GnomixLand :: Manuali, immagini, fotografie e tanto altro a portata di un click

LEGGIBILI LE SCHEDE ABBONATO DI SKY
Giocando con le URL alcuni utenti scoprono che si possono visualizzare gli
account degli abbonati satellitari, comprensivi di nomi, numeri di telefono,
indirizzi, codici fiscali e quant'altro
URL: http://punto-informatico.it/pi.asp?i=45790

TROJAN PECHINESE CONTRO IL DALAI LAMA
Il governo tibetano in esilio accusa il governo cinese di aver fatto
realizzare un virus informatico su misura per colpire la propria
infrastruttura informatica. Pechino si diletta in epidemie controllate?
URL: http://punto-informatico.it/pi.asp?i=45794

"E' uscito il nuovo Openbsd 3.4"
Molte le novita' di questo sistema Unix Like, cugino di Linux e fratello di
FreeBSD.
http://www.ziobudda.net/Admin/redir_news.php?id=14562

"Palladium: uno standard aperto (o no?)"
Il 16 settembre 2003 e' uscita la versione 1.1 della specifica software
della NGSCB, nota anche come palladium. Nella 1° pagina c'e pero' scritto
che " Without limitation, TCG disclaims all liability, including liability
for infringement of any proprietary rights, relating to use of information
in this specification and to the implementation of this specification.. ".
In parole povere, semplicemente implementare la specificazione potrebbe
portare conseguenze legali non molto piacevoli .
http://www.ziobudda.net/Admin/redir_news.php?id=14561

** RIVALUTARE L'HACKER **
E' online il sito ufficiale dell'HANC, organizzazione che cerca di ridare
giustizia alla comunità hacker.
>> di Pier Luigi Tolardo
http://www.zeusnews.it/news.php?cod=2514

** L'ISOLA DEL WIFI **
Un quartiere dove si puo' andare in giro con il portatile sempre connesso
all'internet, i cui abitanti possono entare in un qualche locale e navigare
gratis, oppure imparare a usare e configurare GNU/Linux o farsi la webradio.
>> di Riccardo Orioles
http://www.zeusnews.it/news.php?cod=2513

** TELEFONATE GRATIS E CRIPTATE **
Skype è un software innovativo per effettuare chiamate vocali via Internet.
>> di Matteo Campofiorito
http://www.zeusnews.it/news.php?cod=2509

** MANUALE DI AUTOLIBERAZIONE INFORMATICA **
Come passare al software libero e vivere felici. Non solo utili e semplici
spiegazioni tecniche, ma anche una panoramica sulle fondamenta di Software
Libero e Open Source.
>> di Michele Bottari
http://www.zeusnews.it/news.php?cod=2521

RAPPORTO SU WINDOWS ED EXCHANGE
Una serie di vulnerabilità consentono ogni tipo di nefandezze su Windows e
Exchange. Due sono totalmente sfruttabili da remoto. La prima è un buffer
overflow nel Windows Messenger Service consente di eseguire codice
arbitrario (http://www.microsoft.com/technet/security/bulletin/MS03-043.asp,
CAN-2003-0717). La soluzione proposta è in primis disabilitare il servizio,
solo in subordine l'applicazione di una patch. Curioso che solo un mese fa
Microsoft, per bocca di Greg Sullivan, dichiarasse che Messenger era solo
una piccola noia, niente di pericoloso
(http://www.usatoday.com/tech/news/2003-09-24-popups_x.htm). Exchange Server
crasha con messaggi SMTP appositamente malformati: in Exchange 5.5 questo si
traduce in un DoS, mentre in Exchange 2000 si tratta di esecuzione
arbitraria di codice
(http://www.microsoft.com/technet/security/bulletin/MS03-046.asp,
CAN-2003-0714). Altri bachi richiedono invece di fare 'visualizzare' una
pagina a un utente (cosa non molto difficile: basta una mail in HTML).
Windows Help e il Support Center contengono un buffer overflow nel
protocollo HCP, che consente di eseguire codice con i privilegi di
LOCAL_SYSTEM
(http://www.microsoft.com/technet/security/bulletin/MS03-044.asp,
CAN-2003-0711). Inoltre il controllo ActiveX "Local Troubleshooter"
(Tshoot.ocx), teoricamente dedicato ad aiutare gli utenti, contiene una
vulnerabilità che consente di eseguire da remoto codice con il privilegio
dell'utente loggato
(http://www.microsoft.com/technet/security/bulletin/MS03-042.asp). Una
vulnerabilità nientemeno che in Authenticode consente di installare
controlli ActiveX senza l'autorizzazione degli utenti, eseguendo codice
arbitrario (http://www.microsoft.com/technet/security/bulletin/MS03-041.asp,
CAN-2003-0660). C'è poi un problema di Cross Site Scripting in Outlook Web
Access (http://www.microsoft.com/technet/security/bulletin/MS03-047.asp,
CAN-2003-0712). Infine, una vulnerabilità nelle ListBox e ComboBox consente
a un utente locale di guadagnare privilegi elevati mediante un buffer
overflow (http://www.microsoft.com/technet/security/bulletin/MS03-045.asp,
CAN-2003-0659). Dettagli ulteriori possono essere letti sull'advisory del
CERT:
http://www.cert.org/advisories/CA-2003-27.html

"Un libro gratuito da IBM su LDAP"
LDAP è un servizio di directory aperto e leggero che si appoggia a TCP/IP
per il funzionamento. Sempre più prodotti integrano questo protocollo,
compresi molti client di posta elettronica gratuiti.
http://www.ziobudda.net/Admin/redir_news.php?id=14569

APPLE TRA BUG E PATCH
I problemi piu' diversi assediano Cupertino: dalle difficolta' di iTunes ai
bug di Panther e FireWire fino ai singhiozzi di Jaguar e alle cause
giudiziarie. Colpa del vento solare
URL: http://punto-informatico.it/pi.asp?i=45807

Vulnerabilities
Title: Plenty of IM Security Holes Left to Plug
Source: IT Management
Date Written: October 31, 2003
Date Collected: November 3, 2003
Instant Messaging (IM) has evolved from cool computer tool for teenagers to
valid business productivity component. The trouble is that IM security has
not yet made the same transition. A study by Osterman Research, based in
Black Diamond, Wash., reveals that while IM currently has a presence in 91
percent of enterprises, only about 26 percent are utilizing an
enterprise-grade IM system That means 65 percent rely on consumer products.
These consumer products generally lack even minimal security standards. Many
consumer IM applications bypass corporate authentication systems, open
vulnerable ports on networks, and provide no means for administrators to
capture the history of the conversation. All of this means that instant
messaging carries a high potential for liability, particularly in heavily
regulated industries, such as financial services and health care. And as IM
usage becomes more and more prevalent, virus writers will increasingly turn
their attention to this new medium. Virtually all IM systems allow for file
transfers that bypass virus checking software. All of these concerns point
out the need for a well communicated IM policy at corporations and, usually,
the implementation of enterprise-strength IM applications.
http://itmanagement.earthweb.com/secu/article.php/3102531

WHAT CAN CRACKERS REALLY DO TO YOUR PC?
You hear a lot about the havoc criminal hackers wreak on people's PCs. But
how likely is this? And what exactly can they do? Turn on your PC? Steal
your data? Robert has the answers.
http://www.net-security.org/news.php?id=3899

WHICH ADWARE AND SPYWARE ARE THE MOST INSIDIOUS?
Theres an interesting discussion over at Slashdot where the readers are
sharing their opinions on which adware and spyware are the worst and are
they legal.
http://www.net-security.org/news.php?id=3911

SYSTEM RECOVERY WITH KNOPPIX
This article shows how to access a non-booting Linux system with a Knoppix
CD, get read-write permissions on configuration files, create and manage
partitions and filesystems, and copy files to various storage media and over
the network.
http://www.net-security.org/news.php?id=3916

INTRODUCTION TO NESSUS
This article shall endeavor to cover the basics of Nessus setup and
configuration. The features of the current versions of Nessus (Nessus 2.0.8a
and NessusWX 1.4.4) will be discussed.
http://www.net-security.org/news.php?id=3927

ADVANCED CROSS SITE SCRIPTING AND CLIENT AUTOMATION
This paper discusses one method of exploiting POST variables vulnerable to
cross site scripting and secured areas protected by a temporary session.
http://www.net-security.org/article.php?id=587

"Uno ''scudo'' per il kernel di Linux"
Recentemente è stata rilasciata una nuova versione della patch "exec-shield"
per il kernel di Linux. Essa si propone di inibire i casi più comuni di
buffer overflow senza penalizzare le prestazioni del sistema.
http://www.ziobudda.net/Admin/redir_news.php?id=14584

OUTSIDE LOOKING IN: THE BSD OPERATING SYSTEMS
"Technically, the BSD operating systems are every bit as good as Linux, so
why aren't they commercially sucessful...?"
http://www.eweek.com/article2/0,4149,1368006,00.asp

Malware
Title: Sex and the City worms promise illicit thrills
Source: The Register
Date Written: November 4, 2003
Date Collected: November 4, 2003
Two variants of an e-mail worm, Torvil-A and Torvil-B, have been infecting
computers by presenting themselves as a screensaver containing outtakes from
the television show 'Sex and the City,' with adult content. If the worm is
downloaded, it tries to infect public Internet newsgroups and to forward
itself with every e-mail sent from the computer. Graham Cluley, of antivirus
firm Sophos, notes that the worm only affects Windows machines, and is
neither particular harmful nor rapidly spreading. Virus writers often use
such social engineering tactics to make their claims seem more plausible,
and increase the chance of infection. Other viruses have promised pictures
of such famous women as Britney Spears, Anna Kournikova, Avril Lavigne,
Jennifer Lopez and Kylie Minogue to encourage download.
http://www.theregister.co.uk/content/55/33774.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer. A remote user
can create HTML that can access local files.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Oct/1008053.html

Nfs
Vendor: Sun
A vulnerability was reported in the Solaris NFS Server. A remote user can
cause the target file server to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Oct/1008038.html

Apache mod_rewrite
Vendor: Apache Software Foundation
A vulnerability was reported in the Apache mod_rewrite component. A remote
user may be able to trigger a buffer overflow.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Oct/1008030.html

Apache mod_alias
Vendor: Apache Software Foundation
A vulnerability was reported in the Apache mod_alias component. A remote
user may be able to trigger a buffer overflow.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Oct/1008029.html

Apach mod_cgid
Vendor: Apache Software Foundation
A vulnerability was reported in the Apache web server in the mod_cgid
component. CGI output may be disclosed to another client in certain
situations.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2003/Oct/1008028.html

QuickTime Java
Vendor: Apple Computer
An unspecified vulnerability was reported in Apple's QuickTime for Java. A
remote user may be able to gain access to the target system.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2003/Oct/1008027.html

Norton Internet Security
Vendor: Symantec
An input validation vulnerability was reported in Symantec's Norton Internet
Security 2003. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Oct/1008010.html

Yahoo Messenger
Vendor: Yahoo
A vulnerability was reported in Yahoo! Messenger. A remote user can cause a
target user's client to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Oct/1008008.html

** OFFICE 2003, LA PATCH CHE VIENE DAL FUTURO! **
Microsoft Office 2003 ha qualche piccolo problema: in alcune circostanze
perde pezzi per strada. Pezzi dei vostri documenti, s'intende.
>> di Paolo Attivissimo
http://www.zeusnews.it/news.php?cod=2539

** ESEGUIBILI RIDOTTI ALL'OSSO **
Upx è una potente utility in grado di comprimere file .exe e .dll,
mantenendoli eseguibili.
>> di Matteo Campofiorito
http://www.zeusnews.it/news.php?cod=2533

** QUANDO INTERNET SI BLOCCO' **
Quindici anni fa uno studente universitario diffuse in rete per la prima
volta un virus con effetti devastanti: una lezione da non dimenticare.
>> di Andrea Faenza
http://www.zeusnews.it/news.php?cod=2535

"Come passare da Access a MySQL"
Un articolo in italiano che spiega come passare un database da Access a
MySQL.
http://www.ziobudda.net/Admin/redir_news.php?id=14612

"Vulnerabilità DoS in OpenSSL 0.9.6k"
E' stato segnalato un problema di tipo DoS nell'implementazione OpenSSL
0.9.6k su Windows. Un bug può portare ad una ricorsione e a un conseguente
crash di OpenSSL. Questo dettaglio può quindi essere usato da un utente
malintenzionato per mettere fuori uso openSSL. [ndZioBudda: anche se per
windows è comunque una cosa seria]
http://www.ziobudda.net/Admin/redir_news.php?id=14609
Also - http://www.ziobudda.net/Admin/redir_news.php?id=14608
Also - http://linuxtoday.com/security/2003110501226SCSW

SLACKWARE LINUX ADVISORY: APACHE
"Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1,
and -current..."
http://linuxtoday.com/security/2003110501326SCSVSL

RED HAT LINUX ADVISORY: CUPS
"Updated CUPS packages that fix a problem where CUPS can hang are now
available..."
http://linuxtoday.com/security/2003110501426SCRHSW

MANDRAKE LINUX ADVISORIES: POSTGRESQL, APACHE
Two security advisories from Mandrakesoft.
http://linuxtoday.com/security/2003110501526SCMDSW

OPEN SOURCE NETWORK ADMINISTRATION WITH MRTG
"This can be an invaluable tool for diagnosing network problems because it
not only indicates the current status of the network but also lets you
visually compare this with the history of network utilization..."
http://www.newsforge.com/software/03/10/21/1858206.shtml?tid=132&tid=82&tid=91

CREATING A COMPLETE DISTRIBUTION ON CD
"We all know about the possibilities for installing Linux on a hard drive.
Sometimes, however, this option isn't good enough..."
http://www.linuxjournal.com/article.php?sid=7233

PRIMA PATCH CRITICA PER OFFICE 2003
Microsoft rilascia un aggiornamento per la sua giovanissima versione di
Office che risolve un problema di compatibilita' e scongiura eventuali
perdite di dati. Update anche per IE
URL: http://punto-informatico.it/pi.asp?i=45846
Also - http://zdnet.com.com/2100-1104_2-5103267.html

VIRGILIO, LEGGIBILI GLI SMS DEGLI UTENTI
Da un certo indirizzo web, accessibile senza password o avvisi di
protezione, e' possibile aprire log da 20 megabyte con dentro indirizzi
email, numeri di cellulare e testi degli SMS
URL: http://punto-informatico.it/pi.asp?i=45850

"Linux Kernel Backdoor Hack Attempt Discovered"
Da Slashdot: "The BitKeeper to CVS gateway was apparently hacked in an
attempt to add a root exploit back door to the Linux kernel, according to
the linux-kernel archive..."
http://www.ziobudda.net/Admin/redir_news.php?id=14634

"Fedora Core 1"
E' uscita la prima versione di Fedora Core (praticamente quella che doveva
essere Red Hat 10). Vai con il download!
http://www.ziobudda.net/Admin/redir_news.php?id=14628

"Tar: backup e compressione da riga di comando"
Ecco una piccola guida per i newbie: il comando tar e la compressione di
directory/file.
http://www.ziobudda.net/Admin/redir_news.php?id=14627

"Note 2.0, un bignami per FreeBSD"
Disponibile gratuitamente per il download quest'ottimo "bignami". Parola di
utente.
http://www.ziobudda.net/Admin/redir_news.php?id=14623

VALIDATING INPUT
This article shows how to validate input--one of the first lines of defense
in any secure program.
http://www-106.ibm.com/developerworks/linux/library/l-sp2.html?ca=dgr-lnxw02ValidatingInput

Malware
Title: Experts, IT managers say Microsoft should forget bounty, focus on security
Source: Computerworld
Date Written: November 5, 2003
Date Collected: November 6, 2003
While many in law enforcement, such as Peter Townsend of the US Secret
Service, hailed Microsoft's reward for the writers of the Blaster and SoBig
worms as a new step for government and private sector cooperation, many
information technology security managers and experts had mixed reactions.
Connie Sadler, IT security director at Brown University, believes the money
would be better spent hardening the Windows operating system, especially for
the prevention and containment of viruses. Hugh McArthur, of Online
Resources Corporation, doubts the reward's effectiveness, and notes that the
vulnerabilities exploited by malware still exist. Brad Smith, general
counsel for Microsoft, noted at the press conference announcing the reward
program that the money does not address security improvements for Windows,
but shows the company recognizes its need to combat viruses on multiple
fronts. Patrick Gray, former FBI agent and now head of the emergency
response team at Internet Security Systems, agrees, stating "it's time to
stop focusing only on the buggy software and go after the criminal elements
that exploit [it] as well."
http://computerworld.com/securitytopics/security/story/0,10801,86869,00.html

Technology
Title: Has your phone been 'bluejacked'?
Source: ZDNet
Date Written: November 5, 2003
Date Collected: November 6, 2003
Some people have begun using the Bluetooth feature on personal digital
assistants (PDA) and mobile phones for a new activity called 'bluejacking,'
or sending anonymous text messages to strangers' cell phones. Bluetooth is a
wireless technology designed to enable devices within a few meters of each
other to exchange information. Bluejackers use their phone, or other device,
to get a list of nearby Bluetooth enabled phones. They then name their phone
after the message they want to send, choose a device, and the phone
announces itself to the chosen device. For example, a bluejacker could name
their phone 'nice tweed pants' and send that message to someone nearby. Many
bluejackers practice their hobby for the surprised expressions on their
targets' faces, but some believe the technology could be used for a new type
of spam. People can stop bluejackers by turning off the Bluetooth feature of
their phones.
http://zdnet.com.com/2100-1104_2-5102499.html
Also - http://news.bbc.co.uk/2/hi/technology/3237755.stm

Technology
Title: Wireless Intrusion Detection Systems
Source: Security Focus
Date Written: November 5, 2003
Date Collected: November 6, 2003
Wireless local area networks (WLAN) present a number of security issues. The
Wired Equivalent Privacy (WEP) encryption standard for 802.11 wireless is
inherently weak. An attacker can set up a rogue access point in a coverage
area to gain information from users. Users can easily set up an access point
on a corporate network without the knowledge of a system administrator,
creating a backdoor into otherwise protected systems. Attackers can also
interfere with 802.11 radio signals or use TCP/IP (transmission control
protocol/Internet protocol) to launch a denial of service attack. Intrusion
detection systems (IDS) analyze network traffic to find evidence of
malicious activity and policy violations. A wireless IDS has added
functionality for threats unique to wireless networks. Wireless IDS
typically deploy sensors near wireless access points (WAP), enabling them to
detect the majority of misuse, and even pinpoint the geographic area of an
attacker, offering the possibility of physically intercepting the attacker.
The author cautions that wireless IDS are a new technology, can be
cost-prohibitive for vendor solutions, and require significant human
resources. The author also adds that the benefits likely outweigh the
downsides for many organizations.
http://www.securityfocus.com/infocus/1742

Vulnerabilities & Exploits
Title: Weakness Reported in Wireless Security Protocol
Source: EWeek.com
Date Written: November 6, 2003
Date Collected: November 6, 2003
ICSA Labs researcher Robert Moskowitz has released a paper detailing a
vulnerability in certain implementations of the Wi-Fi Protected Access (WPA)
cryptography standard for wireless networks. The implementations at risk use
a "pre-shared key" for passphrase generation. The pre-shared key is aimed
toward inexperienced users with normal home computing equipment. This
feature allows such users to enter a shared passphrase into the system,
which WPA then combines with the network's SSID (service set identifier) to
generate a cryptographic key. Other WPA key management techniques require
more expensive equipment, such as authentication servers. An attacker can
sniff some packets of data then use a dictionary attack offline to guess the
passphrase. Keys generated from phrases of less than 20 characters are
unlikely to deter an attack according to Mr. Moskowitz. With the passphrase,
the attacker can join the network like any other user. Slashdot readers of
the report pointed out that the network model used in Mr. Moskowtiz's report
is far more secure than the typical wireless network deployment, which often
have no cryptographic protection.
http://www.eweek.com/article2/0,4149,1375085,00.asp
Also - http://www.theregister.co.uk/content/69/33829.html

"Buffer overflow in Ethereal 0.9.15"
Il gruppo di sviluppo di Ethereal ha comunicato un buffer overflow nel
parser di Ethereal 0.9.15. Sussiste perciò il rischio di esecuzione di
codice arbitrario e di DoS su Ethereal.
http://www.ziobudda.net/Admin/redir_news.php?id=14641

MANDRAKE LINUX ADVISORY: CUPS
"A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in
the Internet Printing Protocol (IPP) implementation would result in CUPS
going into a busy loop, which could result in a Denial of Service (DoS)
condition..."
http://linuxtoday.com/security/2003110701826SCMDSW

DEBIAN GNU/LINUX ADVISORY: POSTGRESQL
"Tom Lane discovered a buffer overflow in the to_ascii function in
PostgreSQL. This allows remote attackers to execute arbitrary code on the
host running the database..."
http://linuxtoday.com/security/2003110701926SCDBSW

Homeland Security & Infrastructure Protection
Title: 'DDoS' Attacks Still Pose Threat to Internet
Source: Washington Post
Date Written: November 4, 2003
Date Collected: November 7, 2003
The distributed denial of service (DDoS) attacks against the Internet's 13
root domain name servers on October 21, 2002 underscored the vulnerability
of the Internet's infrastructure to cyber attacks. Those attacks briefly
took out seven of the root servers, but users experienced little disruption
because domain information is stored locally and only longer outages would
have a disruptive effect. However, security experts worry that the DNS
system remains at risk because there are still thousands of DoS 'zombies' on
the Internet and easy-to-use, automated attack tools are readily available.
The organizations that operate the root servers have implemented security
measures to help protect the system against future attacks, including adding
bandwidth and distributing the location of a server (anycasting), but
defending against massive, well coordinated DDoS strikes remains difficult.
http://www.washingtonpost.com/wp-dyn/articles/A61714-2003Nov4.html

Cybercrime-Hacking
Title: Attempted attack on Linux kernel foiled
Source: ZDNet News
Date Written: November 6, 2003
Date Collected: November 7, 2003
It appears that a hacker has attempted to insert a Trojan horse program into
the code of the next version of the Linux kernel. The flaw was added to
source code stored in the BitKeeper repository - a database "used only to
provide the latest beta, or test version, of the Linux kernel to users of
the Concurrent Versions System (CVS), a program designed to manage source
code." The Trojan never actually became part of the Linux code, according to
Larry McVoy, primary architect of BitKeeper, and the flaw was discovered
within 24 hours. If the code had been successfully added to the Linux
kernel, it could have elevated an attacker's privileges on any Linux machine
that runs a kernel compiled with the code. The incident raises concerns
about the open source development method, but open source advocates insist
that adequate security checks are in place and the flaw was discovered
before it could do any harm. It is unclear whether law enforcement will be
brought in to investigate the matter.
http://zdnet.com.com/2100-1105_2-5103670.html
Also - http://www.securityfocus.com/news/7388
Also - http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,86946,00.html

Vulnerabilities & Exploits
Title: Panther FileVault data loss misery
Source: MacWorld
Date Written: November 4, 2003
Date Collected: November 7, 2003
There appears to be a problem with the Mac OS X 10.3 operating system, also
known as Panther, whereby use of the software's FileVault has resulted in
"reset[s] or destroyed data for Safari, Address Book, Mail, Keychain, and
the Dock." FileVault, a central feature of Panther, offers double
password-protected 128-bit data security for users' Home directories. The
problem can also lead to instability of the operating system. According to
users, the problem is only resolved when FileVault is turned off, but data
must still be restored and preferences reset. Apple is aware of the issue
and is investigating.
http://www.macworld.co.uk/news/main_news.cfm?NewsID=7212

Vulnerabilities & Exploits
Title: Microsoft Offers Windows XP Wireless Security Rollup
Source: Security Pipeline
Date Written: November 6, 2003
Date Collected: November 7, 2003
Microsoft Corp. has released a rollup package containing several
previously-released fixes for security flaws and problems related to
wireless connectivity in Windows XP. The rollup addresses a variety of bugs,
including one "in which Wi-Fi Protected Access (WPA) security previously did
not work correctly when Advanced Encryption Standard (AES) and Temporary Key
Integrity Protocol (TKIP) security are both present on the access point." It
also deals with flaws whereby Windows XP sometimes uses a weak encryption
scheme when stronger schemes are available or users are prevented from
reconnecting to a preferred network after an unsuccessful key exchange.
http://www.securitypipeline.com/news/showArticle.jhtml;jsessionid=NTKCITEMDJCD4QSNDBCCKHQ?articleId=16000460

g00d reading! 'n' bye
Security News ManTeiner:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it >
(AreaSessantuno Member) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Daily DisInfo CreaTor & ManTeiner)
(Socio fondatore e Membro del CapitanLUG.iT)