GnomixLand :: Manuali, immagini, fotografie e tanto altro a portata di un click

"Rilasciato OpenOffice 2.0.0 in Italiano"
Finalmente anche in italiano.
http://www.ziobudda.net/Admin/redir_news.php?id=24787

"kernel linux 2.6.14 stabile"
E’ stato rilasciato il kernel linux 2.6.14 stabile. Se vi interessa sapere quali sono le novità, oltre alla possibilità di aggiungere il supporto per i driver per le schede wireless Broadcom, potete scaricare il changelog (2,1 MegaByte!!!). Se avete la versione precedente del kernel, vi conviene scaricare solo la patch.
http://www.ziobudda.net/Admin/redir_news.php?id=24786

"Red Hat spinge per avere Xen nel Kernel Linux"
Red Hat Inc. sta spingendo pesantemente l'adozione della tecnologia di virtualizzazione Xen direttamente nel Kernel Linux il più velocemente possibile, come mossa per contrastare Microsoft e Windows Server 2003.
http://www.ziobudda.net/Admin/redir_news.php?id=24801
Also - http://newsvac.newsforge.com/article.pl?sid=05/10/31/2320255&from=rss

"Windows e Linux in un'unica rete locale"
Una start-up statunitense ha realizzato una applicazione che permette di amministrare macchine GNU/Linux in un network Windows.
http://www.ziobudda.net/Admin/redir_news.php?id=24800

"Nasce un nuovo portale italiano della OpenDocumentFellowship"
Finalmente è ora disponibile un nuovo portale italiano dell'organizzazione che si occupa di supportare OpenDocument. OpenDocument e' il nuovo formato digitale per documenti da ufficio, creato da un consorzio d'industrie come IBM, Sun e Boeing, in grado di sostituire i formati, finora dominanti, di Microsoft Word, Excel e PowerPoint.
http://www.ziobudda.net/Admin/redir_news.php?id=24792

GATES ANNUNCIA WINDOWS LIVE
Il chairman parla di una svolta per Microsoft: contrastare Google significa portare online i propri software piu' gettonati, con servizi dedicati. I dettagli
URL: http://punto-informatico.it/pi.asp?i=55939

SONY INFILA MALWARE NEI PC?
Questa l'accusa di un celebre informatico che conduce un'estesa analisi di alcune tecnologie DRM utilizzate dal gigante giapponese. Con scoperte che sconcertano
URL: http://punto-informatico.it/pi.asp?i=55924

IN OFFICE 12 IL GERME DELL'ANTI-PDF
Sara' la prima suite per l'ufficio a supportare il formato PDF di Adobe e, per ironia della sorte, anche la prima a portare in scena un giovane formato rivale realizzato da Microsoft: XPS
URL: http://punto-informatico.it/pi.asp?i=55935

MS.NET AL SUO PRIMO GIRO DI BOA
Negli scorsi giorni Microsoft ha rilasciato il nuovo cuore tecnologico della sua piattaforma di sviluppo, MS.NET Framework 2.0, e le released to manufacturing di Visual Studio 2005 ed SQL Server 2005
URL: http://punto-informatico.it/pi.asp?i=55938

PHP STUCCA ALCUNI BUCHI
Gli autori del famoso linguaggio di scripting open source hanno rilasciato una nuova versione di PHP 4 che corregge alcune vulnerabilita'. Problemi anche per la versione 5
URL: http://punto-informatico.it/pi.asp?i=55919
Also - http://www.securityfocus.com/brief/30?ref=rss
Also - http://newsvac.newsforge.com/article.pl?sid=05/11/01/219253&from=rss

SUL VOIP L'OMBRA DEL MALWARE
Dopo la scoperta di malware che affliggono le versioni non aggiornate di Skype, ecco uno studio che mette in guardia gli utenti sui problemi di sicurezza dei sistemi VoIP
URL: http://punto-informatico.it/pi.asp?i=55927

Slipstreaming Windows Service Packs
Author: Brien M. Posey
Summary: Have you ever had to reinstall Windows in an effort to fix a malfunctioning machine? Performing a clean install of Windows is no big deal, but reinstalling a non service packed version of Windows on top of a copy of Windows that does contain a service pack can cause some major problems. One solution to this dilemma is to create a Windows installation CD that already contains the service pack. That way, when you install Windows, you are installing the correct version. In this article, I will show you how to create such a CD.
Link: http://www.WindowsNetworking.com/articles_tutorials/Slipstreaming-Windows-Service-Packs.html

Shells for Sale! (Part 2)
Author: Don Parker
Summary: With the groundwork having been laid out in part one of this article series, we now move on to the actual execution of the hack. This though is a hack with a slightly higher degree of skill involved. Read on to find out more.
Link: http://www.WindowSecurity.com/articles/Shells-Sale-Part2.html

NETWORK MONITORING WITH CACTI
"GNU/Linux is without doubt a brilliant server OS, but monitoring your Linux server can be a challenge..."
http://nl.internet.com/ct.html?rtr=on&s=1,1zx1,1,k5f7,l778,85jl,7pty

ANALYZING WEB STATISTICS WITH WEBALIZER
"Nearly everyone who runs a web site wants to know 'How am I doing?' How many hits am I getting? Which of my pages are the most popular...?"
http://nl.internet.com/ct.html?rtr=on&s=1,1zx1,1,kbjo,kqcq,85jl,7pty

Tiger's Improved Firewall (and How to Use It) Among Tiger's many enhancements, Apple introduced a whole new firewall called ipfw2. It works just the like the old firewall, but has new features that allow greater flexibility and more control. In this article, Peter Hickman shows you some of the new features and how you can use them to more easily manage your firewall.
http://www.macdevcenter.com/pub/a/mac/2005/11/01/firewall.html

Beware of Network Sniffers
Network sniffing is harder than most people think, but that doesn't mean it's not a threat. Mitch Tulloch, author of Windows Server Hacks, tells you the truth about sniffing dangers, and shows you how to protect your network.
http://www.windowsdevcenter.com/pub/a/windows/2005/11/01/beware-of-network-sniffers.html

Modern Memory Management
Modern memory management isn't as simple as knowing that you have 150MB of programs to run and 256MB of memory to do it in. Modern Unix-like operating systems have their own characteristics for allocating and using memory. Howard Feldman explains how this works and shows how to analyze and reduce the memory consumption of your programs, no matter what language you use.
http://www.onlamp.com/pub/a/onlamp/2005/10/27/memory-management.html

CISSP Security-Management Practices
This chapter provides an overview of security management with an eye towards passing the CISSP exam, including sample questions with detailed answers to help you prepare.
http://www.informit.com/articles/article.asp?p=418007

Installing Exchange Server 2003: The Basics and Beyond Microsoft has simplified the process for installing the Exchange Server product, and Exchange Server 2003 is the easiest-to-install Exchange version to date. However, it's important to understand the steps leading to a successful installation so that any appropriate planning or preparation is done prior to the live installation. Plus, because Exchange Server 2003 includes many new functions that extend beyond basic e-mail messaging and calendaring, getting the first Exchange 2003 server installed properly sets the foundation for a successful enterprise rollout of the Exchange messaging system. This sample book chapter will help you get your head screwed-on straight.
http://www.informit.com/articles/article.asp?p=418014

MALWARE
Title: AIM worm plays nasty new trick
Source: CNet
Date Written: 2005-10-28
Date Collected: 2005-10-31
An as yet unnamed worm that spreads through America Online's Instant Messenger includes a rootkit, which is designed to remain undetected by security software that locks down control of a computer after a security breach. The worm also delivers a Sdbot Trojan. FaceTime Communications discovered the worm through one of its worm traps on AOL. IM users are advised to be careful when clicking on links messages.
http://news.com.com/AIM+worm+plays+nasty+new+trick/2100-7349_3-5920403.html?part=rss&tag=5920403&subj=news

TECHNOLOGY
Title: IBM boffins produce kernel solution to worms and viruses
Source: Techworld
Date Written: 2005-10-28
Date Collected: 2005-10-31
Researchers at IBM say they have developed a way to stop worms and viruses without using anti-virus software: the Assured Execution Environment (AXE). AXE software is put into the kernel of an operating system (it works with both Windows and Mac OS) and then checks every piece of software run on the machine to be sure only authorized code is executed. A variety of techniques can be used, including encryption, to ensure that software will not be run without permission. AXE could also be used restrict programs to running on certain machines, or even make data unreadable. Essentially, AXE creates a “whitelist” of authorized programs, an approach that will spread, according to Yankee analyst Andrew Jaquith, because “the traditional anti-virus technique of blocking known malware is simply becoming too unwieldy.” The downside of whitelists is that they can create management headaches for administrators if they are involved every time software is updated. IBM will give AXE to an ear ly pilot customer early in 2006.
http://www.techworld.com/security/news/index.cfm?NewsID=4675&Page=1&pagePos=4

MALWARE
Title: October breaks malware production records
Source: The Register
Date Written: 2005-11-01
Date Collected: 2005-11-01
Sophos reports that October 2005 saw 1,685 new viruses, one of the largest increases in malware since the company began keeping statistics in 1988. Most malware authors are developing variants of known threats rather than developing entirely new viruses. Malicious coders are focusing on botware and trojan backdoors. Two thirds of new viruses in October were MyTob variants. However, Netsky-P still holds the number one spot on the top ten chart.
http://www.theregister.co.uk/2005/11/01/october_virus_chart/

TECHNOLOGY
Title: Removing Sony's CD 'rootkit' kills Windows
Source: The Register
Date Written: 2005-11-01
Date Collected: 2005-11-01
According to Mark Russinovich of Sysinternals, the copy protection developed by Sony Music for its CDs is a sort of rootkit: using conventional tools to remove it from a Windows machine will disable the computer's ability to play CDs. It forces users to play CDs through Sony's media player and restricts the number of copies that can be made. Using expert tools to remove the copy protection features will destroy the computer, requiring users to reformat and reinstall. The files installed for copy protection are also hidden from the user. Russinovich argues that these attributes -- unauthorized installation, user evasion, and interception and replacement of system routines with its own routines -- make the Sony copy protection software a rootkit.
http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/

TECHNOLOGY
Title: Phoenix tags PCs using BIOS
Source: Techworld
Date Written: 2005-11-01
Date Collected: 2005-11-01
Phoenix Technologies has announced TrustConnector 2, a system to tag PCs with a unique encryption key, either in a trusted platform module (TPM) or in an area of memory firewalled by the Phoenix BIOS. This will allow network gateways to authenticate not only usernames and passwords, but devices themselves. The technology works with most x86-based devices, including palmtops and smartphones, and can be used with any system using X.509 certificates. The systems also eliminates the chance of spoofing a device by stealing its MAC or IP address. Phoenix has not yet announced pricing for TrustConnector.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4702

Hardware emulation with QEMU
http://software.newsforge.com/article.pl?sid=05/10/24/1846242&from=rss
QEMU is an open source cross-platform emulator for Linux hosts. It allows you to emulate a number of hardware architectures (x86, x86-64, and PowerPC are currently known to work, with others, including SPARC and MIPS, in development). QEMU thereby lets you run another operating system on top of your existing OS. Going through the process of installing and configuring QEMU not only gave me a worthwhile new software tool, but also helped me learn a few things about Linux.

Blue Gene Tools and Residency
http://newsvac.newsforge.com/article.pl?sid=05/10/31/2340234&from=rss
Anonymous Reader writes "Find a wealth of Blue Gene resources an updated Post-Link Optimization for Linux on POWER, new and updated documentation on Power Architecture boxen, the latest Redbook Residency opportunities -- and much more."

My sysadmin toolbox
http://software.newsforge.com/article.pl?sid=05/10/26/216203&from=rss
Every administrator has a set of software tools that he just can't live without. These are the utilities that you install as soon as you log into a new machine, to help make day-to-day tasks a little easier. Here are my top 10 tools.

High-Performance Linux Clustering
http://newsvac.newsforge.com/article.pl?sid=05/11/01/2057214&from=rss
Anonymous Reader writes "High Performance Computing (HPC) has become easier, and two reasons are the adoption of open source software concepts and the refinement of clustering technology. This second of two articles discusses parallel programming using MPI, gives an overview of cluster management and benchmarking, and Linux clustering using OSCAR. Part 1 of this series, Clustering fundamentals, discusses the types and uses of clusters."

"M$ boicotta OpenGL"
M$ intende usare Direct3D come layer per OpenGL su Win (S)Vista, con ovvio degrado della performance. Ciò può essere un problema anche per Linux, perché se OpenGL (API multipiattaforma) viene boicottato vuol dire meno sviluppo a detrimento di tutti gli OS. Si può contattare i propri vendor (Nvidia, ATI,...) per fare pressioni su M$.
http://www.ziobudda.net/Admin/redir_news.php?id=24820

"Installare Slackware su Reiser4.."
. non è mai stato così semplice.
http://www.ziobudda.net/Admin/redir_news.php?id=24817

"Wine 0.9, analisi di un emulatore"
C'è grande fermento dopo il rilascio della prima beta di Wine ( versione 0.9 ), emulatore delle api di Win*ows a partire però da “100% non-Microsoft code”. 12 anni di duro lavoro cominciano a dare risultato. L'analisi riguardo il passato e i possibili sviluppi di questo applicativo.
http://www.ziobudda.net/Admin/redir_news.php?id=24811

STANDARD LINUX BENEDETTO DALL'ISO
La specifica Linux Standard Base e' entrata ufficialmente a far parte degli standard dell'ISO/IEC, una prestigiosa investitura su cui Free Standards Group conta di far leva per estenderne la diffusione e la portata
URL: http://punto-informatico.it/pi.asp?i=55962

CASO LINUX, SCO MOSTRERA' IL CODICE DEL REATO Entro la fine dell'anno SCO si e' impegnata a presentare al tribunale l'elenco completo delle tecnologie e delle righe di codice che IBM avrebbe copiato da UNIX e indebitamente utilizzato per migliorare il Pinguino
URL: http://punto-informatico.it/pi.asp?i=55964

UN WORM MIRA AI DATABASE DI ORACLE
In una nota mailing-list di sicurezza e' apparso il codice di un worm che prende di mira i database di Oracle tentando di bypassare il sistema di autenticazione. Il vermicello e' quasi innocuo, ma gli esperti temono eventuali varianti
URL: http://punto-informatico.it/pi.asp?i=55953
Also - http://www.eweek.com/article2/0,1759,1880648,00.asp?kc=EWRSS03119TX1K0000594

IL DRM DI SONY BMG E' ANCHE UN RISCHIO VIRUS?
Ad affermarlo sono gli esperti di F-Secure, secondo cui il rootkit installato dai CD distribuiti dal gigante nipponico va ben oltre quanto temuto in origine. La denuncia: quel DRM e' sul mercato ormai da mesi
URL: http://punto-informatico.it/pi.asp?i=55950

IL MAIL BOMBING E' UN ATTACCO DOS?
Questa la singolare tesi dell'accusa piovuta su un giovane britannico che si e' dilettato ad intasare i server di posta di un'azienda per la quale lavorava. E che ora rischia una condanna esemplare
URL: http://punto-informatico.it/pi.asp?i=55972

Balancing surveillance
With camera and network surveillance now commonplace, and database abuse continuing to appear, how do we balance the positive side of security along with its potential for abuse?
http://www.securityfocus.com/columnists/366

CLI MAGIC: GNU FIND
"Don't you just hate it when you can't find a file you need, but you know it's on your computer? Wouldn't you like an easy way to track down files anywhere on your computer...?"
http://nl.internet.com/ct.html?rtr=on&s=1,205c,1,4lgm,7vkt,85jl,7pty

UBUNTU'S LINUX WIRELESS UTILITY EASIER THAN WINDOWS "If you try to find a Linux compatible wireless card, you might find that a challenge..."
http://nl.internet.com/ct.html?rtr=on&s=1,205c,1,31h0,ckfl,85jl,7pty

VIRTUAL HOSTING WITH PUREFTPD AND MYSQL
"This document describes how to install a PureFTPd server that uses virtual users from a MySQL database instead of real system users..."
http://nl.internet.com/ct.html?rtr=on&s=1,205c,1,h9ie,b66f,85jl,7pty

MOGLEN TO FOCUS ON THE MEANING OF FREE SOFTWARE "...[Moglen] also wants to discuss what free and open-source software means to business users and why user rights are so important to them..."
http://nl.internet.com/ct.html?rtr=on&s=1,205c,1,cxy3,1umo,85jl,7pty

Stack Overflow Basics
Some articles on Writing Stack Based Overflows for Windows has been released by securitycompass. The articles released this week introduce basic concepts of of memory management, and assembly. Next week the next two articles will be released which cover writling local exploits, writing shellcode & writing remote exploits. The articles can be accessed from the link below.
http://www.securitycompass.com/Case%20Studies.htm

Caching Result Sets in PHP: Porting the Code to PHP 5 Update the classes that compose the caching system for a PHP 5 implementation.
http://www.devshed.com/c/a/PHP/Caching-Result-Sets-in-PHP-Porting-the-Code-to-PHP-5/

Fundamentals (of Linux Networking)
Read about the various types of networks, methods for connecting networks, today's most popular network protocols, and more.
http://www.devshed.com/c/a/Administration/Fundamentals-of-Linux-Networking/

Programming in C
Learn the fundamentals of C programming.
http://www.devarticles.com/c/a/Cplusplus/Programming-in-C/

MALWARE
Title: Hackers use bird flu emails to hijack computers
Source: C-Net (Reuters)
Date Written: 2005-11-01
Date Collected: 2005-11-02
Panda Software, a Spanish firm, warned that fears related to a potential bird flu pandemic are being exploited by hackers. The hackers released an email with an attachment purporting to contain bird flu information. The attachment really is a word document that contains the virus Naiva.A that will modify, create and delete files, and allow remote control of infected computers.
http://www.ciol.com/content/news/2005/105110108.asp

TECHNOLOGY
Title: Microsoft Warns of Fake Service Pack
Source: NewsFactor Network
Date Written: 2005-11-01
Date Collected: 2005-11-02
Microsoft confirmed reports that a third service pack for XP, SP3, will be available after the release of Windows Vista in 2006. The company is warning that “unauthorized versions” of SP3 have appeared on the internet. Ethan Alien, creator and administrator of The Hotfix, a popular website that provides software patches, agrees that the version of XP SP3 he provides is “not necessarily the official version”, but that it is a “reasonable preview of what will appear when the official service pack is released”. Mike Brannigan, a senior consultant at Microsoft, responds that “anyone who installs this thinking they are getting SP3 (even as a preview) is being grossly misled and is posing a significant potentially non-recoverable risk to their PC and data”.
http://www.newsfactor.com/story.xhtml?story_id=39029

VULNERABILITIES & EXPLOITS
Title: Vulnerable security algorithms raise concerns
Source: NetworkWorld
Date Written: 2005-11-01
Date Collected: 2005-11-02
The National Institute of Standards and Technology (NIST)’s Cryptographic Hash Workshop on October 31, 2005 discussed the future of popular security algorithms, Secure Hash Algorithm-1 (SHA-1) and Message Digest 5, (MD5). Experts agreed that the functions’ future demise is “fated, but with no clear alternatives in sight products that rely on them may have to remain 'good enough' for some time”. Recommendations from the panel include not including SHA-1 in “any new projects, but that continued use of existing products may be unavoidable”.
http://www.networkworld.com/news/2005/110105-nist-crypto.html?fsrc=netflash-rss

Trying out the new OpenBSD 3.8
http://os.newsforge.com/article.pl?sid=05/11/01/1710223&from=rss
Yesterday OpenBSD, the proactively secure Unix-like operating system, released version 3.8, featuring several improvements to networking, RAID management tools, and increased security. At openbsd.org you can download installation files or order the official three-disc CD set, which supports 16 processor architectures out of the box. I took this new release as an opportunity to perform my first ever OpenBSD install.

TrueCrypt Goes Linux
http://newsvac.newsforge.com/article.pl?sid=05/11/02/2237240&from=rss
Anonymous Reader writes "Finally, after months of waiting, TrueCrypt, the famous open-source disk encryption software for Windows XP/2000, (recently featured in The Washington Post and picked as one of 101 Top Websites by PC Magazine) has been ported to Linux. This allows users to access their TrueCrypt-encrypted volumes under Linux and bridges the gap between these two platforms. In case you still have not heard of TrueCrypt, it can create a virtual encrypted disk within a file and mount it as a real disk. It can also encrypt an entire hard disk partition or storage device such as USB memory stick. One of the main advantages of the software is that it provides plausible deniability (in case you are forced to reveal the passphrase by an adversary)."

Nexenta OS: Debian based GNU/Solaris
http://newsvac.newsforge.com/article.pl?sid=05/11/02/229217&from=rss
This is to announce Nexenta: the first-ever distribution that combines GNU and OpenSolaris. As you might know, Sun Microsystems just opened Solaris kernel under CDDL license, which allows one to build custom Operating Systems. Which we did... created a new Debian based GNU/Solaris distribution with (the latest bits of) Solaris kernel & core userland inside.

"LINUXDAY: il logo è brutto, boicottiamolo!"
Tante parole ma come sempre alle parole seguono fatti piuttosto discutibili, adeguarsi e obbedire sempre non è poi così produttivo. Boicottiamo il logo!
http://www.ziobudda.net/Admin/redir_news.php?id=24825

"Un'introduzione tecnica a MiniGui"
Si tratta di un software (su licenza GPL), che consente di creare interfacce grafiche per applicazioni portatili, quali telefoni cellulari o PDA...
http://www.ziobudda.net/Admin/redir_news.php?id=24839

"Firmate la petizione per salvare OpenGL!"
Microsoft implementerà DirectD3D in Windows Vista come un layer per OpenGL con un ovvio degrado delle perfomances per quei software che useranno OpenGL. Firmate la petizione per impedirglielo, è importante per il futuro di Linux, 100.000 firme sono necessarie per l'invio della petizione ai maggiori produttori di schede grafiche.
http://www.ziobudda.net/Admin/redir_news.php?id=24831

"Nokia e l'opensource"
Nokia è sempre stata attiva con il popolo dell'opensource. Ora ancora di piu' con il lancio di OpenSource.nokia.com.
http://www.ziobudda.net/Admin/redir_news.php?id=24828

** SONY INSTALLA ROOTKIT SPACCIANDOLI PER DRM ** Individuato un malware in alcuni Cd musicali in grado di infettare Windows.
>> di Matteo Campofiorito
http://www.zeusnews.it/news.php?cod=4414

Understanding the DNS Protocol (Part 2)
Author: Don Parker
Summary: In part one of the DNS article series we covered what DNS is at a high level. What we shall now do is explore the core of DNS, which are resource records. There are many types of them, and we shall look at some of the ones you will most likely encounter.
Link: http://www.WindowsNetworking.com/articles_tutorials/Understanding-DNS-Protocol-Part2.html

Backing up and Restoring GPOs using the GPMC
Author: Derek Melber
Summary: Without the Group Policy Management Console (GPMC) administration of Group Policy takes patience, imagination, and thorough understanding of the property sheets within the Active Directory Users and Computers. The GPMC solves these problems by providing a very intuitive interface for managing all aspects of Group Policy. This article will discuss the finer points of how the backup and restore options work within the GPMC.
Link: http://www.WindowSecurity.com/articles/Backing-up-Restoring-GPOs-using-GPMC.html

Automatic graylisting of unwanted software In the race to secure endpoint systems, a new approach known as automatic graylisting can give administrators control over unwanted software installed on end user systems.
http://www.securityfocus.com/columnists/367

On Instant Messaging Worms, Analysis and Countermeasures We provide a collection of minor results on the area of Instant Messaging (IM) worms, which has received relatively little attention in the formal literature. We review selected IM worms and summarize their main characteristics, motivating a brief overview of the network formed by IM contact lists, and a discussion of theoretical consequences of worms in such networks. Existing methods to restrict an IM worm epidemic are analyzed in terms of usability and effectiveness, leading to the suggestion of two minor variations to limit IM worm propagation. We believe these variations are more user-friendly and effective than existing published methods. We also provide brief results of a three and a half year user study of IM text messaging and file transfer frequency in a moderate-size public IM network – the largest such study to date – which is of independent interest, but also supports in part the preceding claim regarding user-friendliness.
http://www.astalavista.com/index.php?section=directory&linkid=5445

Libwhisker 2.3
Libwhisker is a perl library (used by Whisker) which allows for the creation of custom HTTP scanners.
http://www.astalavista.com/index.php?section=directory&linkid=5448

Detection of Covert Channel Encoding in Network Packet Delays Covert channels are mechanisms for communicating information in ways that are dicult to detect. Data ex ltration can be an indication that a computer has been compromised by an attacker even when other intrusion detection schemes have failed to detect a successful attack. Covert timing channels use packet inter-arrival times, not header or payload embedded information, to encode covert messages. This paper investigates the channel capacity of Internet-based timing channels and proposes a methodology for detecting covert timing channels based on how close a source comes to achieving that channel capacity. A statistical approach is then used for the special case of binary codes.
http://www.astalavista.com/index.php?section=directory&linkid=5461

Bypassing the Firewall Client using Locallat.txt File As we all know, ISA Server 2004 is a firewall and its function is to block all unnecessary traffic. But sometimes it is also necessary to bypass the traffic without going through the ISA Server. The following section will explain the options available on ISA Server 2004 and on the client side to achieve this.
http://www.isaserver.org/tutorials/Bypassing-Firewall-Client-using-Locallatext-Files.html

Sip Send Fun v0.2
A tool to exploit the various weakness in VoIP-Phones. Written in php.
http://www.security-scans.de/index.php?where=ssf

DNS modifying malcode
Websense® Security Labs™ has received reports of a new attack that targets users of PayPal. The attack begins with a spoofed email phishing message that provides a link to download the executable "PayPal security tool" file. The executable, named 'PayPal-2.5.200-MSWin32-x86-2005.exe', is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests for 'paypal.com' will be transparently redirected to a phishing website. This same DNS server could also be used to redirect requests for additional websites, but it currently appears to only redirect 'paypal.com'.
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=329

Advanced Linux LDAP authentication
In an earlier look at LDAP, we set up a simple LDAP-based authentication system. We configured client machines to retrieve authentication information from a server running OpenLDAP. Now let's go further by enabling encryption and looking at how to make user modifications through LDAP.
http://enterprise.linux.com/enterprise/05/10/18/1732231.shtml

Astalavista Security Newsletter - Issue 22 Featured articles include : "Things to consider when developing your early-stage security policy" and "Antivirus software - so what?!", as well as an interview with Daniel Brandt, the person behind the Google-Watch.org site. Enjoy Issue 22, and keep your feedback coming!
http://www.astalavista.com/media/archive1/newsletter/issue_22_2005.pdf

THE DAEMON, THE GNU AND THE PENGUIN--CH. 20 "From the early 1980s on, the big gripe about Unix was that it had split and resplit, that there were just too many variants..."
http://nl.internet.com/ct.html?rtr=on&s=1,208b,1,fp7c,5jjd,85jl,7pty

MOGLEN DOWNPLAYS RISKS, PLAYS UP GPL 3.0 One speech, two takes. FSF General Counsel Eben Moglen's speech yesterday described the decreasing risks of using open source software, and outlined how the GPL 3.0 process works. Articles within.
http://nl.internet.com/ct.html?rtr=on&s=1,208b,1,ao2v,8mj6,85jl,7pty

MALWARE
Title: New bot may threaten Cisco routers
Source: SearchSecurity
Date Written: 2005-11-02
Date Collected: 2005-11-03
Symantec and the SANS Internet Storm Center are reporting a new botware, W32.Spybot.ZIF, which exploits Cisco routers. Once the botware infects a server, it opens a backdoor to an IRC server on scv.unixirc.de through TCP port 6667. The bot can then scan for vulnerable Telnet and HTTP servers connected to Cisco routers, start and stop process threads, retrieve clipboard data, steal passwords, and deny service. Only a few instances of the botware have been found in the wild, but Symantec gives W32.Spybot.ZIF a 'medium' threat rating for its damage potential.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1140183,00.html

TECHNOLOGY
Title: IBM produces encryption tool for in-transit data
Source: Techworld
Date Written: 2005-11-03
Date Collected: 2005-11-03
IBM has introduced the Encryption Services Feature for Tape Transfer to protect ZSeries mainframe tapes being physically transferred to remote sites. The new technology uses the cryptographic capabilities of the z/OS operating system and zSeries hardware to encrypt data stored on external tapes and disk arrays. Tapes can be decoded using public-key infrastructure or by a Java-based program that allows for decoding of data coming from a mainframe and encrypting it on the way back. By the end of 2005, IBM plans to release another version of the software that includes a compression technology for archival storage. IBM’s product follows the direct-to-tape encryption tool offered jointly by Luminex and Decru in August 2005.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4719

TECHNOLOGY
Title: Sony backs down over rootkit
Source: Sydney Morning Herald
Date Written: 2005-11-03
Date Collected: 2005-11-03
Sony has announced that it will distribute a free software patch to reveal hidden files installed on personal computers by copy protection features on Sony Music CDs. Sony says the patch is a precaution, and that the installed files do not create any sort of security vulnerability. Mark Russinovich discovered the hidden software after using a Sony CD and running a routine scan for hidden rootkits; attempts to remove the files disabled his computers CD player. The Sony license agreement only notes that the CD will install anti-piracy software, but does not describe what it does. The copy protection could also allow malware authors to hide their viruses, since the software cloaks any files with a certain prefix.
http://www.smh.com.au/news/breaking/sony-backs-down-over-rootkit/2005/11/03/1130823323159.html

TECHNOLOGY
Title: Mobile phone app kills man-in-middle bank scams
Source: Techworld
Date Written: 2005-11-03
Date Collected: 2005-11-03
Mobile and online self-service software provider Meridea has announced a product for mobile phone security called “Intelligent authentication.” A one-time download, the 50K Java application will validate a financial transaction code as genuine, give the user a summary, and generate a validation code for entry into the financial services system once a customer has entered his or her PIN. The product should eliminate man-in-the-middle phishing because “only genuine sites can present the challenge codes in a legitimate way.” Used with token authentication, hackers would not be able to remove money from an account without the phone itself. Potential problems with the product include that only a fifth of mobile phones in Europe support Java, and it assumes that online banking customers will use mobile phones for transactions. The new technology is less expensive that hardware-based tokens, however; tokens cost €10 each, but Intelligent authentication is expected to cost from 3 to
4 euros per customer. The first sales are expected to be in Germany, and possibly the Far East.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4716

VULNERABILITIES & EXPLOITS
Title: Cisco squashes 'critical' Net attack bug
Source: ZDNet Australia
Date Written: 2005-11-03
Date Collected: 2005-11-03
Cisco has released a patch for a heap-overflow vulnerability in its Internetwork Operating System (IOS). A malicious hacker could use such a flaw to take control of Cisco routers and switches, common components on most networks. A similar vulnerability was demonstrated by researcher Michael Lynn at the Black Hat conference in July 2005, in violation of an agreement with Cisco. Cisco kept details of the flaw from the public to avoid widespread exploits before a working patch was ready. The SANS Institute’s Johannes Ullrich advises users to apply the patch as soon as possible.
http://www.zdnet.com.au/news/software/soa/Cisco_squashes_critical_Net_attack_bug/0,2000061733,39220606,00.htm

Moglen: GPL 3.0 Rewrite Drive Is No Democracy
http://newsvac.newsforge.com/article.pl?sid=05/11/03/1540232&from=rss
Users will be free to comment on the upcoming complex and technical draft versions of the GNU General Public License 3.0 in an easy way, according to Eben Moglen, general counsel for the Free Software Foundation.

"A Dicembre in Italia il dominio “.eu”"
Dall’inizio di dicembre per i 25 paesi membri dell’Unione Europea sarà possibile registrare i primi domini “.eu”...
http://www.ziobudda.net/Admin/redir_news.php?id=24861

"Uno sguardo a TrollTech e Qt 4"
Due articoli che guardano al successo di una compagnia "open source" come TrollTech, e alle Qt 4 che saranno la base del nuovo KDE 4.
http://www.ziobudda.net/Admin/redir_news.php?id=24860

"FreeBSD 6 già disponibile"
E' già disponibile per il download la versione 6 di FreeBSD. I mirrors sono già aggiornati con la nuova versione nonostante il sito non l'abbia ancora presentata.
http://www.ziobudda.net/Admin/redir_news.php?id=24854

EFF: INUTILE LA CROCIATA ANTIP2P
Un nuovo rapporto dell'associazione per le liberta' digitali dimostra che la raffica di denunce delle major contro gli appassionati di musica non ha provocato alcuno scossone nella crescita dei sistemi di file sharing
URL: http://punto-informatico.it/pi.asp?i=55997

IL BROWSERINO NOKIA DALL'ANIMA OPEN
E' tagliato su misura per la nuova generazione di smartphone basati sulla piattaforma Series 60. Un browser che, nato dal codice open source di Konqueror e Safari, rivela qualche chicca
URL: http://punto-informatico.it/pi.asp?i=55987

GNU + SOLARIS = NEXENTA
Un nuovo progetto open source si prefigge lo scopo di sviluppare un sistema operativo ibrido composto dal kernel di Solaris e dalla costellazione di software che fanno parte della piattaforma GNU. Gia' in sviluppo un prototipo
URL: http://punto-informatico.it/pi.asp?i=55999

DDOS LEGALI NEL REGNO UNITO
Lo stabilisce il giudice che assolve un giovane spammer equiparando il mail bombing al denial-of-service e spiegando che le attuali leggi britanniche non vietano queste attivita'. Occhi aperti
URL: http://punto-informatico.it/pi.asp?i=55986

Windows rootkits in 2005, part one
This three-part article series looks at Windows rootkits indepth. Part one discusses what a rootkit is and what makes them so dangerous, by looking at various modes of execution and how they talk to the Windows kernel.
http://www.securityfocus.com/infocus/1850

BASIC IPTABLES--DEBIAN PRE-SARGE
"This How-To is performed on a Debian Sarge 3.1 box, though the commands and syntax should work for any linux distro..."
http://nl.internet.com/ct.html?rtr=on&s=1,20c3,1,cu45,m8qz,85jl,7pty

MANAGING SAMBA: CHOOSE YOUR WEAPON--WINDOWS NETWORK ID BASICS
"Despite its prevalence, not all IT shops currently utilize the facilities provided to fully secure the network or to drive operating costs to a minimum..."
http://nl.internet.com/ct.html?rtr=on&s=1,20c3,1,yzv,8289,85jl,7pty

LINUX IN ITALIAN SCHOOLS, PART 4: PROGETTO "MOTTABIT"
"How did a school in Italy go from having one computer for the entire school and no Internet connection to having a thin-client network connected to the whole world? Free software, of course..."
http://nl.internet.com/ct.html?rtr=on&s=1,20c3,1,7n4d,6n5z,85jl,7pty

THE NEW LINUX KERNEL: BETTER WI-FI, BETTER FILE SYSTEMS
"Better late than never, the new Linux kernel, version 2.6.14, became available late last week..."
http://nl.internet.com/ct.html?rtr=on&s=1,20c3,1,9rw6,6y7u,85jl,7pty

The Making of eEye SysReq: Bootstrap Code for a Local SYSTEM Shell Hotkey
In a previous article, we thoroughly explored how Windows processes its "special" hotkeys, and found that the responsibility was split between WIN32K.SYS and the WINLOGON.EXE process. This time, we'll put the effort to good use in an adaptation of eEye BootRootKit dubbed "SysRq".
http://www.eeye.com/html/resources/newsletters/vice/VI20051104.asp?sb=kwkckpakpbnmwapcbprc&rd=vexposed

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Inside) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT)
(Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)