OndaQuadra released!!
E' con immenso piacere che mi accingo a scrivere questa piccola notizia per gli amici di OndaQuadra. Da qualche giorno infatti è disponibile il nuovo numero della loro interessantissima web-zine. Non perdetevelo..!!
http://ondaquadra.cjb.net/

Kernel Security Therapy AntiTrolls (KSTAT) Kernel Security Therapy Anti-Trolls (KSTAT) is a very powerful security tool to detect many kinds of rogue kernel rootkits. It analyzes the kernel through /dev/kmem and detects modified syscalls as well as various other problems. This version runs on 2.4.x only, and can assist in finding and removing trojan LKMs. It supports network socket dumps, sys_call fingerprinting, stealth module scanning, and more.
http://www.s0ftpj.org/it/tools.html

HPING per Windows
Hwing is a win32 version of the ever favorite utility hping. It allows an administrator the ability to send customized pings, gather raw fingerprinting data, and more.
http://packetstormsecurity.nl/Win/hwing.zip

Microsoft Exchange
Vendor: Microsoft
A vulnerability was reported in Microsoft Exchange 2003 when used with Outlook Web Access and Windows SharePoint Services. The system may grant a remote authenticated user access to the wrong e-mail account.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2003/Nov/1008324.html

GnuPG (Gnu Privacy Guard)
Vendor: Gnupg.org
A vulnerability was reported in GnuPG in the creation of ElGamal keys for digital signature. Keys used for signing can be compromised.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Nov/1008319.html

BIND
Vendor: ISC (Internet Software Consortium) A vulnerability was reported in BIND 8. A remote user can introduce invalid DNS records to cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Nov/1008313.html

Mac OS X
Vendor: Apple Computer
A vulnerability was reported in the default configuration of Mac OS X DHCP-related authentication services. A remote user can gain root access on the target system.
Impact: Root access via network
Alert: http://securitytracker.com/alerts/2003/Nov/1008307.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer (IE) in the processing of ContentType headers. A remote user can determine the location of the cache directory, which may facilitate various exploits.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Nov/1008293.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
Several vulnerabilities were reported in Microsoft Internet Explorer (IE) involving IE's MHT redirect functions and subframe cross-domain security restrictions. A remote user can create HTML that, when loaded by the target user, will cause arbitrary code to be executed by the target user's browser.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Nov/1008292.html

** DOVE ARCHIVIA LE PASSWORD WINDOWS XP? ** E' possibile recuperare le password che adoperiamo per le connessioni di Accesso Remoto e per l'accesso ai diversi siti web protetti da login e password utente.
>> di Rosario Marcianò
http://www.zeusnews.it/news.php?cod=2637

"Esclusiva! Traduzione articolo di Stallman!"
In esclusiva sul sito HANC, grazie alla traduzione di smokedhack, l'articolo scritto dal celebre Richard Stallman "Perche' le scuole dovrebbero usare esclusivamente free software". In un articolo completo, l'Hacker espone tutti i motivi per cui nelle scuole, piu' che in ogni altro luogo, bisognerebbe usare Free Software.
http://www.ziobudda.net/Admin/redir_news.php?id=15124

"Grave bug in Gpg"
E' stato trovato un grave bug nel modo in cui Gpg crea e usa chiavi El Gamal. La soluzione e' revocare *immediatamente* tutte le chiavi El Gamal.
http://www.ziobudda.net/Admin/redir_news.php?id=15119

OCSE, UN SITO PER LA CULTURA DELLA SICUREZZA L'organizzazione internazionale lancia un sito che combattera' virus e cracker, che nel 2003 si stima abbiano fatto danni per 2 mld di dollari nel mondo. Un luogo elettronico di libero scambio di idee e strategie. Tutti piu' consapevoli?
URL: http://punto-informatico.it/pi.asp?i=46138

MIUR, CHIESTA UNA DOCUMENTAZIONE LIBERA
Parte la raccolta firme per chiedere al ministero dell'Istruzione di rilasciare sotto licenza aperta la documentazione dei Corsi di formazione informatica per i docenti delle superiori. Ecco di cosa si tratta
URL: http://punto-informatico.it/pi.asp?i=46140

QUATTRO PEZZE PER REDHAT
Red Hat ha reso disponibili quattro pacchetti che risolvono altrettante vulnerabilità di sicurezza. La prima, nel database PostgreSQL è un buffer overflow nella funzione pg_to_ascii() che può essere utilizzato per indurre un denial of service o per eseguire codice remoto. Un bug di stunnel invece può consentire ad un aggressore di effettuare l'hijacking della connessione sicura. Un bug delle librerie di XFree86 consente invece a attaccanti locali o remoti di guadagnarsi i privilegi di root, o di causare denial of service.
Zebra, infine, è una implementazione open source del routing TCP/IP, e il servizio di management telnet di Zebra può essere usato per denial of service. Sono vulnerabili praticamente tutti i prodotti Red Hat: Enterprise Linux AS 2.1/ES 2.1/WS 2.1, e Linux 7.2-9. Gli aggiornamenti sono disponibili su: http://rhn.redhat.com

TRE PATCH CRITICHE PER MICROSOFT
Microsoft ha rilasciato 4 patch (di cui 3 valutate come 'critiche' e una come 'importante') per vari prodotti. La prima
(http://www.microsoft.com/technet/security/bulletin/MS03-051.asp) riguarda un buffer overflow nelle funzionalità di debug da remoto delle estensioni per il Server di FrontPage su Windows 2000 e XP, che consente di eseguire codice arbitrario. Inoltre, lo SmartHTML interpreter, un insieme di librerie per il codice HTML dinamico, consente un attaccodi Denial of Service. La cosa inquietante è che per questa vulnerabilità c'è un exploit pubblico, mentre il problema, secondo quanto dichiarato da Security-Assessment.com, è già stato comunicato da tempo a Microsoft. Le altre patch includono una update cumulativa per 5 problemi di IE 5.01/5.5/6.0
(http://www.microsoft.com/technet/security/bulletin/MS03-048.asp) e una patch critica per il servizio Workstation di Windows 2000/XP (http://www.microsoft.com/technet/security/bulletin/MS03-049.asp).
Una patch meno urgente invece corregge dei problemi in Word e in Excel (http://www.microsoft.com/technet/security/bulletin/MS03-048.asp), che possono comunque portare all'esecuzione di codice remoto.

DUE PROBLEMI PER OPERA
Due gravi problemi mettono a rischio gli utenti del browser Opera. Secondo il ricercatore S.G. Masood, un aggressore è in grado di creare un file HTML che usa il protocollo 'opera' per leggere directory e file arbitrari sul sistema dell'utente, e per eseguire codice da remoto. Inoltre, utilizzando i tipi MIME 'browser skin' e 'browser configuration' l'aggressore può creare codice HTML che scrive su file arbitrari. Le versioni fino alla 7.21 di Opera sono vulnerabili, è suggerito un upgrade alla versione 7.22
(http://www.opera.com/download)

PCANYWHERE SI', MA CON CAUTELA
Un upgrade di pcAnywhere è necessario per impedire che un attaccante con accesso locale possa arrivare ai privilegi di SYSTEM. Kevin Finisterre, ricercatore di Secure Network Operations, ha scoperto che se pcAnywhere è configurato per essere eseguito come servizio o all'avvio, il sistema di help viene eseguito coi privilegi di sistema. Questo è un problema gigantesco, perchè in tal modo un utente può usare l'help per aprire file, cambiare permessi o lanciare comandi con i privilegi di SYSTEM ! Le versioni affette sono la 10.0 e la 11.0, e l'aggiornamento immediato è disponibile tramite LiveUpdate.

OLTRE LA BARRIERA DEL NAT
Un ricercatore ha scoperto come raccogliere informazioni sulle LAN interne che finora si credevano impenetrabili grazie al protocollo Network Address Translation
http://www.nwi.it/idg/networkworld/news.nsf/Newsletter/1966F2C2EB5431AEC1256DDE00383401

MANDRAKE LINUX ADVISORY: GNUPG
"A severe vulnerability was discovered in GnuPG by Phong Nguyen relating to ElGamal sign+encrypt keys..."
http://linuxtoday.com/security/2003112800126SCMDSW

TOSATTI REVEALS LINUX 2.4 FUTURE
In a brief e-mail to the Linux Kernel mailing list this morning, 2.4 kernel maintainer outlined his plans for future 2.4 kernel development as 2.6 appears on the horizon. Full message within.
http://linuxtoday.com/developer/2003120101526NWKNDV

Malware
Title: 'Sysbug' Trojan horse says something about Mary
Source: ZDNet
Date Written: November 25, 2003
Date Collected: December 1, 2003
A new email-based Trojan horse program is circulating the Internet, cloaked as pornographic pictures. Known as the Sysbug Trojan horse, the email arrives with a subject line of 'Re[2] Mary' and affects most Microsoft operating systems. Kevin Hogan from Symantec's Security Response team said the Trojan is unlikely to spread much further because it does not
self-replicate: "I don't see it getting worse because it relies on manual spamming--unless they re-spam it," he said.
http://zdnet.com.com/2100-1105_2-5111940.html
Also - http://www.pcworld.com/news/article/0,aid,113680,00.asp

Malware
Title: Sobig.F refuses to die
Source: Silicon.com
Date Written: December 1, 2003
Date Collected: December 1, 2003
Two months after it was supposed to self-destruct, the Sobig.F computer virus is still active around the Internet. According to security firm MessageLabs, Sobig.F was the third most active virus in November 2003 with some 264,000 copies being detected by its email virus-scanning servers.
Interestingly, the Sobig.F variant had a scheduled shutdown date of September 10, 2003. There are several possible explanations for its continued proliferation. Some home PCs have incorrect dates set, and no procedure for automatically correcting it. MessageLabs believes that another cause of the continued spread could be that many of the 20 Web servers that infected PCs were supposed to contact were taken offline. "The plug was pulled on the target servers before the PCs that were infected by Sobig.F could download the final bit of code," said Paul Wood, principal information security analyst at MessageLabs.
http://www.silicon.com/software/security/0,39024655,39117134,00.htm

Vulnerabilities & Exploits
Title: New Internet Explorer bug discovered
Source: Silicon.com
Date Written: December 1, 2003
Date Collected: December 1, 2003
Security researchers have discovered another suite of flaws in Microsoft's Internet Explorer that could allow an attacker access to a PC. The flaws were reported by Liu Die Yu, who posted the vulnerabilities on public security messaging boards, and have been verified by Dutch security firm Secunia. Users are being advised to disable active scripting in Internet Explorer until a patch becomes available. Microsoft has said it is investigating the issue, and may issue a fix as part of its monthly patch release, or separately, depending on the severity of the problem.
http://www.silicon.com/networks/webwatch/0,39024667,39117133,00.htm
Also - http://www.nwfusion.com/news/2003/1126msie.html
Also - http://www.silicon.com/software/security/0,39024655,39117137,00.htm

Vulnerabilities & Exploits
Title: OS X exploit details hit the Web, no patch yet
Source: ZDNet Australia
Date Written: November 27, 2003
Date Collected: December 1, 2003
A security researcher has released details of a vulnerability in Apple's OS X software ahead of patch availability from Apple. William Carrel, who found the vulnerability, claims that Apple had reneged on an agreed patch release date, stringing him along for weeks. "Meanwhile, users are left exposed and independent rediscovery [of the vulnerability] seemed fairly likely... maybe by someone less scrupulous than myself," he wrote in the advisory. Apple has recently come under criticism for releasing patches only for current versions its OS X operating system, effectively forcing customers to buy an upgrade in order to secure themselves. Carrel published his advisory 48 days after initially notifying Apple Computer of the bug, he claimed in the advisory. Apple has indicated it will release a patch in December, Carrel said.
http://www.zdnet.com.au/newstech/security/story/0,2000048600,20281434,00.htm
Also - http://www.theregister.co.uk/content/55/34240.html

Vulnerabilities & Exploits
Title: Debian attacker may have used new exploit
Source: ZDNet Australia
Date Written: December 1, 2003
Date Collected: December 1, 2003
Initial investigation of the security breach that allowed an attacker to gain access to several Debian servers indicate that an unknown exploit allowed privilege escalation. According to James Troup, part of the Debian distribution team, the attacker initially logged onto an unprivileged account and then gained full administrator rights. The attacker then installed a hacker toolkit, known as Suckit. "There is [I believe] an unknown local root exploit in the wild," Troup wrote in an email to a Debian mailing list on November 28, 2003. The exploit was only carried out on Intel-based servers, the Sun-based servers were not affected, leading some to guess that the vulnerability only affects Intel software. The compromised servers were all running recent versions of the Linux core, and had almost all security updates installed, lending weight to the argument that the attacker used an exploit that hasn't yet been discovered and patched.
http://www.zdnet.com.au/newstech/security/story/0,2000048600,20281486,00.htm

DEBIAN.ORG, SITI BUCATI PER UN BUG DI LINUX C'e' un bug del kernel di Linux alla base dell'attacco che un paio di settimane fa ha portato alla compromissione di alcuni server del Debian.org.
Il bug e' stato di recente corretto nell'ultima release del kernel 2.4
URL: http://punto-informatico.it/pi.asp?i=46149
Also - http://linuxtoday.com/security/2003120200926SCDBKN
Also - http://linuxtoday.com/security/2003120202726SCDBSV

"Microsoft apre Office"
La società di Bill Gates ha annunciato che a partire dal 5 Dicembre i clienti ed i partner Microsoft potranno avere accesso agli "schemas" XML delle principali applicazioni della suite Office: Word ed Excel.
http://www.ziobudda.net/Admin/redir_news.php?id=15150

"Refactoring di ifconfig"
Dietro suggerimento di Sam Leffer, Bruce Simpson sta rifattorizzando ifconfig(8), principalmente per far fronte alla quantità di opzioni che con il tempo si sono aggiunte al comando originale, rendendolo difficile da utilizzare.
http://www.ziobudda.net/Admin/redir_news.php?id=15146

"The Wonderful World of Linux 2.6"
Nuova edizione dell'articolo di Joseph Pranevich che presenta tutte le novità del kernel 2.6. Aggiornato alla versione 2.6-test11
http://www.ziobudda.net/Admin/redir_news.php?id=15143

RESEARCHERS FIND SERIOUS VULNERABILITY IN LINUX KERNEL "Security professionals took note of a critical new vulnerability in the Linux kernel that could enable an attacker to gain root access to a vulnerable machine and take complete control of it..."
http://www.eweek.com/article2/0,4149,1400446,00.asp
Also - http://www.pcworld.com/news/article/0,aid,113700,00.asp

MANDRAKE LINUX ADVISORY: KERNEL
"A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous..."
http://linuxtoday.com/security/2003120201026SCKNMD

WEP GIVES FALSE SENSE OF SECURITY
"Security is still a concern but it's getting smaller. Most people realise that enterprise Wi-Fi can be done securely. The biggest danger isn't enterprise deployment, but deployment by an end user," says Neil Rickard, research director at Gartner.
http://www.net-security.org/news.php?id=4130

SCRIPTING FLAWS POSE SEVERE RISK FOR IE USERS A set of five unpatched scripting vulnerabilities in Internet Explorer creates a mechanism for hackers to compromise targeted PCs.
http://www.net-security.org/news.php?id=4134

WIRELESS WORLD GETS A NEW WORRY: VIRUSES As more consumers begin surfing the Web and sending e-mail messages on cellphones and handheld devices, along comes a new worry: worms and viruses spread via Internet-enabled equipment.
http://www.net-security.org/news.php?id=4152

CURRENT ANTIVIRUS SOFTWARE IS NOT ENOUGH The antivirus protection installed in most companies does an excellent job of protecting against viruses. However, in today's world we also need to fight many other threats which, while they may not directly damage our computer systems, can cause other indirect damage.
http://www.net-security.org/article.php?id=607

SLACKWARE LINUX ADVISORY: KERNEL
"New kernels are available for Slackware 9.1 and -current..."
http://linuxtoday.com/security/2003120203026SCKNSL

FEDORA LINUX ADVISORY: KERNEL
"The kernel shipped with Fedora Core 1 was vulnerable to a bug in the error return on a concurrent fork() with threaded exit() which could be exploited by a user level program to crash the kernel..."
http://linuxtoday.com/security/2003120301426SCKNRH

CAN GNU/LINUX (COMMERCIALLY) SURVIVE?
"...I have had to begin to question the very nature of open source, how it has managed to alter the face of computing and most importantly, its impact upon software developers..."
http://articles.linmagau.org/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=469&page=1

Vulnerabilities & Exploits
Title: Cisco warns of wireless security hole
Source: InfoWorld
Date Written: December 3, 2003
Date Collected: December 3, 2003
Cisco Systems is warning users of it Aironet wireless access points of a vulnerability that could allow an attacker to obtain encryption keys to access the wireless network. Aironet 1100, 1200, and 1400 series access points could send WEP (Wired Equivalent Privacy) keys in plain text depending on the use of SNMP (Simple Network Management Protocol) and access point configuration. The SNMP protocol allows companies to monitor and manage networks and SNMP enabled devices from a central server. If an organization has an affected Aironet point and an SNMP server, uses static WEP keys for encryption and has enabled the "snmp-server enable traps wlan-wep" option on the access points (by default, the option is disabled), then the network may be vulnerable. SNMP traps alert the central server when significant events occur; if ever the key is changed, or an access point rebooted, it sends a message to the SNMP server, with the WEP key in plain text. Cisco has released a patch for the!
flaw; administrators could also disable the SNMP trap.
http://www.infoworld.com/article/03/12/03/HNciscohole_1.html

YAHOO! MESSENGER INCIAMPA IN UN ACTIVEX
Il portalone ha dovuto correggere una vulnerabilita' di sicurezza del proprio instant messenger che in alcuni casi poteva mettere a serio rischio la sicurezza degli utenti. Il punto debole era un controllo ActiveX
URL: http://punto-informatico.it/pi.asp?i=46190

POLEMICHE SUI CELLULARI CRIPTATI IN OLANDA Per la prima volta qualche parlamentare olandese mette in discussione il diritto dei cittadini a gestire comunicazioni cifrate di difficile decodificazione
URL: http://punto-informatico.it/pi.asp?i=46195

"Anche Gentoo Linux è sotto attacco!"
Anche Gentoo Linux sono sotto attacco: il server del Gentoo Linux project sono offline. Questo attaco segue da vicino quello portato a Debian pochi giorni fa.
http://www.ziobudda.net/Admin/redir_news.php?id=15211
Also - http://news.com.com/2100-7349_3-5113227.html?tag=nefd_top

"Progeny: un solo Linux per tutti?"
Questo è l'obiettivo dichiarato di Progeny. creare un set di base per ogni distribuzione Linux ed un database unico di compatibilità hw, basato su XML.
http://www.ziobudda.net/Admin/redir_news.php?id=15207

"La crittografia Quantistica"
In questo articolo analizzeremo alcune caratteristiche della crittografia quantistica, le sue possibilità, la sua efficienza e le sue limitazioni. La trattazione è qualitativa, non sono dunque necessarie particolari conoscenze di fisica.
http://www.ziobudda.net/Admin/redir_news.php?id=15205

"Dell si rifiuta di rimuovere spyware"
Dell in una nota inviata ai tecnici del suo help desk vieta di fornire informazioni per la rimozione di software spyware o di consigliare un programma adatto allo scopo!
http://www.ziobudda.net/Admin/redir_news.php?id=15199

SUSE LINUX ADVISORY: GPG
"Two independent errors have been found in gpg (GnuPG) packages as shipped with SUSE products..."
http://linuxtoday.com/security/2003120401226SCSWSS

GNU.ORG: FSF SERVER COMPROMISED 11/2, DISCOVERED 12/2 "On December 1st, 2003, we discovered that the 'Savannah' system... was compromised at circa November 2nd, 2003..."
http://savannah.gnu.org/statement.html

Best Practices & Risk Management
Title: Look it up: A common language for vulnerabilities
Source: Government Computer News
Date Written: December 3, 2003
Date Collected: December 4, 2003
Mitre Corporation is developing the Open Vulnerability Assessment Language (OVAL), a standard for seeking and describing vulnerabilities in computer systems. Mitre also hosts the Common Vulnerability Exposure (CVE) List, a federally funded catalog of recognized vulnerabilities used by academia, government, and industry. CVE currently contains about 2,572 entries, with another 3,832 under consideration. 143 security products or services are compatible with CVE; the National Institute of Standards and Technology and the Defense Department recommend agencies show a preference to CVE compatible products during acquisitions.
http://www.gcn.com/vol1_no1/daily-updates/24331-1.html

SLACKWARE LINUX ADVISORY: RSYNC
"A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7..."
http://linuxtoday.com/security/2003120402726SCSLSW

DEBIAN GNU/LINUX ADVISORY: RSYNC
"The rsync team has received evidence that a vulnerability in all versions of rsync prior to 2.5.7, a fast remote file copy program, was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server..."
http://linuxtoday.com/security/2003120403026SCDBSW

GENTOO LINUX ADVISORIES: KERNEL, RSYNC
Two security advisories from the Gentoo team.
http://linuxtoday.com/security/2003120501026SCSWNT

MANDRAKE LINUX ADVISORY: RSYNC
"This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code execution on the host running rsync as a server..."
http://linuxtoday.com/security/2003120501226SCMDSW

Technology
Title: Security fears push users to open source
Source: vnunet.com
Date Written: December 5, 2003
Date Collected: December 5, 2003
Investment broker Merrill Lynch has conducted a survey of 100 chief information officers, 75 American and 25 European, finding that 58% are considering open source software for the desktop, citing its security record as compared to Microsoft. Such security concerns may also undermine Microsoft's new Software Assurance program as CIOs look toward open source.
Two thirds of officers surveyed did not expect to upgrade to Office 2003 within the next year. Professor Neil Barrat, technical director at security consultant Information Risk Management, notes that many CIOs are dissatisfied with Microsoft's patching process, and expects open source trials to focus on smaller projects rather than mainstream applications.
http://www.vnunet.com/News/1151313

Technology
Title: IBM submits privacy spec to W3C
Source: Network World Fusion
Date Written: December 4, 2003
Date Collected: December 5, 2003
IBM (International Business Machines) has submitted a draft of its Enterprise Privacy Authorization Language (EPAL) to the World Wide Web Consortium (W3C) for development. IBM hopes that EPAL will be made a standard to automate privacy management tasks, improve consumer trust, and reduce the cost of privacy compliance. EPAL is an XML-based language designed to build policy enforcement features directly into enterprise software applications. EPAL will be analyzed by the P3P (Platform for Privacy Preferences) Coordination Group, since it is based on the P3P specification. EPAL lies beyond the scope of P3P 1.1, but may be included in future versions.
http://www.nwfusion.com/news/2003/1204ibmsubmit.html

Best Practices & Risk Management
Title: Debian's Response
Source: Security Focus
Date Written: December 3, 2003
Date Collected: December 5, 2003
Scott Granneman discusses Debian's response to a server break-in using a previously unknown flaw in the Linux kernel, commending the project's response as quick, open, and honest. The security breech occurred November 20, 2003, and was publicly announced by Debian twelve hours later on November 21. Mr. Granneman argues that most organizations would try to cover up security breeches, benefitting no one. My Granneman also commends the various Linux distributors; since the exploited flaw lies in the kernel, every distribution is vulnerable. However, the competitors worked together to analyze and fix the flaw and alert customers. Debian also imaged all their hard drives for forensic evidence, deactivated all accounts, passwords, and SSH keys on the machines, requested that users change passwords, and then wiped the machines for a clean reinstall. Further, Debian made these steps public, reassuring users, and providing a real-world textbook example of security reaction, in other !
words, a "teachable moment."
http://www.securityfocus.com/columnists/202

g00d reading! 'n' bye
Security News ManTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & ManTainer) (Socio fondatore e Membro del CapitanLUG.iT)