineering Task Force (IETF) is being widely criticized by some security experts.  The report drafts best practices for vulnerability disclosure protocols.  Many believe that the procedures outlined in the draft let software vendors off the hook, and stigmatize bug reporters as irresponsible.
http://zdnet.com.com/2100-1105-846217.html

Vulnerabilities
   Source:   Newsbytes
   Date Written:  February 27, 2002
   Date Collected: February 27, 2002
   Title: Webmasters Urged To Plug PHP Security Hole Server-side scripting software PHP has memory-allocation bugs in the code that handles file uploads.  The vulnerability could cause a buffer overflow that would allow a hacker to gain control of the server.  The versions of PHP
4 for Linux and Solaris contain the vulnerabilities.  An exploit may have already been released that would allow a hacker to attack remote Web servers.
http://www.newsbytes.com/news/02/174818.html
Also - http://www.iss.net/security_center/alerts/advise112.php
Also - http://www.incidents.org/diary/diary.php?id=147

Vulnerabilities
   Source:   Newsbytes
   Date Written:  February 26, 2002
   Date Collected: February 27, 2002
   Title: Another Security Hole Found In Macromedia Flash Micromedia has issued a patch for the Flash player.  A feature of Flash 5 might allow a Trojan Flash movie to download malicious script to a user's computer.
http://www.newsbytes.com/news/02/174783.html
Also - http://punto-informatico.it/pi.asp?i=39237

"LWN.net weekly edition for February 28, 2002 available"
http://www.ziobudda.net/news/see_comments.php?id_notizia=5887

CREPE IN PHP, MOLTISSIMI I SITI A RISCHIO Il celebre linguaggio open source contiene diverse falle piu' o meno gravi che preoccupano soprattutto per la grandissima diffusione di PHP. Pronte le patch
URL: http://punto-informatico.it/pi.asp?i=39253

VIRUS E MUSICA, ARMONIA LETALE
Si accende il dibattito sulla sicurezza di alcune funzionalita' dei nuovi media player, come l'esecuzione di script celati all'interno di file di musica. L'MP3 worm e' vicino?
URL: http://punto-informatico.it/pi.asp?i=39256

g00d reading!  'n' bye
Security  News  Staff:
The Jackal < -jackal-@libero.it >