** DISABILITARE IL MESSENGER SERVICE **
Il servizio, abilitato di default nei sistemi operativi Windows, è una ghiotta occasione per gli spammatori, che possono inviare messaggi pop-up istantanei.
>> di Massimo Nespolo
http://www.zeusnews.it/news.php?cod=2598
"2.4.23-rc3"
In dirittura d'arrivo il kernel 2.4.23. L'ultima release candidate è la terza, ovviamente su www.kernel.org
http://www.ziobudda.net/Admin/redir_news.php?id=14914
"MDK 9.2: forse risolto il mistero dei menu scomparsi"
Alcuni giorni fa Paolo Lippe aveva segnalato un malfunzionamento della nuova MDK 9.2: in pratica tutti i menu scomparivano...adesso ci propone anche una soluzione a quel problema.
http://www.ziobudda.net/Admin/redir_news.php?id=14910
"Il Magnifico mondo di Linux 2.6"
Anche se sembra solo ieri quando stavamo facendo girare il nostro primo sistema Linux 2.4, il tempo corre e il team di sviluppo del kernel è vicino al completamento del kernel versione 2.6. Questo documento descriverà molte delle nuove caratteristiche del kernel 2.6 (con un pesante inclinazione verso il port per i386 di Linux). A differenza degli annunci pre-release di software a sorgenti chiusi (ndt, closed source), tutte le caratteristiche descritte qui sono disponibili ora (alcune più senza bug di altre) nel kernel Linux di sviluppo 2.5.
http://www.ziobudda.net/Admin/redir_news.php?id=14924
"Sicurezza nelle Wireless Lan"
Segnalo la disponibilità su Security Wireless del mirror del libro di Giuseppe Paternò: "Sicurezza nelle Wireless Lan".. Correte a scaricarlo!!
http://www.securitywireless.info/links_goto.asp?id=781
Svizzera: lo spionaggio delle telecomunicazioni diventa legale di Annarita Gili La Svizzera ha deciso di procedere alla legalizzazione di Onyx, il suo sistema di spionaggio delle telecomunicazioni.
http://www.apogeonline.com/webzine/2003/11/24/01/200311240102
Anticipazioni sul prossimo Windows Security Update "...beta tester di Windows Update 4 sono stati avvisati che una nuova immagine ISO del CD contenente il Windows Security Update è stata messa a disposizione su Betaplace.com. Nell'email inviata Microsoft ha preannunciato alcune delle nuove feature, tra cui le nuove tecnologie per la sicurezza disegnate e studiate per proteggere da attacchi pericolosi eseguiti sia attraverso l'invio di email sia attraverso le porte aperte di default sul sistema. Nel service pack verrà inserito anche un nuovo firewall personale, nuovi sistemi di sicurezza per Internet Explorer e Outlook Express e un nuovo supporto per Windows Update". Immagine iso su betaplace.com http://www.pc-facile.com/news.php?n=13620
OPERA, NUOVA VERSIONE TAPPA SPIFFERI
Il browser tappa alcune falle che possono essere sfruttate dai cracker per penetrare sui computer degli utenti. La societa' norvegese lancia anche un'offerta paghi-uno-prendi-due
URL: http://punto-informatico.it/pi.asp?i=46047
Also - http://www.internetnews.com/dev-news/article.php/3112791
Also - http://news.com.com/2100-1032_3-5110845.html?tag=nefd_top
"Programmazione della shell con GNU/Linux - Ultima parte"
Ecco la terza ed ultima parte del mio corso sulla programmazione della shell con GNU/Linux.
http://www.ziobudda.net/Admin/redir_news.php?id=14961
"Rilasciata una nuova versione di Debian GNU/Linux"
Con quest'ultimo salgono a due gli update rilasciati per la versione 3 di Debian GNU/Linux, che raggiunge così la release 3.0r2.
http://www.ziobudda.net/Admin/redir_news.php?id=14947
HOW TO FLOSS YOUR SECURITY SYSTEM
Patch management is a little like flossing your teeth. Everyone knows they're supposed to do it, but most of us still don't.
http://www.net-security.org/news.php?id=4057
AUTOMATING RSYNC WITH A SIMPLE EXPECT SCRIPT This short article provides an example script that uses Expect to automate a series of rsync operations using an ssh tunnel.
http://www.net-security.org/news.php?id=4073
SOAP WEB SERVICES ATTACKS
This whitepaper discusses various types of attacks based on the SOAP implementation of Web services over HTTP and describes how you can shield your applications from these assaults.
http://www.net-security.org/article.php?id=604
Vulnerabilities & Exploits
Title: Microsoft investigates possible Exchange 2003 flaw
Source: Network World Fusion
Date Written: November 21, 2003
Date Collected: November 24, 2003
Microsoft is investigating a potential vulnerability in its newly released email server Exchange Server 2003. The product, released in October 2003, appears to have a flaw which allows Web users unauthorized access to other users' mailboxes. The feature known as Outlook Web Access (OWA) is the apparent culprit. "This seems to be a major security flaw and we have had to shut off OWA indefinitely because of the issue," the network administrator wrote in a posting to NT Bugtraq, a well-known security mailing list.
Microsoft has already prepared a patch, which will be released if the investigation shows that the vulnerability does exist.
http://www.nwfusion.com/news/2003/1121microinves2.html
Also - http://news.zdnet.co.uk/business/0,39020645,39118071,00.htm
DVD JON FORGIA UN DECSS PER ITUNES
Il giovane programmatore che ha creato il primo e piu' celebre programma cracca-DVD torna alla carica con un nuovo tool capace, con una manciata di linee di codice, di decrittare i file audio protetti di iTunes
URL: http://punto-informatico.it/pi.asp?i=46061
RED HAT LINUX ADVISORIES: STUNNEL, EPIC, IPROUTE, PAN Four security advisories from Rat Hat, Inc.
http://linuxtoday.com/security/2003112501626SCRHSW
GENTOO LINUX ADVISORIES: PHPSYSINFO, LIBNIDS, ETHEREAL, GLIBC Four security advisories from Gentoo Linux.
http://linuxtoday.com/security/2003112501726SCSW
Malware
Title: Alternative medicine: Future virus fighting
Source: ZDNet News
Date Written: November 25, 2003
Date Collected: November 25, 2003
Computer viruses and worms have been around for decades and nowadays can cause billions of dollars of damage and significant disruptions. Methods to fight malware have evolved over time. Anti-virus vendors still commonly use signatures to catch known viruses and worms, but more sophisticated methods, such as heuristic scanning and checks at the hardware level, are being introduced to combat the new generation of malicious code. While anti-virus tools and techniques are expected to improve further, for instance through the introduction of Microsoft's Next Generation Secure Computing Base
(NGSCB) and Intel's LaGrande hardware specification, they will always remain imperfect and susceptible to false positives. However, growing awareness of malware threats by users, ISPs and network operators could help successfully meet the challenge of viruses.
http://insight.zdnet.co.uk/specials/viruses/0,39025060,39118047,00.htm
Also - http://rss.com.com/2009-7349_3-5111410.html
Malware
Title: Worm Exploits DCOM RPC Vulnerability
Source: eSecurityPlanet
Date Written: November 21, 2003
Date Collected: November 25, 2003
Anti-virus vendor Symantec, on November 21, 2003, issued an alert for W32.Bolgi.Worm, a new worm that exploits the much-publicized Microsoft DCOM RPC vulnerability using TCP port 445. While various versions of the Windows operating system are vulnerable to the flaw, the worm only targets Windows 2000 and XP machines. It does not have a mass-mailing functionality.
Symantec recommends that users should block access to TCP port 5732 at the firewall level, and then block TCP port 445 and UDP port 69 if they do not use the affected applications. The article also briefly describes the W32.Taplak Visual Basic worm, the PWSteal.Banpaes.B Trojan horse and the Worm_Agobot.AS worm with backdoor capabilities.
http://www.esecurityplanet.com/alerts/article.php/3112161
Best Practices & Risk Management
Title: OASIS drafts standard for Web services security
Source: Government Computer News
Date Written: November 21, 2003
Date Collected: November 24, 2003
The Organization for the Advancement of Structured Information Standards
(OASIS) has completed its work on a draft security standard for web services connecting disparate systems. A draft of the standard was released in October 2003 for public comment, and the OASIS membership could vote on a final version of the draft as early as December. The standard covers both functions and technologies, including digital signatures, authentication, encryption, user names, passwords, X.509 tokens for public-key infrastructures and Simple Object Access Protocol Message Security. Other technologies like the Security Assertion Markup Language (SAML) and the Kerberos network authentication protocol are also under consideration for web services security, according to Hal Lockhart, principal security engineer at BEA Systems Inc.
http://www.gcn.com/vol1_no1/daily-updates/24261-1.html
"OSDL: ecco come nasce il kernel Linux"
Gli Open Source Development Lab (OSDL) hanno annunciato una nuova iniziativa per portare a conoscenza del grande pubblico le modalità con cui viene realizzato il kernel di Linux.
http://www.ziobudda.net/Admin/redir_news.php?id=15020
"Il tuo browser è davvero sicuro?"
A parte i teorici della sicurezza innanzitutto, per cui l'unico PC sicuro è quello scollegato dalla rete, spento e chiuso a chiave, ecco un utile strumento online per verificare la sicurezza del nostro browser.
http://www.ziobudda.net/Admin/redir_news.php?id=15014
PHOENIX: NON CHIAMATELO BIOS
L'azienda lancia una prima famiglia di firmware in grado di fornire, in modo autonomo, funzionalita' di sicurezza, gestione dei sistemi e networking. Il sistema operativo diverra' un optional?
URL: http://punto-informatico.it/pi.asp?i=46078
SCOPERTE FALLE IN IE
Un ricercatore ha scoperto alcune falle di sicurezza che interessano Internet Explorer. Il punto debole e' ancora una volta rappresentato dall'active scripting
URL: http://punto-informatico.it/pi.asp?i=46081
Also - http://www.theregister.co.uk/content/55/34186.html
FEDORA LINUX ADVISORY: ETHEREAL
"These updated ethereal packages fix a security problem found in versions prior to 0.9.16..."
http://linuxtoday.com/security/2003112502626SCRH
RED HAT LINUX ADVISORY: XFREE86
"Updated XFree86 packages for Red Hat Linux 7.3 and 8.0 provide security fixes to font libraries and XDM..."
http://linuxtoday.com/security/2003112502726SCRHSW
MANDRAKE LINUX ADVISORY: STUNNEL
"A vulnerability was discovered in stunnel versions 3.24 and earlier, as well as 4.00, by Steve Grubb. It was found that stunnel leaks a critical file descriptor that can be used to hijack stunnel's services..."
http://linuxtoday.com/security/2003112601126SCMDSW
Vulnerabilities & Exploits
Title: Bluejacking ain't hijacking
Source: The Register
Date Written: November 21, 2003
Date Collected: November 26, 2003
Nick Hunn, managing director at TDK Systems, discusses recent research concerning possible Bluetooth vulnerabilities. Mr. Hunn describes 'bluejacking' as only a way of presenting messages, but says Bluetooth cannot steal data, such as address books, off of mobile phones--TDK Systems has been experimenting with Bluetooth for six years, and has yet to find a crackable commercial device. He also questions AL Digital's claims that it can circumvent safety features used in pairing devices. Mr. Hunn also discusses practices such as 'bluestumbling' and 'bluesnarfing,' describing their basis in Bluetooth functionality, and questioning their status as vulnerabilities.
http://www.theregister.co.uk/content/69/34139.html
OpenBSD Kernel
Vendor: OpenBSD
A buffer overflow vulnerability was reported in the OpenBSD in semctl() and
semop() functions. A local user can cause the kernel to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2003/Nov/1008271.html
OpenBSD Kernel
Vendor: OpenBSD
A vulnerability was reported in OpenBSD in the sysctl(3) function. A local user can cause the system to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2003/Nov/1008270.html
Microsoft SharePoint Team Services
Vendor: Microsoft
A vulnerability was reported in Microsoft SharePoint. A remote user can gain access to pages that are ostensibly password-protected.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2003/Nov/1008245.html
OpenBSD Kernel
Vendor: OpenBSD
A buffer overflow vulnerability was reported in the OpenBSD kernel. A local user can execute arbitrary code to gain root privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2003/Nov/1008214.html
"Norman regala Virus Control per Linux"
Regalo di Natale anticipato da parte della software house norvegese Norman, specializzata in sicurezza, che mette a disposizione per il download gratuito il proprio Virus Control per il sistema operativo Linux.
http://www.ziobudda.net/Admin/redir_news.php?id=15047
"Intrusion detection with SNORT, PhP, Apache, MySQL, ACID"
Interessante recensione di questo nuovo libro edito da PH.
http://www.ziobudda.net/Admin/redir_news.php?id=15039
Bloccare i dialer si può, ecco come
di Paolo Attivissimo
Le principali tecniche di difesa dalle bollette vertiginose e i primi risultati nella lotta degli utenti contro i dialer disonesti.
http://www.apogeonline.com/webzine/2003/11/28/01/200311280101
g00d reading! 'n' bye
Security News ManTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & ManTainer) (Socio fondatore e Membro del CapitanLUG.iT)
