Cisco IOS
Vendor: Cisco
A vulnerability was reported in the Cisco IOS Routers running a certain release train. A remote user may be able to cause denial of service on the router.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006144.html

login_ldap
Vendor: Institute for Open Systems Technology Australia A vulnerability was reported in the 'login_ldap' authentication module for BSD (third party software for BSD). A remote user may be able to gain access to the system.
Impact: Host/resource access via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006138.html

myPHPNuke
Vendor: myphpnuke.com
Some input validation vulnerabilities were reported in myPHPNuke. A remote user can conduct cross-site scripting attacks against myPHPNuke users.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Feb/1006134.html

Norton Anti-Virus
Vendor: Symantec
A buffer overflow was reported in the Symantec Norton Anti-Virus e-mail scanning function. A remote user could execute arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006133.html

OpenSSL
Vendor: OpenSSL.org
A vulnerability was reported in OpenSSL when using CBC encryption. A remote user conducting a timing-based adaptive attack against connections with certain types of plaintext information may be able to determine the plaintext.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Feb/1006132.html

Rpcbind
Vendor: Sun
A denial of service vulnerability was reported in Sun Solaris in rpcbind. A remote user can cause the system to consume all available memory.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2003/Feb/1006131.html

Bastille
Vendor: HP (Compaq)
A vulnerability was reported in the HP-UX Bastille security hardening software. Sendmail privacy options may be incorrectly configured.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Feb/1006126.html

Windows DLL (Any)
Vendor: Microsoft
A buffer overflow vulnerability was reported in the Windows 'riched20.dll'. A remote user can cause a target user's application to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2003/Feb/1006121.html

Php
Vendor: PHP Group
A vulnerability was reported in the CGI SAPI of PHP (version 4.3.0). A remote user can read files on the target server that are readable by the web server process.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Feb/1006120.html

php-Board
Vendor: hp-planet.de
An information disclosure vulnerability was reported in the php-Board forum software. A remote user can retrieve passwords from the system
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Feb/1006113.html

BitchX
Vendor: Edwards, Colten
A denial of service vulnerability was reported in the BitchX Internet Relay Chat (IRC) client. A remote user can cause the client to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Feb/1006112.html

CRACKABILI LE E-MAIL PROTETTE CON SSL
I lucchetti di OpenSSL che proteggono le e-mail possono essere spezzati. A dimostrarlo e' stato un gruppo di esperti di crittografia che ha decodificato delle password di posta elettronica. Niente rischi per l'e-commerce
URL: http://punto-informatico.it/pi.asp?i=43186

L'EVOLUZIONE DEL BIOS SI CHIAMA EFI
Nei prossimi anni anche uno preistorico componente del PC, il BIOS, e'
destinato a cambiare profondamente aspetto e funzionalita' diventando qualcosa di molto vicino ad un vero e proprio sistema operativo. Lo propone Intel
URL: http://punto-informatico.it/pi.asp?i=43204

-->> INTERNET SECURITY THREAT REPORT
Symantec ha presentato i risultati del nuovo Internet Security Threat Report, un'indagine completa sulle ultime tendenze nel settore degli attacchi informatici
URL: http://news.hwupgrade.it/9385.html

"Che cos'é un RAT trojan?"
Il termine trojan aveva una valenza molto underground fino poco tempo fa ed era conosciuto soprattutto ai tecnici. Ora è invece molto comune e rappresenta un rischio per qualunque postazione collegata a Internet.
http://www.ziobudda.net/Admin/redir_news.php?id=10636

I'm pleased to announce the availability of Nessus 2.0 Nessus is a vulnerability assessment tool available under the GNU General Public Licence (GPL). It runs on many Unix-like systems (Linux/FreeBSD/OpenBSD/ Solaris/IRIX/MacOSX and probably others) but can audit a wide range of hosts, ranging from HP printers to Windows XP. Nessus 2.0 is available at http://www.nessus.org/download.html

IMPLEMENTING MULTICAST SOCKETS IN C#
Ever wanted to broadcast to everyone but still be able to use the net? How about being able to send data only to the nodes that really requested it?
Interested? well this is where the next generation of broadcast comes in -> Multicast. The Multicast method uses the same idea as broadcast - connectionless messaging, to many nodes - UDP transport of datagrams.
http://www.ca-osi.com/modules.php?name=News&file=article&sid=494

Malware
Title: LoveGate worm spans the globe
Source: ZDNet News
Date Written: February 24, 2003
Date Collected: February 24, 2003
The Lovgate worm spreads via e-mail over local networks and acts as a backdoor trojan. Once on a computer, it copies itself in shared network directories, where another computer may get infected. It also opens a TCP port (usually 10168), making a computer vulnerable to a remote attack. It also sends itself as a reply to all e-mail in a user's inbox. Lovgate carries its own SMTP engine, so it does not need the user's e-mail client to replicate. The article lists the filenames the virus is known to be hiding under. Some anti-virus vendors have updated their signature files to guard against Lovgate.
http://zdnet.com.com/2100-1105-985702.html
Also - http://www.idefense.com/PR/02242003.html
Also - http://www.silicon.com/news/500013/1/3009.html
Also - http://www.theregister.co.uk/content/56/29448.html

Malware
Title: Program Hides Secret Messages in Executables
Source: Security Focus
Date Written: February 24, 2003
Date Collected: February 24, 2003
Columbia University computer science masters student Rakan El-Khalil has released an application called Hydan, which hides messages in a executable binary file. The process is similar to steganography, or hiding a message within a music or image file--such changes are too small to be noticed by the human senses. Hiding files in executables is difficult, since changing a single bit can cause the program to crash. Hydan takes advantage of redundancies in the Intel x86 instruction set to overcome this barrier. For example 'add 50' can just as easily be 'subtract -50'. The choice between 'add' and 'subtract' can be a single bit. This would become noticeable if a program subtracts many negative numbers. Future versions of Hydan will include other ways of encoding data, such as in the ordering of certain instructions.
http://www.securityfocus.com/news/2623

Vulnerabilities
Title: Citibank gags crypto researchers
Source: The Register
Date Written: February 24, 2003
Date Collected: February 24, 2003
Hot on the heels of a paper recently published by several Cambridge researchers depicting serious vulnerabilities in the ATM PIN system used by banks, the High Court in London has imposed a gag order upon the researchers at the request of CitiBank and Diners' Club. The researchers had been assisting opposing attorney's in an ongoing case between Citibank and a South African couple who deny they made a $75,000 ATM withdrawal from a British ATM. The paper demonstrated that a corrupt insider might be able to use a cryptographic attack to obtain PIN account codes far more easily than previously recognized.
http://www.theregister.co.uk/content/55/29446.html

HOW TO USE A PERSONAL DNS FOR ROOT-SERVER ATTACK ISOLATION Provided a couple of programmers are correct, what started out as an attempt to provide better DNS server performance on Windows machines may also be one way to reduce DNS security concerns.
>> http://www.net-security.org/news.php?id=2021

SECURE MYSQL DATABASE DESIGN
This article will discuss various methods to secure databases, specifically one of the most popular freeware databases in use today, MySQL.
>> http://www.net-security.org/news.php?id=2034

CISCO EXPANDS ITS LINE OF INTRUSION-DETECTION TOOLS Cisco Systems will announce new intrusion-protection software and firewall enhancements, including functionality designed to lower IT staffing costs by reducing false or irrelevant system intrusion alarms.
>> http://www.net-security.org/news.php?id=2035

A USER'S GUIDE TO ONLINE SECURITY
Computer security used to mean making sure that the door was locked on your way out of the house. Thanks to the internet, security means protecting your computer from electronic assailants as well.
>> http://www.net-security.org/news.php?id=2052

QUICKTABLES 1.1 (Linux)
Quicktables is an iptables firewall and firewall/NAT (gateway) script generator. It was created to provide a secure set of iptables rules quickly.
>> http://www.net-security.org/software.php?id=453

"Listing Threads in /proc"
Da kerneltrap.org, una interessante discussione su come gestire la visualizzazione dei processi nella directory /proc
http://www.ziobudda.net/Admin/redir_news.php?id=10658

"Linux 2.5.63"
Vari aggiornamenti un po' ovunque, qualche problema su architetture Alpha
http://www.ziobudda.net/Admin/redir_news.php?id=10653

APSR NETWORK TESTING TOOLS
APSR is a network testing tool, designed to send and receive arbitrary network packets. It can be used to test firewalls, routing, security and many other things. The project is divided in two main programs: apsend to create packets and aprecv to sniff packets. The main goal of the APSR project is to develop a high quality network testing tool.
http://www.securiteam.com/tools/5IP0N0U95G.html

Vulnerabilities
Title: SSL Flaw Limited in Scope
Source: Information Security Magazine
Date Written: February 24, 2003
Date Collected: February 25, 2003
A flaw discovered by researchers at the Security and Cryptography Laboratory
(LASEC) is considered by security experts to be a difficult one to exploit in SSL implementation. In a Bugtraq posting, Paul Kocher, president and chief of scientist of Cryptography Research Inc., said, "The fact that implementations reveal sensitive information in timing channels is an implementation issue, not a flaw in the underlying cryptographic protocol."
The researchers found that timing variations in SSL/TLS implementations can be used in certain situations to incrementally determine the contents of an SSL packet. This method could possibly allow an attacker to decrypt part of the message.
http://www.infosecuritymag.com/2003/feb/digest24.shtml#news2

CELLULARE NOKIA A RISCHIO DOS
I bachi di sicurezza cominciano ad infestare anche i telefonini. In un modello di Nokia ne e' stato scoperto uno che puo' causare il crash dell'apparecchio. Per sfruttarlo basta un SMS
URL: http://punto-informatico.it/pi.asp?i=43238
Also - http://zdnet.com.com/2100-1105-986083.html

ULTIMI PROVINI PER IL FRATELLONE DI WI-FI In attesa dell'approvazione delle specifiche finali la Wi-Fi Alliance guadagna tempo avviando i test finali d'interoperabilita' per i prodotti basati sulla tecnologia 802.11g, ultimo arrivo nella famiglia di Wi-Fi
URL: http://punto-informatico.it/pi.asp?i=43236

"Seminario sulla sicurezza informatica"
Università degli Studi di Roma "La Sapienza" - Dipartimento di Informatica - Convegno sulla Sicurezza Informatica - Centro Congressi - via Salaria, 113 -
00198 Roma - 6 Marzo 2003
http://www.ziobudda.net/Admin/redir_news.php?id=10681

Nmap version 3.15BETA2
I am pleased to announce that Nmap version 3.15BETA2 is now available. The very modest numbering difference from 3.15BETA1 belies the fact the substantial changes -- including several fun new features. We're talking "port zero" scans, arbitrary TTL settings, Windows binaries, nonroot/ipv6
connect() multiport pinging, and more!
http://download.insecure.org/nmap/dist/nmap-3.15BETA2-1.i386.rpm

"Flaw in Windows Me Help and Support Center Could Enable Code Execution"
Help and Support Center provides a centralized facility through which users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, and other assistance.
Users and programs can execute URL links to Help and Support Center by using the "hcp://" prefix in a URL link instead of "http://".
http://www.securitynewsportal.com/index.shtml

OPERA BROWSER CROSS SITE SCRIPTING
A vulnerability exists in the way the Opera browser generates a temporary
page for displaying a redirection, when "Automatic redirection" is disabled
(not default setting).
http://www.xatrix.org/article2736.html

Technology
Title: Microsoft Releases Windows Security Guide
Source: EWeek.com
Date Written: February 25, 2003
Date Collected: February 26, 2003
Microsoft has released "Securing Windows 2000," a guide to patch management,
intrusion detection, configuration, and other security issues on Windows
2000. The guide is a result of Microsoft's own product review efforts under
its Trustworthy Computing Initiative. Such guides for other Windows
operating systems will be released throughout 2003.
http://www.eweek.com/article2/0,3959,903377,00.asp

Vulnerabilities
Title: Media Gone Mad
Source: Security Focus
Date Written: February 24, 2003
Date Collected: February 26, 2003
The author condemns recent media reports of a so-called Windows XP
"exploit." Recent reports have claimed that an adversary can gain
administrator privileges on a Windows XP machine by booting it up with a
Windows 2000 CD. The CD would be unable to read the XP registry, think
something was wrong, and go into the Recovery Console, allowing access to
the files. The author states that this does not give administrator
privileges, since the Recovery Console cannot affect the XP registry. Files
can be copied this way, but an adversary would have to have physical access
to the machine--in that case, the adversary could just steal the hard drive
and leave.
http://www.securityfocus.com/columnists/144

Vulnerabilities
Title: Flaws Found in Apple Streaming Servers
Source: EWeek.com
Date Written: February 25, 2003
Date Collected: February 26, 2003
Researchers at @Stake Inc. have uncovered 6 flaws in Apple's QuickTime
Streaming Server 4.1.1 and Darwin Streaming Server 4.1.2. Apple has released
updated versions of both products to address the flaws. One flaw in a CGI
authentication interface would allow an attacker to pass unvalidated input
to the open() function. By adding a specific character, the attacker can
bypass normal guards against such input, and elevate a non-root account to
root status. Another flaw in the CGI application allows an attacker to get
the physical path to the server. Another flaw in the CGI application allows
an attacker to obtain a list of directory contents. Two minor scripting
flaws were also found, along with a buffer overflow in the MP3 broadcast
module.
http://www.eweek.com/article2/0,3959,903477,00.asp

"Eppur si muove..."
Marcelo Tosatti, il maintainer del 2.4, ha rilasciato linux versione
2.4.21-pre5
http://www.ziobudda.net/Admin/redir_news.php?id=10704

THE UDP/IP PROTOCOL, In C
The UDP protocol works very much like the TCP/IP, except that it has no
connections. Heres how it works, and some examples on how to play with it.
Like I said the UDP is very much like it, but works in
a total different way at the same time. First lets look a little at the UDP
protocol.
http://www.ca-osi.com/modules.php?name=News&file=article&sid=498

Malware
Title: Behavioral rules vs. signatures: Which should you use?
Source: IDG.net
Date Written: February 26, 2003
Date Collected: February 27, 2003
Most intrusion detection systems (IDS) are based on one of two methods of
malicious activity identification - signature or behavior comparisons. Both
methods have strengths and weaknesses that are hotly debated. But the
optimal solution might be an IDS that combines the two methods.
Signature-based IDS is able to identify known attacks and let the system
administrator know what sort of attack is being directed at their systems.
Known attacks are by far the most prevalent threats facing computer
networks. However, signature-based IDS cannot identify unknown attacks.
Behavior-based IDS has the advantage of being able to identify previously
unknown attacks, but it also tends to yield more false positives. A hybrid
solution could both identify known and unknown attacks, while keeping false
positives to a minimum.
http://www.idg.net/ic_1187705_9677_1-5046.html

Vulnerabilities
Title: Microsoft Patches Flaw in Windows Me
Source: EWeek.com
Date Written: February 26, 2003
Date Collected: February 27, 2003
Microsoft has issued a new patch for its ME operating system. The patch
fixes a vulnerability that gives attackers the ability to execute code on
remote machines. This is a buffer overflow type vulnerability that lies in
Microsoft's "hcp://" prefix for the Help and Support Center.
http://www.eweek.com/article2/0,3959,904633,00.asp
Also - http://www.infoworld.com/article/03/02/27/HNwindowsme_1.html

"Gnu.it : la questione sembra essersi risolta... in bene"
Importanti novità riguardanti la questione "gnu.it" :
L'intestatario dell' url "promette solennemente" che provvederà alla
modifica del redirect entro il mese di marzo. A questo punto non ci resta
che aspettare e vedere se, e come, l'impegno preso verrà rispettato.
http://www.ziobudda.net/Admin/redir_news.php?id=10715

"Linux 2.4.21pre4-ac7"
Sempre al lavoro il povero Cox...
http://www.ziobudda.net/Admin/redir_news.php?id=10714

ZONELABS PERSONAL FIREWALL VULNERABLE TO USER INPUT CIRCUMVENTION EXPLOITS
ZoneLabs has announced that they have released Version 3.7 of the ZoneAlarm
product to fix a vulnerability that might allow an application to simulate
user input and change a users settings on their firewall. ZoneLabs states
that they believe most other personal firewalls are also vulnerable to this
type of exploit
http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?datab
ase=JanX%2edb&command=viewone&id=41

Technology
Title: Secure apps to stop network attacks
Source: ZDNet News
Date Written: February 27, 2003
Date Collected: February 28, 2003
The article covers tips on how to secure a network against hacker attacks,
with a focus on securing applications, which often contain bugs and other
vulnerabilities that attackers can exploit to gain unauthorized access to a
network. The tips include keeping applications up-to-date and controlling
the distribution of applications.
http://techupdate.zdnet.co.uk/story/0,,t481-s2131151,00.html

Vulnerabilities
Title: Expert: Router holes threaten Net
Source: C-Net News
Date Written: February 28, 2003
Date Collected: February 28, 2003
Security expert Stephen Dugan warns that not implementing a secure version
of the Border Gateway protocol (BGP), used by Internet routers to exchange
information, will leave vulnerabilities that could be exploited to commit
disruptive cyber attacks. Speaking at the Black Hat Security Briefings in
Seattle on February 27, 2003, Mr. Dugan said that a secure version of BGP
(S-BGP) had been developed, but adoption is slow due to high costs and the
need for equipment upgrades. The current version of the protocol could allow
an attacker to misdirect traffic and crash parts of the system.
http://news.com.com/2100-1009-990608.html

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it >
(AreaSessantuno Member) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer)
(Socio fondatore e Membro del CapitanLUG.iT)