GnomixLand :: Manuali, immagini, fotografie e tanto altro a portata di un click

***Patch critica per Internet Exlplorer***
E' disponibile per il download una nuova patch critica per Internet
Explorer, che va a sanare un bug che permetterebbe ad un malintenzionato di
eseguire codice a piacimento sul pc della vittima. Scaricatela al più presto
dal link o da windows update.
http://www.pc-facile.com/news.php?n=12253

"Palladium: come funziona"
Il prossimo windows di nome Longhorn comincerà ad avere Palladium come
sistema di protezione del software. Il processo sarà graduale ma iniziamo a
vederne il funzionamento e a discutere cosa è avvenuto nel campo del trust
computing, Xbox in testa.
http://www.ziobudda.net/Admin/redir_news.php?id=14038

CHIUSI NUOVI BUCHI IN OPENSSL
L'implementazione open source del protocollo di sicurezza SSL arriva in due
nuove versioni che correggono alcune gravi vulnerabilita' scoperte di
recente in diversi software che forniscono servizi SSL e TLS
URL: http://punto-informatico.it/pi.asp?i=45464

MICROSOFT DENUNCIATA PER I VIRUS
Una donna californiana ritiene il big di Redmond responsabile della
diffusione di worm e simili, vuole i danni e chiede agli utenti Windows di
unirsi a lei in una denuncia collettiva. Da Redmond: i virus li fanno i
criminali
URL: http://punto-informatico.it/pi.asp?i=45469

Nmap 3.48: Service fingerprints galore!
I am pleased to release Nmap 3.48. Besides nearly DOUBLING the Nmap version
detection database size to 663 signatures thanks to your submissions, this
version improves some version detection algorithms to provide more accurate
results more quickly. I have also added "helper functions" to the file
format for dealing with UNICODE encoding of normal ASCII strings and several
other strange issues. 3.48 also offers many bugfixes to resolve both
runtime errors and compilation problems. [...] The service detection release
has been so successful that I am already working on the next major feature!
It will be called "bomb scan" (-sB) and utilize the technology described in
this article: http://students.cs.byu.edu/~emcnabb/computerbomb.jpg
As usual, 3.48 is available from
http://www.insecure.org/nmap/nmap_download.html

OpenSSL
Vendor: OpenSSL.org
Several vulnerabilities were reported in the ASN.1 parsing code in OpenSSL.
A remote user may be able to cause arbitrary code to be executed on a server
application that uses OpenSSL.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007837.html

mIRC
Vendor: mIRC Co. Ltd.
A buffer overflow was reported in the mIRC client. A remote IRC server can
cause arbitrary code to be executed on the connected mIRC client.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007831.html

Cisco PIX Firewall
Vendor: Cisco
A denial of service vulnerability was reported in the Cisco PIX firewall. A
remote user can cause the firewall's pool of network address translation
(NAT) addresses to become exhausted.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Oct/1007877.html

Windows Kernel
Vendor: Microsoft
A denial of service vulnerability was reported in the Microsoft Windows
operating system in the PostThreadMessage() API. A local user can terminate
arbitrary processes in certain cases.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2003/Oct/1007874.html

SSH
Vendor: SSH Communications
A vulnerability was reported in SSH Secure Shell in the decoding of ASN.1
BER/DER-encoded packets. A remote user can cause the target SSH process
(and potentially the target host) to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Oct/1007851.html

** OTTOBRE, E' TEMPO DI PATCHARE **
Se usate Internet Explorer o comunque l'avete installato nel vostro
computer, cosa pressoché inevitabile se usate Windows, è di nuovo tempo di
scaricare e installare al più presto un aggiornamento di sicurezza.
[Pubblicato su www.zeusnews.it il 06-10-2003]
>> di Paolo Attivissimo
http://www.zeusnews.it/news.php?cod=2413

** PICCOLA GUIDA ALLA RIMOZIONE DEI VIRUS **
Come disinfettare il proprio sistema operativo Windows con piccole utility
freeware.
[Pubblicato su www.zeusnews.it il 07-10-2003]
>> di Matteo Campofiorito
http://www.zeusnews.it/news.php?cod=2414

"Analisi di Log in Perl"
Stavamo dicendo... ah, si il corso di Perl. Bene, ora è il momento di
esaminare le espressioni regolari. E lo facciamo con uno script interessante
e utile: come analizzare i log di Apache in Perl. Si, lo so che esistono
10mila analizzatori di Log, ma qui stiamo parlando di farcene uno ad hoc
specializzato. E io ne faccio (ancora oggi) tanti...
http://www.ziobudda.net/Admin/redir_news.php?id=14076

"Virus: Windows batte Linux 60000 a 40"
"Ci sono circa 60,000 virus noti per Windows, circa 40 per Macintosh, 5 per
gli UNIX commericali e circa 40 per Linux. Molti dei virus per windows sono
innocui, ma quelli dannosi sono alcune centinaia, nessuno dei virus per Unix
o Linux si è mai diffuso a livello planetario" questo è quanto afferma
Register.
http://www.ziobudda.net/Admin/redir_news.php?id=14068

"Linux Gazette October 2003 (#95)"
Nuovo numero di uno dei mensili, gratuiti, piu' famoso dedicato a linux.
http://www.ziobudda.net/Admin/redir_news.php?id=14052

Vulnerabilities
Title: Microsoft security suit raises thorny questions
Source: ZDNet
Date Written: October 3, 2003
Date Collected: October 6, 2003
Microsoft is expected to fight a proposed class-action suit filed in Los
Angeles Superior Court last week. The suit claims that Microsoft violated
consumer protection laws by selling software riddled with security flaws. A
rash of recent vulnerabilities and devastating exploits has many consumers
looking to the product liability laws as possible means of forcing Microsoft
and other software makers to produce more secure applications. Software
companies have so far been able to sidestep product liability suits partly
by selling customers a license to use their programs instead of actual
ownership. According to experts, some shift toward holding software makers
responsible for defects may be inevitable. "The broad issue is, as a matter
of policy, do we want suppliers of products and systems that are critical to
our economy to be able to absolve themselves of all liability," said Mark D.
Rasch, a former federal prosecutor. However, Microsoft has been able to
avoid any liability despite other such lawsuits in the past.
http://zdnet.com.com/2100-1104_2-5086385.html
Also - http://www.nytimes.com/2003/10/06/technology/06SOFT.html

BROWSER HOLES LEAD TO AIM, DIAL UP ATTACKS
Security holes in Microsoft's Internet Explorer browser have been exploited
by hackers to hijack AOL instant messaging accounts and force unsuspecting
Web surfers to run up massive phone bills, computer experts have cautioned.
http://www.net-security.org/news.php?id=3676

EXPLOITING CISCO ROUTERS (PART ONE)
This is the first of a three-part series that will focus on identifying and
then exploiting vulnerabilities and poor configurations in Cisco routers.
http://www.net-security.org/news.php?id=3690

AVOID MOBILE SECURITY HEADACHES
This article shows you how to avoid mobile security headaches by
implementing the right safety measures.
http://www.net-security.org/news.php?id=3709

TROJAN HORSE EXPLOITS EXPLORER FLAW
A program dubbed QHosts takes advantage of a hole in Microsoft's Internet
browser to install itself without users being aware.
http://www.net-security.org/news.php?id=3725

BLIND SQL INJECTION: ARE YOU VULNERABLE?
SQL Injection can deliver total control of your server to an attacker giving
them the ability to read, write and manipulate all data stored in your
backend systems.
http://www.net-security.org/article.php?id=571

Aggiornamento di misc-raptor.tar.gz
Marco Ivaldi (a.k.a. Raptor) su ml@sikurezza.org segnala che è on-line
l'ultima release di misc-raptor.tar.gz, che include un totale di 53 exploit
di esempio (13 in piu' della precedente). La novita' principale e' la
trattazione delle tecniche per sfruttare i format string, sia locali che
remoti. Lo studio si trova all'url:
http://www.0xdeadbeef.info/code/misc-raptor.tar.gz
Per gli interessati, e' inoltre possibile scaricare alcune delle mie
soluzioni ai 2 challenge di vuln-dev, all'url:
http://www.0xdeadbeef.info/code/vulndev-raptor.tar.gz

"Google ci spia?"
Il motore di ricerca più apprezzato in rete, si lancia in un'iniziativa che
crea dei malumori tra gli utenti
http://www.ziobudda.net/Admin/redir_news.php?id=14085

P2P CON BACKDOOR INCORPORATA
Promosso come software di file-sharing garante della privacy, EarthStation 5
deve ora difendersi dall'accusa di contenere una sorta di backdoor
attraverso cui un malintenzionato potrebbe cancellare i file degli utenti
URL: http://punto-informatico.it/pi.asp?i=45496
Also - http://news.zdnet.co.uk/software/applications/0,39020384,39116959,00.htm

PYTHON COMMUNITY SERVER: FIGHTING SPAM WITH QMAIL (PART II)
"In this article, I will explain how to solve, at least partly, these
problems, using a replacement for qmail's SMTP server, called qpsmtpd..."
http://www.pycs.net/lateral/stories/11.html

FIGHTING SPAM WITH QMAIL
In this article the author explains how you can fight spam by making your
qmail server filter your messages through spamassassin.
http://www.net-security.org/news.php?id=3680

LPI CERTIFICATION 102 (RELEASE 2) EXAM PREP, PART 3: NETWORKING
In this tutorial, we'll introduce you to TCP/IP and Ethernet Linux
networking fundamentals, share important tips for securing your Linux
systems, and more.
http://www.net-security.org/news.php?id=3681

SHELL HISTORY OVERVIEW, PART 1
There are many articles and books on that topic but we want to show our own
point of view, share the experience, configs and describe problems you may
face.
http://www.net-security.org/news.php?id=3705

Vulnerabilities
Title: Shift key breaks CD copy locks
Source: ZDNet
Date Written: October 7, 2003
Date Collected: October 7, 2003
Princeton Ph.D. student John Halderman published a paper on his website
explaining how he disabled copy-protection measures on an Anthony Hamilton
compact disc distributed by BMG. The copy-protection system automatically
installs anti-piracy software onto any computer the CD is inserted into,
preventing the user from ripping music into mp3 format. Mr. Halderman found,
however, that simply holding down the shift key prevents Windows AutoRun
from working, opening the music to copying. BMG and SunnComm, the developer
of the copy-protection involved, are unconcerned about the flaw, saying the
technology was meant to be a "speedbump," preventing casual piracy. The
Anthony Hamilton CD comes with pre-ripped versions of the songs, allowing
limited copying of the files. People who prevent the anti-piracy software
from loading also do not get access to second session material on the disc,
which in the future will include videos and other bonus material.
http://zdnet.com.com/2100-1105_2-5087875.html

CD SENZA PROTEZIONE IN UN CLIC
L'ultima tecnologia di protezione dei CD audio puo' essere messa fuori uso
semplicemente tenendo schiacciato un tasto. La scelta, dice BMG, e'
consapevole: i consumatori vanno tutelati. Wow!
URL: http://punto-informatico.it/pi.asp?i=45514

"Il 29 Novembre parte la terza edizione del 'Linux Day'"
ILS esorta tutti i LUG (Linux User Group) e le associazioni di simpatizzanti
di Linux presenti nel Bel Paese ad organizzare per il "Linux Day" una
giornata incentrata su questi temi nella propria città...
http://www.ziobudda.net/Admin/redir_news.php?id=14108

"Debian Weekly News"
Welcome to this year's 40th issue of DWN, the weekly newsletter for the
Debian community.
http://www.ziobudda.net/Admin/redir_news.php?id=14105

RED HAT LINUX ADVISORY: SANE
"Updated SANE packages that resolve a number of vulnerabilities with the
saned daemon are now available..."
http://linuxtoday.com/security/2003100702226SCRHSW

BUILD AN INTERNET SERVER ON A SHOESTRING
"If you're thinking about setting up an Internet server but don't have much
money, this article is for you. It describes how to build and deploy a Web
server for under $250.00, using a broadband connection, Red Hat Linux and
other free software--and a very small budget..."
http://www.devx.com/opensource/Article/17405

Vulnerabilities
Title: Life in the Fast Lane: Security for Cable Modem, DSL, and Other Remote User Internet Connections
Source: Help Net Security
Date Written: October 6, 2003
Date Collected: October 8, 2003
Modern broadband technologies, such as cable modem, Digital Subscriber Line
(DSL), VSAT satellite, and wireless, allow faster and affordable Internet
access for remote users, but also open a new set of security issues.
File-sharing via Server Message Block (SMB) and Windows file sharing can
open up a computer unless careful attention is paid to setting permissions;
Windows NT 4.0 Workstation and Windows 2000 Professional gives full access
to folders selected for sharing to anyone by default. Linux users may face
similar vulnerabilities using SAMBA and Network File System (NFS)
applications. A number of plug-and-play vulnerabilities have been found in
Windows platforms and such TCP/IP tools as FTP (file transfer protocol),
telnet, and SNMP (Simple Network Management Protocol). Cable modem are more
vulnerable to packet sniffing than other connections. The author recommends
establishing strong policies to meet these vulnerabilities, including use of
personal firewalls, limiting network fileshares, filtering application
content, and using virtual private networks (VPN) and secure shell (SSH).
Remote systems should also be periodically tested for new vulnerabilities
and to ensure safeguards are working.
http://www.net-security.org/article.php?id=574

** CORSO GRATUITO PER INSTALLATORE DI RETI INTERNET **
A promuoverlo è lo Ial di Novara.
http://www.zeusnews.it/news.php?cod=2416

** NETSCAPE AL CAPOLINEA **
La storia del famoso browser sembra essere arrivata alla parola fine.
http://www.zeusnews.it/news.php?cod=2417

"Duello dei FileSystem Linux"
Il benchmark eseguito fornisce dati approfonditi e soprattutto di facile
comprensione anche per i meno "advanced".
http://www.ziobudda.net/Admin/redir_news.php?id=14141

"Impariamo a fare il backup della posta..."
Tistar, che non ringrazierò mai abbastanza, ha fatto una nuova scheda
sull'argomento "Backup della Posta in Arrivo" della nostra Linux Box,
vediamo come fare...
http://www.ziobudda.net/Admin/redir_news.php?id=14132

"PHLAK: La sicurezza in un Live-CD"
PHLAK è una distribuzione modulare incentrata sulla sicurezza, nata per
essere usata da un Live CD. PHLAK vuole diventare l'unico tool di security
necessario per svolgere tutte le attività legate alla sicurezza.
http://www.ziobudda.net/Admin/redir_news.php?id=14130

LINUX 2.6 SI PREPARA AL BRINDISI
In occasione del rilascio dell'ultima release di test del kernel 2.6, Linus
Torvalds ha congelato tutte le attivita' di sviluppo secondarie e ha dato il
via all'ultimissima, e si prevede breve, fase di revisione del codice
URL: http://punto-informatico.it/pi.asp?i=45535
Also - http://www.ziobudda.net/Admin/redir_news.php?id=14124
Also - http://linuxtoday.com/developer/2003100802126NWKNDV

LE DEBOLEZZE DI INTERNET IN UNA CLASSIFICA
Stilata la quarta classifica annuale delle piu' gravi vulnerabilita' che
affliggono i sistemi connessi ad Internet, prendendo in esame le piattaforme
Windows e Unix. Ecco cosa emerge
URL: http://punto-informatico.it/pi.asp?i=45536

FALLA IN IE6 E IN UN PLUG-IN DI ADOBE
Due distinte societa' di sicurezza hanno rivelato la presenza di alcune
falle in Internet Explorer e in un plug-in Adobe per la visualizzazione dei
file SVG. Rizchio
URL: http://punto-informatico.it/pi.asp?i=45531
Also - http://www.vnunet.com/News/1144119

WHY USE DITA TO PRODUCE HTML DELIVERABLES?
"The Darwin Information Typing Architecture (DITA) is an XML-based format
for structuring and authoring technicaln content. This article explores
advantages DITA provides for producing HTML content..."
http://www-106.ibm.com/developerworks/library/x-dita6/?ca=dgr-lnxw02DITA

BUILDING AN LDAP SERVER ON LINUX, PART 1
"This series will instead explain what LDAP is good for, detail how to build
an LDAP server, and cover what you can do with it..."
http://networking.earthweb.com/netsysm/article.php/3088441

RED HAT LINUX ADVISORY: MYSQL
"Frank Denis reported a bug in unpatched versions of MySQL prior to version
3.23.58. Passwords for MySQL users are stored in the Password field of the
user table..."
http://linuxtoday.com/security/2003100901826SCRHSW

Vulnerabilities
Title: The art of self defense in network security
Source: Computerworld
Date Written: October 8, 2003
Date Collected: October 9, 2003
Mark Tolliver, of Sun Microsystems, offers advice on building strong network
protection. Security begins with situational awareness; administrators
without situational awareness of their networks are probably already under
attack, but do not realize it. Mr. Tolliver recommends buying from multplie
vendors, making an analogy to grain supply: if 90% of the world's grain came
from a single variety of corn, a single disease could compromise the food
supply. Mr. Tolliver also recommends open systems and standards. They stand
up to public scrutiny and allow for integrated application from a wide
choice of products, rather than forcing a company to rely on one vendor.
Applications should be divided into three layers: presentation, business,
and data. Networks should be built with redundancy to ensure continued
operation in the face of an attack. Mr. Tolliver also warns to be aware of
the insider threat, as 80% of attacks come from inside. Finally, staff must
be trained to be aware of information security.
http://computerworld.com/securitytopics/security/story/0,10801,85705,00.html

NEWSFORGE: INTRODUCTION TO LINUX FILESYSTEMS AND FILES
"Everything you do with Linux involves files in one way or another. You
launch programs from files, read program configurations in files, store data
in files, deliver files to clients via servers, and so on..."
http://newsforge.com/article.pl?sid=03/10/07/196222&mode=thread&tid=23

Malware
Title: Rising warns of three computer viruses likely to strike China next week
Source: OSAC Cybernews
Date Written: October 10, 2003
Date Collected: October 10, 2003
China's largest anti-virus vendor Rising is warning of three new viruses
that could cause problems in the week from October 13 to October 19, 2003.
Worm.Smibag, which spreads via Microsoft Network (MSN) programs and
automatically opens Internet Explorer (IE) windows connecting to
pornographic websites, could be the most worrisome virus for Chinese web
users next week. In addition, Trojan.WebAuto.g, a Trojan that spreads via IE
and Oicq, an online chat tool, and I-Worm.Cydog.c, a virus that spreads
through e-mails and the mIRC Internet chat program, could also cause
difficulties, according to Rising.
http://www.ds-osac.org/view.cfm?KEY=7E4556424653&type=2B170C1E0A3A0F162820

Technology
Title: Microsoft to improve Windows security
Source: Security Focus (AP)
Date Written: October 9, 2003
Date Collected: October 10, 2003
Speaking at a trade show in New Orleans on October 9, 2003, Microsoft Corp.
CEO Steve Ballmer called the present security situation a "defining moment
in company history" that threatens the firm's bottom line. While Mr. Ballmer
said that the company's Trustworthy Computing initiative had made progress,
he acknowledged that much work remained to be done. As part of a major new
security push, Microsoft will release major new service packs for its
Windows XP and Windows Server 2003 products in 2004 that will drastically
improve security, even for users who haven't diligently installed the
plethora of new security patches. Among other things, the new measures
should cut down on the number of buffer overflow vulnerabilities, improve
firewall features, better scan e-mail and simplify the patching process.
Critics remain skeptical of the latest security announcements, dismissing
them as public relations stunts.
http://www.securityfocus.com/news/7180
Also - http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=45051
Also - http://www.infoworld.com/article/03/10/09/HNmsballmer_1.html
Also - http://news.com.com/2100-1002_3-5088846.html
Also - http://www.eweek.com/article2/0,3959,1329677,00.asp?kc=EWRSS02129TX1K0000531
Also - http://www.theregister.co.uk/content/4/33319.html

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it >
(AreaSessantuno Member) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer)
(Socio fondatore e Membro del CapitanLUG.iT)