INSICUREZZA INTERNET, L'INDICE ANNUALE
Lo ha presentato RSA Security per sintetizzare i risultati degli osservatori sulla sicurezza in un sommario che indica i punti piu' critici della rete.
Le cose vanno male. I dettagli
URL: http://punto-informatico.it/pi.asp?i=47176

FreeBSD Kernel
Vendor: FreeBSD
A vulnerability was reported in the FreeBSD kernel. A superuser process within a jail can gain full access to a different jail on the target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2004/Feb/1009244.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
iDEFENSE reported a cross-frame domain security vulnerability in Microsoft Internet Explorer. A remote user may be able to obtain a target user's keystrokes within a frameset.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2004/Feb/1009243.html

WinZip
Vendor: WinZip Computing, Inc.
iDEFENSE reported a vulnerability in WinZip in the processing of MIME archives. A remote user can cause arbitrary code to be executed on a target user's system.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2004/Feb/1009242.html

QuickTime/Darwin Streaming Server
Vendor: Apple Computer
iDEFENSE reported a vulnerability in Apple's QuickTime Darwin Streaming Server. A remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Feb/1009192.html

Apache
Vendor: Apache Software Foundation
STG Security reported a vulnerability in Apache for the cygwin environment.
A remote user can traverse the directory to view files on the target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2004/Feb/1009182.html

Windows Explorer
Vendor: Microsoft
A buffer overflow vulnerability was reported in Microsoft Windows Explorer in the processing of Enhanced Metafile graphics files. A user can cause arbitrary code to be executed on the target system.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2004/Feb/1009181.html

SSL VS. IPSEC: WHICH IS RIGHT FOR YOUR VPN?
Both solutions have their pros and cons, so selecting the best one for your needs can be confusing. Before deciding which one is right for your organization, it's important to understand how both technologies work to secure a VPN.
http://www.net-security.org/news.php?id=4671

QUIS CUSTODIET CUSTODES?
Che fare se è il software di sicurezza ad avere un baco? L'ultimo caso della serie è il software di intrusion detection basato su host RealSecure/BlackICE di ISS, vulnerabile in una serie di versioni. La lista completa può essere reperita sulla advisory di eEye security, http://www.eeye.com/html/Research/Advisories/AD20040226.html
La vulnerabilità consente ad un aggressore di sfruttare un heap overflow ed eseguire codice con i privilegi di SYSTEM mediante un pacchetto SMB malformato. Le patch di ISS sono disponibili all'indirizzo http://www.iss.net/download/

REAL PLAYER ESEGUE ANCHE CODICE
Sfruttando una vulnerabilità di directory trasversal di Real Player, scoperta da Jouko Pynnonen, è possibile usare un file RMP (RealJukebox Metadata Package) per caricare ed eseguire (sfruttando alcuni bachi di Internet Explorer) file contenenti codice arbitrario con i privilegi dell'utente che sta eseguendo Real Player. Il problema è che questi file vengono eseguiti automaticamente, senza chiedere il consenso dell'utente stesso. Il problema è esteso a RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise. Le patch sono disponibili all'URL http://service.real.com/help/faq/security/040123_player/EN/

Da DevShed la prima rivista Free
Developer Shed ha annunciato oggi l'uscita della prima rivista liberamente scaricabile dedicata al agli sviluppatori. Il link porta al pdf della rivista.
http://www.ziobudda.net/Admin/redir_news.php?id=16219

Linux ha seri problemi di memoria
Scoperte due nuove gravi falle nei kernel 2.2, 2.4 e 2.6. Possono permette a un attaccante unescalation di privilegi che arriva fino allesecuzione di codice. Le correzioni da fare subito.
http://www.ziobudda.net/Admin/redir_news.php?id=16214

Ma Linux e' davvero cosi' sicuro?
di Bernardo Parrella
Recenti attacchi e falle del kernel sollevano nuovamente il problema, inclusa la gestione di sviluppo con "molti occhi".
http://www.apogeonline.com/webzine/2004/03/01/05/200403010501

THOMSON FORGIA MP3 CON LUCCHETTO
Per lucrare sul piu' diffuso formato audio digitale, Thomson lancia una tecnologia DRM che potra' essere utilizzata da major e distributori per blindare i file MP3. A chi interessa?
URL: http://punto-informatico.it/pi.asp?i=47191

BFi12-dev-09 NeURo intervista BFi
---
title: NeURo intervista BFi
author: NeURo <neuro@olografix.org>, BFi staff <bfi@s0ftpj.org>
rel-date: 01/03/2004
url: http://bfi.s0ftpj.org/dev/BFi12-dev-09
lang: it
---
title: AngeL - the power to protect, part II
author: The Sponge <sponge@tiscali.it>
rel-date: 01/03/2004
url: http://bfi.s0ftpj.org/dev/en/BFi12-dev-02-en
lang: en
---

DIAGNOSING THE LINUX BODY
You have a problem with a Linux app. If you're Eric Raymond, you write an article about it. For the rest of us, fixing said problem is usually pretty simple... if we can just figure out where the problem actually lies.
http://nl.internet.com/ct.html?rtr=on&s=1,r1l,1,9r0f,lz1i,l6kx,c929

INTEL HYPER THREADING ON LINUX: FACT OR MYTH "ByteEnable explains Hyper-Threading, runs some benchmarks and shows you how to get the most out of a Intel Pentium 4 HT enabled processor upgrade..."
http://nl.internet.com/ct.html?rtr=on&s=1,r1l,1,k483,g3u4,l6kx,c929

Malware
Title: Netsky.D worm spreading at 'record speed'
Source: ZDNet UK
Date Written: March 1, 2004
Date Collected: March 1, 2004
The Netsky.D variant has started spreading Monday, March 1, 2004, clogging e-mail gateways in a traffic flood Graham Cluley of the Sophos antivirus firm compares to the SoBig worm of 2003. Previous Netsky worms came as an e-mail attachment or spread through shared network folders. The new variant only spreads over e-mail and is slightly smaller. Infected computers will play a series of beeps from computer speakers between 6:00 am and 8:59 am on March 2. Mr. Cluley expects the virus to spread even further as Americans wake up and turn on their machines. Finnish antivirus company F-Secure rates Netsky.D at its highest threat level for its rapid spread.
http://news.zdnet.co.uk/internet/security/0,39020375,39147916,00.htm

Vulnerabilities & Exploits
Title: File Sharing Vulnerability Discovered in Mac OS X
Source: EWeek.com
Date Written: February 27, 2004
Date Collected: March 1, 2004
A flaw has been discovered in the Apple Filing Protocol (AFP) that could allow an attacker to steal passwords. When users attempt to make a secure connection over SSH (secure shell), AFP does not issue a warning when it finds that no secure connection is available and defaults to an insecure connection. An alert user must notice that the "Opening Secure Connection"
message did not appear. Users who do not notice the lack of that message may unknowingly transmit their passwords as clear text. However, the user would have to be the target of an active attack; AFP prevents passive password collection, so an attacker would have to masquerade as the server a user wanted to connect to. Chris Adams, the systems administrator who discovered the flaw, presented several work-arounds in a Bugtraq post, but recommended that SSH be set as the default connection for clients and servers, and the interface modified to give clear warning. Mr. Adams informed Apple of the flaw in December 2003, and followed up on it a few weeks later, but has not yet received any response from the company.
http://www.eweek.com/article2/0,1759,1540557,00.asp

MS PREPARA UN PACCO PER SVILUPPATORI
Il big di Redmond e' pronto a rilasciare, insieme al Service Pack 2 per Windows XP, aggiornamenti ai propri tool di sviluppo che consentano ai programmatori di comprendere e sfruttare le ultime funzionalita' di sicurezza
URL: http://punto-informatico.it/pi.asp?i=47211

THE LINUX BOOTING PROCESS UNVEILED
"In the beginning, there was GRUB (or maybe LILO) and GRUB loaded the kernel, and kernel begat init, and init begat rc, and rc begat network and httpd and getty, and getty begat login, and login begat shell and so on..."
http://nl.internet.com/ct.html?rtr=on&s=1,r53,1,i37q,7zrs,l6kx,c929

Vulnerabilities & Exploits
Title: Windows leak dangers 'exaggerated'
Source: The Register
Date Written: March 1, 2004
Date Collected: March 2, 2004
The leak of Microsoft source code sparked concern of an increase in exploits as black hat hackers examine it for vulnerabilities. However, a cryptographer's panel at the RSA Conference doubted the apparent danger, calling it a "minor data point in the open source debate." Paul Kocher of Cryptographic Research expressed irritation that black hats could examine the code, but legitimate researchers were legally constrained from doing so.
The possible vulnerabilities in the source code would not matter to elite hackers in the opinion of Bruce Schneier, chief technology officer at Counterpane Internet Security, noting that any reasonable intelligence agency would already have access to the source code.
http://www.theregister.co.uk/content/6/35933.html

"SpamAssassin-ClamAV-Procmail-Howto"
Il documento spiega come costruire un sistema antispam ed antivirus utilizzando esclusivamente prodotti OpenSource e senza la necessità di patchare o modificare il proprio MTA.
http://www.ziobudda.net/Admin/redir_news.php?id=16230

Best Practices & Risk Management
Title: Profiling network administrators
Source: Network World Fusion
Date Written: March 1, 2004
Date Collected: March 4, 2004
Hacker Adrian Lamo looks at some security breaches, discussing how administrators' focus on protecting their network perimeters led them to overlook other vectors. Most administrators secure their perimeters, taking measures against scans, buffer overflows, and other such attack patterns, ignoring indirect means of intrusion. Job seekers waiting in the lobby of one high-tech company were provided with public workstations to check job listings--workstations connected to the company's internal network. Another company's web mail service allowed employees to redirect e-mail to another address using their name and Social Security number; a quick search found an employee directory with names and Social Security numbers, including those of the chief executive. Attackers bypassed America Online's (AOL) SecurID system by redirecting their Internet traffic through employee workstations, masked as web connections, creating private gateways throughout AOL's network, compromising hundreds of high profile accounts.
http://www.nwfusion.com/research/2004/0301hackerslamo.html

LINUX AT 2.6
"Now Linux 2.6 continues to build in polish that further transcends its historic pigeonholing by many as an OS that is inexpensive, but only just good enough to get the job done..."
http://nl.internet.com/ct.html?rtr=on&s=1,rey,1,27cu,7770,l6kx,c929

Malware
Title: Antivirus vendors unzip encrypted email viruses
Source: Silicon.com
Date Written: March 5, 2004
Date Collected: March 5, 2004
A Bagle variant has been sneaking past antivirus filters by packaging itself in an encrypted .zip file, and giving users the password to open it.
Antivirus firms BitDefender and Kapersky Labs have updated their virus scanners to read the password from the e-mail text and open the .zip file for scanning. Eugene Kapersky and BitDefender head Viorel Canja say their updated products will protect users from the new trend virus writers are using to bypass filters. Network Box has similarly upgraded its security appliance.
http://www.silicon.com/software/security/0,39024655,39118922,00.htm

Civil & Consumer Issues
Title: Caller ID: step forward or Microsoft Trojan horse?
Source: Techworld
Date Written: March 5, 2004
Date Collected: March 5, 2004
E-mail and legal experts have criticized Microsoft's Caller ID e-mail authentication architecture over its licensing structure. Microsoft owns several patents related to Caller ID, and offers a fully paid, royalty-free license to make, use, sell, offer to sell, import, and otherwise distribute licensed implementations of Caller ID. John Levine, of the IETF (Internet Engineering Task Force) Anti Spam Research Group, questions why Microsoft does not submit the technology to a recognized standards body, and notes that the licenses cannot be transferred, making Microsoft the final arbiter of licenses. Microsoft says while it does not plan to profit from Caller ID, it wants to make sure that no one else does either. Mr. Levine offers that even if Microsoft does not go through a standards body, a clearer license would ease industry concerns over a possible Microsoft power grab.
http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=1150

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < -jackal-@libero.it >

(AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)