Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer (IE). A remote
user can spoof URL addresses in the status bar.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2004/Oct/1011987.html

Php
Vendor: PHP Group
A vulnerability was reported in PHP in the cURL functions. A script can
bypass the 'open_basedir' directory setting.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2004/Oct/1011984.html

QuickTime
Vendor: Apple Computer
An integer overflow vulnerability was reported in Apple's QuickTime. A
remote user may be able to execute arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Oct/1011969.html

RealOne (RealPlayer)
Vendor: RealNetworks
A vulnerability was reported in RealPlayer. A remote user can execute
arbitrary code on the target player.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Oct/1011944.html

Windows Remote Desktop Application
Vendor: Microsoft
A vulnerability was reported in Microsoft Remote Desktop on Windows XP. A
remote authenticated user can restart the system.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Oct/1011940.html

Mozilla Firefox
Vendor: Mozilla.org
Peter Kruse of Combined Services and Integrated Solutions (CSIS) reported a
denial of service vulnerability in Mozilla Firefox. A remote user can cause
the browser to consume all available resources.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Oct/1011917.html

Apache 1.3.33 (1.3)
Apache is the world's most popular HTTP server, being quite possibly the
best around in terms of functionality, efficiency, security and speed.
http://freshmeat.net/releases/177364/

GMAIL ALLE PRESE CON UNA FALLA
Un hacker israeliano ha avvisato dell'esistenza di una falla in Gmail che
consentirebbe a qualsiasi malintenzionato con un bagaglio tecnico minimo di
accedere alla mailbox di un utente conoscendone solo lo username
URL: http://punto-informatico.it/pi.asp?i=50246
Also - http://www.alground.com/news/news.php?page=564

CORRETTO UN BUCO DI QUICKTIME
Una nuova versione di QuickTime tappa due pericolose falle nelle versioni
per Windows e Mac OS X del famoso player di Apple
URL: http://punto-informatico.it/pi.asp?i=50241

Second-order code injection attacks
Many forms of code injection targeted at web-based applications (for
instance cross-site scripting and SQL injection) rely upon the instantaneous
execution of the embedded code to carry out the attack (e.g. stealing a
user's current session information or executing a modified SQL query). In
some cases it may be possible for an attacker to inject their malicious code
into a data storage area that may be executed at a later date or time.
Depending upon the nature of the application and the way the malicious data
is stored or rendered, the attacker may be able to conduct a second-order
code injection attack. A second-order code injection attack can be
classified as the process in which malicious code is injected into a
web-based application and not immediately executed, but instead is stored by
the application (e.g. temporarily cached, logged, stored in a database) and
then later retrieved, rendered and executed by the victim. The paper can be
accessed from:
http://www.nextgenss.com/papers/SecondOrderCodeInjection.pdf

How the FireWall-1 implements Content Filtering
Content Security provides additional control over what can be accessed
through your firewalls. In this sample chapter, Dameon D. Welch-Abernathy
explains how to manage content security with Check Point Firewall-1.
http://www.informit.com/articles/article.asp?p=170451&f1=nl;37;2004-11-02

IS OPEN SOURCE REALLY MORE SECURE?
"In this article we'll discuss the claim made by proponents of open source
software that such software is more secure. Is open source really inherently
more secure than closed source commercial software? If so, why? And if not,
why do so many have that perception...?"
http://nl.internet.com/ct.html?rtr=on&s=1,17fq,1,2npu,fn5o,85jl,7pty

Vulnerabilities & Exploits
Title: Google blocks Gmail exploit
Source: The Register
Date Written: November 1, 2004
Date Collected: November 1, 2004
Google reports that has fixed a vulnerability in its Gmail web-based e-mail
service that would have allowed an attacker to access a user's e-mail
account with only the user name. The cross-site scripting vulnerability
would allow an attacker to steal a user's cookie file, then use it to
identify himself to Gmail as the user. The cookie file would allow access
even if the user changes the password. The flaw was first reported in the
Israeli magazine Nana NetLife, after it was discovered by Israeli hacker Nir
Goldshlagger. If exploited, the flaw could allow an attacker access to
sensitive data, as most Gmail users avail themselves of their one gigabyte
of storage and never delete an e-mail. It is unknown whether the flaw has
been exploited, but Google has addressed the flaw, protecting current and
future users.
http://www.theregister.co.uk/2004/11/01/gmail_bug_fixed
Also - http://net.nana.co.il/Article/?ArticleID=155025&sid=10

Linux LiveCD Router 2.0.5
Linux LiveCD Router allows you to share and firewall your broadband
connection and use WiFi. It works with DSL, cable modem, T1, and dial-up
connections and supports inexpensive hardware such as USB and PCMCIA WiFi
and ethernet cards. It does not require a hard disk.
http://freshmeat.net/releases/177599/

ASP.NET: PROBLEMI VERI O FINTI?
Il mistero avvolge una possibile vulnerabilità di ASP.NET su Windows 2000 or
Windows XP (http://www.microsoft.com/security/incident/aspnet.mspx). E'
stato infatti riferito su NTBugtraq che esiste un baco che potrebbe
consentire a un aggressore di oltrepassare l'autenticazione e di modificare
un sito in ASP.NET, anche se non consentirebbe di violare la macchina che
ospita tale sito. Microsoft, non essendo in grado di individuare il problema
o di negare che esista, consiglia come workaround l'installazione di un
software che standardizzi i path usati nelle richieste ad ASP.NET. Le
spiegazioni sono disponibili all'URL
http://support.microsoft.com/?kbid=887289

VENTI COLPI PER IBM
Venti buchi in DB2, che minacciano i sistemi nelle versioni 7, 8 e 8.1 sono
stati individuati dal solito David Litchfield e corretti da IBM. Alcune di
queste vulnerabilità sono critiche e remote, consentendo di prendere il
controllo del database senza avere un login valido. Le versioni di DB2 per
AIX, HP-UX, Solaris, Linux e Windows sono egualmente interessate. L'advisory
è reperibile all'URL
http://www.nextgenss.com/advisories/db2-01.txt
Tra i problemi si segnalano un buffer overflow in alcune estensioni per XML,
e nella gestione dei nomi di libreria. Nel caso di Windows si verificano
anche dei problemi con i permessi di installazione. Le patch sono
disponibili a questo indirizzo:
http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html

10 COLPI NEL CARICATORE PER MICROSOFT
Dieci bollettini, per un totale di 22 bachi, aspettano gli amministratori di
sistemi Microsoft. Di seguito alcune rapide descrizioni dei contenuti.
- MS04-032: vulnerabilità multiple che possono portare alla compromissione
completa del sistema, dei dati in esso contenuti, e alla creazione di
account con i privilegi amministrativi
- MS04-033: vulnerabilità di Excel che consente di ottenere pieno controllo
di un sistema.
- MS04-034: vulnerabilità nella compressione cartelle, con gli stessi
effetti descritti sopra.
- MS04-035: una grave vulnerabilità nella risoluzione dei nomi effettuata
dal servizio SMTP di Windows Server 2003 o di Exchange Server 2003 Routing
Engine su Windows 2000 SP 3 o SP4.
- MS04-036: questa vulnerabilità risiede nel servizio NNTP, usato per i
server di newsgroup. Anche macchine senza tale servizio esplicitamente
installato possono essere vulnerabili, dato che si tratta di un prerequisito
per altri servizi. Questa vulnerabilità e la precedente sono chiaramente
piu' gravi in quanto sfruttabili da remoto.
- MS04-037: problemi di simile gravità nella shell di Windows.
- MS04-038: è la classica security update cumulativa di Internet Explorer,
che corregge un nugolo di vulnerabilità che possono portare alla
compromissione del sistema da remoto. I problemi "minori", per così dire,
sono invece i seguenti:
- MS04-029: un problema nell'RPC che potrebbe portare al denial of service e
al disclosure di brandelli di memoria del sistema operativo
- MS04-030: una vulnerabilità nel WebDAV XML Message Handler che porta al
DoS
- MS04-031: una vulnerabilità in NetDDE che può portare all'esecuzione di
codice da remoto. E' grave, ma il servizio NetDDE non è in esecuzione per
default.

JPEG ASSASSINE ANCHE SU XFREE
Visualizzare un immagine e crashare una macchina non è solo un incubo degli
utenti Windows. Un errore nelle librerie libXpm, parte di XFree86, rende
anche le macchine Linux, e financo Solaris, vulnerabili a un problema dello
stesso tipo, scoperto dal ricercatore Chris Evans. La patch di Sun (per
Solaris 7, 8 e 9 su piattaforma SPARC e x86) è disponibile all'url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Per Linux, le varie distribuzioni offrono i package aggiornati sui
rispettivi siti.

Linux Administration: Installing Software
Three basic software installations are covered here: using the RPM,
compiling software using the standard GNU compilation method, and compiling
and installing the software by hand.
http://www.devshed.com/c/a/Administration/Linux-Administration-Installing-Software/

Authenticating Logins
Login security is the first step in securing your server, and although it
doesn't stop there, understanding the fundamentals of security is essential
to ensuring you a smooth journey.
http://www.aspfree.com/c/a/MS-SQL-Server/Authenticating-Logins/

GENTOO LINUX ADVISORIES: CHEROKEE, PPP, ARCHIVE::ZIP
Three security advisories from the Gentoo Foundation.
http://nl.internet.com/ct.html?rtr=on&s=1,17j6,1,b1fr,a0qt,85jl,7pty

SLACKWARE LINUX ADVISORIES: LIBTIFF, APACHE+MOD_SSL
Two security advisories from Slackware.
http://nl.internet.com/ct.html?rtr=on&s=1,17j6,1,ir7,kr0h,85jl,7pty

IN KERNEL GUI
"Zack Smith announced that he has been working on an in-kernel 2D GUI for
the 2.6 Linux kernel called FBUI..."
http://nl.internet.com/ct.html?rtr=on&s=1,17j4,1,8rs0,g0gp,85jl,7pty

PLUGGABLE CPU SCHEDULERS
"Con Kolivas posted a set of patches to the lkml offering a pluggable cpu
scheduler framework..."
http://nl.internet.com/ct.html?rtr=on&s=1,17j4,1,ams6,27xa,85jl,7pty

SETTING UP A SIMPLE LINUX FIREWALL
This is an overview of the things I think you need to know if you're going
to try and set up a simple firewall using linux on an old PC.
http://www.net-security.org/news.php?id=6367

EASY TO REMAIN UNTRACEABLE
Breaking into computer networks and remaining untraceable after the breach
has been detected is apparently easier than anyone would like it to be, said
The Grugq, a Britain-based hacker.
http://www.net-security.org/news.php?id=6379

THE DNSDOCTOR UTILITY
This utility will perform tests of a DNS zone or domain name. There are two
versions available for download.
http://www.net-security.org/news.php?id=6380

UNDERSTANDING E-MAIL SPOOFING
E-mail spoofing is a growing problem and has reached the point where you
cannot rely on the information displayed in your e-mail client to tell you
who really sent a message. This article takes a look at the problem and the
proposed solutions.
http://www.net-security.org/article.php?id=737

Malware
Title: IE exploits top web security threat list
Source: The Register
Date Written: November 2, 2004
Date Collected: November 2, 2004
Security firm ScanSafe says Internet Explorer (IE) exploits were the fastest
growing security threat in the last quarter of 2004. Exploit.HTML.Mht, the
most prevalent IE exploit, registered twice as many attacks as any other
threat in the second quarter of 2004. While Trojans and worms remain the
most common threat, exploits grew to 19% of all attacks recorded by
ScanSafe. John Edwards, technical director at ScanSafe, forecasts that
exploits driven by browser vulnerabilities will continue to become more
prevalent, as attackers will be quick to take advantage of emerging
vulnerabilities.
http://www.theregister.co.uk/2004/11/02/web_security_survey_scansafe

Malware
Title: Millions of Bagles knock out Windows firewall
Source: ZDNet Australia
Date Written: November 1, 2004
Date Collected: November 2, 2004
Panda software has raised its threat classification of the recently
discovered Bagle.BC variant to red alert status. Within hours of its
appearance, Bagle.BC was already one of the most frequently detected viruses
on the company's scanner, and the number of incidents is expected increase.
In addition, two new strains of the bagel worm, Bagle.BD and BE, were
discovered October 29, 2004. Graham Cluley, senior technology consultant at
anti-virus firm Sophos, said these three new Bagle variants can attack and
disable Microsoft's new firewall application, including PCs running Windows
Service Pack 2 (SP2).
http://news.zdnet.co.uk/0,39020330,39172165,00.htm

Malware
Title: Beware of Yahoo! spam scam
Source: The Register
Date Written: November 1, 2004
Date Collected: November 2, 2004
Spammers are sending bogus e-mails attempting to fool users into setting up
Yahoo e-mail accounts on their behalf, falsely asking for help preventing
automated registrations. E-mail filtering firm MessageLabs says the e-mails
contain a fake Yahoo.com address which redirects through Google three times
in order to obscure the path of the link, and eventually takes users to a
fake Yahoo webpage. That webpage loads a real Yahoo help page with
information explaining the code verification process, and also a fake pop-up
window which asks the user to enter a code. MessageLabs says the e-mails
have been sent out in low volume thus far, possibly and indication that the
spammers are trying to keep a low profile, and notes that the technique for
obscuring the link's path has also been used in phishing attacks.
http://www.theregister.co.uk/2004/11/01/yahoo_spam_signup_scam

Vulnerabilities & Exploits
Title: Microsoft denies spoofing is a security flaw
Source: ZDNet UK
Date Written: November 2, 2004
Date Collected: November 2, 2004
Microsoft has denied reports from security firms that a spoofing technique
available on its Internet Explorer (IE) browser is due to a security flaw,
though it acknowledged the possibility that spoofing could occur on IE
version 6. Spoofing is often used in phishing attacks, and Microsoft argued
that significant social engineering would need to take place if victims were
to fall for such attacks. Microsoft claims an attacker would need to entice
a user to visit a site and be enticed by the attacker to take some action,
such as disclosing confidential financial information, without the user
noticing that the address did not match the address the user intended to
visit. Nevertheless, Microsoft said Windows XP Service Pack 2 (SP2) is not
affected, and that the company will evaluate the feasibility of implementing
similar changes on earlier Windows versions.
http://news.zdnet.co.uk/internet/security/0,39020375,39172310,00.htm

Vulnerabilities & Exploits
Title: Sun fixes flaw in Java proxy server
Source: Search Security
Date Written: November 1, 2004
Date Collected: November 2, 2004
Sun Microsystems has fixed highly critical buffer overflow vulnerabilities
in the Java System Web Proxy Server that could allow attackers to remotely
crash machines or execute malicious code, affecting Sun Java System Web
Proxy Server 3.6 Service Pack 5 and higher. In an advisory, the company said
the vulnerabilities may allow a remote unprivileged user to crash either the
Web Proxy Server or the admin server, or execute arbitrary code with the
privileges of the respective server processes. The flaws were discovered by
Matt Moore, researcher at British security firm Pentest Limited, and
reported to Sun.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1021713,00.html

Astaro Security Linux 4.024 (Stable 4.x)
Astaro Security Linux is an all-in-one network security gateway that
includes a firewall, intrusion protection, virus protection, spam
protection, URL filtering, and a VPN gateway. Features include stateful
packet inspection, deep packet filtering, application-level intrusion
detection, content filtering, virus detection for email traffic (SMTP and
POP3) and Web traffic (HTTP), whitelists and blacklists, IPSec and PPTP VPN
tunneling, spam blocking, logging and reporting. The software is built on an
embedded, especially hardened Linux distribution. The WebAdmin tool and
Up2Date service make it easy to install, manage, and update all six security
applications.
http://freshmeat.net/releases/177757/

Reverse Utils::TCP-over-HTTP/CGI 0.1.18
Reverse Utils::TCP-over-HTTP/CGI is useful for connecting to hosts which are
reachable by a Webserver you have access to, but not reachable by you. It
allows you to use any host you have Web and CGI access to as a proxy for TCP
connections.
http://freshmeat.net/releases/177774/

"PDF gratuiti su sicurezza e altro in italiano"
Duke, noto gruppo editoriale nel settore informatico, mette a disposizione
dei visitatori una serie di report in formato PDF liberamente scaricabili.
http://www.ziobudda.net/Admin/redir_news.php?id=19651

CODICE DI CISCO VENDESI
Una crew di cracker ha messo in vendita, attraverso i newsgroup, il codice
integrale di un prodotto chiave di Cisco e di alcuni altri software, tra cui
Napster. Burla o sporchi affari? La polizia sta indagando
URL: http://punto-informatico.it/pi.asp?i=50287
Also - http://www.eweek.com/article2/0,1759,1710415,00.asp

GOOGLE CORREGGE UN ALTRO BUG
Il portalone della ricerca sul Web ha corretto una potenziale vulnerabilita'
di sicurezza scoperta negli scorsi giorni da un giovane appassionato di
informatica italiano
URL: http://punto-informatico.it/pi.asp?i=50280

IE TRA FALSI URL E ATTACCHI REMOTI
Microsoft deve fronteggiare altre due falle di Internet Explorer, tra cui
una considerata dagli esperti adatta ad essere sfruttata dai worm. Ecco i
dettagli
URL: http://punto-informatico.it/pi.asp?i=50288

SSH User Identities
This article shows how to improve SSH security using public key
authentication instead of, or in addition to, password authentication.
http://www.securityfocus.com/infocus/1810

DEBIAN GNU/LINUX ADVISORIES: ABIWORD, MPG123, IPTABLES, LIBXML, LIBXML2,
XPDF
Five security advisories from the Debian Project.
http://nl.internet.com/ct.html?rtr=on&s=1,17mp,1,43e2,ccoy,85jl,7pty

MANDRAKELINUX ADVISORIES: PERL-MIME-TOOLS, NETATALK, MYSQL...
Other advisories: mpg123, perl-Archive-Zip, gaim, and
mod_ssl/apache2-mod_ssl
http://nl.internet.com/ct.html?rtr=on&s=1,17mp,1,jw8m,27ad,85jl,7pty

MAC AND LINUX NOT IMMUNE TO VIRUSES
"Any operating system in the hands of naive users can be as dangerous as a
Windows computer..."
http://nl.internet.com/ct.html?rtr=on&s=1,17mp,1,kkb2,58kr,85jl,7pty

GPL'D KERNEL CRASH DUMP TOOL AIDS LINUX SYSTEM DEBUGGING
"NTT Data and VA Linux of Japan have released an open source crash dumping
tool for Linux kernels..."
http://nl.internet.com/ct.html?rtr=on&s=1,17mm,1,g5rg,kmq4,85jl,7pty

"Nuove vulnerabilità in OpenSSH e OpenSSL"
Le versioni per piattaforma SGI IRX 6.5 di OpenSSH e OpenSSL soffrirebbero
alcune vulnerabilità, confermate oggi da SGI, in grado di permettere un DoS
(Denial of Service) o una sovrascrittura di file specifici.
http://www.ziobudda.net/Admin/redir_news.php?id=19669

URL spoofing bug (con iframes) in Microsoft Internet Explorer
Un problema presente in Microsoft Internet Explorer 6 SP1 permette di
mostrare indirizzi non reali nella barra del browser.
http://www.alground.com/news/news.php?page=571

Internet Explorer IFRAME Buffer Overflow
Una vulnerabilità riportata in Internet Explorer può essere sfruttata da
remoto per compromettere i sistemi degli utenti.
http://www.alground.com/news/news.php?page=572

Cisco Secure Access Control Server EAP-TLS Vulnerabilità nell'autenticazione
Una vulnerabilità nel processare i dati di autenticazione di EAP-TLS
riportata in Cisco Secure Access Control Server consente l'accesso da remoto
ad utenti non autorizzati.
http://www.alground.com/news/news.php?page=573

MODIFYING A DYNAMIC LIBRARY WITHOUT CHANGING THE SOURCE CODE
"Placing your own code between a program and the libraries it is linked
against is easy when you use the LD_PRELOAD environment variable..."
http://nl.internet.com/ct.html?rtr=on&s=1,17pl,1,fey2,ls91,85jl,7pty

KEEPING THE KERNEL
"Insight and wisdom from the maintainer of the Linux 2.6 kernel..."
http://nl.internet.com/ct.html?rtr=on&s=1,17pl,1,51x7,cpcr,85jl,7pty

Vulnerabilities & Exploits
Title: New IE 6.0 Bug Spotted, No Fix
Source: Security Pipeline
Date Written: November 3, 2004
Date Collected: November 4, 2004
Security firm Secunia warned November 3, 2004 of an extremely critical flaw
in Internet Explorer (IE) that currently has no fix. Fully-patched versions
of IE 6.0 in both Windows XP through Service Pack 1 and Windows 2000 are
vulnerable to attack through the IFRAME HTML tag, which can allow an
attacker to gain control of the system and introduce arbitrary code by using
a specially-crafted HTML to cause a buffer overflow. Secunia recommends that
users either upgrade to Service Pack 2 or use another browser until
Microsoft releases a patch.
http://www.securitypipeline.com/51202601

Bastille Linux 2.1.5-1.0
Bastille Linux aims to be the most comprehensive, flexible, and educational
Security Hardening Program for Red Hat, Mandrake, and Debian Linux, as well
as HP-UX and Mac OS X. Virtually every task it performs is optional,
providing immense flexibility. It educates the installing admin regarding
the topic at hand before asking any question. The interactive nature allows
the program to be more thorough when securing, while the educational
component produces an admin who is less likely to compromise the increased
security.
http://freshmeat.net/releases/177885/

"Guida ad FSTAB"
Sicuramente è utile saper configurare a mano il file di /etc/fstab, dove
vengono indicati i filesystem utilizzati e le directory ad essi associate.
Ecco una breve guida ad FSTAB.
http://www.ziobudda.net/Admin/redir_news.php?id=19681

"Windows: falla in Internet Explorer resta senza soluzione"
Una falla presente nella versione 6.0 di Internet Explorer non ha avuto
ancora nessuna soluzione e rimane un accesso per malintenzionati.
http://www.ziobudda.net/Admin/redir_news.php?id=19698

"Freebsd 5.3 Release"
Freebsd 5.3 Release e' finalmente ultimata.Seguite il link per effettuare il
download.
http://www.ziobudda.net/Admin/redir_news.php?id=19697

** CORSO GRATUITO PER SVILUPPATORE OPEN SOURCE **
Finanziato dal Ministero del Lavoro e dal Fondo Sociale Europeo, darà la
possibilità a quindici disoccupati di lavorare.
http://www.zeusnews.it/news.php?cod=3469

OPTIMIZING APACHE
"My web site is gaining popularity quickly, but I can't afford to upgrade my
hardware. What can I do to optimize Apache...?"
http://nl.internet.com/ct.html?rtr=on&s=1,17st,1,s1q,e5hd,85jl,7pty

KEEP AN EYE ON YOUR LINUX SYSTEMS WITH NETSTAT
"Maintaining a Linux system involves paying close attention to running
services and network traffic. With netstat, you've got a powerful
surveillance and troubleshooting tool..."
http://nl.internet.com/ct.html?rtr=on&s=1,17st,1,ld4y,emos,85jl,7pty

Malware
Title: Post-election Bin Laden video spreads a worm for the Hobbit
Source: ZDNet Australia
Date Written: November 5, 2004
Date Collected: November 5, 2004
Antivirus firm Sophos warns that an e-mail signed by "The Hobbit" and
claiming to contain a video of Osama bin Laden's reaction to the US election
actually holds a new variant of the Famus worm. The Famus worm targets
Windows systems and uses a social engineering attack based on events
involving the United States military. Previous variants have been disguised
as a Pentagon spreadsheet and pictures of the Iraq war. Once the Famus worm
infects a computer, it sends itself to every e-mail address it finds on the
hard drive. Famus also creates some files, including a text file in Spanish
informing users that they have been infected. Research firm Gartner expects
such social engineering attacks to be the greatest security threat to large
companies over the next ten years.
http://www.zdnet.com.au/news/security/0,2000061744,39165586,00.htm

Vulnerabilities & Exploits
Title: Norton AntiVirus flaw ready for exploitation?
Source: ZDNet Australia
Date Written: November 4, 2004
Date Collected: November 5, 2004
Exploit code for a vulnerability in Symantec's Norton AntiVirus script
handler has been published. Researcher Dan Milisic discovered the flaw and
posted an alert on Secunia's website in October 2004, but Symantec has
denied that its ScriptBlocking tool is flawed. Mr. Milisic has responded by
developing an exploit script that can execute without any intervention from
ScriptBlocking, and adds that such code is likely already used by malwares
in the wild. Mr. Milisic tested his code on Norton AntiVirus 2005 running on
Windows XP. Neil Campbell of Dimension Data says such flaws demonstrate the
need to rely on more than just one layer of security.
http://www.zdnet.com.au/news/security/0,2000061744,39165422,00.htm

gcc 3.4.3
The GNU Compiler Collection contains frontends for C, C++, Objective-C,
Fortran, Java, and Ada as well as libraries for these languages. It is a
full-featured ANSI C compiler with support for K&R C as well. GCC
provides many levels of source code error checking traditionally provided by
other tools (such as lint), produces debugging information, and can perform
many different optimizations to the resulting object code.
http://freshmeat.net/releases/178129/

mod_security 1.8.6 (Stable)
ModSecurity is an intrusion detection and prevention engine for Web
applications. Operating as an Apache module, its purpose is to increase Web
application security, protecting Web applications from known and unknown
attacks. It is flexible and easy to configure, and monitors HTTP traffic
(including POST payload), enhances logging, performs automatic built-in
checks and, at the same time, allows administrators to create custom rules
for their specific needs.
http://freshmeat.net/releases/178017/

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Member) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Security News MainTainer)
(Socio fondatore e Presidente del CapitanLUG.iT)