XP vi spia
Una piccola società tedesca ha decifrato i contenuti inviati da Windows XP alla Microsoft durante un Windows Update. Secondo quanto indicano pare che le informazioni inviate dai nostri PC non siano tutte strettamente necessarie ai fini dell'aggiornamento. Queste infatti includerebbero una lista di software non Microsoft. Il risultato completo delle loro ricerche è a pagamento ma per ?1.99 penso qualcuno potrebbe decidere di investire nell'articolo completo. Nota per i tecnici, indovinate come procedono durante questa transazione? Esatto, le solite funzioni non documentate.
http://www.tecchannel.de/betriebssysteme/1126/index.html
Also - http://punto-informatico.it/pi.asp?i=43269

"Progetto Open knowledge"
Dopo alcuni mesi di lavoro ha preso ufficialmente il via il "Progetto Open knowledge". Questo e' un progetto che ha come obiettivo la divulgazione della cultura informatica in Italia, e la divulgazione delle conoscenze legate all'informatica che possano essere d'aiuto sia a chi e' alle prime armi sia a chi e' da anni nel settore. Per informazioni riguardanti il progetto e' possibile consultare il sito internet all'indirizzo:
http://www.openknow.org

MyPHPPageTool ENABLE ARBITRARY CODE EXECUTION myphpPagetool is a complete package to drive your Website. It is completely written using the php script language and uses the mysql database to store and manage all pages, images, layout and users/groups. A vulnerability in the program allows remote users to execute arbitrary commands on the server.
http://www.securiteam.com/unixfocus/5MP010K9FA.html

Tcpdump
Vendor: Tcpdump.org
A vulnerability was reported in tcpdump. A remote user can cause the utility to enter an infinite loop.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006186.html

Microsoft Help and Support Center
Vendor: Microsoft
A buffer overflow vulnerability was reported in the Help and Support Center on the Microsoft Windows Me operating system. A remote user can execute arbitrary code on a target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006179.html

Opera
Vendor: Opera Software
Secunia reported an input validation vulnerability in the Opera web browser. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Feb/1006178.html

CuteNews
Vendor: CutePHP Team
An include file vulnerability was reported in CuteNews. A remote user can execute arbitrary PHP code and operating system commands on the target server.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006173.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer. A remote user can create HTML that will execute arbitrary code on the target user's computer.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006169.html

Nokia Phone
Vendor: Nokia
A denial of service vulnerability was reported in the Nokia 6210 mobile phone. A remote user can send an SMS message to cause the target user's phone to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006168.html

QuickTime
Vendor: Apple Computer
Several vulnerabilities were reported in the QuickTime/Darwin Streaming Server in the Administration Server. A remote user can execute arbitrary commands on the server with root privileges and can conduct cross-site scripting attacks against administrators. A local user can also execute arbitrary code with root privileges.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Feb/1006164.html

Webmin
Vendor: Cameron, Jamie
A session ID spoofing vulnerability was reported in Webmin in the miniserv.pl component script. A remote user may be able to gain root access on the system.
Impact: Root access via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006160.html

Eject
Vendor: Tranter, Jeff
A vulnerability was reported in the 'eject' utility for Linux operating systems. A local user can determine if files on the system exist or not.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Feb/1006158.html

phpBB
Vendor: phpBB Group
Some vulnerabilities were reported in phpBB. A remote user can inject SQL commands to retrieve the administrator's hashed password and gain administrative access to the system.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Feb/1006157.html

Zlib
Vendor: Gzip.org
A buffer overflow was reported in zlib when configured in a certain manner. The impact will vary depending on the application using the zlib compression library.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2003/Feb/1006153.html

Microsoft Outlook Express
Vendor: Microsoft
A vulnerability was reported in Microsoft Outlook Express. A remote user can send a specially crafted HTML-based e-mail or newsgroup posting to cause arbitrary code to be silently installed and executed on the target user's computer when the target user views the message.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006148.html

UN TOOL CELA SEGRETI NEI PROGRAMMI
Si tratta di un nuovo programma steganografico capace di mimetizzare messaggi segreti all'interno di un file eseguibile, come un programma, senza alterarne dimensioni e funzionalita'. La steganomania ha un nuovo giocattolo
URL: http://punto-informatico.it/pi.asp?i=43282

"Traduzione di documenti"
L'ambizione è quella di creare una specifica utilizzabile anche da altre persone che vogliano creare documentazione buona, corretta e di semplice lettura.
http://www.ziobudda.net/Admin/redir_news.php?id=10752

Progetto 'Kernel Help Italian Localization'
Il nostro vuole essere il progetto italiano, mirato alla localizzazione del file Configure.help. Il file in questione fornisce l''help' alle varie opzioni del kernel, selezionabili durante la fase di ricompilazione.
Sarebbe davvero importante per quanti sono alle prime armi, sia con il kernel che con l'inglese, usufruire di questa traduzione.
http://lug.linuxsicilia.it/index.php?sect=freepages&name=KHIL

ATM ENCRYPTION WEAKNESS LEAVES ACCOUNTS VULNERABLE Two Cambridge University researchers have discovered a new attack on the hardware security modules employed by banks that makes it possible to retrieve customers'
cash machine PINs in an average of 15 tries http://www.eweek.com/article2/0,3959,910046,00.asp

CROSS SITE SCRIPTING TRICK MAY FOOL SHOUTCAST ADMINS Shoutcast has a good web front end for its admins to view logs, etc. However, the log mechanism does not filter HTML code, and therefore it is possible to inject HTML code into the log, and when the admin will view it, they will see the code.
This enables a Cross-Site-Scripting attack against an administrator that uses the web interface http://www.securiteam.com/securitynews/5WP010U9FY.html

COMPANIES MOBILIZE TO PATCH SENDMAIL
A critical vulnerability in Sendmail, the Internet's most popular mail-server application, has security experts and software companies moving quickly on Monday to convince customers to apply a patch.
http://news.com.com/2100-1009-990802.html?tag=fd_top
Also - http://www.cert.org/advisories/CA-2003-07.html

THE OPEN ROAD: ALTERNATIVE NAMESERVERS / POWERDNS PowerDNS is an authoritative-only nameserver, which means that it will answer queries about zones that it is responsible for, but it won't attempt to find information on another zone/domain.
>> http://www.net-security.org/news.php?id=2076

SECURE APPS TO STOP NETWORK ATTACKS
When securing your network, don't neglect the applications running on it. These tips will help you secure your network against attacks that exploit application vulnerabilities.
>> http://www.net-security.org/news.php?id=2083

ROOT 101
For many who are accustomed to single-user operating systems the concept of root is an unfamiliar one. This article is intended to help explain what root access is, whether you need it, what you can do with it.
>> http://www.net-security.org/news.php?id=2092

TCP/IP LIBRARY 4.0 (Windows)
Komodia's TCP/IP library V4.0 (free, open source) is a unique combination of a security oriented library that allows the user to create arbitrary TCP/UDP/IP packets, and a complete communication library solution (for TCP/UDP/ICMP).
>> http://www.net-security.org/software.php?id=461

VORAGINE IN SENDMAIL, MILIONI I SERVER A RISCHIO Oltre la meta' dei mailserver al mondo potrebbe essere vulnerabile ad una grave falla di sicurezza che interessa Sendmail, un dei piu' noti e anziani software open source. Gli esperti di sicurezza sollecitano l'applicazione della patch
URL: http://punto-informatico.it/pi.asp?i=43297
Also - http://www.ziobudda.net/Admin/redir_news.php?id=10777
Also - http://www.theregister.co.uk/content/55/29557.html
Also - http://news.com.com/2100-1009-990879.html?tag=fd_top

FLASH APRE LE PORTE AI CRACKER
L'ultima versione del diffusissimo Flash Player contiene una megafalla che potrebbe consentire a malintenzionati di penetrare sui computer degli utenti. Macromedia raccomanda a tutti di installare la versione aggiornata
URL: http://punto-informatico.it/pi.asp?i=43298
Also - http://www.infoworld.com/article/03/03/04/HNmacromedia_1.html

"Falle nel Session Initiation Protocol"
News Il CERT ha annunciato di aver rilevato numerose vulnerabilità nel Session Initiation Protocol (SIP), un fondamentale standard di comunicazione per i sistemi di telefonia via Internet, nelle implementazioni di svariati produttori.
http://www.ziobudda.net/Admin/redir_news.php?id=10761

"Vulnerabilità in Internet Explorer: file HTML autoeseguibili"
Microsoft Bugtraq dà notizia della scoperta di una nuova vulnerabilità, che affligge il browser di casa Microsoft, legata a script contenuti in pagine HTML in grado di avviare programmi eseguibili nascosti nella pagina stessa.
http://www.ziobudda.net/Admin/redir_news.php?id=10760

SNORT VULNERABLE TO REMOTE EXPLOIT IN RCP PREPROCESSOR download the fix snort-1.9.1. Binaries will be released shortly. If you can't upgrade immediately, then at least comment out "preprocessor rpc_decode" in your snort.conf and restart.
http://www.whitehats.com
Also - http://www.infoworld.com/article/03/03/04/HNsnort_1.html

Malware
Title: Mail Server Flaw Could Spawn Slammer II
Source: PCWorld
Date Written: March 3, 2003
Date Collected: March 4, 2003
The Sendmail vulnerability discovered by Atlanta-based security company ISS could have wide-ranging impact, similar to the recent Microsoft SQL Slammer worm. Sendmail is a widely used e-mail server application. The vulnerability, a buffer overflow, could allow a remote attacker to gain "root" access to the server. The aspect of the vulnerability that worries security experts is that the attack could be contained in an e-mail message without requiring user interaction. Sendmail is an open-source application, and although there is no known exploit for the vulnerability yet, hackers as well as system administrators have access to the patch code increasing the likelihood that an exploit is developed shortly.
http://www.pcworld.com/news/article/0,aid,109639,00.asp

Vulnerabilities
Title: Net Hacker Tool du Jour: Google
Source: Wired News
Date Written: March 4, 2003
Date Collected: March 4, 2003
Adrian Lamo has found a new method for scanning for potential hacking targets - the popular Web browser Google. "Google, properly leveraged, has more intrusion potential than any hacking tool," By simply typing specific phrases into Google, a hacker can find potentially vulnerable machines. A simple example of searching for "Select a database to view" - a common phrase in the Filemaker Pro database interface - yielded over 200 results, many of which lead to Filemaker databases accessible online. Many of these databases are not protected by any sort of security. Although both Filemaker and Google are aware of this capability, nether are able to issue a specific patch. A Google spokesman said the company was aware of the situation, and that it provides tools that let webmasters remove inadvertently published information from Google's index within about 24 hours. A FileMaker spokesman said the company tries its best to make users aware of security issues.
http://www.wired.com/news/infostructure/0,1377,57897,00.html

E' uscito il terzo numero di IHP - Italian Hard Phreaking dell'amico mR_bIs0n. Non perdetevelo...
http://ihp.interfree.it ---> mirror ufficiale della rivista www.lipforever.tk ---> sito ufficiale del gruppo LIP

Ricercatori svizzeri riescono a violare il protocollo SSL di Annarita Gili Un gruppo di ricercatori svizzeri ha segnalato la presenza di una falla all'interno del protocollo SSL e ha reso pubblico il metodo utilizzato per rilevarla. I programmatori sono pregati di porre rimedio!
http://www.apogeonline.com/webzine/2003/03/05/01/200303050101

"Vai in prigione senza passare dal 'Via'"
Un articolo/tutorial su cosa sia e come si usa il chroot per aumentare la sicurezza dei servizi
http://www.ziobudda.net/Admin/redir_news.php?id=10786

"Intrusion Prevention Systems: l'evoluzione degli IDS"
Security Focus pubblica un interessante articolo sulla fusione tra firewall e Intrusion Detection System (IDS), per creare un innovativo sistema di prevenzione delle intrusioni, del resto si sa "prevenire è meglio che curare"
http://www.ziobudda.net/Admin/redir_news.php?id=10781

Vulnerabilities
Title: Net consortium ties flaws to BIND
Source: C-Net News
Date Written: March 5, 2003
Date Collected: March 5, 2003
The Internet Software Consortium has changed its description of the latest release (9.2.2) of BIND from a "maintenance release" to a "strongly recommended" fix for some vulnerabilities in the previous version (9.2.1).
9.2.1 suffered from a buffer overflow bug when installed with the non-default "libbind" option. The updated description has created some confusion among users, prompting security experts to call for a detailed advisory to clarify the matter. BIND (Berkeley Internet Name Domain) matches domain names to numerical internet addresses, and is used on most domain name servers.
http://news.com.com/2100-1032-991123.html

Technology
Title: Wireless LAN Analyzers: The Ultimate Hacking Tools?
Source: Network Magazine
Date Written: March 5, 2003
Date Collected: March 6, 2003
This article presents several wireless protocol analyzers (software and hardware tools for examining and analyzing traffic passing across a wireless network), and argues that not only are such analyzers important testing and planning tools, but they are also important security tools. In particular, a simple laptop with a wireless card and appropriate software can be used to detect wireless access points that employees have set up without permission of a company's IT department.
http://www.networkmagazine.com/article/NMG20030305S0001

"Articolo su IDS Opensource"
Su OpenSkills è disponibile un articolo sui sistemi OpenSource di Intrusion Detection.
http://www.ziobudda.net/Admin/redir_news.php?id=10813

"Linux 2.5.64"
Il ramo di sviluppo del kernel viene aggiornato a ritmi forsennati :)
http://www.ziobudda.net/Admin/redir_news.php?id=10801

"Linux 2.2.24"
Uscita la release finale del nuovo kernel della serie 2.2 http://www.ziobudda.net/Admin/redir_news.php?id=10800

Malware
Title: Worm/Trojan "Randon" Threatens Port 445
Source: Help Net Security
Date Written: March 5, 2003
Date Collected: March 7, 2003
Security firm Kaspersky Labs has reported several infections related to the new 'Randon' network worm from Russia and the Netherlands. Randon affects machines running Windows 2000 and Windows XP; spreads via IRC channels and local area networks; attempts to connects to victim computers via port 445; and installs the 'Apher' Trojan on infected systems. Randon does not have a destructive payload and it is unclear how much of a threat this new worm poses. To protect their systems, users are encouraged to update their anti-virus software, install a personal firewall or use long access passwords.
http://net-security.org/virus_news.php?id=196

SANREMO, DIALER E VIRUS
Si e' appena concluso il Festival le cui canzoni non circolano solo sul p2p ma vengono anche distribuite da alcuni siti. Che distribuiscono dialer. Che distribuiscono Worm
URL: http://punto-informatico.it/pi.asp?i=43353

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)