GnomixLand :: Manuali, immagini, fotografie e tanto altro a portata di un click

"Cultura libera"
Per fortuna al mondo non c'è solo Faletti. Il blog di libera cultura, l ibera conoscenza (che vi consiglio caldamente di seguire) ha messo a disposizio ne, tra gli altri libri liberi, anche l'ultimo libro di Lawrence Lessig.
http://www.ziobudda.net/Admin/redir_news.php?id=22815
"Rilasciata GNU/DOS 2005"
GNU/DOS 2005 è un distribuzione basata su FreeDos con l'aggiunta di alc une interessanti caratteristiche...
http://www.ziobudda.net/Admin/redir_news.php?id=22819

I FORMATI RAW ENTRANO IN WINDOWS
Microsoft ha introdotto il supporto in XP dei file d'immagine in formato
RAW, adottati da molte fotocamere digitali. Rilasciato un tool gratuito p
er
i file RAW di Canon e Nikon
URL: http://punto-informatico.it/pi.asp?i=53538

I TROJAN INGUAIANO VENTI SMANETTONI
Tutti italiani: sei sono minorenni. L'accusa e' legata all'aggressione
informatica contro siti istituzionali, con operazioni coordinate via IRC.

Usavano una botnet da migliaia di zombie
URL: http://punto-informatico.it/pi.asp?i=53532

LINUX? E' SPAZZATURA
Il fondatore del progetto OpenBSD, Theo de Raadt, si lancia in un'invetti
va
contro Linux, raccolta dal prestigioso Forbes Magazine
URL: http://punto-informatico.it/pi.asp?i=53540

***Bluetooth bucato in 0,06 secondi***
Allarme rosso? Due ricercatori israeliani lanciano l'allarme: è possibi
le
intromettersi nelle comunicazioni tra due dispositivi che usano il
protocollo (o tra uno di essi e il Pc cui è collegato) grazie a una chi
ave
di accoppiamento troppo debole. Una nuova vulnerabilità per il protocol
lo
Bluetooth mette sul "chi vive" ricercatori e utenti: il bug è di caratt
ere
concettuale, più che implementativo, e permette agli attaccanti di
accoppiare i propri dispositivi a quelli degli utenti attaccati. Il
risultato pratico è la possibilità di redirigere arbitrariamente le
connessioni di dispositivi Bluetooth. Gli autori della scoperta sono due
ricercatori dell'Università di Tel Aviv: si sono basati su risultati (e

metodi di attacco impiagati), una società di ricerca acquistata da Syma
ntec
ad ottobre 2004...
http://www.pc-facile.com/bluetooth_bucato_in_006_secondi_n32810/

***Da Skype a VoipBuster, telefonare è gratis***
Semplice, leggero e sopratutto gratis. E' VoipBuster, un nuovo software c
he
sfrutta la tecnologia VoIp e permette di effettuare chiamate gratuite ver
so
i telefoni fissi di diversi paesi nel mondo, tra cui l'Italia. Rilasciato
il
26.05.2005 in versione beta, già promette bene. L'interfaccia è un pò

rudimentale, ma è proprio questo che lo rende semplice ed intuitivo,
puntando sulla funzionalità e non sull'aspetto grafico. A differenza di

Skype che consente chiamate gratuite solo tra utenti che hanno istallato
Skype, con VoipBuster si possono effettuare chiamate verso i telefoni fis
si
per circa 2 minuti, senza spendere un centesimo. Scaduti i 2 minuti un
messaggio vocale vi avviserà che state usufruendo di un servizio gratui
to e
che per poter continuare la chiamata occorre acquistare un credito. Cessa
ta
la chiamata è comunque possibile richiamare nuovamente, anche lo stesso

numero, per altri 2 minuti. Per poter effettuare chiamate illimitate occo
rre
acquistare un credito di almeno 1 euro.
http://www.pc-facile.com/da_skype_a_voipbuster_telefonare_gratis_n32756/

Watching Mac OS X File Events from Windows: A Guide for .NET and Java
Developers
With "only a little Java code and a third-party product," Bob Reselman wa
s
able to make Windows pay attention to the goings-on of a Macintosh server
.
Here's how he did it.
http://www.informit.com/articles/article.asp?p=389113&rl=1

Protecting Your Security and Privacy with Firefox
Rising rates of identity theft and internet fraud mean that having a secu
re
browser is more important than ever. For those interested in keeping thei
r
information safe, the good news is that Firefox has several important
features that will help you stay secure. Find out how in this sample
chapter.
http://www.informit.com/articles/article.asp?p=382613

Enterprise benefits of the Linux 2.6 kernel
http://newsvac.newsforge.com/article.pl?sid=05/06/17/1940231&from=rss
Linux's 2.6 kernel quickly won the PR battle with engineering redesigns t
hat
improved speed through better scheduling, memory use as well as better
hardware support. But away from the PR battlefield, its differences from
the
widely installed 2.4 kernels could make its introduction a testing
experience for enterprises.

Midnight Commander
Vendor: GNU Midnight Commander Project
A buffer overflow vulnerability was reported in Midnight Commander. A loc
al
user may be able to obtain elevated privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Jun/1014223.html

Mambo Site Server
Vendor: Mamboserver.com
An input validation vulnerability was reported in Mambo. A remote user ca
n
inject SQL commands.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Jun/1014222.html

SpamAssassin
Vendor: Apache Software Foundation
A vulnerability was reported in SpamAssassin. A remote user can cause
denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Jun/1014219.html

lpadmin
Vendor: Sun
A vulnerability was reported in lpadmin on Sun Solaris. A local user can
modify files on the system.
Impact: Modification of authentication information
Alert: http://securitytracker.com/alerts/2005/Jun/1014218.html

Perl
Vendor: Wall, Larry
In March 2005, a vulnerability was reported in the rmtree() function in
File::Path.pm. A local user may be able to create set user id (setuid)
binaries in certain cases.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Jun/1014211.html

OpenBSD Kernel
Vendor: OpenBSD
A vulnerability was reported in OpenBSD in ip_ctloutput(). A local user c
an
cause denial of service conditions.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Jun/1014210.html

Telnet
Vendor: [Multiple Authors/Vendors]
iDEFENSE reported a vulnerability in several Telnet client implementation
s.
A remote user may be able to obtain information from the target user's
environment.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Jun/1014203.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer in the
processing of Portable Network Graphics (PNG) images. A remote user can
execute arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jun/1014201.html

Microsoft Outlook Express
Vendor: Microsoft
A vulnerability was reported in Microsoft Outlook Express in the news
reader. A remote user can cause arbitrary code to be executed.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jun/1014200.html

Microsoft Outlook Web Access
Vendor: Microsoft
An input validation vulnerability was reported in Microsoft Outlook Web
Access. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Jun/1014199.html

Windows Server Message Block
Vendor: Microsoft
A vulnerability was reported in Microsoft's Server Message Block (SMB)
protocol implementation, affecting Windows 2000, XP, and 2003. A remote
user can execute arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jun/1014198.html

Microsoft Agent
Vendor: Microsoft
A vulnerability was reported in Microsoft Agent, affecting Windows-based
operating systems. A remote user can spoof security dialog boxes.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Jun/1014197.html

Windows Web Client
Vendor: Microsoft
A vulnerability was reported in Windows Web Client, affecting Windows 200
3
and Windows XP. A remote authenticated user can execute arbitrary code wi
th
system level privileges.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jun/1014196.html

Windows Help System
Vendor: Microsoft
A vulnerability was reported in Microsoft HTML Help. A remote user can
execute arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jun/1014195.html

Microsoft Internet Security and Acceleration Server
Vendor: Microsoft
Two vulnerabilities were reported in the Microsoft Internet Security and
Acceleration (ISA) Server. A remote user can poison the cache. A remote u
ser
can also establish a NetBIOS connection to the ISA Server.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Jun/1014193.html

Java Runtime Environment (JRE)
Vendor: Sun
A vulnerability was reported in Java Runtime Environment. A remote user m
ay
be able to gain privileges on the target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Jun/1014192.html

gedit
Vendor: Gnome Development Team
A vulnerability was reported in gedit. A remote user may be able to caus
e
arbitrary code to be executed.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jun/1014179.html

pcAnywhere
Vendor: Symantec
A vulnerability was reported in Symantec pcAnywhere. A local user can gai
n
elevated privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Jun/1014178.html

"A caccia di virus con knoppix"
Salve, ho pubblicato un breve howto su come addattarsi una knoppix (..val
e
anche per altri live cd..) con quattro antivirus da utillizzarsi anche in

sequenza e, soprattutto, con la possibilità di aggiornarne le rispettiv
e
definizioni senza dover ricreare il filesystem compresso.
http://www.ziobudda.net/Admin/redir_news.php?id=22851

"doc2sxd: Converte insiemi di doc in formato sxw"
Stefano Giunchi ha creato una macro per Openoffice.org che converte insie
mi
di file doc in formato sxw, lo standard di Openoffice Writer prima della
versione 2. Questa macro supporta anche le directory.
http://www.ziobudda.net/Admin/redir_news.php?id=22849

"Nasce la nuova community per gli utenti Mandriva in Italia"
Nasce Mandrivaitalia.org il nuovo portale per gli utenti Mandriva Linux,
la
distribuzione francese che recentemente ha acquisito Conectiva Linux, una

delle distribuzioni Linux più diffuse in America del Sud. Il portale na
to da
poco si propone come riferimento per tutti gli utenti che si avvicinano a
l
mondo Linux per la prima volta e che scelgono Mandriva come distribuzione
,
per la sua semplicità ed efficienza.
http://www.ziobudda.net/Admin/redir_news.php?id=22847

"Difendiamo i nostri servizi: Il Port Knocking"
A chi non è capitato di trovarsi sommersi dai tentativi di connessione
a
certe porte dei nostri sistemi, come la porta 22 di ssh. Si tratta di
classici tentativi di forzare il sistema, usando un attacco brute force c
on
la speranza di identificare la password. Ecco un ottimo tutorial che spie
ga
come difendersi!
http://www.ziobudda.net/Admin/redir_news.php?id=22836

"DHCP Server HOWTO"
Tutorial che spiega come creare una Lan per Random Users automatizzando i
l
processo di assegnazione degli indirizzi IP su Slackware ma che può ess
ere
adattato ad ogni distro.
http://www.ziobudda.net/Admin/redir_news.php?id=22835

SCHILLIX, OPENSOLARIS CANTA LIVE
La disponibilita' del codice sorgente di OpenSolaris ha gia' permesso ad
un
gruppo di sviluppatori tedesco di forgiare una distribuzione non ufficial
e
in grado di avviarsi da un supporto ottico o da una memoria USB
URL: http://punto-informatico.it/pi.asp?i=53550

LA FACOLTA' DI GIUDIZIO ARTIFICIALE
Un sistema di IA primitiva che si muove per concetti permettera' ai compu
ter
di pensare e reagire in modo piu' umano. Ed e' gia' uno standard ISO. Ecc
o
di che si tratta
URL: http://punto-informatico.it/pi.asp?i=53548

AGLI ITALIANI IL CAPTURE THE FLAG 2005
La manifestazione internazionale imperniata sull'hacking di sistemi
informatici e' stata vinta per la seconda volta dal team del Politecnico
di
Milano. Otto ore di passione
URL: http://punto-informatico.it/pi.asp?i=53561

BREVETTI SOFTWARE, IL DIBATTITO CONTINUA
All'articolo di Paolo Zocchi replica Roberto Galoppini (Consorzio CIRS):
la
Direttiva? Un profondo errore di giudizio - Uno studente di informatica:
lasciateci programmare
URL: http://punto-informatico.it/pi.asp?i=53552

** FALLA MSN FAVORISCE IL PHISHING **
Facile confezionare messaggi-esca dall'aria assolutamente autorevole.
>> di Paolo Attivissimo
http://www.zeusnews.it/news.php?cod=4198

** DIFENDERSI DAI SITI-TRAPPOLA CREATI DAL PHARMING **
Furti di codici d'accesso in massa: banche e siti di commercio online a
rischio.
>> di Paolo Attivissimo
http://www.zeusnews.it/news.php?cod=4195

Troubleshooting Group Policy Processing
Author: Mitch Tulloch
Summary: This article outlines some common mistakes made in implementing
Group Policy and how to troubleshoot Group Policy processing issues.
Link: http://www.WindowsNetworking.com/articles_tutorials/Troubleshooting
-Group-Policy-Processing.html

Evaluating a New Security Policy
Author: Brien Posey
Summary: There was a time when it wasn't all that risky to try out new
security settings on production servers, but operating systems have becom
e
much more complex since then. Today, even changing something as simple as

the required password length can have unanticipated side effects elsewher
e
in the system. In this article, I will explain how to evaluate a new
security policy in a safe and responsible manner.
Link: http://www.WindowSecurity.com/articles/Evaluating-New-Security-Poli
cy.html

Software Firewalls: Made of Straw? Part 2 of 2
Part two looks at Layered Service Provider based Trojans hidden in the
protocol stack to provide communications through the firewall using an op
en
port.
http://www.securityfocus.com/infocus/1840

Interview with Markus Ranum
Markus Ranum discusses the state of security, a lack of progress in the
industry, protocol weaknesses, trust relationships, and more.
http://www.securityfocus.com/columnists/334

GERMAN AGENCY OFFERS OPEN-SOURCE SECURITY TOOL
"The tool, BSI Open Source Security Suite (Boss), is based on a remote
security scanner system developed by the Nessus Open Source Vulnerability

Scanner Project..."
http://nl.internet.com/ct.html?rtr=on&s=1,1p6v,1,iq4s,79vl,85jl,7pty

MS OFFICE XML FORMATS NOT OK WITH GNU
"The royalty-free license under which Microsoft plans to make its upcomin
g
new Office Open XML Formats widely available is incompatible with the GNU

General Public License..."
http://nl.internet.com/ct.html?rtr=on&s=1,1p6s,1,cc1r,3ruy,85jl,7pty

THE LINUX /PROC FILESYSTEM AS A PROGRAMMERS' TOOL
"Manipulating all manners of runtime state information by using file-leve
l
system calls and commands..."
http://nl.internet.com/ct.html?rtr=on&s=1,1p6s,1,hd4o,dqn2,85jl,7pty

KERNELTRAP: GIT AND THE LINUX KERNEL ARCHIVES
"The Linux Kernel Archives provides an assortment of methods for obtainin
g
the Linux Kernel source code..."
http://nl.internet.com/ct.html?rtr=on&s=1,1p6s,1,cwns,j10r,85jl,7pty

BEGINNER'S GUIDE TO LINUX DISTROS
"In a bit of a follow up to the recent media apps for GNU/Linux post, I
wanted to give a quick rundown of some major distros..."
http://nl.internet.com/ct.html?rtr=on&s=1,1p6s,1,g24m,gq0v,85jl,7pty

Using JAAS Authentication with JBoss
The Java Authentication and Authorization Service (JAAS) allows a standar
d
way for applications to handle authentication. However, although JBoss us
es
the JAAS API extensively, there's little documentation to explain how to
handle JAAS Authentication when connecting to Jboss, other than via
servlets. This article shows you how to connect to an EJB application
running in JBoss from a non-servlet client. And in doing so, Marcus Zarra

debunks several JAAS myths. It's much easier to use than you thought!
http://www.informit.com/articles/article.asp?p=394898

Common Security Problems in the Code of Dynamic Web Applications
"In the last few years an increasing number of web programmers have start
ed
realizing that the code they write for a living plays a major part in the

overall security of a web site. Even though the administrators install st
ate
of the art firewalls, keep off-the-shelf software patched and protect
communication with heavy encryption, there are many ways to attack the lo
gic
of the custom-made application code itself. There is seemingly an infinit
e
number of different logical glitches that may lead to exploitable securit
y
problems in a web application. But even though the number of glitches may
be
infinite, many of the most frequently occurring glitches may be put in on
e
of the following, rather limited set of categories:
* Failure to deal with metacharacters of a subsystem
* Authorization problems due to giving too much trust in input
That's only two categories, and they cover much of the web application
security hype published in the last eight years or so." This document can
be
found at
http://www.webappsec.org/projects/articles/062105.shtml

CISCO PACKS SECURITY PRODUCTS TOGETHER
Cisco Systems last week introduced software that ties together a variety
of
its security products so service providers can offer more-effective
protection against DDoS attacks.
http://www.net-security.org/news.php?id=8011

VIRUS FLOOD THREATENS HOME USERS
Virus writers have adopted a new tactic to try to make sure their malicio
us
programs reach as many victims as possible.
http://www.net-security.org/news.php?id=8017

INVISIBLE ENCRYPTION
Why didn't this happen sooner? Seagate Technology has just announced a ha
rd
disk drive for laptops and other mobile devices that automatically encryp
ts
all data as it goes into and comes out of the drive.
http://www.net-security.org/news.php?id=8019

SKULLS TROJAN POSES AS SECURITY CODE
Virus writers have created mobile phone malware that poses as a pirated c
opy
of F-Secure's mobile anti-virus software.
http://www.net-security.org/news.php?id=8023

TESTING SECURITY WITH HPING
hping is based on the ping utility, but the two applications are used in
different ways.
http://www.net-security.org/news.php?id=8032

HASHING EXPLOIT THREATENS DIGITAL SECURITY
Cryptographers have found a way to snip a digital signature from one
document and attach it to a fraudulent document without invalidating the
signature and giving the fraud away.
http://www.net-security.org/news.php?id=8046

(IN)SECURE MAGAZINE ISSUE 2 HAS BEEN RELEASED
(IN)SECURE Magazine is a freely available, freely distributable digital
security magazine in PDF format. Get your copy of the second issue today!
http://www.net-security.org/news.php?id=8061

CASE OF A WIRELESS HACK
This is a short story about using a couple of computers, some interesting

tools, an operating system and a bit of thinking to solve a
not-entirely-artificial problem of getting wireless internet access where

measureas are in place to stop it.
http://www.net-security.org/news.php?id=8057

SECURING STORAGE: COMPLETE DATA ERASURE ON STORAGE SYSTEMS
Out of sight, out of mind. When storage systems are upgraded, retired due
to
proactive maintenance, reach the end of their lease, or are repurposed or

resold, companies often delete the data from the disks and forget about i
t.
However, there is a tremendous amount of critical, confidential, and
competitive information on those disks that cannot be completely erased b
y
just pressing a delete button.
http://www.net-security.org/article.php?id=797

Open source hides secret data
http://software.newsforge.com/article.pl?sid=05/06/06/1439202&from=rs
s
The art of hiding information from anyone except from the intended receiv
er
has been used for many centuries. Hiding information by embedding it in
other, seemingly innocuous information is known as steganography, a word
that means "covered writing" in Greek. Today, steganography applications
can
hide one file within another on a computer. Steganography applications ar
e
available on many different platforms, including Windows, Linux, and *BSD.

The Ninth Commandment of system administration
http://software.newsforge.com/article.pl?sid=05/06/13/2034239&from=rs
s
For every network service you run, you've opened one more window on your
server to the world. Firewalls are great for defending servers against
attacks from the outside, but attacks don't always come from the outside.
If
you have a server inside your firewall hacked, the attacker can continue
hacking away at other servers without worrying about the firewall stoppin
g
his progress. For this reason it is important to schedule network audits
of
all of your servers.

Bringing authentication to network layer 3
http://newsvac.newsforge.com/article.pl?sid=05/06/20/2318253&from=rss
Vincent Deffontaines writes "Have you ever thought of how much efficiency

your firewall would gain if it could incorporate per-user filtering? If I
P
filters could use userID as "just another" filtering criteria? Any connex
ion
passing through the filter could be associated its originating user, and
this could even break the old, vague, insecure assumption "1 IP address =
1
user"."

Linux: Kernel 2.6.12.1
Con il rilascio della nuova release stabile del kernel di Linux, la
2.6.12.1, inizia la serie delle sottoversioni anche per il kernel 2.6.12.
http://www.wintricks.it/news1/article.php?ID=3955

MS AntiSpyware 1.0.613
Aggiornato Microsoft AntiSpyware (ex Giant AntiSpyware) alla versione
1.0.613 beta, un nuovo prodotto dedicato alla rimozione di programmi e
moduli spyware.
http://www.wintricks.it/news2/article.php?ID=8997

"eLawOffice: Gestionale Open-Source per Studi Legali"
«E' il progetto più completo a livello internazionale»: lo sostiene
Diego
Zanga, proprietario del sito eLawOffice.it...
http://www.ziobudda.net/Admin/redir_news.php?id=22885

"Il futuro di Mandriva potrebbe essere Debian!"
Secondo Ian Murdock (Chairman e Chief Strategist di Progeny), una delle
prossime mosse strategiche di Mandriva, sarà convertirsi (se vuole
continuare ad esistere) a... Debian.
http://www.ziobudda.net/Admin/redir_news.php?id=22881

"Carte di credito: CartaSi.it col buco"
CartaSi: "Ce ne eravamo accorti, lo stavamo monitorando". La replica: "Ma
i
dati degli utenti erano a mia disposizione..."
http://www.ziobudda.net/Admin/redir_news.php?id=22876

"Stallman sull'assurdità dei brevetti"
Un interessante articolo di Stallman è stato pubblicato sul Guardian
Unlimited. Stallman si sofferma in particolare sulla differenza tra i
brevetti ed il copyright alla luce di alcune affermazioni del ministro
francese dell'industria che denotano una chiara incomprensione
dell'argomento. L'articolo, in lingua inglese, è mirato ad essere
eccezionalmente chiaro anche per i non addetti ai lavori.
http://www.ziobudda.net/Admin/redir_news.php?id=22870

"Google Maps viola la sicurezza militare ed è illegale"
Google Maps è illegale, almeno in Italia, perché viola le norme rigua
rdanti
il segreto militare. Attraverso le mappe messe a disposizione da Google,
infatti, è possibile vedere l'interno delle caserme militari e degli
obbiettivi sensibili (stazioni, aeroporti, etc.), vietati espressamente d
al
decreto regio sulle Norme relative al segreto militare.
http://www.ziobudda.net/Admin/redir_news.php?id=22909

"Firewall, NAT, Packet Filtering (parte I)"
Si usano e se ne parla, ma pochi sanno davvero come funzionano e come si
usano. Spesso si fa confusione su come e a che livello agiscono. Quello c
he
è noto a tutti è che un sistema che ha bisogno di protezione non può
farne
meno. In questo articolo daremo una panoramica su che cos'è un firewall
e
come può aiutarci a difendere i nostri sistemi da una certa categoria d
i
attacchi alla sicurezza. Descriveremo tre dei firewall di Linux più dif
fusi
e famosi, terminando fornendo qualche simpatico esempio di base di access
o e
blocco del traffico dati.
http://www.ziobudda.net/Admin/redir_news.php?id=22904

"Possibili novità del linux kernel 2.6.13"
Andrew Morton ha postato alcune delle possibili nuove features della
prossima release del kernel linux.
http://www.ziobudda.net/Admin/redir_news.php?id=22900

"JamVM, una completa JVM open source"
JamVM è una nuova Java Virtual Machine conforme alle specifiche 2.0 del
la
JVM pubblicate da SUN. In confronto con le altre Virtual Machine (gratuit
e e
commerciali), è estremamente piccola, con un eseguibile di soli 135 KB
su
PowerPC e di 100 KB su Intel. A differenza però di altre VM di dimensio
ni
ridotte (come per esempio KVM), JavaVM è stata progettata per...
http://www.ziobudda.net/Admin/redir_news.php?id=22894

BREVETTI, UN ALTRO VOTO PROMUOVE LA DIRETTIVA
Preoccupa l'assenza di molti parlamentari alla Commissione Giuridica del
Parlamento europeo che ha ieri approvato facilmente la versione della
direttiva voluta dal Consiglio UE ma criticata da migliaia di imprese e
sviluppatori
URL: http://punto-informatico.it/pi.asp?i=53588

UK, LAB GOVERNATIVO PER L'OPEN SOURCE
Non piu' soltanto dichiarazioni: l'amministrazione Blair finanzia un
laboratorio che consentira' alle pubbliche amministrazioni di testare e
sviluppare tecnologie aperte
URL: http://punto-informatico.it/pi.asp?i=53586

I BROWSER INCIAMPANO SU JAVASCRIPT
In tutti i piu' noti browser e' stata scoperta una potenziale vulnerabili
ta'
nell'implementazione di JavaScript. Il rischio e' che siti malevoli
sfruttino il problema per attacchi di phishing e truffe on-line
URL: http://punto-informatico.it/pi.asp?i=53580
Also - http://www.zeusnews.it/news.php?cod=4205

SMS? T9 RELOADED
Dizionari multilingua integrati e T9 specializzati e a tema: queste alcun
e
delle novita' della nuova release di uno dei software piu' utilizzati dag
li
utenti mobili
URL: http://punto-informatico.it/pi.asp?i=53592

SMS? MODIFICABILI DA REMOTO
Un nuovo sistemino sviluppato da Samsung consentira' di cancellare o
modificare i messaggini gia' inviati. Per rimediare a digitazioni troppo
frettolose
URL: http://punto-informatico.it/pi.asp?i=53628

** AVVOCATI PER L'OPEN SOURCE **
Un gruppo di lavoro per l'open source dell'ordine degli avvocati promuove
il
suo primo congresso nazionale.
>> di Pier Luigi Tolardo
http://www.zeusnews.it/news.php?cod=4203
Also - http://www.ziobudda.net/Admin/redir_news.php?id=22872

** CARTE DI CREDITO VIOLATE: NON SOLO MASTERCARD **
Superficialità e incoscienza gli ingredienti principali della mega-razz
ia di
dati. Coinvolti molti altri operatori oltre a Mastercard
>> di Paolo Attivissimo
http://www.zeusnews.it/news.php?cod=4202

NAT Traversal (NAT-T) Security Issues
Author: Deb Shinder
Summary: In this article, we'll look at how NAT-T (Network Address
Translation-Traversal) works and what the security issues are, help you
decide whether to take the risk, and show you how to restore XP's ability
to
connect to servers behind a NAT if you choose to do so.
Link: http://www.WindowSecurity.com/articles/NAT-Traversal-Security.html

Subnetting to Increase Performance
Author: Brien M. Posey
Summary: There comes a time when a network becomes too big and performanc
e
begins to suffer as a result of too much traffic. When that happens, one
of
the ways that you can solve the problem is by breaking the network into
smaller pieces. There are several techniques for splitting a network, but

one of the most effective techniques is called subnetting. In this articl
e,
I will explain what subnetting is, and how it works.
Link: http://www.WindowsNetworking.com/articles_tutorials/Subnetting-Incr
ease-Performance.html

Risks of Passive Network Discovery Systems
This paper sheds light on the weaknesses of passive network discovery and

monitoring systems. It starts by defining passive network discovery, and
goes over the advantages and disadvantages of the technology. It then
demonstrates why passive network discovery cannot live up to its
expectation, and is unable to deliver the promise of complete, accurate a
nd
granular network discovery and monitoring. The white paper can be downloa
ded
from:
http://www.insightix.com/technology-whitepapers.asp

ADVISORIES: JUNE 20, 2005
Today's security advisory: java (jre, j2sdk) (Slackware Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1pb1,1,8bwn,cd1a,85jl,7pty

MACTEL: A DISASTER FOR LINUX?
"Since the announcement of the upcoming x86 Apple computers there has bee
n
nonstop conjecture about how this change will effect every facet of the
computer industry..."
http://nl.internet.com/ct.html?rtr=on&s=1,1pb3,1,ab9s,awj0,85jl,7pty

FINDING ALTERNATIVES IN DEVELOPING SOFTWARE
"Developing software within the free software model can be achieved with
all
sorts of different tools, but choosing the right tools can make a big
difference to the success of your project..."
http://nl.internet.com/ct.html?rtr=on&s=1,1pb3,1,fybu,hwln,85jl,7pty

KOFFICE 1.4 ANNOUNCEMENT
"New Image Editor, New Database Management Application and OASIS
OpenDocument Support Highlight KOffice 1.4 Release for Linux and Other
UNIXes..."
http://nl.internet.com/ct.html?rtr=on&s=1,1pb3,1,btu6,fo9m,85jl,7pty

MASTERING RECURSIVE PROGRAMMING
"Recursion is a tool not often used by imperative language developers,
because it is thought to be slow and to waste space, but as the author
demonstrates, there are several techniques that can be used to minimize o
r
eliminate these problems..."
http://nl.internet.com/ct.html?rtr=on&s=1,1pg8,1,fymn,8pn0,85jl,7pty

Webapp-level protection/detection of Pharming attacks
This paper will focus on the Pharming side of things (including the DNS
attacks, "the New DNS" of search engines, intermediary vector that can
change host to IP resolution such as proxies/WPAD/caches etc.).
http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf

DShield: A community approach to intrusion detection
http://software.newsforge.com/article.pl?sid=05/06/07/1432216&from=rs
s
Analyzing firewall logs is key to understanding the threats your servers
face. Knowing what the bad guys are looking for is the first step in
assessing how vulnerable your servers are. Both open source and commercia
l
firewalls make log information available to firewall administrator. But
taking risk assessment a step further, what if there were a way to apply
the
principles that make open source software successful to firewall log
analysis? A way to help yourself and others at the same time? The DShield

project seeks to do just that.

New version of the Auditor Security Collection released
I am proud to announce the release of the new version of the Auditor
Security Collection CD-ROM. We put in a lot of effort to bring it into th
at
final look and feel as you can see in the Auditor development log. It see
ms
to be the best version released ever. Not only because of its completenes
s,
no it seems to be the most stable and bugfree version.
http://www.remote-exploit.org

UN NUOVO CRACKDOWN ITALIANO?
Autistici/Inventati denuncia: da piu' di un anno le forze dell'ordine
tengono sotto controllo un server che gestisce numerosi siti e moltissime

mailing list. Gia' partita una interrogazione parlamentare
URL: http://punto-informatico.it/pi.asp?i=53654

KOFFICE SPOSA OPENDOCUMENT
La nuova versione della celebre suite open aggiunge il supporto al format
o
standard dei file OpenDocument, lo stesso alla base dell'imminente
OpenOffice 2.0. Al debutto anche due nuove applicazioni per KDE
URL: http://punto-informatico.it/pi.asp?i=53660

CARTASI' SPIEGA LA FALLA SUL SUO SITO
Punto Informatico intervista i tecnici della societa' per chiarire le
dinamiche di un evento che ha sollevato molta attenzione in un momento co
si'
critico per le attivita' web delle societa' delle carte di credito
URL: http://punto-informatico.it/pi.asp?i=53658

"Convegno Nazionale sul Diritto Amministrativo Elettronico"
La IV edizione del Convegno Nazionale sul Diritto Amministrativo
Elettronico, si terrà venerdì 1 e sabato 2 luglio - presso l'hotel Ba
ia
Verde, a Catania. ll convegno, ideato e diretto dallo Studio Legale
Giurdanella, in collaborazione con la rivista giuridica "Diritto & Diritt
i"
e l'Istituto di Teoria e Tecniche dell'Informazione Giuridica del C.N.R.,

sarà dedicato al Codice della Amministrazione Digitale.
http://www.ziobudda.net/Admin/redir_news.php?id=22936

"Firefox 1.0.5"
Disponibile la versione in italiano definitiva (o quasi?). Il link è
dell'installer.
http://www.ziobudda.net/Admin/redir_news.php?id=22931

"KNOPPIX 4.0 DVD"
A partire da questa versione, Knoppix sarà disponibile in formato DVD e
CD.
Via bittorrent è possibile scaricare al momento la versione DVD.
http://www.ziobudda.net/Admin/redir_news.php?id=22923

ADVISORIES, JUNE 22, 2005
Today's security advisories: Cacti and Trac (Gentoo Linux); sudo (Mandriv
a
Linux); sudo (Slackware Linux); and java2 (SUSE Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1pki,1,375x,kyjg,85jl,7pty

FEW BROWSERS SAFE FROM LATEST SPOOFING FLAW
"According to Secunia Research, IE, Mozilla Firefox, Opera and Apple Safa
ri
have a similar 'flaw' related to their use of JavaScript dialog boxes..."
http://nl.internet.com/ct.html?rtr=on&s=1,1pki,1,f29k,b967,85jl,7pty

ASTARO UPDATES "SECURITY LINUX"
"Astaro Security Linux 6.0 is a seven-in-one network security package tha
t
provides a firewall, virus protection, intrusion protection, spam
protection, spyware protection, surf protection (content filtering) and
VPN..."
http://nl.internet.com/ct.html?rtr=on&s=1,1pki,1,jxny,ajp8,85jl,7pty

PULLING THE COVERS OFF LINUX PAM
"A hidden jewel--or pain in the rear, depending on your perspective--is
Linux PAM (Pluggable Authentication Module)..."
http://nl.internet.com/ct.html?rtr=on&s=1,1pkg,1,81lt,4tuh,85jl,7pty

KERNELTRAP: REISER4 PLUGINS
"In the debate following Andrew Morton posting his plans for 2.6.13, the
existence of a plugin layer in Reiser4 was discussed..."
http://nl.internet.com/ct.html?rtr=on&s=1,1pkg,1,90x2,1vaf,85jl,7pty

An Introduction to XUL Part 5
Learn more about XUL, a subset of XML used to describe user interfaces, t
hat
lets you build them with a simple text editor.
http://www.devshed.com/c/a/XML/An-Introduction-to-XUL-Part-5/

Class Relationships
Read about how to obtain, install, configure, and test the MySQL server o
n
your Windows or UNIX system.
http://www.devshed.com/c/a/Practices/Class-Relationships/

Object Interaction in PHP: Introduction to Aggregation, part 4
Read about working with MySQLConnector and Pager classes.
http://www.devshed.com/c/a/PHP/Object-Interaction-in-PHP-Introduction-to-
Aggregation-part-4/

Search Engines For the Invisible Web
When searches bring you nothing useful, some search engines and databases

can help.
http://www.seochat.com/c/a/Search-Engine-Optimization-Help/Search-Engines
-For-the-Invisible-Web/

Wireless Sensor Networks pt 1: Introduction
Learn about the basic concepts and architecture of sensor networks,and
become familiar with their issues.
http://webhosting.devshed.com/c/a/Web-Hosting-Articles/Wireless-Sensor-Ne
tworks-pt-1-Introduction/

Wireless Sensor Networks, part 2: Limitations
Read about the limitations that wireless sensor networks face.
http://webhosting.devshed.com/c/a/Web-Hosting-Articles/Wireless-Sensor-Ne
tworks-part-2-Limitations/

Interview: Looking at FreeBSD 6 and Beyond
http://newsvac.newsforge.com/article.pl?sid=05/06/24/0219249&from=rss
One of my popular articles shortly after I joined OSNews in 2001 proved t
o
be "the big *BSD interview" and so it is only appropriate to end my servi
ng
at OSNews with a similar theme. Today we are very happy to host a Q&A wit
h
well-known FreeBSD developers John Baldwin, Robert Watson and Scott Long.
We
discuss about FreeBSD 6 and its new features, the competition, TrustedBSD
,
Darwin etc.

Linux Filesystems and Partitioning: A Primer
http://newsvac.newsforge.com/article.pl?sid=05/06/24/0216215&from=rss
We recently to shed some light on Linux, particularly for users unfamilia
r
with the system. The article received quite a response from around the wo
rld
and so we will be doing some follow-up articles to teach all those
interested, the ins and outs of Linux. In this article, we will be
discussing what partitioning is, how to choose a filesystem, how to have
Windows and Linux installed on your hard drive at the same time, and more.

"Sono online i lucidi della sesta lezione del corso GNU/Linux"
Come per le precdenti lezioni, sono disponibili e liberamente scaricabili
i
lucidi relativi alla quinta lezione, incentrata su filesystem, mount,
/etc/fstab, backup, init e runlevel.
http://www.ziobudda.net/Admin/redir_news.php?id=22950

"Kaspersky Anti-Virus 5.5 protegge la piattaforma Linux."
Kaspersky Lab annuncia l'uscita di Kaspersky Anti-Virus versione 5.5 per
Linux, FreeBSD ed OpenBSD Mail Server, File Server e Workstation per la
protezione dei server di messaggeria di archivi e di posti di lavoro.
http://www.ziobudda.net/Admin/redir_news.php?id=22944

"Gmail diventa Hard Disk Remoto - Hack or Official solution"
Poco dopo l'uscita di Gmail, usci' Gmailfs. Da un paio di mesi pero' Goog
le
ha lanciato in fase beta un nuovo servizio: Gmail Hard Drive.
http://www.ziobudda.net/Admin/redir_news.php?id=22942

KERNELTRAP: V9FS, A 9P FILESYSTEM PROTOCOL IMPLEMENTATION
"Among the patches in Andrew Morton's -mm kernel recently discussed for
possible inclusion in 2.6.13 was v9fs, the Linux port of Plan 9's 9p
filesystem protocol.."
http://nl.internet.com/ct.html?rtr=on&s=1,1poq,1,m08h,cwlw,85jl,7pty

Italian lawyers in love with open source
http://trends.newsforge.com/article.pl?sid=05/06/15/1924206&from=rss
Most of the time, open source supporters think of lawyers as a crowd of
hungry vultures, throwing patents and cease-and-desist letters at innocen
t
hackers. However, in the province of Foggia, Southern Italy, two small
groups of lawyers have turned themselves into open source evangelists.

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Inside) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT)
(Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)