UNA FALLA RENDE VULNERABILE OFFICE
Fra i nuovi problemi di sicurezza corretti da Microsoft, il maggiore interessa Visual Basic for Applications, componente utilizzato da un certo numero di applicativi, fra cui quelli di Office
URL: http://punto-informatico.it/pi.asp?i=45127

WINDOWS UPDATE OLTRE WINDOWS
La prossima versione di Windows Update, vicina alla fase di test, offrira'
aggiornamenti Microsoft per l'intera gamma di prodotti dell'azienda, da Office 2003 a Exchange
URL: http://punto-informatico.it/pi.asp?i=45146

"Phoenix produce un BIOS DRM-Enabled"
La Phoenix sta lavorando ad un BIOS che comprende funzioni di Digital Rights Management, rendendo possibile il tracking e il tracing di tutto cir che viene eseguito o scaricato su un computer, e potendo quindi eventualmente inibire l'uso di software non certificato. Il tutto dovrebbe essere attivabile opzionalmente, ma i vari vendor potrebbero impostare dei default non modificabili dall'utente finale. Bella roba eh :-/
http://www.ziobudda.net/Admin/redir_news.php?id=13459

Technology
Title: SoBig opens a new can of worms
Source: vnunet.com
Date Written: September 4, 2003
Date Collected: September 4, 2003
In the wake of the Blaster and SoBig worm attacks, information technology directors are considering the use of heuristic virus scanners on top of conventional anti-virus measures. Conventional anti-virus systems rely on finding and identifying viruses, then distributing information to scanners to look for and eliminate files that match. Heuristic systems search for virus-like code and activity, and do not rely on prior identification to work. This can provide an edge against undocumented viruses. Such systems managed to stem the spread of the SoBig worm since it resembled spam distributing software. Heuristic methods tend to produce a lot of false positives however, prompting administrators to use conventional measures as well.
http://www.vnunet.com/News/1143377
Also - http://news.bbc.co.uk/2/hi/uk_news/england/bristol/somerset/3078586.stm
Also - http://www.newscientist.com/news/news.jsp?id=ns99994119

Vulnerabilities
Title: Office users at risk from 'critical' flaw
Source: ZDNet
Date Written: September 4, 2003
Date Collected: September 4, 2003
Microsoft Corp. reported five new security vulnerabilities on September 3, 2003, taking the total number so far for 2003 to 38. One of the flaws, which affects nearly all programs included in Microsoft Office 97, 2000 and XP, including Word, Excel, PowerPoint and Access, as well as other programs that use Microsoft Visual Basic for Applications (VBA) technology, including its Visio 2000, 2002 and Project 2000 and 2002, was rated 'critical' by the software giant. The critical vulnerability could allow an attacker to take control of a machine, run programs or read files. The other four vulnerabilities - rated from 'low' to 'important' - affect various versions of Microsoft Office, Access, Word and Windows.
http://zdnet.com.com/2100-1105_2-5070929.html
Also - http://www.vnunet.com/News/1143382
Also - http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=3383467
Also - http://www.securityfocus.com/news/6873
Also - http://www.pcworld.com/news/article/0,aid,112316,00.asp

Vulnerabilities
Title: Israeli Scientists Crack GSM Mobile Call Security
Source: Reuters
Date Written: September 3, 2003
Date Collected: September 4, 2003
Israeli researchers at the Technion Institute have discovered a hole in the encryption algorithm used in Global System for Mobile communications (GSM) phones. According to Professor Eli Biham, the hole would allow an attacker to intercept phone calls, and even impersonate calls from the targeted phone number. GSM is the world's largest mobile system, with over 860 million users, or 72% of the digital mobile phone market. The GSM Association acknowledges the flaw, but says that expensive and sophisticated equipment is necessary to exploit it. Prof. Biham disagrees; an attacker would only need a radio receiver and a computer to apply the attack algorithm.
http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=3380775
Also - http://www.techworld.com/news/index.cfm?fuseaction=displaynews&newsid=420
Also - http://www.theregister.co.uk/content/55/32653.html

Malware
Title: Weekly Virus Report: Blaster.F, Mapson.D, Darby.A, Apdoor.B, Daol.A and Surfbar
Source: Help Net Security
Date Written: September 5, 2003
Date Collected: September 5, 2003
Panda Software reports on six viruses currently in the wild: Blaster.F, Mapson.D, Darby.A, Apdoor.B, Daol.A and Surfbar. The Blaster.F worm infects only Windows NT, 2000, XP, and 2003 and carries its own Trivial File Transfer Protocol (TFTP) server to download copies of itself to spread as widely as possible. The Mapson.D worm spreads through e-mail, peer-to-peer, and Internet Relay Chat (IRC), and halts many Windows processes, including system tools and anti-virus programs, leaving the computer vulnerable to further assault. Darby.A spreads through means similar to Mapson.D, ends system and anti-virus processes. and infects Word and Excel macros. Apdoor.b logs an infected machine onto on IRC channel to allow the attacker access to conduct denial of service attacks. Daol.A infects files with EXE, SCR, ASP, PLG, HTM, HTML, VBS and VBE extensions, while Surfbar creates directories with links to pornographic sites and changes the Internet Explorer home page.
http://www.net-security.org/virus_news.php?id=304

"Che cos'i un buffer overflow"
Il buffer overflow h la vulnerabilit` piy diffusa nei sistemi informatici di qualunque produttore. Anche nelle news di oggi riportiamo problemi legati a overflow o overrun sui buffer.
http://www.ziobudda.net/Admin/redir_news.php?id=13473

E' on-line su SIForge.org un articolo di Kirash <kirash@interfree.it> dal
titolo: "Appunti per aspiranti Penetration Tester". Di seguito l'abstract:
"Questo documento h una guida introduttiva alla pratica del penetration testing. Particolare attenzione sar` data alle varie tipologie e agli aspetti critici dei pen-test, in modo da metterne in evidenza la particolare natura."
http://www.siforge.org/articles/2003/09/08-pentester.html

IE, IL BUCO DI AGOSTO E' ANCORA APERTO
Alcuni esperti di sicurezza sostengono che una recente patch per Internet Explorer lascia ancora gli utenti vulnerabili ad una falla di sicurezza sfruttabile da un cracker per eseguire del codice a sua scelta
URL: http://punto-informatico.it/pi.asp?i=45155
Also -
http://www.zdnet.com.au/newstech/security/story/0,2000048600,20278308,00.htm

TUTTI CONTRO I BREVETTI SUL SOFTWARE
Prosegue intensa la mobilitazione contro la direttiva europea sui brevetti in via di discussione all'Europarlamento. Una direttiva che spaventa.
Partita anche una mailing list organizzativa
URL: http://punto-informatico.it/pi.asp?i=45160

INSIDE NIP HYPE
Though we think NIP systems can enhance an existing security infrastructure, we don't consider integrating intrusion prevention and firewalls into a single unit a desirable goal.
http://www.net-security.org/news.php?id=3491

IS YOUR NETWORK SAFE? TRY THESE TOOLS AND FIND OUT You patch your web server and are mindful of your firewall configuration, but is your site really secure? How do you check it?
http://www.net-security.org/news.php?id=3498

BLINDFOLDED SQL INJECTION
This whitepaper shows that supressing error messages does not provide real protection. The research reveales a set of techniques that attackers can use to bypass this obstacle, making it clear that more substantial measures must be taken against SQL injection attacks.
http://www.net-security.org/article.php?id=553

"Kernel 2.6.0-test5"
Ecco qua una nuova beta del kernel 2.6!!
http://www.ziobudda.net/Admin/redir_news.php?id=13484

"Opera:Vulnerabilita' nelle Ver. 7.03 e 7.10!"
Sono state scoperte vulnerabilita' in alcune versioni di Opera.Rimane esonerata da questa lista Opera 7.11.
http://www.ziobudda.net/Admin/redir_news.php?id=13544

"HowTo Upgrade To The 2.6 Kernel"
Un documento su come effettuare un upgrade dal kernel 2.4 al kernel 2.6 (Cercasi traduttore).
http://www.ziobudda.net/Admin/redir_news.php?id=13539

"Bug in Mozilla: come il browser gestisce gli spazi vuoti"
Il piy famoso browser open source gestisce in maniera errata gli spazi vuoti. Nell'articolo, la spiegazione e le immagini del problema.
http://www.ziobudda.net/Admin/redir_news.php?id=13533

"Libro gratuito su Java di 225 pagine"
Ho reso disponibile, dopo molti rinvii, il PDF del corso di java di CorsoJava.it. Il file di 4.5MB contiene un libro di 225 Pagine A4, sul LINGUAGGIO Java (e non librerie, applet, etc) esaminato ad un livello di dettaglio approfondito. Potrete scaricarlo almeno finchi il provider non mi chiuder` il sito per il troppo traffico...
http://www.ziobudda.net/Admin/redir_news.php?id=13519

C'E' UN BUCO NEL MIDI DI WINAMP
Un ricercatore ha scoperto e divulgato una vulnerabilita' che affligge alcune versioni di WinAMP e che potrebbe consentire ad un cracker di eseguire codice a propria scelta sul computer-bersaglio
URL: http://punto-informatico.it/pi.asp?i=45188

XFree
Vendor: XFree86 Project
Several vulnerabilities were reported in the XFree86 font libraries. A remote user can execute arbitrary code. A local user may be able to exploit Xserver to execute arbitrary code with root privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2003/Aug/1007598.html

Microsoft Visual Basic for Applications
Vendor: Microsoft
A vulnerability was reported in Microsoft Visual Basic for Applications (VBA), affecting a large number of Microsoft applications. A remote user can cause an affected application to execute arbitrary code.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007618.html

Microsoft Word
Vendor: Microsoft
A buffer overflow vulnerability was reported in Microsoft's WordPerfect converter, part of Microsoft Office, Word, PowerPoint, FrontPage, Publisher, and Works. A remote user can execute arbitrary code on a target user's computer when the target user opens a document.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007617.html

Microsoft Word
Vendor: Microsoft
A vulnerability was reported in Microsoft Word. A remote user can create a malicious document that, when opened, will bypass macro security restrictions and execute the macro.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007616.html

NetBIOS
Vendor: Microsoft
A vulnerability was reported in several Microsoft Windows operating systems in the NetBIOS implementation. The system may leak data from random memory locations to remote users.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Sep/1007615.html

Microsoft Access
Vendor: Microsoft
A vulnerability was reported in the Microsoft Access Snapshot Viewer ActiveX control. A remote user can cause arbitrary code to be executed on the target user's computer.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007614.html

ZoneAlarm
Vendor: Zone Labs
A denial of service vulnerability was reported in ZoneAlarm. A remote user can send UDP packets to the target system to cause the system's network connectivity to become unavailable.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007604.html

FALLA IN WINDOWS, NUOVO RISCHIO WORM
Microsoft ha corretto tre nuove vulnerabilita' di sicurezza di Windows molto simili a quella sfruttata di recente da alcuni worm, fra cui il tristemente famoso MSBlaster. L'azienda sollecita l'immediata applicazione della patch
URL: http://punto-informatico.it/pi.asp?i=45198
Also - http://www.computerworld.com/securitytopics/security/holes/story/0,10801,84775,00.html
Also - http://www.infoworld.com/article/03/09/10/HNblastertwo_1.html

Malware
Title: Today's WTC virus attack threat a hoax
Source: Gulf News
Date Written: September 11, 2003
Date Collected: September 11, 2003
Messages warning of an e-mail virus sent with the subject line "WTC Survivor" are a hoax. The messages claim that the virus uses a social engineering exploit, appearing to be a piece of news in relation to the second anniversary of the September 11 terrorist attacks. Though such social engineering attacks are common, anti-virus vendor Sophos considers the "WTC survivor" virus a hoax--the message has circulated for the past two years.
Two real viruses, Neroma and Vote.K also carry September 11 references, but are not considered high risk threats. Computer experts advise users to avoid opening suspicious e-mails with 9/11 themes.
http://www.gulf-news.com/Articles/news.asp?ArticleID=97269
Also - http://www.cnn.com/2003/TECH/internet/09/11/sept11.viruses.reut/index.html

Technology
Title: IRS Blasts Worm With Autonomic Software
Source: EWeek.com
Date Written: September 8, 2003
Date Collected: September 11, 2003
The article outlines the system the Internal Revenue Service (IRS) uses to protect itself against security vulnerabilities and malware, including the Blaster worm of August 2003. In 2001, the IRS established a Computer Systems Instant Response Center (CSIRC) to detect malicious code on its networks, and monitor external sites for up to date information on new threats and vulnerabilities. When Microsoft released a patch in mid-July for the vulnerability exploited by Blaster, CSIRC forwarded the patch to Jim Kennedy in Enterprise Systems Management. His team spent three weeks testing and configuring the patch to integrate with IRS systems. The IRS then used IBM Tivoli software to push the patch and Symantec's cleanup tool to 5,000 servers and 125,000 workstations across the nation. A manual installation project would have taken 1,200 people and cost $1.5 million to finish in the same time frame before the Blaster attack.
http://www.eweek.com/article2/0,4149,1260357,00.asp

Technology
Title: Hardening the TCP/IP stack to SYN attacks
Source: Security Focus
Date Written: September 10, 2003
Date Collected: September 11, 2003
Cybersecurity consultant Mariusz Burdach reviews SYN flood attacks, and countermeasures against them. The TCP protocol uses a three way handshake: a client requests a connection from a server by sending a SYN packet; the server confirms the request by sending back a SYN-ACK packet; the client finishes the request with an ACK packet. In a SYN flood, an attacker sends only SYN packets, creating a number of incomplete connections. If too many half-connections are opened, the attacker can crash the server, or deny service to legitimate clients. Mr. Burdach reviews countermeasures for a crashing SYN flood, beyond the usual method of packet filtering. He covers such measures for Windows 2000, Red Hat Linux 7.3, Sun Solaris 8, and HP-UX 11.00.
http://www.securityfocus.com/infocus/1729

Vulnerabilities
Title: 30 unpatched holes in IE, says security researcher
Source: SMH.com.au
Date Written: September 11, 2003
Date Collected: September 11, 2003
According to cybersecurity researcher Thor Larholm of PivX Solutions, Microsoft has yet to patch 30 documented security flaws in Internet Explorer. One new attack involves misdirecting input--a user could press 'Cancel' in a dialog box asking for security confirmation, but the browser would move the dialog over to 'OK' before the mouse button is released.
Several other newly documented flaws are cross-domain scripting vulnerabilities which would allow an attacker to steal cookies and sensitive data, as well as execute arbitrary code. Mr. Larholm notes that Microsoft has already patched several similar vulnerabilities, and several more are under active investigation.
http://www.smh.com.au/articles/2003/09/11/1063249516080.html

Malware
Title: Security Experts Warn of Repeat of Blaster Virus
Source: Reuters
Date Written: September 11, 2003
Date Collected: September 12, 2003
Security experts are warning corporate and home users to quickly install security patches and update their anti-virus software after Microsoft Corp., on September 10, 2003, announced 'critical' new vulnerabilities in its near-ubiquitous Windows software. Experts fear that the flaws, which are similar to other Windows vulnerabilities released in July 2003, could make systems vulnerable to a damaging new worm similar to Blaster (also known as MSBlast or LovSan), which hit hundreds of thousands of machines in August 2003. A Blaster II worm exploiting the latest vulnerabilities could allow an attacker to "gain control over a computer, delete data and install malicious programs." Users are particularly at risk due to the media attention received by recent Windows flaws and the shorter time between the release of flaws and worms to exploit them.
http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=3430746
Also - http://news.bbc.co.uk/2/hi/technology/3099302.stm
Also - http://zdnet.com.com/2100-1104_2-5074415.html
Also - http://www.nwfusion.com/news/2003/0911scramble.html

Vulnerabilities
Title: Microsoft Readies Interim Security Pack For Windows XP
Source: Techweb
Date Written: September 11, 2003
Date Collected: September 12, 2003
It appears that, contrary to earlier statements, Microsoft Corp. will soon release a comprehensive security service pack (called an Update Rollup by
Microsoft) that will consist of all 22 critical and security updates for Windows XP released since the operating system debuted in October 2001. The information is derived from an e-mail sent by Microsoft to beta testers on September 10, 2003 asking them to test the update by September 24, 2003. The security service pack could be ready for public release shortly thereafter and will fix a number of recent, high-profile security flaws.
http://www.techweb.com/wire/story/TWB20030911S0012

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)