GnomixLand :: Manuali, immagini, fotografie e tanto altro a portata di un click

***Micro Spot***
Sono finalmente online oltre 3000 fotografie e disegni ad alta qualità.
Maggiori info: http://wallpapers.gnomixland.com ***End micro spot***

"The Auditor security collection"
Arriva The Auditor security collection, il tool sulla sicurezza per un computer Desktop, il più completo possibile. Su base Linux OpenSource, questo articolo ne propone le caratteristiche nei dettagli!
http://www.ziobudda.net/Admin/redir_news.php?id=24228

"Disdire Fastweb per ADSL diversa da Telecom? Impossibile!"
Forse non tutti sanno che sviluppatori e professionisti che vogliano migrare da Fastweb ad un operatore più vantaggioso diverso da Telecom non possono farlo.
http://www.ziobudda.net/Admin/redir_news.php?id=24227

"RMS mostra la GPL3"
Dopo la scioccante intervista con ESR, in cui Eric ha detto "We don't need the GPL anymore", ecco RMS che parla della GPL. Si tratta di un'anteprima delle clausole che RMS pensa di includere nella GPL versione 3.
http://www.ziobudda.net/Admin/redir_news.php?id=24223

P2P, IL RITORNO DI WINMX
Gli utenti del celeberrimo programma danno vita ad un originale sforzo collaborativo e il software torna in vita grazie ad un file che puo' essere facilmente scaricato ed installato. Per la RIAA ora la strada e' di nuovo in salita
URL: http://punto-informatico.it/pi.asp?i=55153

BUCATO IL NUOVO FIRMWARE PSP
Far girare programmi autoprodotti su PSP? Un anonimo programmatore ha individuato e sfruttato con successo una falla critica nel firmware 2.0
URL: http://punto-informatico.it/pi.asp?i=55171

APPLE SISTEMA 10 FALLE DI SICUREZZA
Nel Security Update di questo mese Apple ha corretto 10 vulnerabilita' in Mac OS X, alcune delle quali considerate piuttosto pericolose
URL: http://punto-informatico.it/pi.asp?i=55151

DATA RETENTION, I GARANTI PER LA PRIVACY BOCCIANO LA COMMISSIONE Conservare i dati del traffico - ricordano - significa intercettare indiscriminatamente le comunicazioni di tutti
URL: http://punto-informatico.it/pi.asp?i=55150

TERRORISMO, LE REGOLE PER IL WIRELESS
di F. Sarzana di S.Ippolito e Guido Villa (Lidis.it) - Terza parte di un approfondimento sulle novita' introdotte dal Governo che toccano direttamente anche Internet. Ecco novita', orientamento e problemi
URL: http://punto-informatico.it/pi.asp?i=55198

PRIMO STANDARD PER IL SOFTWARE RFID
EPCglobal ha approvato un nuovo standard RFID che, a differenza di quelli precedenti, si focalizza sul software. La neo specifica definisce le modalita' di funzionamento del software utilizzato per leggere e trattare i dati EPC
URL: http://punto-informatico.it/pi.asp?i=55185

Managing Passwords In an Unsafe World
In this dangerous world, rife with identity and data theft, you should use passwords that are as secure as possible. But how do you keep track of the gazillion passwords needed to access your various resources? Steve Schafer gives you the skinny on consumer options available for managing all those passwords.
http://www.informit.com/articles/article.asp?p=415790

Living the Least Privilege Lifestyle, Part 2: Why Running as a Non-Admin is Safer Most of us want more power, never less. But Don Kiely explains how deliberately limiting your power over your system can help you to prevent someone else from getting power over it. Running as a "mere user" is sometimes inconvenient, but the aggravations are outweighed by the control you gain.
http://www.informit.com/articles/article.asp?p=409918

Alternate Data Streams: Threat or Menace?
By now, you're probably aware of how easy it is to accidentally leave metadata in your Microsoft Word documents, offending or amusing recipients who can easily uncover your mistakes. Did you also know that bad guys might be helping you to even more embarrassment (or danger), by using the alternate data streams (ADS) capability of Windows NTFS to hook warez, pornography, or even hacker's tools to your innocent files?
http://www.informit.com/articles/article.asp?p=413685

The Realities of Software Testing
Unfortunately, in the real world you will never see a project perfectly follow any of the development models. You will never be given a thoroughly detailed specification that perfectly meets the customer’s needs and you will never have enough time to do all the testing you need to do. It just doesn’t happen. This chapter will help you understand that software testing doesn't alway go perfectly, and help you prepare for that eventuality.
http://www.informit.com/articles/article.asp?p=412922

ENOUGH WITH COPYRIGHT
"As part of my work, I spend my time dealing with protected content: what I write is either copyrighted or released under a Creative Commons license..."
http://nl.internet.com/ct.html?rtr=on&s=1,1wyr,1,lmyp,1b1j,85jl,7pty

THE DAEMON, THE GNU & THE PENGUIN--CH. 19 "Here is the next installment, Chapter 19--'Just for Fun...'"
http://nl.internet.com/ct.html?rtr=on&s=1,1wyr,1,77s8,gkx,85jl,7pty

DISASTER RECOVERY: ARE YOU PREPARED?
"Scores of IT infrastructure professionals have been working night and day to recover data centers that were either devastated or put out of service due to Hurricane Katrina..."
http://nl.internet.com/ct.html?rtr=on&s=1,1wyr,1,l5ow,d6yw,85jl,7pty

KERNELTRAP: REVIEWING THE DEVELOPMENT PROCESS "The generally accepted path for introducing new code into the 2.6 Linux kernel is to first have it merged into Andrew Morton's -mm kernel, and then after sufficient testing to have it merged into Linus Torvald's mainline kernel..."
http://nl.internet.com/ct.html?rtr=on&s=1,1wyr,1,cx9n,ksf,85jl,7pty

KDE 4 PROMISES RADICAL CHANGES TO THE FREE DESKTOP "Though KDE 3.5 isn't even out yet, developers are already working on KDE 4. Plenty of work has already gone into porting existing code to Qt4..."
http://nl.internet.com/ct.html?rtr=on&s=1,1wyr,1,7p8p,bbnw,85jl,7pty

Linux Advisory Watch - September 23, 2005 http://os.newsforge.com/article.pl?sid=05/09/23/1628253&from=rss
This week, advisories were released for turqstat, centericq, lm-sensors, kdebase, python, XFree86, Mailutils, Shorewall, mozilla, mod_ssl, clam, mod_ssl, Zebedee, umount, squid, and mod_ssl. The distributors include Debian, Fedora, Gentoo, and Red Hat.

An introduction to Debian networking setup http://newsvac.newsforge.com/article.pl?sid=05/09/25/2251211&from=rss
Under Debian networking is pretty comparable to other distributions of Linux, especially in areas such as DNS setup. However if you're new to the distribution you might not know where things are set. This brief introduction to networking will show you how it works.

Tutorial: Ubuntu for servers
http://newsvac.newsforge.com/article.pl?sid=05/09/25/1930258&from=rss
Falko Timme writes "Ubuntu is primarily known as one of the most popular desktop distributions. But you can also use it for servers! This guide shows how to set up a web, mail, and ftp server with Ubuntu 5.04 "The Hoary Hedgehog" and demonstrates the details with the help of 21 screenshots. The installation is easy as 1-2-3 and allows even complete Linux newbies to dive into the world of Linux servers. The tutorial covers the installation of Apache + SSL + PHP, Postfix with SMTP-AUTH and TLS, BIND9, Courier-IMAP(s) and Courier-POP3(s), Proftpd, MySQL, Webalizer, Quota, etc."

CLI Magic: p0f
http://software.newsforge.com/article.pl?sid=05/09/20/2321216&from=rss
This week's CLI Magic will be a little different from the norm. It's still about magic happening at the command line, but this time it's magic from the dark side. P0f is a passive OS fingerprint tool written by The Evil Twin, a.k.a. Michal Zalewski. Don't worry, we won't be doing anything illegal, just making our own personal version of Netcraft's "What's that site running?" survey.

CYBERCRIME-HACKING
Title: Phishers target Yahoo! Photos
Source: The Register
Date Written: 2005-09-26
Date Collected: 2005-09-26
Internet security firm Websense reports that phishers are resorting to new tactics to capture Yahoo! account login information. Originally described as a “crude attack”, the method has “evolved with the introduction of a more subtle form of social engineering attack” where users receive an email encouraging them to link to a website that records their login information before redirecting them to the actual Yahoo! photos site. Users are encouraged to go straight to the photo website, rather than follow links from emails.
http://www.theregister.co.uk/2005/09/26/yahoo_photos_phish/

VULNERABILITIES & EXPLOITS
Title: Tiscali in UK consumer data security breach
Source: The Register
Date Written: 2005-09-26
Date Collected: 2005-09-26
Tiscali, a UK-based Internet Service Provider, apologized when a data security breach on September 23, 2005 exposed names, addresses, contact information and product orders of some subscribers. When users clicked on a link in a promotional e-mail sent out to encourage them to upgrade their current services, then entered their account information, another customer’s file would be displayed. Any other attempts to login provided different customer files. The scripting error has since been fixed.
http://www.theregister.co.uk/2005/09/26/tiscali_data_security_flap/

WORM CREATES FAKE GOOGLE SITE
Spoofed webpage is identical, but displays alternative ads.
http://www.net-security.org/news.php?id=8857

BIG BROTHER IS HEARING YOU
'Acoustic spying' can crack passwords simply by listening to keystrokes.
http://www.net-security.org/news.php?id=8867

MICROSOFT INTRODUCES NEW SECURITY TOOL
Microsoft on Monday introduced the final version of a new security tool for locking down computers that operate in shared environments.
http://www.net-security.org/news.php?id=8872

NEW WAVE OF BAGLE WORMS POUNDS INTERNET
A new wave of Bagle variants is pounding the Internet and appears to be trying to build a zombie army, according to security analysts.
http://www.net-security.org/news.php?id=8888

THUNDERBIRD SUFFERS SIMILAR SECURITY PROBLEM AS FIREFOX A bug - like the one disclosed Tuesday in the Linux edition of Firefox - relates to how the software processes URLs. It was rated as "extremely critical" by a security vendor.
http://www.net-security.org/news.php?id=8899

PASSWORDS IN SECURITY
Breaking into corporate networks, and thereby corporate information, has never been easier. Why? Firstly, access to systems (usually Windows) at the desktop is universal. Secondly, most people, including techies, don't appear to know how to select adequately secure passwords.
http://www.net-security.org/article.php?id=819

HylaFAX
Vendor: Hylafax.org
A vulnerability was reported in HylaFAX. A local user may be able to gain elevated privileges on the target system.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Sep/1014952.html

Webmin
Vendor: Cameron, Jamie
A vulnerability was reported in Webmin. A remote user can execute arbitrary commands with root privileges on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Sep/1014951.html

Usermin
Vendor: Cameron, Jamie
A vulnerability was reported in Usermin. A remote user can execute arbitrary commands with root privileges on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Sep/1014950.html

Linux Kernel
Vendor: kernel.org
A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Sep/1014944.html

Opera
Vendor: Opera Software
A vulnerability was reported in Opera. A remote user may be able to spoof file types and cause a target user to execute arbitrary scripting code.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Sep/1014943.html

"OILPROJECT scuola gratis opensource 3^edizione!!!"
Con più di 2000 utenti ed una effervescente community, lo staff è orgoglioso di presentare al popolo della grande rete i corsi completamente gratuiti che anche quest'anno organizza, a partire dalla prima settimana di ottobre. Le lezioni, che avverranno in chat IRC, saranno di volta in volta registrate in modo che chiunque abbia la possibilità di leggerne il contenuto senza avervi partecipato direttamente. Gli argomenti dei corsi saranno la programmazione (Python, Php), l'uso del sistema operativo libero GNU/Linux, Hacking e networking.
http://www.ziobudda.net/Admin/redir_news.php?id=24248

"Seconda revisione di TheOpenCD Edizione Italiana v2.0"
TheOpenCD v2.0 è una piccola raccolta di software Open Source per Windows della migliore qualità, comodamente disponibile su un CD. Questa seconda revisione include importanti aggiornamenti tra i quali FireFox 1.0.7, Mozilla 1.7.12, Gaim 1.5.0 e Abiword 2.2.9. [ndZioBudda: ok, non è relativa a Linux, come notizia, ma sempre di prodotti OpenSource si tratta]
http://www.ziobudda.net/Admin/redir_news.php?id=24268

"Nuovo libro su Linux"
Direttamente dalle parole dell'autore, questo articolo spiega e motiva ciò che ha ispirato Rickford Grant a scrivere "Linux Made Easy", libro su Linux e l'OpenSource...
http://www.ziobudda.net/Admin/redir_news.php?id=24267

"KDE 4, rivoluzione in arrivo ?"
Un articolo che descrive quale potrebbe essere il futuro di KDE. KDE4 sara' rivoluzionario?
http://www.ziobudda.net/Admin/redir_news.php?id=24258

ED ECCO CROSSFIRE, RIVALE DI NVIDIA SLI
Dopo lunga attesa, ATI ha finalmente lanciato sul mercato le prime soluzioni grafiche basate sulla propria tecnologia dual-card CrossFire, rivale della SLI di Nvidia. Queste le caratteristiche e le prime valutazioni
URL: http://punto-informatico.it/pi.asp?i=55213

ALTROCONSUMO: SUL 12 TARIFFE STELLARI
L'Associazione dei consumatori presenta un'analisi dei prezzi dei nuovi servizi informativi telefonici che hanno preso il posto del 12. Rilevando che dal 2000 ad oggi si paga 12 volte di piu'. Il salasso dal primo ottobre
URL: http://punto-informatico.it/pi.asp?i=55245

OFFICE 2003 SP2 ED ALTRI PACCHI
Microsoft ha rilasciato diversi aggiornamenti per le applicazioni della propria suite Office System, tra cui i service pack 2 per Office 2003, Visio, OneNote e altri componenti della suite. Disponibile anche Data Protection Manager
URL: http://punto-informatico.it/pi.asp?i=55232
Also - http://www.theregister.co.uk/2005/09/28/office2003_sp2/

BUCABILE IL REALPLAYER PER LINUX
Le versioni Linux e Unix del famoso player di RealNetworks, incluso Helix, soffrono di un grave problema di sicurezza legato alle gestione di alcuni tipi di file. Attesa la patch
URL: http://punto-informatico.it/pi.asp?i=55244
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1x8i,1,ljth,fau,85jl,7pty

KOKOROGATARI, L'INTERFACCIA CEREBRALE
Un consorzio giapponese realizza un sistema elettronico dal costo contenuto che… legge il pensiero e lo trasforma in risposte elaborate dal computer. Ridara' voce a chi vive paralizzato, affermano gli sviluppatori
URL: http://punto-informatico.it/pi.asp?i=55240

Using NSLOOKUP for DNS Server diagnosis
Author: Brien M. Posey
Summary: The DNS protocol has been around for decades and is a stable and reliable protocol. Even so, DNS does occasionally have problems. PING is a great tool for DNS server diagnosis, and I tend to use it quite frequently myself. However, sometimes PING just doesn’t give you enough information about the problem at hand. When you need more information about a DNS problem than what PING provides you with, you can always turn to the NSLOOKUP command. In this article, I will show you how to use NSLOOKUP.
Link: http://www.WindowsNetworking.com/articles_tutorials/Using-NSLOOKUP-DNS-Server-diagnosis.html

Packet analysis tools and methodology (Part 4)
Author: Don Parker
Summary: In the last part of this article series we will take a look at the alarms generated by myself. This binary log will include several attacks, and some general surfing. We now need to take a look, and separate the chaff from the wheat.
Link: http://www.WindowSecurity.com/articles/Packet-analysis-tools-methodology-Part4.html

Windows rootkits come of age
An interview with Greg Hoglund and Jamie Butler on the state of Windows rootkits discusses how quickly they have evolved, and how slow vendors have been to address the issues.
http://www.securityfocus.com/columnists/358

Security-related innovation in Unix
Keep an eye on the new heap implementation that's being integrated into OpenBSD.
http://www.securityfocus.com/columnists/359

Enhancing Skype
If you're a Skype fan, you know it can be used to make internet phone calls. But did you know about all the cool tools you can use to enhance it? Wei-Meng Lee gives you the rundown. You'll find out how to make a Skype answering machine, and use Skype for videoconferencing.
http://www.windowsdevcenter.com/pub/a/windows/2005/09/27/enhancing-skype.html

Getting Your Bluetooth Headset to Work in XP With Bluetooth support built into SP2, getting a Bluetooth headset to work should be a breeze. But it ain't necessarily so. Wei-Meng Lee shows you how to do it.
http://www.windowsdevcenter.com/pub/a/windows/2005/07/05/bluetooth.html

Joomla is the New Mambo
What happens when a corporation tries to restructure an open source project? It isn't pretty.
http://www.devshed.com/c/a/BrainDump/Joomla-is-the-New-Mambo/

Securing the Database
Learn what steps you can take, representing the best practices used in organizations today, to secure an Oracle database.
http://www.devshed.com/c/a/Oracle/Securing-the-Database/

Exception Handling in JavaScript: Catching User Input Learn how to trap most of the primary error types according to user-entered data.
http://www.devarticles.com/c/a/JavaScript/Exception-Handling-in-JavaScript-Catching-User-Input/

Temporary Variables: Keep Your Values Close, and Your References and Pointers Even Closer In C++, it is usually better to pass a function parameter by reference than it is to pass it by value -- but there are exceptions to this.
http://www.devarticles.com/c/a/Cplusplus/Temporary-Variables-Keep-Your-Values-Close-and-Your-References-and-Pointers-Even-Closer/

Validator
Learn how the Validator in the Struts framework makes a programmer's life easier and offers greater flexibility with data validation.
http://www.devarticles.com/c/a/Java/Validator/

A CONTINUING LOOK AT WINDOWS V. LINUX SECURITY "You will never be 100% 'secure' because the upper limit is bound by human stupidity. The best you can do is to reduce the threats to just below that level..."
http://nl.internet.com/ct.html?rtr=on&s=1,1x45,1,fxdt,8ezw,85jl,7pty

SSL VPNS AND OPENVPN: A LOT OF LIES AND A SHRED OF TRUTH "I wanted to write an article on the strengths of OpenVPN, but I just can't get the message out without first talking about the serious insecurities I see in the rest of the SSL Virtual Private Network space..."
http://nl.internet.com/ct.html?rtr=on&s=1,1x8i,1,eocm,kova,85jl,7pty

FREE SOFTWARE MAGAZINE: REDUCING THE RISK OF RISK "Using free software to reduce risks and costs during a business startup..."
http://nl.internet.com/ct.html?rtr=on&s=1,1x42,1,6xqt,6wt5,85jl,7pty

PETER VAN DER LINDEN'S GUIDE TO LINUX: A LESSON IN ENCRYPTION, PART 3 "This is the third and final part of my series of articles on public key encryption in Linux..."
http://nl.internet.com/ct.html?rtr=on&s=1,1x8g,1,ew3t,6tmj,85jl,7pty

TECHNOLOGY
Title: Cisco to offer security service on networking range
Source: Techworld
Date Written: 2005-09-27
Date Collected: 2005-09-27
Cisco will announce new security features for its networking products and an Incident Control System (ICS) service, supplying network administrators with security information from Trend Micro. Cisco already provides Trend Micro virus signatures through its Intrusion Prevention Systems (IPS). The new ICS service will allow sysadmins to combat malware by distributing mitigation policies across Cisco networks. However, network administrators will still have to consider how a policy might affect business processes and ICS offers little defense against zero-day attacks. ICS will include a rollback feature to minimize disruption.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4470

CYBERCRIME-HACKING
Title: PSP crackers break console 'wide open'
Source: The Register
Date Written: 2005-09-28
Date Collected: 2005-09-28
Crackers claim to be able to remove Sony PlayStation Portable (PSP) firmware code and replace it with an earlier version that contains fewer anti-piracy features. The process exploits a buffer overflow flaw that allows the incorporation of code into image data. Sony released version 2.0 in summer 2005 to address piracy holes in 1.5 and to add support for web browsing and various media formats.
http://www.theregister.co.uk/2005/09/28/psp_firmware_crack/

Asianux 2.0
http://os.newsforge.com/article.pl?sid=05/09/23/1440254&from=rss
Last month, Chinese Red Flag Software, Japanese Miracle Linux, and South Korean HaanSoft jointly released the GNU/Linux-based operating system Asianux 2.0. The three companies will package and sell Asianux 2.0 under their individual brand names.

Darik's Boot and Nuke: A great tool for obliterating your data http://software.newsforge.com/article.pl?sid=05/09/14/178204&from=rss
Do you know what happened to your data when you disposed of your last PC? With identity theft on the rise, it's important to make sure your information is removed before you get rid of that old hard drive. Thanks to the work of developer Darik Horn, there's an excellent tool to wipe data off of a hard disk: Darik's Boot and Nuke (DBAN).

Rule Set Based Access Control 1.2.5 Available http://newsvac.newsforge.com/article.pl?sid=05/09/28/2339206&from=rss
LogError writes "RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels. From a practical standpoint, it allows possibilities such as full fine grained control over objects, memory execution prevention, real time integrated virus detection and more."

"OpenOffice.org 2.0 Release Candidate"
La prima Release Candidate di OOo e' da oggi pronta da scaricare! Buon download a tutti!
http://www.ziobudda.net/Admin/redir_news.php?id=24284
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1xc0,1,fp6f,a323,85jl,7pty

CHIUDE EDONKEY. TORNERA', MA A PAGAMENTO Tolleranza zero contro il P2P: la sentenza Grokster spinge i responsabili della popolarissima rete eDonkey a gettare la spugna e pensare a servizi a pagamento. Ma i figli dell'Asino assicurano la sopravvivenza della specie
URL: http://punto-informatico.it/pi.asp?i=55269

DATA RETENTION, UE INADEGUATA
di Saverio Manfredini - Il Parlamento Europeo ha bocciato la conservazione dei dati del traffico. Un voto che non serve a granche': l'Europa e' un mostro a tre teste, ed ognuna agisce a proprio piacimento. Che Roma faccia da se' e' un'ovvieta'
URL: http://punto-informatico.it/pi.asp?i=55229

STORIE DI PIRATI E LIBERTA'
Elogio della Pirateria: questo il titolo dell'ultima lucidissima fatica di Carlo Gubitosa, un'analisi a tratti provocatoria delle gesta dei corsari digitali e non, da quelli del cinema a quelli dell'etere. PI lo ha intervistato
URL: http://punto-informatico.it/pi.asp?i=55259

GOOGLER
"[The next] step would be naturally the development of a GoogleOS: to do that Google could buy Mandriva (Lycoris/Bitstream's btX2 included), and this would be much cheaper and more productive than, say, a purchase of Baidu..."
http://nl.internet.com/ct.html?rtr=on&s=1,1xc0,1,7drk,fcx2,85jl,7pty

MALWARE
Title: Destructive power of mobile viruses could rise fast
Source: InfoWorld
Date Written: 2005-09-28
Date Collected: 2005-09-29
Mobile phones are running more software, connecting to the Internet full-time, and downloading more quickly, and computers are becoming less vulnerable. Therefore, cell phones are becoming more attractive to hackers. Mobile devices also have the potential to infect to the myriad of products that now run computer chips (like cars), which increases the destructive potential of viruses aimed at them. So far hackers have only created programs to test security in the mobile arena, but the current number of known malware increased from 10 in 2004 to 87 in 2005 and will likely grow in the future.
http://www.infoworld.com/article/05/09/28/HNmobileviruses_1.html

TECHNOLOGY
Title: Security-related innovation in Unix
Source: Security Focus
Date Written: 2005-09-28
Date Collected: 2005-09-29
A new heap implementation in the OpenBSD operating system is part an upcoming release that will increase security of the heap, the part of the operating system that manages memory used by software applications. Innovations are that the new heap will be included and (mostly) enabled by default in OpenBSD instead of relying on users to activate security options ; it will help pinpoint heap-related bugs by causing the system to crash quickly; and guard pages will help to hinder many "heap-data" exploit vectors. The author applauds this implementation because the default settings of the OS include the security aspects.
http://www.securityfocus.com/columnists/359

TECHNOLOGY
Title: Phone Makers Work on Security Chips
Source: NewsFactor Network
Date Written: 2005-09-28
Date Collected: 2005-09-29
The Trusted Computing Group (TCG), the non-profit organization that defines security standards for the high tech industry, is working with manufacturers such as France Telecom, Vodafone, IBM, Philips, Nokia and Motorola on specifications for a mobile phone security chip that could be implemented by the end of 2006. Phone manufacturers, carriers, and semiconductor makers support more secure handsets, but consumer advocacy group the Electronic Frontier Foundation worries that functionality of the phones will be restricted. The chips enable authentication, digital rights management, Sim-lock (locking phones to only accept SIM cards of a certain type), software download and use control, and user data and privacy protection. The technology will also allow manufacturers to restrict such actions as changing network providers and acquiring third-party software and add $15-$25 to the cost of a phone.
http://www.newsfactor.com/story.xhtml?story_id=38379

VULNERABILITIES & EXPLOITS
Title: Microsoft probes report of IE flaw
Source: CNet
Date Written: 2005-09-28
Date Collected: 2005-09-29
A new flaw in the way Microsoft implemented a JavaScript component in Internet Explorer could be exploited to launch spoof-based attacks. Fully-patched computers running Windows XP with Service Pack 2 and Internet Explorer 6.0 are vulnerable to this issue. Security-monitoring company Secunia rates the problem as "moderately critical" but says the risk can be avoided by setting the security level in IE to "high." Microsoft, which is not happy that Secunia went public with the discovery, is looking into the report and says it is not aware of any attacks using the flaw.
http://news.com.com/Microsoft+probes+report+of+IE+flaw/2100-1002_3-5841381.html?tag=cd.lede

GCC 4.0 Release Series
http://newsvac.newsforge.com/article.pl?sid=05/09/30/0138235&from=rss
The GNU project and the GCC developers are pleased to announce the release of GCC 4.0.2

"Kernel 2.6.14-rc2-mm2"
Nuova importate release per il kernel 2.6, fixa numerose caratteristiche del kernel precedente, aggiungendo anche qualche novità! L'articolo ne elenca le principali nel dettaglio...
http://www.ziobudda.net/Admin/redir_news.php?id=24294

"Rilasciato Mozilla Thunderbird 1.0.7"
Rilasciata una nuova versione del celebre client di posta di casa Mozilla. Il link rimanda alle note di rilascio.
http://www.ziobudda.net/Admin/redir_news.php?id=24292

"Lotta al TCPA: No1984.org, qui si lavora sodo..."
I primi frutti dell'intenso lavoro svolto dalla comunità nascente di no1984.org, gruppo che si batte per una più diffusa riguardo il TCPA e i rischi che questo comporta.
http://www.ziobudda.net/Admin/redir_news.php?id=24288

"Sun contro OpenOffice.org"
Ecco come Sun sta intralciando l'uscita di OpenOffice.org 2
http://www.ziobudda.net/Admin/redir_news.php?id=24308

"Nasce Spaghettilinux.org: la libertà è collaborazione"
Nasce ufficialmente Spaghettilinux, una comunità italiana formata a partire da diversi progetti, che cerca, senza troppe pretese, di unire sotto un unico punto di discussione e di incontro tanti piccoli progetti differenti per scopi e struttura, ma uniti da uno stesso fine: GNU/Linux.
http://www.ziobudda.net/Admin/redir_news.php?id=24305

Managed E-Mail Security Services: Is it the right solution for your network?
Author: Deb Shinder
Summary: Email communications are essential to getting the job done in today’s business world, but many companies are overwhelmed by spam, the security risks of e-mail borne viruses and worms and liability implications of e-mail containing pornography or other undesirable content. It’s getting harder and harder for network administrators to keep it all under control.
Link: http://www.WindowSecurity.com/articles/Managed-E-Mail-Security-Services-right-solution-network.html

Using Tracert
Author: Robert J. Shimonski
Summary: Tracert (also known as traceroute) is a Windows based tool that allows you to help test your network infrastructure. In this article we will look at how to use tracert while trying to troubleshoot real world problems. This will help to reinforce the tool's usefulness and show you ways in which to use it when working on your own networks.
Link: http://www.WindowsNetworking.com/articles_tutorials/Using-Tracert.html

DEBIAN FIREWALLS
"This is a step by step guide for setting up a custom Debian firewall for your home or office network..."
http://nl.internet.com/ct.html?rtr=on&s=1,1xfy,1,ibbi,eq34,85jl,7pty

KERNELTRAP: GIT KERNEL HACKER'S GUIDE
"The git directory content manager used to manage the Linux kernel source tree continues to develop at a rapid pace..."
http://nl.internet.com/ct.html?rtr=on&s=1,1xfy,1,f7bt,hmt2,85jl,7pty

THC-Hydra: THC 10th anniversary special release THC-Hydra - the best parallized login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Visit the project web site to download Win32, Palm and ARM binaries. Changes: new modules: SIP/VOIP, PCAnywhere, SVN, speed improvements, bugfixes. More at http://www.thc.org/releases.php

Amap: THC 10th anniversary special release Amap is a next-generation scanning tool, which identifies applications and services even if they are not listening on the default port by creating a bogus-communication and analyzing the responses. Changes: many more fingerprints, fix for SSL. Voted into the top-50 security tool list! More at http://www.thc.org/releases.php

CYBERCRIME-HACKING
Title: Sony cracks down on PSP hacks
Source: C-Net News
Date Written: 2005-09-29
Date Collected: 2005-09-30
A recently-disclosed buffer overflow flaw in Sony's PlayStation Portable (PSP) firmware is being exploited by hackers, who downgrade the system software and run their own so-called homebrew code, allowing them to read PDFs and run FTP clients. PSP was released in March 2005 and an upgrade released in August 2005. Sony is not pursuing hackers and plans to fix the problem in the next system update.
http://news.com.com/Sony+cracks+down+on+PSP+hacks/2100-1002_3-5885945.html

Can Sun, or anyone, make DRM better with open source?
http://trends.newsforge.com/article.pl?sid=05/09/27/1451215&from=rss
Sun Microsystems must have figured digital rights management (DRM) never sounded so good when it recently announced a call for partners in its quest to use open source DRM to "compensate rights holders and stimulate innovation," but Sun's open DReaM (DRM everywhere available) Project is as scary as any other content control nightmare to open source and digital freedom proponents.

Linux Advisory Watch: September 30, 2005 http://os.newsforge.com/article.pl?sid=05/09/30/0222255&from=rss
This week, advisories were released for python, XFree86, kdeedu, courier, zsync, gtkdiskfree, util-linux, mantis, Webmin, Qt, PHP, firefox, mozilla, cups, HelixPlayer, RealPlayer, wget, ghostscript, slocate, net-snmp, openssh, and binutils. The distributors include Debian, Gentoo, and Red Hat.

Windows XP to get another upgrade
http://newsvac.newsforge.com/article.pl?sid=05/09/30/1646221&from=rss
Service Pack 3 will arrive after Vista is released, according to Microsoft France.

Trojan rides in on unpatched Office flaw http://newsvac.newsforge.com/article.pl?sid=05/10/01/1220215&from=rss
A dangerous Trojan horse exploits a hole in Microsoft's Office software that has remained unfixed for five months. The malicious code takes advantage of a flaw in Microsoft's Jet Database Engine, a lightweight database used in the company's Office productivity software. The security hole was reported to Microsoft in April, but the company has yet to provide a fix for the problem.

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Inside) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT) (Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)