Emuleitalia.net ha chiuso!!
Per paura delle conseguenze del decreto Urbani, il sito http://www.emuleitalia.net/ ha chiuso nel silenzio generale i battenti.
Tutti i dettagli nella home.

SASSER, SE UN WORM VA ALL'ATTACCO
Si sta sviluppando l'infezione del primo worm capace di sfruttare una delle recenti vulnerabilita' di Windows. L'emulo di Blaster e' claudicante ma i suoi figli potrebbero rivelarsi molto insidiosi. Oggi e' giorno di massima allerta
URL: http://punto-informatico.it/pi.asp?i=48024

MICROSOFT SISTEMA LA MEGAPATCH DI WINDOWS Confermata la presenza di un bug in una delle ultime patch rilasciate per Windows che, in certi casi, puo' bloccare i sistemi su cui gira Windows 2000. Il big di Redmond sta anche ultimando il Service Pack per Windows 2003
URL: http://punto-informatico.it/pi.asp?i=48020

MPlayer
Vendor: mplayerhq.hu
Some buffer overflow vulnerabilities were reported in MPlayer in the playing of Real-Time Streaming Protocol (RTSP) streams. A remote server can execute arbitrary code on the player.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Apr/1010015.html

xine
Vendor: xinehq.de
Some buffer overflow vulnerabilities were reported in Xine in the playing of Real-Time Streaming Protocol (RTSP) streams. A remote server can execute arbitrary code on the player.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Apr/1010014.html

QuickTime
Vendor: Apple Computer
A vulnerability was reported in Apple QuickTime. A remote user can create a specially crafted movie file to execute arbitrary code on the target system.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Apr/1010010.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer. A remote user can employ another site's certificate to cause the target user's browser to appear to be connected to the other site.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2004/Apr/1010009.html

Linux Kernel
Vendor: kernel.org
A vulnerability was reported in the Linux kernel in the do_fork() function.
A local user may be able to cause denial of service conditions.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2004/Apr/1009990.html

Rsync
Vendor: rsync.samba.org
A vulnerability was reported in rsync. A remote authenticated user may be able to write files on the target system.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2004/Apr/1009982.html

Midnight Commander
Vendor: GNU Midnight Commander Project
Several vulnerabilities were reported in Midnight Commander. A local user may be able to obtain elevated privileges [but that was not confirmed in the report].
Impact: Not specified
Alert: http://securitytracker.com/alerts/2004/Apr/1009981.html

sysklogd
Vendor: Wettstein, Greg
A vulnerability was reported in sysklogd. A remote user may be able to cause the daemon to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Apr/1009976.html

Linux Kernel
Vendor: kernel.org
A vulnerability was reported in the framebuffer driver in the Linux 2.6 kernel. The impact was not specified.
Impact: Not specified
Alert: http://securitytracker.com/alerts/2004/Apr/1009961.html

VirusScan
Vendor: McAfee
A vulnerability was reported in McAfee VirusScan. A remote user may be able to access a target user's system.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2004/Apr/1009956.html

TCP/IP Stack Implementation
Vendor: Sun
A vulnerability was reported in the Sun Solaris TCP/IP stack implementation.
A local user can cause a system panic.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2004/Apr/1009946.html

Windows Explorer
Vendor: Microsoft
A buffer overflow vulnerability was reported in Microsoft Windows Explorer and Internet Explorer. A remote user with control of a network share can cause a target user's Windows Explorer to crash when connecting to the network share.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Apr/1009940.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A buffer overflow vulnerability was reported in Microsoft Windows Explorer and Internet Explorer. A remote user with control of a network share can cause a target user's browser to crash when connecting to the network share.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Apr/1009939.html

Apache
Vendor: Apache Software Foundation
A buffer overflow vulnerability was reported in the Apache web server when running on a non-32-bit architecture. A remote user may be able to execute arbitrary code [however, that was not confirmed in the report].
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Apr/1009934.html

VIRUS SASSER, TAGLIA MICROSOFT DA 250 MILA DOLLARI Per chiunque offra informazioni sull'autore del worm Sasser che sta attaccando computer in tutto il mondo http://www.studiocelentano.it/newsansa.asp?id=34940

MICROSOFT SPIEGA COME PROTEGGERE I PC DAL VIRUS SASSER Microsoft raccomanda firewall, ultime patch di sicurezza ed i piu' recenti antivirus
http://www.studiocelentano.it/newsansa.asp?id=34941

PROBLEMI DI ALLEGATI PER EUDORA
A volte ritornano, e infatti Eudora 6.1 è vulnerabile agli stessi bachi della versione 6.0.3. Si tratta innanzitutto di un problema di spoofing sugli attachment (http://lists.netsys.com/pipermail/full-disclosure/2004-March/018897.html),
poi di un problema con i livelli innestati di attachment (http://lists.netsys.com/pipermail/full-disclosure/2004-April/020075.html).
Infine è stato riscontrato un grave problema che consente l'esecuzione di codice arbitrario mediante overflow addirittura della versione 6.0 (http://lists.netsys.com/pipermail/full-disclosure/2003-September/010029.html).
Notizie importanti, se si considera che Eudora è, specie per i veterani della rete, una delle alternative più note ai client di posta Microsoft.

W32.Sasser.Worm
W32/Sasser.Worm è il primo worm che sfrutta una recente vulnerabilità, buffer overrun, nel processo LSASS, vulnerabilità corretta dalla Microsoft e descritta in questo bollettino.
http://www.alground.com/virus/schedaVirus.php?cod_virus=65

W32.Sasser.B.Worm
Variante del tutto simile alla variante che l'ha preceduto, uniche differenze il nome dell'eseguibile che si posiziona in C:\%WinDir% ed i due mutex che il worm crea.
http://www.alground.com/virus/schedaVirus.php?cod_virus=67

RSA: LA MILANO WIRELESS FA (ANCORA) ACQUA Troppo facile bucare le reti wireless delle aziende milanesi. La maggior parte delle WLAN, infatti, non adotta neppure una tecnologia di cifratura dei dati. Ecco i dati di una realta' che preoccupa gli esperti
URL: http://punto-informatico.it/pi.asp?i=48043

"Non usate quel linguaggio!"
Una collezione di ottime ragioni per NON usare C, C++, Java, PHP, Perl, Python, Visual Basic, C#...
http://www.ziobudda.net/Admin/redir_news.php?id=16999

MANDRAKELINUX ADVISORY: PROFTPD
"A portability workaround that was applied in version 1.2.9 of the ProFTPD FTP server caused CIDR based ACL entries in 'Allow' and 'Deny' directives to act like an 'AllowAll' directive..."
http://nl.internet.com/ct.html?rtr=on&s=1,vhy,1,ae86,k1d,l6kx,c929

DEBIAN GNU/LINUX ADVISORIES: FLIM, RSYNC Two security advisories from the Debian Project.
http://nl.internet.com/ct.html?rtr=on&s=1,vhy,1,4gmc,mcz6,l6kx,c929

Malware
Title: Sasser Worm Expected to Hit Hard
Source: PC World
Date Written: May 3, 2004
Date Collected: May 3, 2004
Two new worms, Sasser.A and Sasser.B, are circulating in the wild, exploiting a critical flaw in Windows 2000 and XP. Experts expect infection to peak, Monday, May 3, 2004, as workers bring their more vulnerable laptop computers into office networks. The worm is expected to spread much like August 2003's Blaster worm. Sasser, which does not require human interaction to infect a machine, exploits a buffer overrun in LSASS (Local Security Authority Subsystem Service), causing machines to shut down. The worm does not damage any files, and is easy to remove, but some believe it could compromise information. Researchers at eEye Digital Security find the Sasser code to be "poorly written," and are surprised it has spread so far.
F-Secure reports hundreds of thousands infected computers. Security experts have also found a third variant, Sasser.C, which launches 1024 threads to consumer processor power, about ten times as many as Sasser A and B.
http://www.pcworld.com/news/article/0,aid,115960,00.asp
Also - http://news.com.com/2100-7349_3-5203791.html
Also - http://www.computerworld.com/securitytopics/security/virus/story/0,10801,92851,00.html
Also - http://www.eweek.com/article2/0,1759,1583314,00.asp

Technology
Title: Zip makes file compression more secure
Source: Computer Weekly
Date Written: April 29, 2004
Date Collected: May 3, 2004
PKWare, developer of the Zip compression technology, has added encryption and centralized management to SecureZip for Windows desktops, with Unix, Linux, and server versions planned for the future. In addition to password protection, SecureZip can now integrate with LDAP (Lightweight Directory Access Protocol) directories and PKI (public key infrastructure) certificate-based encryption. Users can choose between passwords and passwords combined with certificates, while an administrator can enforce an access policy across an organization.
http://www.computerweekly.com/articles/article.asp?liArticleID=130230

Vulnerabilities & Exploits
Title: Apple patches QuickTime flaw
Source: ZDNet
Date Written: April 30, 2004
Date Collected: May 3, 2004
Apple Computer released a patch April 30, 2004 for a flaw in the QuickTime movie player for Mac OS X. While Apple describes the flaw as a minor issue, eEye Digital Security, which discovered the flaw, considers it serious.
Apple notes that a malformed .mov file could cause the player to crash, while eEye says it could also be used to execute arbitrary code. Apple released a security advisory after the patch release, after eEye contacted the company with it concerns.
http://zdnet.com.com/2100-1105_2-5203525.html

COMMON SECURITY VULNERABILITIES IN E-COMMERCE SYSTEMS This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments.
http://www.net-security.org/news.php?id=5106

"KNOPPIX 3.4!"
Finalmente, dopo giorni e giorni di attesa e ritardi, il team di sviluppo di knoppix ha reso disponibile, durante la notte, la nuova versione di questo live cd, basato sulla distribuzione Debian.
http://www.ziobudda.net/Admin/redir_news.php?id=17007

SLACKWARE LINUX ADVISORIES: SYSKLOGD, LIBPNG, XINE-LIB, RSYNC Four security advisories from Slackware.
http://nl.internet.com/ct.html?rtr=on&s=1,vl2,1,8se8,5fqz,l6kx,c929

THE SUN JAVA DESKTOP SYSTEM, RELEASE 2 ARRIVES "Today, Sun releases Java Desktop System, Release 2, the next version of Sun's affordable, comprehensive, and secure enterprise-class desktop solution..."
http://nl.internet.com/ct.html?rtr=on&s=1,vl4,1,7re9,5xw5,l6kx,c929

Malware
Title: Sasser Worm Rips Through Internet: Banks, EU Hit
Source: Reuters
Date Written: May 4, 2004
Date Collected: May 4, 2004
The Sasser worm continues to spread in its second day, taking computer systems offline at banks, transport reservation systems, and European Commission offices. Some estimates of infection are as high as one million computers; Network Associates reports that 65,000 of their customers have been infected. The Sasser worm could grow as many Europeans return to work from a long weekend on Tuesday, May 4, 2004. So far, four variants of the Sasser worm have been released, targeting Windows XP, 2000, and NT machines.
A Netsky variant, Netsky.AC, has also appeared, that may provide clues to the authorship of Sasser; Netsky.AC purports itself to be a fix for Sasser.
Goldman Sachs, Finnish bank Sampo, American Express, Delta Airlines, and Britain's Maritime and Coast Guard Agency have reported problems with the worm. Sasser exploits a buffer overrun flaw in the LSASS (Local Security Authority Subsystem Service) component of Microsoft Windows.
http://www.reuters.com/newsArticle.jhtml?storyID=5027435
Also - http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8579000.htm
Also - http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci962539,00.html
Also - http://zdnet.com.com/2100-1105_2-5204667.html
Also - http://msnbc.msn.com/id/4890780
Also - http://www.infoworld.com/article/04/05/04/HNsasseramex_1.html

"CLI for noobies: need redirection?"
This week's column is going to take you in new directions -- or should I say redirections -- on the command line interface. You're probably already familiar with standard transmissions, Standard Oil, and standard rates. For the momement, forget all about those standards and focus on these: STDIN, STDOUT, and STDERR
http://www.ziobudda.net/Admin/redir_news.php?id=17031

"Mizio, un proxy hunter con GUI"
Mizio è un cerca proxy anonimi con GUI. Per testare l'anonimato Mizio cerca il tuo IP in tutti gli header HTTP ricevuti dai proxy. I proxy vengono recuperati dal web tramite Google. Il software mostra anche (a scelta) il ping e la localizzazione geografica del proxy
http://www.ziobudda.net/Admin/redir_news.php?id=17023

** IL PRIMO ANTIVIRUS OPEN SOURCE PER WINDOWS ** ClamWin è il porting per Win32 del noto software per sistemi Linux.
>> di Matteo Campofiorito
http://www.zeusnews.it/news.php?cod=3038

MICROSOFT: PALLADIUM ADDIO?
Il big di Redmond sta respingendo le ipotesi che erano emerse nelle scorse ore, quelle secondo cui la discussa piattaforma di sicurezza sarebbe fuori da Longhorn
URL: http://punto-informatico.it/pi.asp?i=48089

LINUX IS NOT OPEN SOURCE, SAYS MICROSOFT "Microsoft's Australian MD Steve Vamos has revealed the latest line in its battle against Linux: Linux, it seems, is not open source..."
http://nl.internet.com/ct.html?rtr=on&s=1,vnx,1,hkq8,b95u,l6kx,c929

Vulnerabilities & Exploits
Title: Apple Issues Patch for Mac OS X
Source: eSecurityPlanet
Date Written: May 4, 2004
Date Collected: May 5, 2004
Apple Computer has released a patch for OS X addressing highly critical vulnerabilities in the AFP (Appletalk Filing Protocol) Server, CoreFoundation, and IPSec (Internet Protocol, Secure) which could allow an attacker to access and control a system, deny service, escalate privileges, and manipulate data. The patch also addresses flaws in a previous patch. The AFP flaw is a buffer overflow that would allow an attacker to execute arbitrary code with root privileges. Two flaws in the IPSec implementation would allow a man-in-the-middle attack, unauthorized access, or denial of service. Secunia rates the AFP flaw, discovered by @Stake, as highly critical, while Apple's security advisory vaguely describes the patch as an attempt to "improve the handling of long passwords." @Stake's Chris Wysopal criticizes Apple for not providing enough information to allow users to make sound security decisions. eEye Digital Security has also criticized Apple for glossing over the severity of a QuickTime vulnerability.
http://www.esecurityplanet.com/prodser/article.php/3349191
Also - http://www.techworld.com/security/news/index.cfm?newsid=1497
Also - http://zdnet.com.com/2100-1105_2-5205912.html

PROFESSIONE CYBER LAWYER, A FOGGIA SI FA SUL SERIO Al via il primo corso intensivo di diritto dell'internet. Atteso il Ministro Stanca e Funzionari del Garante
http://www.studiocelentano.it/newsflash_dett.asp?id=7344

Microsoft Active Server Pages Rivelazione di Cookie L'Active Server Pages (ASP) engine non maneggia propiamente alcuni valori dei cookie rimandando un messaggio di errore al client.
http://www.alground.com/news/news.php?page=288

"Nuovo CMS in PHP, versione di sviluppo"
E' in fase di sviluppo la nuova categoria di sistemi di gestione dei contenuti web. Scalabile, veloce e sicuro, scrito interamente in PHP4, necessita al momento di conoscenze di base di PHP e permette di tirare su siti semplici in un attimo.
http://www.ziobudda.net/Admin/redir_news.php?id=17058

"Trasforma PC Windows in thin-client Linux!"
Ad un anno esatto dalla sua nascita, e' stato rilasciato ieri Thinstation 2!
Thinstation è una mini distribuzione Linux che ti permette di convertire normali PC in terminali grafici disk-less (Thin-client); il boot remoto avviene tramite un semplice floppy o schede di rete con EPROM predisposta.
E' possibile connettersi a terminal server Windows 2000/2003, Citrix, X etc.
Amministrazione e configurazione possono essere completamente centralizzati!
http://www.ziobudda.net/Admin/redir_news.php?id=17049

MICROSOFT: PALLADIUM ADDIO?
Il big di Redmond sta respingendo le ipotesi che erano emerse nelle scorse ore, quelle secondo cui la discussa piattaforma di sicurezza sarebbe fuori da Longhorn
URL: http://punto-informatico.it/pi.asp?i=48089

REBOOT LINUX FASTER USING KEXEC
"Even if your work doesn't require you to reboot your Linux machine several times a day, waiting for a system to reboot can be a real drag. Enter kexec..."
http://nl.internet.com/ct.html?rtr=on&s=1,vrb,1,8s1v,7l99,l6kx,c929

Malware
Title: Viruses target IM
Source: Computerworld
Date Written: May 5, 2004
Date Collected: May 6, 2004
While most users see e-mail as the main target of viruses, growing use of instant messaging (IM) services has led to an increase of malware in that arena. Symantec's Internet Security Threat Report finds a 400% increase in IM viruses between 2002 and 2003. Jitux.A targeted users of MSN Messenger while Bizex targeted ICQ. Most IM viruses require user interaction to infect a machine; often viruses send users an instant message with a link to a website, promising entertaining photos or games, but delivering a virus or Trojan which then sends an instant message to everyone in the user's buddy list. Due to the immediate and personal nature of IM, users often let their guard down with instant messaging. Most IM networks do not interoperate, limiting the spread of viruses. Many antivirus and security softwares now offer protection for IM.
http://computerworld.com/securitytopics/security/story/0,10801,92913,00.html

Malware
Title: Bagle worms continue mutating
Source: PC Pro
Date Written: May 7, 2004
Date Collected: May 7, 2004
Anti-virus vendor Sophos is warning Internet users about a new variant of the prolific Bagle worm. Sophos has received "many reports" of Bagle-AB in the wild. The new Bagle variant arrives via e-mail with a variety of subject lines, scans systems for e-mail addresses to mail itself to, and attempts to turn off security and anti-virus programs on an infected machine. When the malicious Bagle attachment is executed, users are shown a fake error message, 'Can't find a viewer associated with the file'.
http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=57259

Vulnerabilities & Exploits
Title: Eudora speared by massive security hole
Source: Techworld
Date Written: May 7, 2004
Date Collected: May 7, 2004
Security firm Secunia and security expert Paul Szabo are warning users about a number of serious vulnerabilities in various versions of the popular Eudora e-mail program. Mr. Szabo has discovered an "easily exploitable"
buffer overflow vulnerability in Eudora (Eudora 6.1, Eudora 5.2.1 and earlier, and perhaps also Eudora 6.0.3) that could allow an attacker to execute malicious code on a vulnerable machine using an e-mail containing a link longer than 300 bytes. No patch is currently available to fix this flaw. Eudora also contains other "critical vulnerabilities" related to the fact that "attachments can be spoofed and are also pre-extracted," according to Secunia and Mr. Szabo.
http://www.techworld.com/security/news/index.cfm?newsid=1516

Vulnerabilities & Exploits
Title: Check Point urges VPN software upgrade to close hole
Source: security.itworld.com
Date Written: May 7, 2004
Date Collected: May 7, 2004
Check Point Software Technologies Ltd. is warning customers about a vulnerability in the ISAKMP (Internet Security Association & Key Management
Protocol) that could allow the execution of malicious code on a vulnerable machine. Customers that have upgraded to the latest versions of Check Point's VPN (virtual private network) software (VPN-1/FireWall-1 R55 HFA-03,
R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56) or that do not use remote access or gateway VPNs are not affected by the flaw.
Everyone else is urged to upgrade immediately. Check Point is not aware of any organization that has been affected by the vulnerability so far.
http://security.itworld.com/4343/040507checkpointhole/page_1.html

Best Practices & Risk Management
Title: NIST offers guidelines for securing VOIP
Source: Government Computer News
Date Written: May 6, 2004
Date Collected: May 7, 2004
The National Institute of Standards and Technology (NIST), a branch of the Department of Commerce, issued draft guidelines for securing voice-over-Internet protocol (VoIP) systems on May 6, 2004. NIST recommends that agencies using VoIP should ensure that they properly understand the technology, potential complications, and associated security risks. Among other things, the NIST draft recommends: "Separating voice and data traffic on logically different networks; denying access to the voice gateway from the data network; using firewalls designed for VOIP traffic; using IPsec or Secure Shell as well as strong authentication for remote management and auditing; and encrypting voice traffic at the router or gateway if performance is a problem." NIST is accepting comments on the draft guidelines, 'Special Publication 800-58, Security Considerations for Voice Over IP Systems', until June 18, 2004.
http://www.gcn.com/vol1_no1/daily-updates/25844-1.html

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)