"Tool pro-sicurezza per la propria Lan"
ZdNet UK presenta un interessante articolo che tratta l'argomento sicurezza, questa volta vedendolo dalla parte dei tool a disposizione per meglio proteggere la nostra rete. http://www.ziobudda.net/news/see_comments.php?id_notizia=6243

"Linux Advisory Watch - March 21st 2002"
http://www.ziobudda.net/news/see_comments.php?id_notizia=6256

SECURITY FLAWS LEAVE ORACLE USERS EXPOSED Oracle was left red-faced last week when security watchdog Cert released an advisory (which we mentioned few days ago) pinpointing no less than 37 security problems in Oracle's "unbreakable" database.
Link: http://www.vnunet.com/News/1130185

PARANOID PENGUIN: HARDENING SENDMAIL
Mick Bauer examines sendmail's security controversies and builds an SMTP gateway for handling internet mail.
Link: http://linuxjournal.com/article.php?sid=5753

INTERVIEW:MARCELO TOSATTI MAINTAINER OF THE 2.4 LINUX KERNEL Where did he come from, and what are his plans for 2.4? Marcelo Tosatti opens up to Robert McMillan about the joy, the fear, the challenges, and the rewards of being the Linux kernel maintainer.
He also talks about his favorite hack.
Link: http://www-106.ibm.com/developerworks/linux/library/l-tosatti/

EXCITE EMAIL DISCLOSURE VULNERABILITY
It appears that Excite's use of PHP allows for unauthorized access to a users mailbox and subsequently his/her account on email.excite.com
Link: http://www.net-security.org/text/bugs/1016632670,58555,.shtml

QUESTIONABLE SECURITY POLICIES IN OUTLOOK 2002 There is a number of questionable security policies in Outlook
2002 which allow the "bad guys" to bypass some of the security features which where introduced in the Outlook security patch.
These problems likely affect earlier versions of Outlook as well as Outlook Express.
Link: http://www.net-security.org/text/bugs/1016792497,82312,.shtml

"IPCop: un firewall perimetrale gratuito basato su Linux"
IPCop è un firewall libero basato sul progetto Smoothwall. Si tratta di un sistema in grado di fungere da firewall perimetrale per una rete locale.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6268

"Introduction to Intrusion Protection and Network Security"
Il titolo di questo articolo, in lingua inglese ovviamente, ricalca alla perfezione quello che l'autore ha voluto dire all'interno dell'articolo come ad esempio la scelta delle password con un certo criterio e il non lasciare attivi servizi che non servono.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6264

"Securing Debian HOWTO"
Dalla notizia: "This has to now be one of the most comprehensive and complete Linux security documents on the Web."
http://www.ziobudda.net/news/see_comments.php?id_notizia=6263

 IMMAGINI, LE FUTURE PASSWORD DI WINDOWS?
Lo prevede un ricercatore di Microsoft che sta studiando un metodo nuovo, piu' semplice e sicuro, per memorizzare password di accesso
URL: http://punto-informatico.it/pi.asp?i=39563
Also - http://zdnet.com.com/2100-1104-866544.html
Also - http://www.newsfactor.com/perl/story/16910.html

Cybercrime-Hacking
   Source:   Newsbytes
   Date Written:  March 25, 2002
   Date Collected: March 25, 2002
   Title: FrontPage Bug Opens Microsoft Sites To Attackers A Brazilian hacker group, calling itself the Silver Lords, has defaced three Microsoft websites running the company's own Internet Information Server
(IIS) software. Specifically, the attackers exploited a known vulnerability in an IIS component called FrontPage Server Extensions, for which a patch has been available since June 21, 2001.
http://www.newsbytes.com/news/02/175442.html

Vulnerabilities
   Source:   ZDNet News
   Date Written:  March 25, 2002
   Date Collected: March 25, 2002
   Title: Hacker speaks out on security basics Speaking at the recent Hack 2002 conference in Sydney, Australia, white hat hacker Rain Forest Puppy (RFP) underlined that all software applications contain vulnerabilities that can be exploited by attackers. His solution for shutting out hackers is simple: turn off all services and applications you don't need.
http://news.zdnet.co.uk/story/0,,t281-s2107261,00.html

Net Security
Microsoft .NET promo reveals personal info. Shared sauce http://www.theregister.co.uk/content/55/24598.html

"SecurityFocus Linux Newsletter #73"
http://www.ziobudda.net/news/see_comments.php?id_notizia=6289

"SecurityFocus Newsletter #137"
http://www.ziobudda.net/news/see_comments.php?id_notizia=6290

"Hacker parla sulla sicurezza"
I bug esistono su ogni piattaforma e in moltissimi programmi, ma non per questo dobbiamo farli usare ad un male intenzionato.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6288

Technology
   Source:   vnunet.com
   Date Written:  March 26, 2002
   Date Collected: March 27, 2002
   Title: 1024-bit encryption is 'compromised'
A debate has been ignited in the past few days in the information security community over the 'breakability' of 1,024-bit RSA encryption. Cryptography expert Lucky Green considers it "compromised" and suggests upgrading security infrastructures to utilize 2,048-bit user keys as soon as possible.
While the issue remains contentious, disabling the security of 1,024-bit encryption would require vast financial resources in the hundreds of millions of dollars - something that could currently only be achieved by nation-states.
http://www.vnunet.com/News/1130451

Technology
   Source:   InfoWorld
   Date Written:  March 27, 2002
   Date Collected: March 27, 2002
   Title: Microsoft opens .Net code to academics On March 27, Microsoft Corp. announced that it would allow academic researchers to view more than one million lines of the source code for its new .Net initiative under the 'Shared Source' licensing program.
http://www.infoworld.com/articles/hn/xml/02/03/27/020327hnshare.xml
Also - http://punto-informatico.it/pi.asp?i=39635
Also - http://www.ziobudda.net/news/see_comments.php?id_notizia=6331

"VNC: Amministrazione remota con Linux"
Come installare e utilizzare VCN (Virtual Network Computing), il sistema multipiattaforma GPL che permette di amministrare da remoto un computer per mezzo della sua interfaccia grafica. Il tutto a costi nulli. Di Andrea Scrimieri.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6311

 OCCHIO ALLA FALSA PATCH DI MICROSOFT
Circola su MSN Messenger un messaggio che invita gli utenti a scaricare una falsa patch da un pagina che sembra di Microsoft.com. Il file sospetto non viene segnalato dagli antivirus
URL: http://punto-informatico.it/pi.asp?i=39602

"Kernel 2.5: situazione ad oggi"
KernelNewbie.org presenta la situazione ad oggi del kernel 2.5 .
Interessante, ma non per tutti.
http://www.ziobudda.net/news/see_comments.php?id_notizia=6325

Vulnerabilities
   Source:   Wired News
   Date Written:  March 27, 2002
   Date Collected: March 28, 2002
   Title: Next Virus Exploit: Media Player?
As Microsoft Corp. has added security features to its Outlook 2002 e-mail program, hackers could increasingly turn to the Windows Media Player to gain unauthorized access to a system or run their malicious code. For instance, active scripting is turned off by default in the latest version of Outlook, but cannot be disabled in the Media Player, thereby potentially allowing attackers to circumvent security.
http://www.wired.com/news/technology/0,1282,51361,00.html

g00d reading!  'n' bye
Security  News  Staff:
The Jackal < -jackal-@libero.it >