IN DIRETTA da ' The Jackal '..
Cari amici del SecurityNews è arrivato anche per me il tempo di salutarvi e darvi appuntamento agli inizi di Settembre per la prossima carrellata di notizie. Il caldo dalle mie parti si fà sempre più insostenibile ed ho deciso di prendere anticipatamente le mie meritate vacanze. Come sempre, per chi ha voglia di incontrarmi, vi comunico che dal 3 agosto fino a dopo il 15 sarò a Marina d'Ugento (nel meraviglioso Salento). Nel frattempo auguro a tutti voi (siete in tutto oltre 9.000..!!) buone vacanze. Ci vediamo quando le nuvole tornano a casa!! A presto..
"Browsershots"
Siete curiosi di vedere come il vostro sito viene visualizzato dai vari browser, nelle varie risoluzioni e con diversi plug-in? Allora Browsershots, software open source ancora in beta, fa per voi!
http://www.ziobudda.net/Admin/redir_news.php?id=23333
** NAZIONALIZZARE SUPERAMANDA **
Ricadranno sugli utenti le spese per il supersistemone che intercetta tutto.
>> di Pier Luigi Tolardo
http://www.zeusnews.it/news.php?cod=4248
BRUXELLES: OK ALL'INTERCETTAZIONE DI MASSA Barroso accoglie le istanze dei britannici. Entro settembre sara' discussa la direttiva sulla data retention. Poi i diversi paesi europei potranno recepire la normativa. E Roma dovra' adeguarsi
URL: http://punto-informatico.it/pi.asp?i=54137
CERTI LINK VIETATI ANCHE IN AUSTRALIA
Condannato per la prima volta nel paese dei canguri un webmaster che sul proprio sito aveva pubblicato una directory di link. Ma non e' finita qui:
colpevole anche il provider
URL: http://punto-informatico.it/pi.asp?i=54138
CASO SCO-IBM AD UNA SVOLTA?
Spunta un vecchio memo SCO che scagiona la comunita' open source dalle
accuse di aver copiato il codice di UNIX in Linux. Un'altra e-mail, pero',
afferma l'esatto contrario. I dettagli
URL: http://punto-informatico.it/pi.asp?i=54153
UTENTI WINAMP? OCCHIO AGLI MP3 KILLER
Il famoso player multimediale per Windows soffre di una vulnerabilita' che
potrebbe essere sfruttata dai cracker per diffondere codici dannosi. Per
sventare il rischio e' necessario scaricare l'ultima release
URL: http://punto-informatico.it/pi.asp?i=54141
Also - http://securitytracker.com/alerts/2005/Jul/1014483.html
Lawrence Lessig speaks on Microsoft, antitrust, telecomms
http://newsvac.newsforge.com/article.pl?sid=05/07/16/1614251&from=rss
I COULDN'T lose the opportunity to interview Lawrence Lessig last week when
he gave a presentation about Creative Commons here in Buenos Aires. Mr.
Lessig is one fascinating person, Law Professor, a connoisseur of
technology, he played a key role in the DOJ-Microsoft antitrust trial, and
he's now pushing his "Free Culture" ideas around the world. I wish I had
asked one hundred questions, but for now, here are my ten short questions he
agreed to answer.
Windows flaw could spawn DoS attacks
http://newsvac.newsforge.com/article.pl?sid=05/07/16/168254&from=rss
CNET News.com writes "Microsoft is working on a patch for a flaw that could
allow attackers to remotely crash Windows PCs."
VIA's Open Source initiative, just a fake?
http://newsvac.newsforge.com/article.pl?sid=05/07/18/0011233&from=rss
Anonymous Reader writes "Epiacenter is asking the question "VIA's Open
Source initiative, just a fake?" regarding the latest release of source code
from VIA. Apparently the code in their most recent release has reverted the
license files back to the original S3/Proprietary license. In context this
follows on from VIA's blaze of publicity not so long ago about their Open
source initiative, there appears to have been no attempts by VIA since that
announcement to actually work with any open source team.. It does indeed
look like this is just a bit of cynical marketing as was suggested at the
time by those in the know. Even if this current change is just an innocent
accident, it does highlight the point that VIA doesn't really have a
committed open source policy."
Hacking Bluetooth
Very good paper about Hacking Bluetooth from Ezequiel Sallis, Its in
Spanish, but its pretty simple to understand it, and explain all the
Bluetooth attacks, bluesnarfing, bluesmacking, Bloover, and so on. You can
download this paper from here:
http://www.infosecurityonline.org/presentaciones/argentina/rosario2005/Isec-Hacking-Bluetooth-Rosario-2005.zip
Sophos Anti-Virus
Vendor: Sophos
iDEFENSE reported a vulnerability in the Sophos Anti-Virus engine. A remote
user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014488.html
CUPS (Common UNIX Printing System)
Vendor: Easy Software Products
In May 2004, a vulnerability was reported in CUPS. A remote user can bypass
access control lists in certain cases.
Impact: Host/resource access via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014482.html
FireWall-1/VPN-1
Vendor: Check Point
A vulnerability was reported in Check Point SecuRemote NG. A local user may
be able to obtain the application password.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Jul/1014471.html
Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Firefox in controlling access in
shared base objects. A remote user can execute arbitrary code with
privileges. Mozilla Suite is also affected.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014470.html
Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Firefox. A remote user can execute
arbitrary code via the browser.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014469.html
Mac OS X
Vendor: Apple Computer
A vulnerability was reported in Apple Mac OS X in the processing of TCP/IP
connections. A remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014464.html
Kerberos
Vendor: MIT
A double-free memory vulnerability was reported in Kerberos in the
krb5_recvauth() function. A remote user may be able to execute arbitrary
code.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014461.html
Kerberos
Vendor: MIT
Two vulnerabilities were reported in the MIT krb5 Key
Distribution Center (KDC) implementation. A remote user may be able to
execute arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014460.html
Microsoft Office
Vendor: Microsoft
A vulnerability was reported in Microsoft Office. A remote user can cause
arbitrary code to be executed on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014458.html
MSN Messenger
Vendor: Microsoft
Diabolic Crab reported a vulnerability in the MSN Messenger protocol. A
remote authenticated user can kick users out of a group conversation.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Jul/1014444.html
Linux Kernel
Vendor: kernel.org
A race condition vulnerability was reported in the Linux kernel in the ia32
compatibility code. A local user can execute arbitrary code with kernel
level privileges.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Jul/1014442.html
"Le novità di KDE e del suo fork"
Screenshots e non solo del nuovo KDE, ma anche una interessante anteprima di
SimpleKDE, che promette di essere più "leggero" del suo "genitore".
http://www.ziobudda.net/Admin/redir_news.php?id=23360
"Snort: Un ottimo sitema IDS totalmente open source"
Ormai quasi tutte le reti sono collegate ad internet con connsesioni
permanenti tipo adsl consentendo agli utenti autorizzati di accedere da
remoto ai propri dati, ma allo stesso tempo consentendo anche ad eventuali
malintenzinati di tentare di forzare le protezioni presenti per accedere in
maniera illecita a dati riservati.Per migliorare la sicurezza di una rete è
possibile installare un IDS (Intrusion Detection System). Il prodotto che si
analizzerà nell'articolo è Snort, un IDS opensource che può essere
installato su una qualsiasi macchina linux.
http://www.ziobudda.net/Admin/redir_news.php?id=23347
"Performance Testing The Kernel"
Kenneth Chen ha annunciato, nella ML degli sviluppatori del kernel, un
progetto per testare le performance del moderno Kernel Linux.
http://www.ziobudda.net/Admin/redir_news.php?id=23345
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1rep,1,2xs2,gq3d,85jl,7pty
NIENTE PALLADIUM IN LONGHORN
La piattaforma DRM che lega hardware e software si muove troppo lentamente
per i tempi di sviluppo del prossimo Windows. Per ora, dunque, viene
rinviata l'integrazione delle piu' ambiziose tecnologie di trusted computing
URL: http://punto-informatico.it/pi.asp?i=54160
BREVETTI, E' STATA VERA VITTORIA?
di Paolo Zocchi - E ora? La mancata approvazione della direttiva non altera
lo status quo, quello di un Ufficio brevetti europeo che continua ad operare
a briglia sciolta. Occorre rimettersi in moto
URL: http://punto-informatico.it/pi.asp?i=54139
FIREFOX, UN DUE TRE PROVA
Per via di alcuni problemi tecnici in cui e' inciampata la release 1.0.5 di
Firefox le localizzazioni del noto browser open source, inclusa quella
italiana, non sono ancora disponibili. Si attende una nuova versione
tappabuchi
URL: http://punto-informatico.it/pi.asp?i=54179
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1rep,1,a7ye,88ax,85jl,7pty
WINDOWS XP A RISCHIO DOS
Alcune fra le piu' recenti versioni di Windows, tra cui XP e 2003 con gli
ultimi service pack, sono vulnerabili a due falle utilizzabili dai cracker
per lanciare attacchi di denial of service. Tra i componenti vulnerabili
Desktop Remoto
URL: http://punto-informatico.it/pi.asp?i=54165
Also - http://news.com.com/Windows+flaw+could+spawn+DoS+attacks/2100-7349_3-5790540.html?part=rss&tag=5790540&subj=news
Security in GPRS
Ancora un ottimo paper sulla sicurezza dei dispositivi GPRS.
http://student.grm.hia.no/master/ikt01/ikt6400/ekaasin/Master%20Thesis%20Web.pdf
How to build an OpenBSD Live CD
Live CDs aren't just for Linux anymore. The BSDs have their own projects.
For example, you can build a bootable OpenBSD installation that uses pf to
do NAT and firewalling right out of the box--how handy for training
purposes, or for setting up temporary, secure, internet-capable networks.
Kevin Lo explains how to build an OpenBSD Live CD:
http://www.onlamp.com/pub/a/bsd/2005/07/14/openbsd_live.html
IF LINUX RULED THE WORLD HOW SECURE WOULD IT BE?
"How secure would Linux be if everyone were using it...?"
http://nl.internet.com/ct.html?rtr=on&s=1,1ren,1,6j7c,aefn,85jl,7pty
WRITING LINUX FIREWALL RULES WITH IPTABLES
This guide will give you some background on IPTables and how to use it to
secure your network.
http://www.net-security.org/news.php?id=8249
PENETRATION TESTING: TAKING THE GUESSWORK OUT OF VULNERABILITY MANAGEMENT
Despite the ongoing investment in information security, sensitive customer
information and intellectual property continue to be compromised, this paper
focuses on the best practices that will enable organizations to secure this
information.
http://www.net-security.org/news.php?id=8253
INTRODUCTION TO IPAUDIT
IPAudit is a handy tool that will allow you to analyze all packets entering
and leaving your network.
http://www.net-security.org/news.php?id=8260
WORD BUG SHOWS TREND IN FILE FORMAT HACKS
The vulnerability in Microsoft Word is only the latest in a spreading trend
that's seeing hackers probe for foibles and failings in file formats, a
security firm says.
http://www.net-security.org/news.php?id=8281
RISKS AND THREATS TO STORAGE AREA NETWORKS
The foundation of enterprise risk analysis is the threat model which defines
the points of attack and the methods of attack at each point. This paper
investigates risk and common security threats against storage area networks
(SANs) and the countermeasures that can be taken to mitigate the
vulnerability of the enterprise SAN.
http://www.net-security.org/article.php?id=803
(Remote) Controlling Your Windows XP PC
Find music on your computer the no-hassle way! Using an infrared remote to
control your PC-based MP3 player may sound strange at first, but soon you'll
spend an hour looking for your PC remote control rather than use your
keyboard. Kulvir Bhogal shows you how to get to the next level of laziness
with a low-cost remote control solution.
http://www.informit.com/articles/article.asp?p=401649
MALWARE
Title: Worm spells double trouble for PCs
Source: C-Net News
Date Written: 2005-07-15
Date Collected: 2005-07-18
At least three variants of the "Lebreat" network and mass-mailing worm have
emerged. The worm attempts to launch denial-of-service attacks against
security firm Symantec's Web site. Symantec is aware of the attack, but does
not expect many problems.
http://news.com.com/Worm+spells+double+trouble+for+PCs/2100-7349_3-5790416.html?part=rss&tag=5790416&subj=news
MALWARE
Title: Malware maelstrom menaces UK
Source: The Register
Date Written: 2005-07-18
Date Collected: 2005-07-18
Breatel-A, an email worm, transmitted with less common attachment types
(therefore potentially not blocked by firewalls and content filters) has
spread quickly from its Northern Ireland origin. A downloader Trojan,
Small-BDQ, has been sent in more than 120,000 emails to UK businesses since
July 16, and the attack continues today.
http://www.theregister.co.uk/2005/07/18/malware_blitz/
VULNERABILITIES & EXPLOITS
Title: Cisco Issues VoIP Security Warning
Source: NewsFactor
Date Written: 2005-07-15
Date Collected: 2005-07-18
Cisco Systems has patched its CallManager software to prevent exploitation
allowing denial-of-service attacks, memory corruption or interrupted
service. The announcement draws attention to the growing threats affecting
VoIP.
http://www.newsfactor.com/story.xhtml?story_id=37306
Ten-year-old girl is youngest ever Microsoft engineer?
http://newsvac.newsforge.com/article.pl?sid=05/07/18/205234&from=rss
Nations vie to come up with the youngest qualified computer specialist,
after Pakistan's Arfa Karim is hailed for becoming a Microsoft Certified
Professional at the age of nine.
"Scrivete le vostre password!"
Bruce Schneier, guru assoluto della sicurezza informatica, sull'ultimo
numero della sua newsletter CryptoGram, sfata uno dei dogmi sacri di questa
disciplina, invitando a scrivere le proprie password sul classico foglietto
di carta da conservare nel portafoglio.
http://www.ziobudda.net/Admin/redir_news.php?id=23387
"Utenti Firefox a rischio Greasemonkey"
Se usate Firefox e avete il plug-in Greasemonkey disinstallatelo
immediatamente: contiene un pericolosissimo bug che permette a chiunque di
eseguire da un qualsiasi sito uno script banale in grado di esporre tutti i
file del vostro hard disk ed anche di inviarli in qualunque parte del globo!
http://www.ziobudda.net/Admin/redir_news.php?id=23386
"Installare grub grazie a Knoppix"
Piccola guida su come installare grub con una Knoppix facendosi aiutare da
"Knoppix Hacks" di Kyle Rankin.
http://www.ziobudda.net/Admin/redir_news.php?id=23383
"Un forum tutto italiano per Openoffice.org"
E' finalmente online, da pochissimi giorni, il forum italiano dedicato ad
Openoffice.org (ovviamente grazie a nathanvit).
Restano disponibili anche le "vecchie" forme di aggregazione quali il wiki
http://openoffice.nathanvi.it , in veste rinnovata, ed il canale irc
#openoffice.org-it sul server irc.freenode.net.. Affolliamoli :)
http://www.ziobudda.net/Admin/redir_news.php?id=23378
PERFORMANCE, LONGHORN VS. XP
Microsoft ha di recente affermato che Longhorn sara' nettamente piu' veloce
di Windows XP in diverse aree, quantificando per la prima volta tali
migliorie
URL: http://punto-informatico.it/pi.asp?i=54207
C'E' UNO SPIFFERO IN PAGINEBIANCHE.IT
Sui forum di Punto Informatico e' stato segnalata una debolezza nel sito
PagineBianche.it di Seat che potrebbe essere utilizzata per attacchi di
phishing. Un problema simile interessa anche il noto portale Leonardo.it
URL: http://punto-informatico.it/pi.asp?i=54210
** OS/2 ADDIO: MIGRATE A LINUX **
Lo storico sistema operativo di IBM cesserà di avere sostegno gratuito. Si
consiglia di migrare al pinguino.
>> di Michele Bottari
http://www.zeusnews.it/news.php?cod=4249
** PRIVACY E LIBERTA' SECONDO STEFANO RODOTA' **
Un libro-intervista al "padre" della privacy italiana sulla tutela dei dati
personali, attualissimo nella polemica in corso su privacy e lotta al
terrorismo.
http://www.zeusnews.it/news.php?cod=4246
Mozilla Firefox 1.0.6
Disponibile Mozilla Firefox 1.0.6 localizzato in italiano (Ex Firebird, Ex
Phoenix ) . Firefox è un ottimo browser leggero e veloce nato da un progetto
di mozilla.org
http://www.wintricks.it/news2/article.php?ID=9245
Thunderbird 1.0.6
Mozilla Thunderbird è un client di posta e news reader open-source e
multi-piattaforma, gira su Windows 95, 98, Me, 2000 e XP, ma anche Linux,
MacOS X, OS/2 e Solaris . Tra le caratteristiche integrate di questo client
di posta possiamo notare , tra l'altro, un potente filtro antispam inoltre
Mozilla Thunderbird permette di installare funzionalità aggiuntive a seconda
delle esigenze grazie ai plugin. I plugin sono potenti estensioni che
permettono di personalizzare il programma di posta a seconda delle proprie
necessità.
http://www.wintricks.it/news2/article.php?ID=9246
Internet Explorer is corrupted. how do I fix it?
Author: Robert J. Shimonski
Summary: Very rarely do we ever get our systems beat up so badly that we
have to perform surgery on them... sometimes, you feel like you need to
reinstall the whole system, or sometimes you wish you didn't have to - and
could just repair it, as is, where it sits. Well, before you do anything
rash, try this handy step by step article and script to re-register your
Internet Explorer and hopefully 'clean' it of problems. Let's see what two
quick tips can do to spare you from possible disaster.
Link: http://www.WindowsNetworking.com/articles_tutorials/Internet-Explorer-corrupted-fix.html
Making Internet Phone Calls Using Skype
Skype lets you use the internet to make phone calls to other Skype users and
also to regular telephones. Wei-Meng Lee shows you how to set it up and
start talking.
http://www.windowsdevcenter.com/pub/a/windows/2005/07/19/skype.html
Ten Essential Development Practices
Perl lets you be productive in everything from quick and dirty throwaway
programs to big, business-critical applications. Building the latter
requires some discipline, though. Damian Conway shares ten essential
development practices to make your Perl programming easier, more reliable,
and even more enjoyable.
http://www.perl.com/pub/a/2005/07/14/bestpractices.html
ADVISORIES, JULY 18, 2005
Today's security advisories: heimdal, phppgadmin, and ekg (Debian
GNU/Linux); and Mozilla Thunderbird (Gentoo Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1rij,1,8qa0,awam,85jl,7pty
LIFE IS GOOD WHEN YOU'RE A SLACKER
"As many of you know, I spend most of my time buried in Linux distributions.
When new software is released, I've got it and am either loving it or
getting ready to smash it repeatedly with a large hammer..."
http://nl.internet.com/ct.html?rtr=on&s=1,1ril,1,em45,jh4j,85jl,7pty
THE FUTURE OF COMPUTING: IS FREE SOFTWARE READY?
"The future is the state of things yet to come. One can only expect what may
happen and never know what will happen..."
http://nl.internet.com/ct.html?rtr=on&s=1,1ril,1,dhrt,ksat,85jl,7pty
CLI MAGIC: BASH HISTORY EXPANSION
"The Bourne-Again SHell (bash) has a major user base and the fact that it
has incorporated some useful features from the Korn shell (ksh) and C shell
(csh) might be one of the reasons..."
http://nl.internet.com/ct.html?rtr=on&s=1,1ril,1,ajdp,ilw3,85jl,7pty
USE CYGWIN WHEN YOU CAN'T USE LINUX
"Attached to those applications that run on Linux but forced to use Windows?
Take Cygwin out for a spin..."
http://nl.internet.com/ct.html?rtr=on&s=1,1ril,1,12dv,d5pb,85jl,7pty
Object Interaction in PHP: Introduction to Composition, conclusion
Create a MySQL database wrapping class that uses the concept of composition.
http://www.devshed.com/c/a/PHP/Object-Interaction-in-PHP-Introduction-to-Composition-conclusion/
The Power of JavaScript: Operators
Learn how to perform arithmetic operations, comparison operations and
increment/decrement operations using Javascript operators.
http://www.devarticles.com/c/a/JavaScript/The-Power-of-Javascript-Operators/
Multithreading in C++
While C++ does not feature built-in support for multithreading, it can be
used to create multithreaded programs.
http://www.devarticles.com/c/a/Cplusplus/Multithreading-in-C/
How To Steal To The Top Of Google: Use the News
How would you like to completely leapfrog over that numero uno spot, and
actually be listed better than #1?
http://www.seochat.com/c/a/Google-Optimization-Help/How-To-Steal-To-The-Top-Of-Google-Use-the-News/
Wireless Sensor Networks: Security Requirements
This article focuses on security requirements related to sensor nodes'
operation.
http://webhosting.devshed.com/c/a/Web-Hosting-Articles/Wireless-Sensor-Networks-Security-Requirements/
CYBERCRIME-HACKING
Title: Symantec website under DDoS attack
Source: Silicon.com
Date Written: 2005-07-18
Date Collected: 2005-07-19
E-mail security firm MessageLabs says it has intercepted 13,717 copies of
the medium-threat Breatel.A-mm worm. Users who open a Breatel infected
e-mail attachment join their computers to a botnet designed to deny service
to the website of Symantec. Symantec says its infrastructure was designed to
withstand denialof service attacks.
http://software.silicon.com/malware/0,3800003100,39150478,00.htm
VULNERABILITIES & EXPLOITS
Title: Windows flaw reaches beyond XP
Source: C-Net News
Date Written: 2005-07-18
Date Collected: 2005-07-19
Microsoft has announced that a flaw in the Windows XP Remote Desktop
Protocol (RDP) may also affect Windows 2000 and Windows Server 2003. RDP
allows remote access to Windows machines, but a specially crafted malformed
remote request could be used to crash Windows systems. Most versions of
Windows have RDP disabled by default, though Windows XP Media Center edition
does not. Microsoft says it is working on a patch; in the meantime, there
are no known exploits and users can close TCP port 3389 or disable RDP. The
SANS Institute has noticed an increase in port scanning activity on 3389
since Microsoft announced the flaw.
http://news.com.com/Windows+flaw+reaches+beyond+XP/2100-1002_3-5793344.html
Also - http://www.wintricks.it/news1/article.php?ID=4021
BEST PRACTICES & RISK MANAGEMENT
Title: NIST invites comment on draft standard
Source: Federal Computer Week
Date Written: 2005-07-18
Date Collected: 2005-07-19
The National Institute of Standards and Technology (NIST) has released two
drafts for public comment. Draft Federal Information Processing Standard
(FIPS) Publication 200 defines minimum security requirements for federal
information systems and is expected to be approved by the Secretary of
Commerce by the end of 2005. Draft Special Publication 800-53A describes how
to implement a cost=effective security strategy based on a risk assessment.
NIST will accept comments on Publication 200 until August 31 and on Special
Publication 800-53A until September 31. Both documents are related to the
Federal Information Security Management Act (FISMA) of 2002.
http://www.fcw.com/article89611-07-18-05-Web
Tips for buying a Linux-compatible laptop
http://hardware.newsforge.com/article.pl?sid=05/07/14/1721248&from=rss
Though it served me faithfully for nearly five years, it was time to send my
old Dell Inspiron 3800 laptop out to pasture. As much as I like buying new
toys, I wasn't looking forward to shopping for a laptop -- I thought I'd
find something just adequate that would cost a ton of money. As it turned
out, I spent less than I expected, and my new laptop system is as perfect as
I need it to be. Here are a few things I learned about shopping for
Linux-compatible laptops.
Network monitoring with ngrep
http://software.newsforge.com/article.pl?sid=05/07/08/164249&from=rss
Constant monitoring and troubleshooting are key to maintaining a network's
availability. With ngrep, you can analyze network traffic in a manner
similar to that of other network sniffers. However, unlike its brethern,
ngrep can match regular expressions within the network packet payloads. By
using its advanced string matching capabilities, ngrep can look for packets
on specified ports and assist in tracking the usernames and passwords
zipping off the network, as well as all Telnet attempts to the server.
"Il mostro a due teste che ucciderà Linux"
Dopo il matrimonio con Intel, i seguaci di Apple predicono al pinguino un
futuro gramo. Un mostro a due teste, una somigliante a zio Bill (Microsoft),
l'altra a zio Steve (Apple), sembra essere il giustiziere che cancellerà
Linux dalla faccia della terra.
http://www.ziobudda.net/Admin/redir_news.php?id=23416
"Tutorial su Rails da WebMonkey"
WebMonkey, uno dei siti più anziani dedicati allo sviluppo web, presenta una
introduzione a Rails, la nuova piattaforma libera per lo sviluppo rapido di
applicazioni web.
http://www.ziobudda.net/Admin/redir_news.php?id=23413
"Oracle: troppo tempo per una patch"
Dopo le sei vulnerabilità scoperte nei suoi applicativi, venute alla luce
pochi giorni fa, i ricercatori di ogni società criticano i tempi impiegati
dalla stessa Oracle per ovviare a questi problemi. Oracle ora è presa di
mira dalle maggiori società di consulenza sulla sicurezza informatica
mondiale.
http://www.ziobudda.net/Admin/redir_news.php?id=23408
QUEI DISCLAIMER INTIMIDATORI NELL'EMAIL
di V. Frediani (Consulentelegaleinformatico.it) - Quante volte e' capitato
di ricevere un'email indirizzata a qualcun altro con, in calce, un
avvertimento per chi legge? Ecco che peso dare a simili disclaimer
URL: http://punto-informatico.it/pi.asp?i=54191
UN PALLADIUM PER I SERVER
È quanto propone il Trusted Computer Group, che ha sfornato una nuova
specifica per la sicurezza tesa a proteggere i dati e le transazioni lato
server. Alla base della specifica c'e' lo stesso chip che potrebbe entrare
in Palladium
URL: http://punto-informatico.it/pi.asp?i=54219
AOL SFORNA UN NUOVO BROWSER
Si chiama AOL Explorer e si rivolge agli utenti di Windows che desiderano
abbandonare Internet Explorer per un'alternativa pienamente compatibile ma
piu' ricca di funzionalita' per la navigazione e la sicurezza. Dedicato a
mamme e teen-ager
URL: http://punto-informatico.it/pi.asp?i=54231
Sys Admin: Friend or Foe?
Author: Don Parker
Summary: The network system administrator is the first line, and sometimes
last line of defence that a network has. What happens though if that very
same defender becomes more of a liability?
Link: http://www.WindowSecurity.com/articles/Sys-Admin-Friend-Foe.html
Issues Involved In Converting Basic Disks To Dynamic Disks
Author: Brien M. Posey
Summary: One of the Windows Server 2003 features that I've always found most
useful is the ability to convert basic disks to dynamic disks. The advantage
of doing this is that the Windows operating system allows you to span a
single volume across multiple dynamic disks. By spanning a volume across
multiple disks, you can create a larger volume than what a single disk can
hold, you can achieve better performance than what a single disk would
provide you with, and you can even achieve a degree of fault tolerance
against hard disk failure. Even with all of these benefits, there are some
serious issues that you need to be aware of before you even think about
converting a basic disk into a dynamic disk. In this article, I will discuss
these issues.
Link: http://www.WindowsNetworking.com/articles_tutorials/Issue-Involved-Converting-Basic-Disks-Dynamic-Disks.html
ADVISORIES: JULY 19, 2005
Today's security advisories: heartbeat and affix (Debian GNU/Linux); and
nss_ldap (Mandriva Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1rm7,1,en9o,kdvu,85jl,7pty
ON THE "CREATIVE COMMONS": A CRITIQUE OF THE COMMONS WITHOUT COMMONALTY
"On the face of it, the Creative Commons project appears to be a success..."
http://nl.internet.com/ct.html?rtr=on&s=1,1rm5,1,cpyk,ic69,85jl,7pty
BEATING THE IP ADDRESS BAN
"The flip-side of filtering spam is persuading mis-configured e-mail relays
to accept mail from me..."
http://nl.internet.com/ct.html?rtr=on&s=1,1rm5,1,88fn,a12u,85jl,7pty
If it isn't broken...
The recently introduced zlib vulnerability is both widespread and
significant, but it also brings to light some of the real advantages of open
source software.
http://www.securityfocus.com/columnists/341
MALWARE
Title: ITunes worm is Windows spyware threat
Source: computer world
Date Written: 2005-07-20
Date Collected: 2005-07-20
Trend Micro identified a new worm, WORM_OPANKI.Y, that targets Apple's
iTunes. The worm affects most types of Windows operating systems, but Mac
users are not at risk. It pretends to be an iTunes file and spreads through
AOL Instant Messenger. The file "iTunes.exe", when activated, sends a
message to the user's contacts, reading, "this picture never gets old",
containing a link to a URL where users are directed download an apparent
JPEG file. Trend Micro says the threat is not major.
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,103343,00.html?source=x10
VULNERABILITIES & EXPLOITS
Title: Greasemonkey Flaw Prompts Critical Uninstall Warning
Source: EWeek.com
Date Written: 2005-07-19
Date Collected: 2005-07-20
Developers are recommending that users completely uninstal versions prior to
0.3.5 of the Firefox add-on Greasemonkey due to a severe security flaw.
Greasemonkey allows users to modify webpages while viewing them in the
browser. The flaw could expose every hard drive file on a vulnerable
machine. There are no known exploits so far, however.
http://www.eweek.com/article2/0,1759,1838702,00.asp
"L'ICANN detta le regole per l'Internet del prossimo futuro"
Nella riunione tenutasi in Lussemburgo, l'ICANN ha dettato le sue regole: no
alla gestione multilingue dei nomi di dominio, nessun accordo sulla
governance delle Rete e ".com" liberalizzati. Ma non tutti sono
entusiasti...
http://www.ziobudda.net/Admin/redir_news.php?id=23443
"Sicurezza: la risposta di Oracle"
Ieri, sulle pagine di TuxJournal, avevamo parlato di un argomento alquanto
delicato. Riguardava la situazione che ha visto Oracle impiegata nel
corregere 6 falle di sicurezza critiche presenti nei propri applicativi in
un tempo non proprio tempestivo: 650 giorni. Abbiamo ricevuto la risposta
del CSO (Chief Security Officer) di Oracle: Mary Ann Davidson.
http://www.ziobudda.net/Admin/redir_news.php?id=23434
"Mitnick sul social engineering"
Kevin Mitnick, l'hacker più famoso della rete, una volta il più ricercato
del World Wide Web che con le sue indiscutibili qualità e gesta è arrivato
ad essere il soggetto protagonista di film e libri, si ferma a riflettere
sul fenomeno del social engineering e su come arginarlo. Si, proprio lui, il
pioniere del social engineering, che spiega come fermare la sua "tecnica".
http://www.ziobudda.net/Admin/redir_news.php?id=23431
"Primo numero di Zinemania"
OpensourceMania.it ha pubblicato il primo numero della sua rivista
elettronica rivolta ad utenti neofiti e anche a professionisti. Nei prossimi
numeri sono previste sezzioni per Mac, Windows e altro, per coprire tutte le
fasce di utenti.
http://www.ziobudda.net/Admin/redir_news.php?id=23430
"Kiax: telefonate gratuite verso i numeri di rete fissa"
Tradotto dall'inglese l'howto che spiega come far funzionare il client Kiax
con VoipBuster, il programma che permette di effettuare telefonate gratuite
ai numeri di rete fissa. Ora anche su Linux!
http://www.ziobudda.net/Admin/redir_news.php?id=23427
"Siamo in una botnet di ferro."
Di Umberto Rapetto. I programmi "botnet", nati originariamente nel mondo
delle chat e che funzionano in totale autonomia, possono essere sfruttati da
chi li ha generati o semplicemente ha trovato modo di disporne e di
utilizzarli per acquisire il controllo remoto di interi gruppi di computer.
http://www.ziobudda.net/Admin/redir_news.php?id=23426
CONDANNATO IL PRIMO VIRUS WRITER ITALIANO
Ieri l'autore del worm Vierika e' stato condannato ad una sanzione di 6mila
euro. Ha evitato la pena detentiva richiesta dal PM. La difesa: software
innocuo. La sentenza: accesso abusivo con danneggiamento
URL: http://punto-informatico.it/pi.asp?i=54261
L'ANTIVIRUS DI MICROSOFT SOTTO TEST
Il big di Redmond avvia la prima fase di beta testing della propria
soluzione integrata per la sicurezza che, come noto, include il primo
antivirus targato Microsoft. In fase di testing anche MSN Messenger 7.5
URL: http://punto-informatico.it/pi.asp?i=54265
IEXPLORER, TORNANO LE JPEG AL VELENO
Le immagini JPEG nuovamente un rischio per gli utenti del browser Microsoft,
vulnerabili ad un problema che potrebbe esporli a crash improvvisi del
browser o a codici malevoli. Segnalato anche un trojan che sfrutta un
recente bug di IE
URL: http://punto-informatico.it/pi.asp?i=54250
TAPPATE ALCUNE FALLE IN KDE
Tra le vulnerabilita' corrette ieri da KDE.org nella propria piattaforma
desktop per Linux e Unix ve ne sono alcune che potrebbero aprire le porte ai
cracker
URL: http://punto-informatico.it/pi.asp?i=54253
ORACLE, SEI BUCHI CHE VENGONO DA LONTANO
Un ricercatore di scurezza tedesco ha criticato Oracle per aver ignorato sei
vulnerabilita' da lui scoperte oltre due anni fa. Queste debolezze sono ora
di pubblico dominio e potrebbero essere utilizzate per vari tipi di attacchi
URL: http://punto-informatico.it/pi.asp?i=54255
ADVISORIES, JULY 20, 2005
Today's security advisories: mysql, firefox, and thunderbird (Fedora Core);
MediaWiki (Gentoo Linux); cpio, kdelibs, and shorewall (Mandriva Linux); and
dnsmasq and emacs movemail POP utility (Slackware Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1rq0,1,44gb,a829,85jl,7pty
ENHANCE SECURITY WITH A LINUX LOGGING SERVER
"Increasing security often means decreasing convenience. But when it comes
to using a remote logging server, you get both security and convenience..."
http://nl.internet.com/ct.html?rtr=on&s=1,1rq0,1,aj00,hc2x,85jl,7pty
WHY I'M NOT A PROGRAMMER TODAY
"In the mid eighties, I got my first computer, a Sinclair ZX Spectrum; I
recall transcribing code from a book and then recording it to tape so that I
could play the games I had produced..."
http://nl.internet.com/ct.html?rtr=on&s=1,1rpy,1,7t2v,fpnx,85jl,7pty
RUN GNU/LINUX FROM A USB PEN DRIVE
"You can carry GNU/Linux in your pocket with a functional, quick, and useful
USB pen drive distribution..."
http://nl.internet.com/ct.html?rtr=on&s=1,1rpy,1,ewyr,33d,85jl,7pty
FEDERAL COMPUTER WEEK: INTRUSION DETECTION ON STEROIDS
"Locking the cyber-doors has never been easy because as soon as one door is
locked, intruders merely look for another vulnerability -- and the number of
vulnerabilities seems to be endless..."
http://nl.internet.com/ct.html?rtr=on&s=1,1rpy,1,c0r2,3uf9,85jl,7pty
Trike. A new conceptual framework and methodology for threat modeling
Trike is a unified conceptual framework for security auditing from a risk
management perspective through the generation of threat models in a
reliable, repeatable manner. A security auditing team can use it to
completely and accurately describe the security characteristics of a system
from its high-level architecture to its low-level implementation details.
Trike also enables communication among security team members and between
security teams and other stakeholders by providing a consistent conceptual
framework. This document describes the current version of the methodology
(currently under heavy development) in sufficient detail to allow its use.
In addition to detail on the threat model itself (including automatic threat
generation and attack graphs), we cover the two models used in its
generation, namely the requirements model and the implementation model,
along with notes on risk analysis and work flows. The final version of this
paper will include a fully worked example for the entire process. Trike is
distinguished from other threat modeling methodologies by the high levels of
automation possible within the system, the defensive perspective of the
system, and the degree of formalism present in the methodology. Portions of
this methodology are currently experimental; as they have not been fully
tested against real systems, care should be exercised when using them. The
paper is available at http://dymaxion.org/trike/ or
http://www.hhhh.org/trike/papers
ICMP attacks against TCP
This document discusses the use of the Internet Control Message Protocol
(ICMP) to perform a variety of attacks against the Transmission Control
Protocol (TCP) and other similar protocols. It proposes several
counter-measures to eliminate or minimize the impact of these attacks.
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
"Terrorismo,Cortiana:Sulle email il Parlamento ha gia' deciso"
La sicurezza deve coniugarsi con il principio di liberta', viceversa noi
snatureremo la natura democratica e liberale delle nostra Repubblica. Come
diceva Benjamin Franklin, chi voglia ridurre la libertà in nome della
sicurezza, non avra', né merita, ne' l'una, ne' l'altra.
http://www.ziobudda.net/Admin/redir_news.php?id=23466
"Pacchetto Pisanu, sì al controllo sulle email"
Oggi il via libera dal Consiglio dei ministri.
TELEFONI E INTERNET - Via libera alla norma che proroga fino a sei anni l'obbligo
di conservare i tabulati telefonici di tutti i cittadini. Ma la verà novità
riguarda Internet: i dati che finora erano cancellati in tempo reale,
dovranno essere conservati dai gestori della rete per due anni. È la misura
chiesta dal ministro dell'Interno britannico Charles Clarke dopo gli
attentati del 7 luglio. Le schede telefoniche prepagate diventano nominative
mentre sarà il Viminale a rilasciare l'autorizzazione a chi apre un internet
point : i gestori dovranno identificare e segnare su un registro identità e
numero di documento dei clienti.
http://www.ziobudda.net/Admin/redir_news.php?id=23463
"Una distro Linux per la libertà?"
La propone un lettore, secondo cui una distribuzione ad hoc potrebbe
trasformare vecchi computer e macchine obsolete in strumenti di libertà, ad
esempio in remailer anonimi.
http://www.ziobudda.net/Admin/redir_news.php?id=23448
"Tappate alcune falle in KDE"
Tra le vulnerabilità corrette ieri da KDE.org nella propria piattaforma
desktop per Linux e Unix ve ne sono alcune che potrebbero aprire le porte ai
cracker.
http://www.ziobudda.net/Admin/redir_news.php?id=23447
** WINDOWS VISTA (SUL MARE?) **
Non si chiamerà più Longhorn l'ultima creatura di Microsoft, bensì Windows
Vista.
http://forum.zeusnews.com/viewtopic.php?t=6330
Identifying P2P users using traffic analysis
This article looks at identifying P2P users and applications in large
networks by analyzing traffic behavior instead of monitoring ports or
application level data.
http://www.securityfocus.com/infocus/1843
HACKS FROM PAX: NETWORK SERVER MONITORING WITH NMAP
"Today we'll discuss hardening Linux servers by scanning for unnecessarily
open network ports, and we'll show you how to automate port scanning so you
can easily monitor your network for vulnerabilities..."
http://nl.internet.com/ct.html?rtr=on&s=1,1rtm,1,dxh9,earq,85jl,7pty
OWASP Guide 2.0 Release Candidate
The OWASP Guide 2.0 release candidate is now available. Please download the
Guide in your favorite format.
Word: http://www.greebo.net/owasp/Guide2.0RC.zip (1.6 MB)
PDF: http://www.greebo.net/owasp/Guide2.0RC.pdf (1.6 MB)
Effective C++ Item 27: Minimize casting
The rules of C++ are designed to guarantee that type errors are impossible.
Casting, however, subverts the type system and can lead to pesky errors in
compiled code. This chapter explains why it's a good idea to forgo casting
as much as possible in C++.
http://www.informit.com/articles/article.asp?p=397657&rl=1
Effective C++: Never call virtual functions during construction or
destruction
If you've come to C++ from another programming language like C# or Java, it
may seem counterintuitive to avoid calling virtual functions during
construction or deconstruction, but in C++, doing this will cause unexpected
results and endless headaches.
http://www.informit.com/articles/article.asp?p=397656
Effective C++ Item 47: Use traits classes for information about types
One of the strengths of C++ is the inheritability of classes. Learn how to
use traits classes for information about types in this sample chapter from
Effective C++: 55 Specific Ways to Improve Your Programs and Designs.
http://www.informit.com/articles/article.asp?p=397658
HOMELAND SECURITY & INFRASTRUCTURE PROTECTION
Title: House approves renewal of Patriot Act
Source: CNN
Date Written: 2005-07-22
Date Collected: 2005-07-22
The US House of Representatives has voted 257-171 to renew provisions of the
Patriot Act. The Patriot Act was quickly passed following the September 11,
2001, terrorist attacks, with sixteen provisions set to expire in 2006. The
House voted to make fourteen provisions permanent and extend the other two
for until 2016. The Patriot Act has been controversial for its expansion of
the Justice Department's investigatory and surveillance powers. While the
Bush administration supports the act's extension, many civil libertarians
oppose it. The Senate is still considering its own reauthorization of the
Patriot Act, with final results to be agreed by the House and Senate in a
conference committee.
http://www.cnn.com/2005/POLITICS/07/21/patriot.act/index.html
VULNERABILITIES & EXPLOITS
Title: Gartner: Five most overhyped security threats
Source: ZDNet Australia
Date Written: 2005-07-22
Date Collected: 2005-07-22
Gartner research director Amrit Williams, speaking at the Gartner Security
Summit in Melbourne, named five over-hyped security issues. The first is
internet telephony; though internet phones face the same threats as other
computer networks, they can be protected with the same technologies. Mobile
malware is not likely to create the chaos some observers predict; mobile
devices are too few and come in too many platforms for mobile malware to
spread widely. Williams also dismissed the threat of the Warhol worm that
could infect the entire Internet in 15 minutes; only one example, SQL
Slammer, is known, and the disruption to internet service would be only
temporary. Fourth, many businesses are focusing on regulatory compliance
while neglecting real security issues. Finally, Williams disagreed that
wireless networks were too risky to use; technologies and best practices for
running a wireless network are effective and widely available.
http://www.zdnet.com.au/news/security/soa/Gartner_Five_most_overhyped_security_threats/0,2000061744,39203481,00.htm
VULNERABILITIES & EXPLOITS
Title: Unpatched IE flaws reported
Source: C-Net News
Date Written: 2005-07-21
Date Collected: 2005-07-22
Security researcher Michal Zalewski says he has found several flaws in the
way Microsoft's Internet Explorer 6 handles JPEG images that could allow a
remote attacker to execute arbitrary code. Zalewski has posted four
proof-of-concept images that can crash Explorer and cause memory or
processor problems, even on Windows XP Service Pack 2. Zalewski says he
chose to publicize the flaw himself due to the difficulty of Microsoft's
lengthy flaw report process. Microsoft says it is investigating the
vulnerability, has no evidence of exploits or attacks, and disapproves of
the manner in which the flaw was publicized.
http://news.com.com/Unpatched+IE+flaws+reported/2100-1002_3-5798893.html
VULNERABILITIES & EXPLOITS
Title: Security Expert Blasts Oracle's Patch Policy
Source: NewsFactor Network
Date Written: 2005-07-22
Date Collected: 2005-07-22
Alexander Kornbrust, researcher for Red Database Security, has criticized
Oracle's patching policy after the company failed to release patches for six
moderately-critical vulnerabilities he reported to them in 2003. The flaws
affect Oracle Forms and Oracle Reports, packaged with Oracle 9i and 10g
Application servers and Developer suites. At least on of the flaws could be
exploited to take control of a machine. Kornbrust says he informed Oracle in
April 2005 that he would publicize the flaws if it did not release patches
or work-arounds by July.
http://www.newsfactor.com/story.xhtml?story_id=37438
g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >
(AreaSessantuno Inside) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT)
(Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)
http://www.gnomixland.com/