"Nuove numerose gravi falle di sicurezza in Explorer"
Una nuova (grande) serie di "buchi" di sicurezza per ciò che riguarda Explorer, ma anche Outlook e potenzialmente altro software firmato MS. I fix di Firefox 1.0.3 sembrano nulla rispetto a quelli di cui necessita IE..
http://www.ziobudda.net/Admin/redir_news.php?id=22233

"Guida di base al VHDL"
Si tratta del primo sito in italiano interamente dedicato al vhdl, con una guida di base, con esempi, collegamenti a guide avanzate, collegamenti a programmi (sia per linux che per windows) e con un forum unicamente per il vhdl. Tutti i consigli sono benvenuti!
http://www.ziobudda.net/Admin/redir_news.php?id=22231

"Debian Sarge (3.1): Il Setup Perfetto!"
Traduzione dell'omonima Guida di howtoforge.com. Spiega in dettaglio tutti i passaggi per mettere in piedi un Server Debian Sarge (tra poco stabile), configurando praticamente tutto (Apache + Estensioni,ProftpD, Server Mail (Postfix),Webalizer..). Molto dettagliato il processo di installazione e di configurazione dei vari servizi.
http://www.ziobudda.net/Admin/redir_news.php?id=22230

** ARRIVA EIGER, IL WINDOWS RICICLONE ** Un sistema operativo leggero e adatto a vecchi Pc.
http://www.zeusnews.it/news.php?cod=4130

** TEMPO DI PEZZE PER ITUNES E FIREFOX ** Falla grave del programma musicale, bachi nella gestione di Javascript di Firefox.
>> di Paolo Attivissimo
http://www.zeusnews.it/news.php?cod=4122

** 2 GIGA E POP3 **
Come sfruttare tramite il proprio client di posta l'enorme spazio messo a disposizione da Google.
http://forum.zeusnews.com/viewtopic.php?t=4808

XBOX 360 E' (QUASI) NUDA
La nuova console di Microsoft, il cui debutto e' previsto per la fine dell'anno, mostra finalmente la sua reale fisionomia e la dotazione tecnologica ufficiale, inclusi i due chipponi che macineranno istruzioni e poligoni
URL: http://punto-informatico.it/pi.asp?i=52813

BUCO IN IPSEC, VPN A RISCHIO
Alcune vulnerabilita' nel protocollo di sicurezza IPsec possono indebolire la sicurezza delle reti VPN, le stesse utilizzate da molti per connettersi da remoto alla intranet della propria azienda
URL: http://punto-informatico.it/pi.asp?i=52800

SCOPERTO SPIFFERO IN IE E OUTLOOK
Un team di esperti ha reso nota la presenza di una vulnerabilita' di sicurezza classificata ad alto rischio. Microsoft al lavoro sulla patch
URL: http://punto-informatico.it/pi.asp?i=52801

Seminari sul tema "La firma digitale"
L'Associazione Laureati in Economia Informatica (ALEI) organizza per il 27 maggio presso l'università "G. D'Annunzio", sede di Pescara, una serie di seminari sul tema della firma digitale. Parteciperanno il prof. Giampaolo Bella, docente di "Sicurezza Informatica" presso l'Università di Catania e Massimiliano Minerva, magistrato della "Corte dei Conti" e professore a contratto di "Informatica Giuridica" dell'Università degli Studi del Sanni in Benevento. Programma e iscrizione (obbligatoria) sul sito web dell'ALEI http://www.alei.it

ASP Portal
Vendor: ASP Portal
Last Samurai from under9round digital security group reported an input validation vulnerability in ASPPortal. A remote user can inject SQL commands.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/May/1013969.html

FreeBSD Kernel
Vendor: FreeBSD
A vulnerability was reported in FreeBSD when using Hyper-Threading Technology. A local user may be able to obtain elevated privileges.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/May/1013967.html

Mozilla Firefox
Vendor: Mozilla.org
Two vulnerabilities were reported in Firefox. A remote user can spoof file types in the file download dialog.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/May/1013966.html

Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in the Firefox web browser. A remote user can cause scripting code to be executed with elevated privileges.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/May/1013965.html

Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in the Firefox web browser in the processing of 'javascript:' URLs. A remote user can bypass certain security checks.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/May/1013963.html

Mozilla Browser
Vendor: Mozilla.org
A vulnerability was reported in the Mozilla web browser suite in the processing of 'javascript:' URLs. A remote user can bypass certain security checks.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/May/1013962.html

QuickTime
Vendor: Apple Computer
David Remahl reported a vulnerability in Apple QuickTime in the processing of Quartz Composer files. A remote user can determine system information.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/May/1013961.html

Squid
Vendor: Squid-cache.org
A vulnerability was reported in Squid in the processing of DNS lookups. A remote user may be able to spoof DNS lookup responses.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/May/1013952.html

Cisco Firewall Service Module
Vendor: Cisco
A vulnerability was reported in the Cisco Firewall Services Module (FWSM) in the enforcement of URL, FTP, or HTTPS filtering. A remote user can bypass the filtering access control list.
Impact: Host/resource access via network
Alert: http://securitytracker.com/alerts/2005/May/1013949.html

Tcpdump
Vendor: Tcpdump.org
A vulnerability was reported in Tcpdump in the processing of the RSVP protocol. A remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/May/1013948.html

Tcpdump
Vendor: Tcpdump.org
Three vulnerabilities were reported in Tcpdump. A remote user can cause the application to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/May/1013947.html

Windows Media Player
Vendor: Microsoft
A vulnerability was reported in Windows Media Player. A remote user may be able to redirect the target user's player to an arbitrary web site.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/May/1013945.html

Gaim
Vendor: Gaim.sourceforge.net
Two vulnerabilities were reported in Gaim in the processing of MSN messages and certain URLs. A remote user can cause the application to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/May/1013942.html

Gzip
Vendor: GNU [multiple authors]
A vulnerability was reported in gzip in the zgrep implementation. A remote user may be able to cause arbitrary commands to be executed.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/May/1013928.html

iTunes
Vendor: Apple Computer
A vulnerability was reported in Apple iTunes. A remote user can cause denial of service conditions and may be able to execute arbitrary code.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/May/1013927.html

phpBB
Vendor: phpBB Group
Paul Laudanski reported a vulnerability in phpBB in the processing of BBCode. A remote user may be able to cause scripting code to be executed by the target user.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/May/1013918.html

Mozilla Firefox
Vendor: Mozilla.org
Several vulnerabilities were reported in Firefox. A remote user can execute arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/May/1013913.html

BSD Updates
http://newsvac.newsforge.com/article.pl?sid=05/05/14/042201&from=rss
BSD Updates provides online security and operating system upgrades for BSD systems in binary format. No messy source patches. No waiting for system rebuilds. Just an easy-to-navigate Web interface that securely applies the latest patches in minutes.

"Microsoft svela il suo antivirus"
Un sistema automatizzato, facile da usare, a prova di utente inesperto per garantire sicurezza e manutenzione del computer. Si chiama Windows OneCare Live ed è il nuovo antivirus, ma sarebbe riduttivo chiamarlo così, di Microsoft.
http://www.ziobudda.net/Admin/redir_news.php?id=22251

"SlackTrack"
Slacktrack e' uno strumento sviluppato da Stuart Winter e consiste in uno script di shell che si occupa di gestire l'interazione tra la compilazione da sorgente e il modulo installwatch di checkinstall, per poi creare e eventualmente installare il pacchetto tgz.
http://www.ziobudda.net/Admin/redir_news.php?id=22246

"Primi passi con l'Arch Build System"
Nei due articoli vengono presentati due esempi di PKGBUILD per cominciare ad usare l'Arch Build System (ABS) della distribuzione ArchLinux.
http://www.ziobudda.net/Admin/redir_news.php?id=22243

"NoScript: l'estensione che rende Firefox più sicuro"
Nasce "NoScript", un'estensione per Firefox che abilita JavaScript soltanto per domini considerati sicuri dall'utente: dopo gli ultimi exploit che consentivano l'esecuzione di codice JavaScript maligno, NoScript potrebbe essere una soluzione preventiva da non sottovalutare per gli utenti della "Volpe di Fuoco".
http://www.ziobudda.net/Admin/redir_news.php?id=22242

L'ONDATA TRAVOLGENTE DEL WORM TEUTONICO
Parla tedesco l'ultima versione di Sober che nelle passate 48 ore ha letteralmente travolto la rete italiana, generando un flusso di segnalazioni e preoccupazione. Un'azione con risvolti politici
URL: http://punto-informatico.it/pi.asp?i=52847

TECNOLOGIA/ DIRITTO SI', MA DI CHI?
Punto Informatico incontra Andrea Monti, avvocato da molti anni impegnato sui fronti piu' caldi della rivoluzione tecnologica, per parlare di diritto d'autore, SIAE, copia personale e liberta' di espressione
URL: http://punto-informatico.it/pi.asp?i=52839

SOTTO ACCUSA LA SICUREZZA DI HYPER-THREADING Un ricercatore ha individuato una probabile falla nella giovane architettura multithreading di Intel. Il colosso minimizza ma sguinzaglia i suoi sviluppatori per risolvere il problema
URL: http://punto-informatico.it/pi.asp?i=52832
Also - http://www.eweek.com/article2/0,1759,1815954,00.asp

SICUREZZA IN SALSA WINDOWS
Windows Onecare, ovvero un abbonamento per patch, antivirus ed antispyware made in Redmond. Cos'e', cosa sara' e perche' i competitor lo temono
URL: http://punto-informatico.it/pi.asp?i=52843

MA QUALE DIRITTO ALLA COPIA PRIVATA?
Se lo chiede una lettrice che torna su un problema scottante: se l'originale e' protetto il consumatore viene spogliato di un diritto che viene invece dato per acquisito
URL: http://punto-informatico.it/pi.asp?i=52845

OOo, Java e FSF
C'è un dibattito attualmente aperto che coinvolge OpenOffice.org, Sun e la FreeSoftwareFoundation. Il tutto nasce dalla sponsorizzazione da parte di Sun di OOo, fatto che si riflette immediatamente sulla release beta di OOo 2.0 con un'implementazione massiccia di codice java. La cosa di per se non rappresenta un problema se non fosse che le licenze Java non garantiscono l'omogeneità della licenza Open con cui è distribuito OOo: la presenza di codice proprietario ampiamente implementato può portare a dei problemi di compatibilità con le licenze OpenSource.
http://www.wintricks.it/news1/article.php?ID=3871

The Open CD
The Open CD è un progetto di cui esiste una localizzazione italiana che offre un CD con software OpenSource aggiornato e selezionato per offrire, a chi lo volesse, l'opportunità di avere un primo contatto con il mondo del FreeSoftware.
http://www.wintricks.it/news1/article.php?ID=3870

Linux Kernel 2.6.11.10
http://www.wintricks.it/news1/article.php?ID=3868

Mega Codec Pack 1.31
Nuova versione per questa collezione di codec che permettono di vedere qualsiasi tipo di filmato; ricordiamo ai newbie che tali sosftware possono causare conflitti con codec eventualmente già installati nel sistema, consigliamo quindi di fare una capia di backup del registro di configurazione.
http://www.wintricks.it/news2/article.php?ID=8547

Hackers Aren't Just Picking on Microsoft: Study "Online criminals turned their attention to antivirus software and media players like Apple Computer Inc.'s iTunes in the first three months of 2005 as they sought new ways to take control of users' computers, according to a survey released on Monday."
http://www.eeye.com/html/resources/newsletters/versa/VE20050517.asp?sb=kwkckpakpbnmwapcbprc&rd=news1

Whitepaper: Vulnerability Research, Disclosure and Ethics The aim of this paper is to examine the commercial and social value of vulnerability research, as well as discuss some of the ethical issues surrounding the handling and disclosure of vulnerability information.
Understanding of these issues will engender a much better understanding of the concepts behind " zero day attacks", currently a topical issue in the media and vendor product marketing.
http://www.eeye.com/html/resources/newsletters/versa/VE20050517.asp?sb=kwkckpakpbnmwapcbprc&rd=ann4

Programming with Exceptions
This article presents two series of examples of motivating the Standard C++ notion of a basic guarantee of exception safety, and shows how the techniques required to provide that basic guarantee actually lead to simpler programs.
http://www.informit.com/articles/article.asp?p=21084

File System Forensic Analysis: PC-based Partitions This chapter dives into the details of the partition systems used in personal computers from DOS partitions, to Apple partitions, to removable media. Find out how it works in this sample chapter.
http://www.informit.com/articles/article.asp?p=376123

HOW DO OPEN SOURCE ENTERPRISES HANDLE SECURITY?
"Security may be one of the biggest challenges facing the open source enterprise..."
http://nl.internet.com/ct.html?rtr=on&s=1,1m3s,1,5mjy,zxo,85jl,7pty

LINUS' LAW TO THE LETTER
If open source has a mantra, it must surely be, 'Free as in speech, not free as in beer...'"
http://nl.internet.com/ct.html?rtr=on&s=1,1m3n,1,jbvd,2l2n,85jl,7pty

MANUAL OR AUTOMATIC: INSTALLING SOFTWARE UNDER LINUX "The installation of Linux as an operating system has become just as easy as installing Windows..."
http://nl.internet.com/ct.html?rtr=on&s=1,1m3n,1,7end,cvlo,85jl,7pty

WIRING JAVA APPLICATIONS WITH SPRING
"The Spring framework addresses a variety of topics. This article will focus on what is perhaps the most important, and useful, aspect of the framework:
Inversion of Control..."
http://nl.internet.com/ct.html?rtr=on&s=1,1m3n,1,fl9c,9okb,85jl,7pty

How to: Disable Error Reporting on Windows XP and Windows Server 2003
Author: Robert J. Shimonski
Summary: In this article we will cover the basic steps on how to remove error reporting features on Windows XP and Windows Server 2003 systems.
Error reporting is when your system attempts to connect to Microsoft's website to send a report of the problem you are experiencing in hopes to help fix it by documenting it. You may have systems where you want to turn off this functionality for reasons of annoyance or functionality. This article shows you step by step how to turn off this feature.
Link:
http://www.WindowsNetworking.com/articles_tutorials/Disable-Error-Reporting-Windows-XP-Server-2003.html

Preserving Digital Evidence to Bring Hackers and Attackers to Justice
Author: Deb Shinder
Summary: The world is waking up to the fact that hacking into a company's computer network, launching attacks that cause network downtime or releasing viruses and other malicious code is more than a bit of "digital criminal mischief" -- it's a serious crime that deserves serious attention from the criminal justice system. In this article, we'll explain how standard rules of evidence apply to digital data and what precautions you should take to preserve it properly for a court trial.
Link:
http://www.WindowSecurity.com/articles/Preserving-Digital-Evidence.html

TECHNOLOGY
Title: Admins try another weapon against spam
Source: Sydney Morning Herald
Date Written: 2005-05-16
Date Collected: 2005-05-16
Network administrators are using a new technique called greylisting to fight spam. Information technology consultant Craig Sanders says greylisting works by tracking the number of times a particular combination of IP address, sender, and recipient appear. The first time a combination appears, the sender is told to try again and messages from the combination are accepted in the future. Most viruses only send one message per victim address, and are thus blocked by the technique. However, greylisting can be circumnavigated by smarter mass-mailing worms with improved SMTP engines.
http://www.smh.com.au/news/Breaking/Admins-try-another-weapon-against-spam/2005/05/16/1116095895708.html

VULNERABILITIES & EXPLOITS
Title: Researchers Reveal Holes in Grid
Source: EWeek.com
Date Written: 2005-05-13
Date Collected: 2005-05-16
Researchers at the Massachusetts Institute of Technology (MIT) have published a paper describing how a worm could spread over SSH (Secure Shell) connection to create a 'cascade failure' of connected systems. Malicious hackers could use the SSH known_hosts file to obtain a list of machines users visit; while this file would not allow access to those machines, it would provide a map to other SSH-enabled servers. Coupled with a critical SSH flaw, a hacker could devise a worm to spread over connected systems. An SSH worm with access to known_host files could push supercomputing, grid, and cluster systems into cascade failure. While such a worm is only theoretical, the researchers note that an attacker used a compromised version of SSH to steal user credential and access machines at Stanford University, the National Supercomputing Center, and the TeraGrid.
http://www.eweek.com/article2/0,1759,1815795,00.asp

The Fourth Commandment of system administration http://software.newsforge.com/article.pl?sid=05/05/09/198203&from=rss
The role of system administrator is a role of details. Heavily used and updated servers are filled with details, from new tables in a database to root password changes. These details need to be documented. When you are managing three servers, these details can be easy enough to remember.
However, when you have 30 or 50 or 100 servers, the details become impossible to keep track of without documenting them. When it matters, you don't want to think that the IP address of that old accounting server is 192.168.10.55, you want to know it.

"GPRS 'dopato' con Squid"
La cosa più ovvia da fare per un utente Linux è quella di "dopare" la connessione GPRS con Squid, il noto Web proxy cache, che infatti opportunamente installato e configurato è in grado di risolvere tutti i problemi legati alla connessione GPRS.
http://www.ziobudda.net/Admin/redir_news.php?id=22283

"Una serata con il Guru del Python: Guido van Rossum"
Più veloce di Flash Gordon Guido Van Rossum, il numero uno del Python, ha risposto alle mie domande con una velocità incredibile. Ecco a voi la piacovele discussione che ho avuto con lui tramite email qualche sera fa.
Sicuramente una bella serata all'insegna dell'informatica...
http://www.ziobudda.net/Admin/redir_news.php?id=22282

"UNA SPY STORY, E SE FOSSE LA NOSTRA VITA QUOTIDIANA?"
Attraverso strumenti e tecniche particolari, ma non irraggiungibili da hacker e specialisti, il telefono cellulare Gsm può essere intercettato.
Umberto Rapetto ci spiega come e le contromisure da adottare.
http://www.ziobudda.net/Admin/redir_news.php?id=22272

"'What The Hack' Camp Conference"
What The Hack e' un evento/camping/Conferenza che si svolgera' nel sud dell'Olanda tra il 28 ed il 31 Luglio 2005. Tra le varie cose ci sara' un "BSD Village". Nel sito e' possibile trovare tutte le info e l'immagine dall'alto del posto.
http://www.ziobudda.net/Admin/redir_news.php?id=22269

"Anche con SSH si corrono rischi"
Ricercatori del MIT avvisano: è vulnerabile e presto potrebbero arrivare worm per attacchi automatizzati.
http://www.ziobudda.net/Admin/redir_news.php?id=22268

"Mandriva 2005 per Xbox"
Tra i pacchetti inclusi nella recente Mandriva LE2005 ci sono kernel, bios e bootloader per Xbox ... maggiori informazioni seguendo il link.
http://www.ziobudda.net/Admin/redir_news.php?id=22264

PLAYSTATION 3, E SONY BACCHETTA MICROSOFT Con la nuova console il gigante giapponese spera di oscurare Xbox 360.
Reportage di una giornata di ordinaria follia videoludica che ha visto Sony togliere il velo all'ultima versione della Play
URL: http://punto-informatico.it/pi.asp?i=52861

BANDA LARGA SI', GRAZIE AL GAS
Lo promette una societa' californiana che ha brevettato una tecnologia utile per trasformare a basso costo le reti di distribuzione del gas in conduttore wireless
URL: http://punto-informatico.it/pi.asp?i=52870

TIGER AL SUO PRIMO UPDATE
Apple ha reso disponibile un primo aggiornamento per Mac OS X 10.4 che lima diverse funzionalita', corregge una serie di bug e problemi e migliora la stabilita' e l'efficienza del sistema operativo
URL: http://punto-informatico.it/pi.asp?i=52860

THUNDERBIRD PREPARA LA SFIDA A OUTLOOK
Un team di sviluppatori open source sta per rilasciare un'estensione di Thunderbird che si fondera' con l'interfaccia del client e vi aggiungera'
funzionalita' tipiche di Outlook
URL: http://punto-informatico.it/pi.asp?i=52864

BREVETTI, MOLTI I MOBILITATI
Ieri eventi a catena in numerose citta', e alla festa antibrevetto si uniscono anche molti siti web. Cortiana: un successo, ora attendiamo il Governo e il voto sulla mozione
URL: http://punto-informatico.it/pi.asp?i=52872

ADVISORIES: MAY 16, 2005
Today's security advisories: Mozilla Suite, Mozilla Firefox, and PostgreSQL (Gentoo Linux); and Mozilla/Firefox (Slackware Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1m88,1,ctrg,a0ks,85jl,7pty

CLI MAGIC: LDCONFIG AND FRIENDS
"If you're like most Linux desktop users, there will come a day when you will want or need a program that isn't included or supported by your distribution of choice..."
http://nl.internet.com/ct.html?rtr=on&s=1,1m8a,1,8p44,7404,85jl,7pty

KERNELTRAP: NIGHTLY BUILDS AND SIMULATED BOOTS "Ian Wienand announced the creation of a sourceforge project to mangage the Gelato@UNSW group's kerncomp scripts for automatic kernel builds and simulated boots..."
http://nl.internet.com/ct.html?rtr=on&s=1,1m8a,1,d1j8,i00h,85jl,7pty

KYE: Phishing
The Honeynet Project and Research Alliance are excited to announce the release of their new paper "KYE: Phishing". This technical white paper provides behind the scenes information on how phishing attachs are performed. The paper is based on the research and data collected from the UK Honeynet Project and German Honeynet Project during multiple honeypot compromises.
http://www.honeynet.org/papers/phishing/

WEB APPLICATION DEFENSE AT THE GATES Ð LEVERAGING IHTTPMODULE The .Net framework with ASP.NET provides the IHttpModule interface access to HTTP pipes - the lowest of programming layers - before an incoming HTTP request hits the web application. This can provide defense at the gates. In this paper, we look at how one can build this sort of defense in all three aspects - coding, deployment and configuration.
http://www.net-security.org/news.php?id=7752

THE GREAT INTRUSION PREVENTION DEBATE
Will the intrusion prevention system revolutionize security? Or is it just another point solution?
http://www.net-security.org/news.php?id=7757

SYMANTEC UNVEILS SYMBIAN ANTI-VIRUS, FIREWALL SOFTWARE Security vendor Symantec Monday rolled out an integrated anti-virus and firewall program for smartphones based on the Symbian platform.
http://www.net-security.org/news.php?id=7758

DEVELOPER DEMONSTRATES DASHBOARD EXPLOIT At issue is a feature in Safari called "Open safe files" that is turned on by default. This feature allows your Mac to automatically open image files, PDFs, movies, disk images and other files considered safe when downloaded.
Unfortunately, this also includes widget files downloaded, which are installed when opened.
http://www.net-security.org/news.php?id=7762

MICROSOFT ISSUES SOLITARY PATCH
Microsoft's patch Tuesday brought just one security update yesterday, a fix for a script injection vulnerability rated by Microsoft as "important".
http://www.net-security.org/news.php?id=7777

Previous or Next? Paginating Records with PHP, part 4 Learn how to make the application created in previous parts work with a relational database.
http://www.devshed.com/c/a/PHP/Previous-or-Next-Paginating-Records-with-PHP-part-4/

Python Email Libraries, part 1: POP3
Learn how Python interacts with POP3 email to accomplish business tasks in the first issue of this series.
http://www.devshed.com/c/a/Python/Python-Email-Libraries-part-1-POP3/

Python Email Libraries, part 2: IMAP
Learn how Python interacts with IMAP email to accomplish business tasks in the second issue of this series.
http://www.devshed.com/c/a/Python/Python-Email-Libraries-part-2-IMAP/

Logging in Apache
Read how to configure Apache for logging so you can spot performance and security problems early.
http://www.devshed.com/c/a/Apache/Logging-in-Apache/

Learning a New Programming Language Part 2: Language Types Learn about the three main types of programming languages.
http://webhosting.devshed.com/c/a/Web-Hosting-HowTos/Learning-a-New-Programming-Language-Part-2-Language-Types/

Learning a New Programming Language Part 3: Syntax Differences Examine syntax differences in many of the more common languages you may want to learn.
http://webhosting.devshed.com/c/a/Web-Hosting-HowTos/Learning-a-New-Programming-Language-Part-3-Syntax-Differences/

MALWARE
Title: New Worm Targets AIM Users
Source: PCWorld
Date Written: 2005-05-16
Date Collected: 2005-05-17
Anti-virus companies have discovered a new worm targeting America Online's instant messaging (AIM) program. The malware, known as Oscarbot-B or Doyorg, emerged the week of May 16, 2005 and creates an Internet Relay Chat (IRC) backdoor to download malicious files. However, the worm does not spread via AIM immediately, but waits for instructions from the attacker. Graham Cluley of Sophos said the worm provides more evidence that companies should consider eliminating AIM.
http://www.pcworld.com/news/article/0,aid,120848,00.asp

"Extreme Programming"
Intervista a Corrado Aaron Visaggio, ricercatore presso il Research Centre on Software Technology (RCOST) sul tema dell'extreme programming
http://www.ziobudda.net/Admin/redir_news.php?id=22298

MICROSOFT DENUNCIATA PER EXCEL
Un ex studente di Stanford rivendica la paternita' della tecnologia che permette a due programmi di punta del big di Redmond di scambiarsi dati
URL: http://punto-informatico.it/pi.asp?i=52906

WINE AZZOPPATO DA UN BREVETTO
Uno dei tool di sviluppo creato in seno al progetto Wine inciampa su un brevetto di Borland, che protegge un'importante funzionalita' legata alla programmazione. Una storia gia' sentita
URL: http://punto-informatico.it/pi.asp?i=52887

IL WIRELESS ITALIANO? INCOSTITUZIONALE
La normativa attuale viola i principi fondamentali: lo sostiene l'associazione Anti Digital Divide che ne parla in una lettera inviata al presidente Ciampi
URL: http://punto-informatico.it/pi.asp?i=52897

PLUTO Journal 45
Annuncio l'uscita del nuovo PLUTO Journal (http://journal.pluto.it), il numero 45 - Maggio 2005, consultabile online all'indirizzo:
http://journal.pluto.it/pj0505/
e reperibile nella versione scaricabile su:
ftp://ftp.pluto.it/pub/pluto/journal/n45mag05.tar.gz

La scheda tecnica del Virus: WORM_WURMARK.J a cura di Amvinfe e Marlene
http://www.alground.com/virus/schedaVirus.php?cod_virus=176

Permission to Simplify
Complexity in Microsoft's software does little but hinder people from using their good security features, and the current state of Windows file permissions is a perfect example.
http://www.securityfocus.com/columnists/326

ADVISORIES: MAY 17, 2005
Today's security advisories: kde (Conectiva Linux); squid (Fedora Core); FreeRADIUS (Gentoo Linux); mozilla (Mandriva Linux); and ncpfs, kdelibs, and cyrus-imapd (Red Hat Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1mcb,1,kivz,lkmw,85jl,7pty

KERNELTRAP: DISTRIBUTED LOCK MANAGER
"David Teigland posted some updated patches for implementing a distributed lock manager..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mce,1,65yf,gwug,85jl,7pty

RESEARCHERS SPEED, OPTIMIZE CODE WITH NEW OPEN SOURCE TOOLS "The automatic code generator, which provides a broad range of solutions to identify optimal signal processing and math functions, spits out high-quality code that is less buggy, saving testing and time..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mce,1,k7ze,cai7,85jl,7pty

KERNELTRAP: HYPER-THREADING VALUE, VULNERABILITY "The recent Hyper-Threading vulnerability announcement was discussed on the Linux Kernel Mailing List. Reactions were mixed..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mce,1,442b,8p69,85jl,7pty

LINUX IN ITALIAN SCHOOLS, PART 1
"Following the gradual path Linux took at one school in Italy..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mce,1,91e2,ir42,85jl,7pty

"Uscito OpenBSD 3.7"
E' da poco stato annunciato da Theo De Raadt l'uscita della versione 3.7 di OpenBSD. Buon divertimento :)
http://www.ziobudda.net/Admin/redir_news.php?id=22315

"Netscape 8.0 Released"
Una nuova curiosa feature di questo noto browser, è la "Trust Rating", che ci informa di quanto un sito sia "sicuro" o "insicuro"..
http://www.ziobudda.net/Admin/redir_news.php?id=22313
Also - http://punto-informatico.it/pi.asp?i=52915
Also - http://www.zeusnews.it/news.php?cod=4141
Also - http://www.theregister.co.uk/2005/05/19/netscape_8_launch/

"Postfix,Fetchmail,Procmail,Spamassassin,Solid-pop3d e Mutt"
La mia posta con Postfix, Fetchmail, Procmail, Spamassassin, Solid-pop3d e Mutt. Mini guida per poter gestire le mail sul pc usando Debian GNU/Linux.
http://www.ziobudda.net/Admin/redir_news.php?id=22310

"Usare Majordomo con postfix"
Il solo how-to che spiega come utilizzare Majordomo, il gestore di mailing list, con postfix, uno dei più usati SMTP server.
http://www.ziobudda.net/Admin/redir_news.php?id=22309

"Connessioni VPN semplici con Linux e pptpd"
Sempre più spesso si incontra la necessità di accedere ai dati aziendali da postazioni remote, (agenti che utilizzano pc portatili con connessioni via cellulare, dipendenti che lavorano da casa, ecc) ma proprio per la natura riservata dei dati a cui si accede si rendono necessarie connessioni sempre più sicure..
http://www.ziobudda.net/Admin/redir_news.php?id=22307

RETROCOMPUTING, IL CUORE OLTRE AMIGA
Per il 2 luglio a Udine si prepara una nuova manifestazione: nata dalla passione degli amighisti si allarga ora per esplorare computer storici ed alternativi. Le foto, il quadro
URL: http://punto-informatico.it/pi.asp?i=52900

SBLOCCAVANO I TELEFONINI TRE, DENUNCIATI Sono in 30 le persone finite sotto inchiesta perche' dedite ad un'operazione diffusissima su tutto il territorio nazionale: abilitare i telefonini UMTS di Tre per l'uso con altre SIM
URL: http://punto-informatico.it/pi.asp?i=52936
Also - http://www.wintricks.it/news1/article.php?ID=3877

OFFICE 12, ALCUNE ANTICIPAZIONI
Microsoft ha scucito le prime informazioni sulla prossima versione della suite attualmente nota come Office 12, confermando anche il probabile periodo d'uscita. Diverse migliorie interesseranno Outlook e PowerPoint
URL: http://punto-informatico.it/pi.asp?i=52919

FALLA IN WINDOWS, MS MINIMIZZA
Il big di Redmond ha confermato l'esistenza di una falla nello stack TCP/IP di Windows ma ne ha sminuito la gravita'. Gli utenti al passo con le patch di sicurezza dovrebbero stare tranquilli
URL: http://punto-informatico.it/pi.asp?i=52916

CRACKING, LE NUOVE MISURE UE
di V. Frediani (Consulentelegaleinformatico.it) - Il Consiglio UE ha varato una serie di linee guida alle quali dovranno attenersi gli stati membri e che definiscono il crimine informatico, galera compresa
URL: http://punto-informatico.it/pi.asp?i=52927

PI CURA UN BUG DI SICUREZZA
Lo ha segnalato alla redazione un giovane bug hunter e divulgatore informatico che ha scoperto una vulnerabilita' CSS di rischio moderato
URL: http://punto-informatico.it/pi.asp?i=52931

Sit Back and React
As the security industry moves more mainstream, it's becoming stagnant due to a lack of vision. Who will lead the charge?
http://www.securityfocus.com/columnists/328

Chrooted Snort on Solaris
This article discusses the installation and configuration of a chrooted Snort IDS on most versions of Solaris.
http://www.securityfocus.com/infocus/1833

Router Troubleshooting Primer
Author: Robert J. Shimonski
Summary: In this article we will take a look at the proper steps to troubleshooting routing problems.
Link:
http://www.WindowsNetworking.com/articles_tutorials/Router-Troubleshooting-Primer.html

Using Dual Accounts for Administrators
Author: Derek Melber
Summary: With security on the minds of everyone, including all administrators and executives, every precaution needs to be taken to protect the network devices, servers, clients, Active Directory, and network resources. Historically and even recently administrators and others that have elevated privileges to essential resources have been able to use a single user account for all of their activities, whether the activity is one that a common end user would perform or one that only an administrator can perform. It is time to consider the exposure that this situation creates and take action to protect all resources that are exposed by this activity.
Link:
http://www.WindowSecurity.com/articles/Dual-Accounts-Administrators.html

ADVISORIES: MAY 18, 2005
Today's security advisories: phpsysinfo (Debian GNU/Linux); pam and mozilla (Fedora Legacy); rsh, openssh, glibc, ia32el, and kernel (Red Hat Linux); and bzip2, nasm, and squid (Ubuntu Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1mfs,1,egok,5091,85jl,7pty

LINUX USERS STILL AT RISK FROM KDE FLAW
"The vulnerability affects kdelibs, specifically an error in the kimgio component when processing PCX image files..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mfs,1,5513,hxsc,85jl,7pty

BUILD A LINUX SOFTWARE RAID FROM SCRATCH "In a nutshell it's about getting good performance for just the cost of ordinary inexpensive drives and controllers, and either increasing uptimes or speeding up performance, or a bit of both..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mfu,1,6ad6,mgp1,85jl,7pty

GETTING TO KNOW PUPPY LINUX
"Linux has reached now a point where the better Linux distributions are mature enough to replace Microsoft Windows for many enterprise users if the organization wants to do so..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mfu,1,karg,dl92,85jl,7pty

MALWARE
Title: Bogus Microsoft Security Update Circulates
Source: Security Pipeline
Date Written: 2005-05-18
Date Collected: 2005-05-19
Hackers have again attempted to fool Windows with fake security update e-mails. The current e-mail claims to contain a comprehensive update to Internet Explorer, Outlook Express, and Outlook, and is timed to correspond with Microsoft's release of its May 2005 update. If the download update link is followed, the victim's pc is infected with the Pinfi virus and a Trojan program.
http://www.securitypipeline.com/163105405

VULNERABILITIES & EXPLOITS
Title: New TCP/IP Flaw Haunts Windows
Source: EWeek.com
Date Written: 2005-05-18
Date Collected: 2005-05-19
Microsoft issued May 18, 2005 a pre-patch advisory on published exploit code for a recently discovered vulnerability in its TCP/IP implementation. The advisory is the first of its new security advisories pilot project, and comes one day after an alert published by the French Security Incident Response Team (FrSIRT) containing exploit code. The vulnerability can allow remote hackers to set arbitrary TCP connection values, resetting existing connections. Microsoft says the threat is not significant and that there have been no known attacks.
http://www.eweek.com/article2/0,1759,1817369,00.asp?kc=EWRSS03129TX1K0000614

"Internet Explorer 7 rincorre Firefox?"
Internet Explorer 7 sarà rilasciato nel corso del 2006 ma una release beta inizierà a circolare da quet'estate; IE6 è affetto da 80 vulnerabilità note di cui ben 19 ancora irrisolte, mentre il concorrente diretto (anche se separato da un abisso percentuale) conta un totale di soli 19 buchi di cui 4 ancora non risolti.
http://www.ziobudda.net/Admin/redir_news.php?id=22339

"Il web è stato misurato: 9.36 mln le pagine nei motori"
Una ricerca firmata Antonio Gulli e Alessio Signorini (rispettivamente dell'Università di Pisa e dell'Iowa) ha quantificato statisticamente la dimensione del web: 9.36 milioni le pagine indicizzate dai motori, Google ne copre il 68.2%.
http://www.ziobudda.net/Admin/redir_news.php?id=22338

"Microsoft fa suo un importante brevetto sulle e-mail"
A quasi 5 anni dall'originale richiesta del 17/10/04, Microsoft ottiene la registrazione di un brevetto che tutela la proprietà intellettuale del gruppo sulla possibilità di identificare un messaggio di posta elettronica con una icona relativa al mittente.
http://www.ziobudda.net/Admin/redir_news.php?id=22337

"INTERVISTA A GENNARO FRANCIONE (Txt: Maria Molinari)"
Gennaro Francione, giudice e fondatore del "Movimento Utopista Antiarte", è contrario al copyright ma anche abbastanza critico nei confronti delle Creative Commons. In passato ha fatto parlare di sè per una sentenza anti-copyright e di recente ha pubblicato "Hacker. I Robin Hood del Cyberspazio", un libro che sta riscuotendo un certo successo negli ambienti hacktivisti. Un giudice anti-artista, anti-copyright e pro-hacker non poteva non attrarre la nostra attenzione. Hacker Kulture (www.dvara.net/HK) gli ha scritto, ponendogli un'infinità di domande...
http://www.ziobudda.net/Admin/redir_news.php?id=22333

"Una suite Open Source per analizzare le dipendenze di codice"
Dependency Finder è un progetto Open Source composto da una suite di tool per analizzare il codice Java compilato. Il cuore della suite è composto da una potente applicazione di analisi delle dipendenze che estrae i grafici delle dipendenze per ottenerne utili informazioni. L'applicazione si presenta...
http://www.ziobudda.net/Admin/redir_news.php?id=22317

ADVISORIES, MAY 19, 2005
Today's security advisories: ppxp (Debian GNU/Linux); libtiff (Fedora Legacy); Cheetah (Gentoo Linux); cdrdao, nasm, bzip2, and gzip (Mandriva Linux); evolution (Red Hat Linux); and tiff (Ubuntu Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1mk0,1,ag0q,iv6u,85jl,7pty

NETSCAPE FIXES 44 HOLES IN 'SECURITY' BROWSER "Netscape has fixed 44 vulnerabilities in the latest version of its browser less than 24 hours after its release..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mk0,1,3bro,kjvt,85jl,7pty

HACKER HUNTERS
"An elite force takes on the dark side of computing..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mk0,1,imtr,fb4a,85jl,7pty

THE DAEMON, THE GNU AND THE PENGUIN--EXCURSUS: HARDWARE & CH. 9 "J. C. R. Licklider wrote that computers were communication devices, not calculating devices..."
http://nl.internet.com/ct.html?rtr=on&s=1,1mk4,1,gcql,aj8k,85jl,7pty

VULNERABILITIES & EXPLOITS
Title: Windows flaw fixed, but Cisco products affected
Source: SearchSecurity
Date Written: 2005-05-19
Date Collected: 2005-05-20
Microsoft has released an advisory stating that a hole discovered by the French Security Incident Response Team (FrSIRT) has already been patched.
The flaw, found in the Windows XP and Windows Server 2003 implementation of the IPv6 TCP/IP stack, would allow an attacker to deny service. According to Microsoft, the flaw was fixed in its April 2005 patch release. However, Cisco says it may have a similar vulnerability in some of its products, including Cisco SN5400 series storage routers, CSS11000 series content services switches, AP350 and AP1200 series access points and MGX series WAN switches.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1090034,00.html

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Inside) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT) (Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)