Si ricomincia ;)

***<Spot>***
Manuali, immagini, fotografie e tanto altro in un solo click? http://www.gnomixland.com/
***</Spot>***

AutoCad in rotta verso Linux?
Autodesk annunica l'intenzione di iniziare i lavori per un AutoCad nativo per Linux. Era ora..
http://www.ziobudda.net/Admin/redir_news.php?id=27123

Protagonisti della Security: Rapetto intervista Aparo I protagonisti della Security: Umberto Rapetto intervista Andrea Aparo Il Manager Professore. Un'infanzia da ricercatore al MIT, una carriera da professore e manager:nel salotto del Colonnello Umberto Rapetto (GAT) stavolta c'è Andrea Aparo, che già nel 1995, anticipando tutti e profetizzando l'esplosione del fenomeno Internet, aveva pubblicato “Il libro delle Reti, manuale di saggezza telematica”. Uno skill da brivido in un personaggio che sprigiona talmente tanta simpatia da fargli perdonare persino il fatto di essere troppo bravo...
http://www.ziobudda.net/Admin/redir_news.php?id=27127

Amule 2.1.1 rilasciato
Il team di aMule ci sta dando dentro! Oltre alla versione CVS con molte cosette interessanti (tra cui conigli che zompano qui e la :-) è appena uscito il fix alla 2.1. Per una divinazione del p2p è indispensabile scaricare questo gioiellino!
http://www.ziobudda.net/Admin/redir_news.php?id=27128

Le estensioni che rendono sicuro FireFox
11 estensioni che rendono davvero Firefox più sicuro di Internet Explorer.
http://www.ziobudda.net/Admin/redir_news.php?id=27140

pwdump6 Version 1.2 released
Version 1.2 (Beta) of the pwdump6 software has been released to http://www.foofus.net/fizzgig/pwdump

ADVISORIES, MARCH 16, 2006
Today's security advisories: webcalendar, xpvm, vlc, xine-lib, and wzdftpd (Debian GNU/Linux); Freeciv and zoo (Gentoo Linux); and initscripts, squid, vixie-cron, kernel, gnupg, and flash-plugin (Red Hat Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,2b07,1,6h80,idtx,85jl,7pty

CREATIVE COMMONS LICENSE UPHELD BY DUTCH COURT "The significant piece is this: the Creative Commons licenses are quite new, so there has been very little in the way of case law so far, so this is a significant development, as you will see..."
http://nl.internet.com/ct.html?rtr=on&s=1,2b09,1,lypw,gkkh,85jl,7pty

RAIDE: Rootkit Analysis Identification Elimination In Amsterdam Jamie Butler and I presented on a tool we have been developing called Rootkit Analysis Identification Elimination (RAIDE). I have put the slides in my vault and a public version of RAIDE Beta will be made available in the coming weeks. I am looking for final beta testers on all windows platforms from 2k – 2k3 to do tests with RAIDE.
If you are interested e-mail me at peter {_[_dot_]_} silberman {_[_at_]_} gmail {_[_dot_]_} com http://www.rootkit.com/vault/petersilberman/Komoku.ppt

Argos: an Emulator for Capturing Zero-Day Attacks Argos is a full and secure system emulator designed for use in Honeypots. It is based on QEMU, an open source processor emulator that uses dynamic translation to achieve a fairly good emulation speed.
http://www.few.vu.nl/~porto/argos/

Cryzip Ransomware Trojan Analysis
In May 2005, a trojan called PGPcoder was discovered in the wild by Websense Security Labs. The trojan's purpose was to encrypt a user's files, then demand a ransom for their decryption. Although this scheme seemed novel, it is actually predated by over 15 years, by a similar scam in 1989. LURHQ's Threat Intelligence Group has now discovered a third such scheme involving ransomware which we are calling Cryzip.
Unlike PGPcoder, which used a custom encryption scheme (which was subsequently reverse-engineered by LURHQ), Cryzip uses a commercial zip library in order to store files inside a password-protected zip.
Although the zip encryption is stronger, a brute-force attack is still possible on the files, especially if one has a copy of the original file inside the zip.
http://www.lurhq.com/cryzip.html

Proxifier 0.7.6b
Proxifier is an easy to install three tier Web proxy. Its features include the ability to remove cookies, the HTTP referer field, the HTTP user-agent field, scripts on the page, and objects, altering the user-agent string to whatever you please, and tunnelling your proxied traffic through a second proxy.
http://bcable.net/download.php?proxifier

Anti-rootkit.pl
A perl script to backdoor chkrootkit rendering it useless. Tested on chkrootkit version 0.44 running on Red Hat enterprise 3.
http://saic.sapht.com/pub/code/Anti-antirootkit/anti-antirootkit.txt

An EmailWorm Vaccine Architecture
We present an architecture for detecting “zero-day” worms and viruses in incoming email. Our main idea is to intercept every incoming message, prescan it for potentially dangerous attachments, and only deliver messages that are deemed safe. Unlike traditional scanning techniques that rely on some form of pattern matching (signatures), we use behavior-based anomaly detection. Under our approach, we “open” all suspicious attachments inside an instrumented virtual machine looking for dangerous actions, such as writing to the Windows registry, and ag suspicious messages.
http://www.astalavista.com/index.php?section=directory&linkid=6404

Sources and Methods of Foreign Nationals Engaged in Economic and Military Espionage Congress hearings.
http://www.fas.org/irp/congress/2005_hr/hhrg109-58.html

HLBR: Open Source Intrusion Prevention System HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn't need even an IP address). Detection of malicious/anomalous traffic is done by rules based in signatures, and the user can add more rules. It is an efficient and versatile IPS, and it can even be used as bridge to honeypots and honeynets. Since it doesn't make use of the operating system's TCP/IP stack, it can be "invisible" to network access and attackers.
http://hlbr.sourceforge.net/index-en.html

CYBERCRIME-HACKING
Title: VeriSign reveals details of DDoS assaults
Source: Techworld
Date Written: 2006-03-17
Date Collected: 2006-03-17
VeriSign is warning security professionals of distributed reflected denial of service (DRDoS) attacks the company has been noticing since the beginning of the 2006. Starting January 3, 1,500 organizations were targeted by botnet and DNS servers using the tactic. Typical denial of service attacks use botnets to send phony requests to a server, overwhelming it with a flood of spurious traffic. DRDoS attacks however, send domain name requests to DNS servers from a spoofed IP address; the DNS server then floods that IP address with unexpected responses. This is also known as an amplifier attack since the amount of spurious traffic generated by DNS servers is several orders of magnitude higher than in a typical denial of service attack.
http://www.techworld.com/security/news/index.cfm?NewsID=5586

TECHNOLOGY
Title: Spyware-killing Vista could take out rivals
Source: C-Net News
Date Written: 2006-03-17
Date Collected: 2006-03-17
Windows Vista, the next release of Microsoft's flagship operating system expected to reach the market later in 2006, includes significant changes to reduce the threat of spyware. Spyware is thought to have infected nearly 75% of PC users, with 80% of businesses telling the FBI that spyware is their second concern after worms and viruses. Vista, along with Internet Explorer 7, closes a number of attack vectors often used by spyware, and includes the Windows Defender anti-spyware tool. Yankee Group analyst Andrew Jaquith expects that the "aftermarket for Windows anti-spyware is going to dry up almost completely" as Vista and Windows Defender become the default tool for most users.
http://news.com.com/Spyware-killing+Vista+could+take+out+rivals/2100-1029_3-6050733.html

VULNERABILITIES & EXPLOITS
Title: Apple releases third patch this month
Source: Techworld
Date Written: 2006-03-17
Date Collected: 2006-03-17
Apple has released a new security patch to repair flaws in a patch released four days earlier, which was intended to fix flaws in another patch released earlier in March 2006. Apple released few details about the flaws, except to list affected components: apache_mod_php, CoreTypes, LaunchServices, Mail, rsync and the Safari Web browser.
Researchers believe the patch updates some open source components that were included in outdated versions in the previous patch, and fine-tunes the way Safari and Mail identify so-called "safe" files. The SANS Internet Storm Center advises home users to update immediately, while enterprise administrators should test the patch first, as some users reported network issues, system crashes, and booting problem after installing the previous patch.
http://www.techworld.com/security/news/index.cfm?NewsID=5590

g00d reading! 'n' bye
Daily DisInfo CreaTor & MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Inside) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT) (Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)