BUGBEAR? L'AVVENTO DELL'UTONTO
Ne parla un lettore, perplesso per la diffusione di un worm che avrebbe potuto essere bloccato fin dall'inizio se solo agli utenti Internet, quando si collegano la prima volta, fossero spiegate due o tre cose fondamentali
URL: http://punto-informatico.it/pi.asp?i=44367

Java Runtime Environment (JRE)
Vendor: Sun
A vulnerability was reported in Sun's Java Runtime Environment (JRE). An untrusted applet may be able to violate Java access controls.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Jun/1006935.html

Sambar Server
Vendor: Sambar Technologies
An access control vulnerability was reported in Sambar Server 6.0 Beta 3 distribution for Linux. A user may be able to gain unauthorized access to files on the system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Jun/1006934.html

TCP/IP Stack Implementation
Vendor: HP (Compaq)
A denial of service vulnerability was reported in the HP/UX operating system. A remote user can send certain types of network traffic to cause the target application to fail.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Jun/1006931.html

FTP (HP/UX)
Vendor: HP (Compaq)
A vulnerability was reported in the HP/UX 'ftpd' in the REST command. A remote user can view the contents of certain files on the system from memory.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Jun/1006930.html

OpenSSH
Vendor: OpenSSH.org
An access control vulnerability was reported in OpenSSH. A remote user with control over the DNS can bypass the OpenSSH host access restrictions.
Impact: Host/resource access via network
Alert: http://securitytracker.com/alerts/2003/Jun/1006926.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer (IE) in the processing of FTP URLs. A remote user can execute arbitrary scripting code in the security zone of an arbitrary site (in certain cases).
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Jun/1006924.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer (IE) in the processing of certain object tags. A remote user can cause arbitrary code to be executed by the target user's IE browser.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Jun/1006918.html

Telnet
Vendor: Sun
A denial of service vulnerability was reported in the in.telnetd(1M) daemon on Sun Solaris. A remote user may be able to cause the system to become unresponsive.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2003/Jun/1006910.html

ICQ Lite
Vendor: ICQ Inc.
A vulnerability was reported in ICQ Lite. A remote authenticated user (authenticated via the operating system on the target user's computer) can modify the ICQ Lite executable on a target user's computer.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Jun/1006902.html

"Installing Slackware and Making It Secure"
"This article describes two groups of the scripts: the first used for installing and removing individual packages, and the other one used for securing the system against the potential aggression. Both of them are designed for Slackware Linux."
http://www.ziobudda.net/Admin/redir_news.php?id=12189

Technology
Title: Gibraltar patches Solaris servers
Source: Network World Fusion
Date Written: June 6, 2003
Date Collected: June 9, 2003
On June 6, 2003, Gibraltar Software announced that the new version of its Everguard Site Server (version 2.2) now also supports remote patch deployment on Solaris servers, in addition to Windows and Linux servers that were already covered. With the number of security patches issued each year constantly increasing, the new appliance could be useful as it helps "administrators discover and track patches using a single toolkit," allows high-risk servers to be patched first, and "generates an inoculation record that shows a history of patch activity for any server."
http://www.nwfusion.com/news/2003/0606gibraltar.html

Technology
Title: Oracle Drives Security Deeper
Source: EWeek.com
Date Written: June 9, 2003
Date Collected: June 9, 2003
According to Oracle Corp. officials at the Gartner IT Security Summit, as part of the company's new security push, Oracle plans to release several free security tools in the coming months to help customers find security vulnerabilities and protect systems. Among the new security tools, Oracle will make available security scanners to help customers identify which systems need security patches and software updates, and an "auto-hardening tool" to highlight unnecessary services and common configuration mistakes.
http://www.eweek.com/article2/0,3959,1120074,00.asp

INTERVIEW WITH FYODOR, AUTHOR OF NMAP
Slashdot readers asked Fyodor many excellent questions, and his answers are just as excellent. You'll want to set aside significant time to read and digest this interview, because Fyodor didn't just toss off a few words, but put some real time and energy into his answers.
http://www.net-security.org/news.php?id=2774

SCAMMERS USE TRUST TO OBTAIN YOUR PERSONAL INFORMATION Social Engineering takes advantage of the human element of security.
http://www.net-security.org/news.php?id=2779

SOURCEFIRE AIMS TO BOOST NETWORK SECURITY New technology enhances intrusion-detection systems.
http://www.net-security.org/news.php?id=2788

SNORT SECURITY HOLES AND STRATEGIES FOR SAFE NETWORK MONITORING In this article the author reviews the attacks that have been launched against Snort in the past, as well as the recent (and more serious) buffer overflows.
http://www.net-security.org/news.php?id=2805

ANALYSIS OF REMOTE ACTIVE OPERATING SYSTEM FINGERPRINTING TOOLS There are many tools today that are used for remote active operating system fingerprinting. They all have their own fingerprinting techniques. This paper gives an in-depth analysis of three such tools: Nmap, RINGv2, and Xprobe2. The purpose of the paper is to show how these tools work, and to understand the advantages and disadvantages they each offer.
http://www.net-security.org/article.php?id=502

BITDEFENDER ANTI BUGBEAR.B
This is a removal tool for Bugbear.B, the latest executable infector mass mailer backdoor.
http://www.net-security.org/software.php?id=495

"Tutorial free da IBM per certificarsi su DB2 per Linux"
Sono disponibili online libermente ma in lingua inglese presso il sito dell'IBM i tutorials per la preparazione della certificazione DB2 UDB for Linux, UNIX, and Windows Version 8 DBA Certification (701).
http://www.ziobudda.net/Admin/redir_news.php?id=12209

"Come realizzare il proprio Live CD Slackware"
I Linux Live CD stanno crescendo in popolarità, specialmente dopo l'uscita dell'eccellente Knoppix...
http://www.ziobudda.net/Admin/redir_news.php?id=12205

"Uscito FreeBSD 5.1"
Finalemente è uscita la nuova versione di FreeBSD 5.1 che va a sostituire la 5.0 afflitta da diversi problemi di gioventù.
http://www.ziobudda.net/Admin/redir_news.php?id=12202

Vulnerabilities
Title: Apple patches two Mac server holes
Source: C-Net News
Date Written: June 9, 2003
Date Collected: June 10, 2003
On June 9, 2003, Apple Computer issued a warning and patch to users highlighting two new security vulnerabilities in the file-sharing server software and the directory-services software provided with the Mac OS X Server operating system (OS). "When the server shares files that use the network file system (NFS) or the Unix file system (UFS) through the Apple File Service, a flaw could allow a remote user to overwrite arbitrary files," according to Apple. Log-in attempts to the server's directory services could result in passwords being sent back unencrypted.
http://rss.com.com/2110-1002_3-1014892.html

Vulnerabilities
Title: Spammers exploit Hotmail hole
Source: vnunet.com
Date Written: June 10, 2003
Date Collected: June 10, 2003
According to an advisory posted over the weekend by Chip Rosenthal of U.S.
systems developer Unicom, e-mail spammers have exploited the Distributed Authoring and Versioning (WebDav) interface which is used to send messages to Microsoft Hotmail servers. The Hotmail flaw can be used to send spam e-mail automatically, but is not being widely used yet.
http://www.vnunet.com/News/1141514

"Vulnerabilità in FastTrack"
Scoperta una falla in FastTrack, la tecnologia su cui sono basati software p2p del calibro di Kazaa, Grokster, iMesh e altri.
La vulnerabilità potrebbe essere sfruttata per portare un attacco DoS sui "supernodi" della rete http://www.ziobudda.net/Admin/redir_news.php?id=12220

"Vulnerabilità in Apache"
Sono state riscontrate due falle in Apache, sfruttabili per portare attacchi DoS sui sistemi vulnerabili. Sembrerebbero vulnerabili le versioni dalla
2.0.37 alla 2.0.45
http://www.ziobudda.net/Admin/redir_news.php?id=12219

"Inside the Linux Kernel Debugger"
IBM presenta un paper su come utilizzare il debugger interno al kernel di Linux cosi' da studiare meglio le proprie applicazioni.
http://www.ziobudda.net/Admin/redir_news.php?id=12214

Format string attacks with limited buffer space paper This paper goes into great detail describing how to utilize format string attacks with limited buffer space.
http://packetstormsecurity.nl/papers/general/bufferpaper.txt

Effects of Worms on Internet Routing Stability This article discusses the impact of worms on Internet endpoints and infrastructure, as well as their impact on global routing instability throughout the Internet.
http://www.securityfocus.com/infocus/1702

Malware
Title: Is a new Trojan horse at the firewall?
Source: Government Computer News
Date Written: June 10, 2003
Date Collected: June 11, 2003
Security experts claim to have discovered a yet-unnamed "third generation Trojan horse" program that appears to be infecting systems on the Internet.
Chris Hovis, director of product marketing for Lancope Inc., said that the new Trojan was first identified in May 2003 by a security analyst for a Defense Department contractor, and that both the FBI and the CERT Coordination Center at Carnegie Mellon University had been notified of the threat. The new Trojan listens for specific types of packets that "are believed to contain encrypted instructions for communicating with controllers," but the purpose of the Trojan and the extent of the problem remain unclear.
http://www.gcn.com/vol1_no1/daily-updates/22371-1.html

"Raccolta MANUALI (per programmatori)"
Nato da poco questo sito con l'intento di fare un mirror dei manuali disponibili free online per i programmatori. Possibilità di avvisare il webmaster tramite e-mail o sul forum per segnalare altri manuali ;)
http://www.ziobudda.net/Admin/redir_news.php?id=12243

"Mandrake Linux Advisory"
Disponibili gli update per le varie versioni di kernel dell'ultima versione della Mandrake che risolverebbero vari problemi di sicurezza e stabilità.
Ingoraggiato l'aggiornamento.
http://www.ziobudda.net/Admin/redir_news.php?id=12235

"Debian GNU/Linux Advisories"
Tre problemi di sicurezza individuati nella più "GNU" delle distribuzioni:
sono coinvolti eterm, ethereal, atftp
http://www.ziobudda.net/Admin/redir_news.php?id=12234

Malware
Title: New worm is Sunday driver
Source: PC Pro
Date Written: June 12, 2003
Date Collected: June 12, 2003
Security experts are warning of a new Internet worm called Kifie-D that spreads via e-mail and instant messaging systems, as well as through peer-to-peer (P2P) file-sharing networks, such as KaZaA. The Kifie worm contains a logic bomb that launches on a Sunday; it tries to overwrite documents in the Windows, Windows system and Windows system32 folders; it also attempts to delete certain files related to anti-virus software.
http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=43141

Technology
Title: IDS: What Lies Ahead?
Source: EWeek.com
Date Written: June 11, 2003
Date Collected: June 12, 2003
Research firm Gartner Inc. caused a stir on June 11, 2003 by claiming that intrusion detection systems (IDS) are outdated and security investments should focus on firewalls instead. The report, which is part of Gartner's Information Security Hype Cycle, argues that: "Intrusion detection systems are a market failure and vendors are now hyping intrusion prevention systems, which have also stalled in the marketplace." Some IDS vendors are disturbed by Gartner's assessment. They claim that IDSs play a crucial role in a 'defense in-depth' security strategy. Gartner on the other hand believes they "will be obsolete by 2005."
http://www.eweek.com/article2/0,3959,1124790,00.asp
Also - http://www3.gartner.com/5_about/press_releases/pr11june2003c.jsp
Also - http://thewhir.com/marketwatch/gar061103.cfm

Vulnerabilities
Title: Reality Check: How Safe Is Linux?
Source: NewsFactor
Date Written: June 11, 2003
Date Collected: June 12, 2003
The article discusses the security of Linux operating systems (OSs), particularly in comparison with Microsoft Windows OSs. The author finds that any system or network can be made secure if security policies and technologies are applied. Linux networks can run into security difficulties, however, because the management and configuration of Linux is quite complex, and security flaws, such as privilege escalation, can be introduced through programming errors in programs included in Linux distributions. According to Dave Wreski, CEO of Linux distributor Guardian Digital, "Information leaks, unauthorized access, and buffer overflows are problem areas for Linux." In the past, Linux systems have also been exploited using insecure daemons like Sendmail, Telnet, FTP, and Samba. However, all these factors don't make Linux systems less secure than proprietary OSs, especially since Linux flaws are often discovered earlier and patched quicker.
http://www.newsfactor.com/perl/story/21702.html

"Nuova stable release del kernel 2.4"
È disponibile per il download la release 2.4.21 del Kernel.
http://www.ziobudda.net/Admin/redir_news.php?id=12273

"Vulnerabilità nel Kernel Linux 2.4.18"
I kernel Linux fino alla versione 2.4.18, per l'architettura intel x86, possono essere forzati ad ignorare i privilegi di accesso dell'utente nella gestione di segnali IPC.
http://www.ziobudda.net/Admin/redir_news.php?id=12259

"Sicurezza wireless nelle reti 802.11"
Dell ha pubblicato un interessante documento sulla sicurezza delle reti wireless basate sul protocollo 802.11(wireless).
http://www.ziobudda.net/Admin/redir_news.php?id=12258

Malware
Title: Spam virus 'hijacks' computers
Source: BBC
Date Written: June 13, 2003
Date Collected: June 13, 2003
Security experts are warning that spammers have started using viruses and Trojan horse programs to take control of machines that they then use to send out unsolicited and often fraudulent e-mails. UK-based e-mail security firm MessageLabs last week discovered the AVF virus, which is believed to be the first example of malware sent out by a spammer in order to disseminate his offerings anonymously. In contrast to other viruses, spam viruses don't try to spread rapidly, instead they open a secret back door in vulnerable computers for the purpose of sending out spam messages. Some security experts fear that spam viruses could make the rising tide of spam even worse, potentially overwhelming the entire Internet system.
http://news.bbc.co.uk/2/hi/technology/2987558.stm
Also - http://www.vnunet.com/News/1141610

Technology
Title: IEEE approves 802.11g standard
Source: Info World
Date Written: June 12, 2003
Date Collected: June 13, 2003
On June 12, 2003, the Standards Board Review Committee of the Institute of Electrical and Electronics Engineers (IEEE) approved the new 802.11g standard for wireless local area networks (LANs) after a complicated three-year standardization process. The new standard sets requirements for wireless LAN equipment that will have to meet a carrying capacity of 24Mbps to 54Mbps in the 2.4GHz radio spectrum range. Wireless LAN gear under the new standard will still have to be backward compatible with existing 802.11b equipment.
http://www.infoworld.com/article/03/06/12/HNwifistandard_1.html
Also - http://news.com.com/2100-1039_3-1016370.html
Also - http://www.securityfocus.com/news/5749

Vulnerabilities
Title: Antivirus flaw downs mail servers
Source: C-Net News
Date Written: June 12, 2003
Date Collected: June 13, 2003
Security firm Network Associates issued an advisory on June 12, 2003 warning users that a flaw in its McAfee GroupShield 5.2 anti-virus software for Microsoft Exchange 2000 servers could cause the servers to crash. Network Associates had issued a patch to fix the vulnerability in January 2003, but was forced to release a new advisory because at least four customers have been affected by the problem in the past two days. The latest incidents may be the result of a targeted attack aimed at exploiting the flaw, or due to spam e-mails that may have inadvertently triggered the flaw, according to Vincent Gullotto, vice president for Network Associates' anti-virus emergency response team. Customers are advised to apply the latest fix as soon as possible or potentially face lengthy e-mail outages.
http://news.com.com/2100-1002_3-1016608.html

Vulnerabilities
Title: GPRS network could be hacked
Source: Cellular-News
Date Written: June 13, 2003
Date Collected: June 13, 2003
Nokia has issued a statement warning customers that Nokia GGSN (Gateway GPRS support node) release 1 contains a vulnerability in the TCP stack that could allow a malicious attacker to launch a denial of service (DoS) strike using a computer and a mobile phone. By sending a malformed IP packet, an attacker could "crash all data connectivity within a GPRS based network." Security firm @stake notified Nokia of the flaw and both companies are working together to resolve the problem. Nokia has issued a software update (GGSN release 2) that is not at risk from the flaw.
http://www.cellular-news.com/story/9051.shtml

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)