P2P E DIRITTO PENALE IN ITALIA
di Giovanni Ziccardi (IP Justice) - Definire criminale chi usa il P2P significa mescolare file sharing, contrabbando, contraffazione, masterizzazione su larga scala, dialers. Ecco cosa dice, in realta', la legge italiana
URL: http://punto-informatico.it/pi.asp?i=46670
mod_perl
Vendor: Apache Software Foundation
A vulnerability was reported in mod_perl for the Apache web server. A local user can hijack the Apache http and https services.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2004/Jan/1008822.html
SuSE Scripts (various)
Vendor: SuSE
Vulnerabilities were reported in several scripts shipped with SuSE Linux. A local user may be able to gain elevated privileges.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2004/Jan/1008781.html
Kernel
Vendor: kernel.org
A vulnerability was reported in the Linux kernel on AMD64-based systems in the processing of eflags. A local user may be able to obtain elevated privileges.
Impact: Root access via local system
Alert: http://securitytracker.com/alerts/2004/Jan/1008775.html
SPAM, AOL SPERIMENTA L'EMAIL SICURA
Per la prima volta milioni di utenti internet possono sperimentare l'SPF, un protocollo pensato per consentire di tracciare il mittente di una email.
Contro lo spoofing dell'email, storica arma degli spammer. Ecco come funziona
URL: http://punto-informatico.it/pi.asp?i=46690
OFFICE 2003, PRIMO PACCO A GIUGNO
Microsoft ha pianificato di rilasciare il primo service pack per Office System entro luglio. Oltre a fix e patch, il pacco conterra' un certo numero di nuove funzionalita'
URL: http://punto-informatico.it/pi.asp?i=46679
FLAW FOUND IN ANTIVIRUS SOFTWARE
Products from three popular anti-virus software companies have been found to contain a programming flaw that allows a hacker to crash a user's desktop PC.
http://www.net-security.org/news.php?id=4442
HOW DO COMPUTER VIRUSES WORK?
In this article, we will discuss viruses -- both "traditional" viruses and the newer e-mail viruses -- so that you can learn how they work and also understand how to protect yourself.
http://www.net-security.org/news.php?id=4451
SECURE CODING PRINCIPLES 101
Writing secure code is the first step in producing applications that are secure and robust.
http://www.net-security.org/news.php?id=4452
Malware
Title: Worm opens two backdoors, logs keystrokes
Source: SearchSecurity
Date Written: January 26, 2004
Date Collected: January 26, 2004
Anti-virus vendors are warning users to be on the lookout for a dangerous new variant of the Dumaru worm that hit the Internet over the weekend of January 24-25, 2004. The new variant, known as Dumaru.Y or Dumaru.J depending on the anti-virus firm, arrives as a zip file attached to an e-mail and affects Windows Server 2003, Windows 2000, NT, XP, 98, 95 and ME systems. Once it is executed, the worm searches for e-mail addresses on an infected machine, mails itself to potential new victims using its own SMTP engine, and opens up two backdoors on the system to allow an attacker to take control of the machine. Anti-virus vendors are also concerned that the latest Dumaru variant contains a keystroke-logging capability that is being used to harvest passwords for the eGold electronic currency service.
MessageLabs had already detected 14,000 copies of the worm by the morning of January 26, 2004 (UK time). Users are urged to update their anti-virus signatures as soon as possible to protect against the worm.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci946167,00.html
Also - http://news.zdnet.co.uk/0,39020330,39143708,00.htm
Also - http://www.securityfocus.com/news/7903
Also - http://www.vnunet.com/News/1152265
VIRUS, CRONACA DI UN ATTACCO
MyDoom e' il worm che in poche ore ha saputo diffondersi in mezzo mondo, moltiplicando i danni alle comunicazioni gia' provate dallo spam e da Sober.C. Gli avvistamenti si susseguono, i provider sono all'erta. C'e' chi teme il Big One
URL: http://punto-informatico.it/pi.asp?i=46709
"Rilasciato Webmin 1.130"
E' stata rilasciata la nuova versione del famoso tool di gestione da web dei sistemi unix like.
http://www.ziobudda.net/Admin/redir_news.php?id=15831
BFi: nuovi numeri online e CALL FOR TRANSLATIONS Butchered From Inside ( http://bfi.s0ftpj.org ) e` una pubblicazione elettronica di libera espressione e distribuzione scritta dalla comunita` hacker italiana. CALL FOR TRANSLATIONS: Quest'anno in occasione dell'HackMeeting Transnazionale ( http://trans.hackmeeting.org ) che si terra` probabilmente a Pola (Croazia) nel mese di Giugno vorremmo aumentare il numero di traduzioni di BFi per condividere con tutta la scena europea i lavori, le iniziative, i progetti portati avanti dagli hacker italiani.
Cerchiamo persone disponibili a tradurre articoli dall'Italiano allo Spagnolo, Inglese, Tedesco, Francese, Polacco, Croato, Ungherese <inserisci qui una lingua che conosci>. NUOVI NUMERI: E` disponibile per il download un nuovo articolo di BFi#12 in Italiano. A grande richiesta e` finalmente online anche BFi#11 nella sua veste tradizionale che raccoglie tutti gli articoli pubblicati nel 2002. Grazie a tutti coloro che coi loro articoli hanno decretato il successo della rivista nella sua edizione "development" e a chi continuera` anche nel 2004 a contribuire alla e-zine. Ecco i link per il download:
---
title: BFi#11 standard edition
author: BFi staff <bfi@s0ftpj.org>
rel-date: 22/12/2003
url: http://bfi.s0ftpj.org/bfi11.tar.gz
lang: it
---
title: alfiere in c7... page fault!
author: buffer <buffer@antifork.org>
rel-date: 29/12/2003
url: http://bfi.s0ftpj.org/dev/BFi12-dev-08
lang: it
RED HAT LINUX ADVISORY: GAIM
"Updated Gaim packages that fix a number of serious vulnerabilities are now available..."
http://nl.internet.com/ct.html?rtr=on&s=1,opi,1,c7jz,l831,l6kx,c929
FEDORA CORE ADVISORY: SLOCATE
"Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer..."
http://nl.internet.com/ct.html?rtr=on&s=1,opi,1,chlh,kjh6,l6kx,c929
TUTORIAL: OPENOFFICE: WRITER - CREATE PAGE STYLE "The Stylist is the basic tool for working with styles. This tutorial will examine how to create a new page Style..."
http://nl.internet.com/ct.html?rtr=on&s=1,opm,1,9js6,hahx,l6kx,c929
INSTALLING SLACKWARE LINUX
"What's this about 'friendly?' You heard that Slackware was too damned hard, didn't you? If you are expecting cute graphical wizards and penguins automating every configuration step for you, that may be true..."
http://nl.internet.com/ct.html?rtr=on&s=1,opm,1,8jtm,2d7o,l6kx,c929
INTRODUCTION TO OPENVPN
"Last year, however, I finally found a VPN solution that was easy to use, administer, and debug, as well as fast, flexible, and free..."
http://nl.internet.com/ct.html?rtr=on&s=1,opm,1,f741,7ynh,l6kx,c929
Vulnerabilities & Exploits
Title: Apple Plugs Apache, App Flaws
Source: Internet News
Date Written: January 27, 2004
Date Collected: January 27, 2004
For the second time in January 2004, Apple has released patches for several vulnerabilities in Mac OS X. Two moderately critical flaws were fixed in the mod_alias and mod_rewrite modules of the Apache web server which would allow a user to escalate privileges or deny service. Apple also fixed several unspecified vulnerabilities in SystemConfiguration, the OS X mail application, Safari web browser, Windows files sharing, and environment variables. Fixes have been released for versions 10.3.2, 10.2.8, and 10.1.5.
Earlier in January, Apple fixed a flaw that would allow an attacker to crash SecurityServer by inputting an overly long password.
http://www.internetnews.com/dev-news/article.php/3304281
UN MEDIKIT PER MS WORD 2003
Con una patch cumulativa Microsoft ha corretto alcuni problemi che affliggevano l'ultima versione del proprio word processor. Il peggiore poteva causare il crash dell'applicazione
URL: http://punto-informatico.it/pi.asp?i=46721
2003'S MOST POPULAR VIRUSES, AND HACKING TOOLS "Viruses, Trojan horses, Worms, Adware, Spyware, and Remote Control programs have overrun computers in 2003 and the forecast for these digital parasites is worse for 2004..."
http://nl.internet.com/ct.html?rtr=on&s=1,otl,1,23i4,dq49,l6kx,c929
KERNEL 2.7: BACK TO THE FUTURE OF LINUX
"To get an early glimpse at some of the thinking going into the next kernel, key vendors that aid in shaping the Linux kernel helped eWEEK last week put together a long-range wish list for 2.7..."
http://nl.internet.com/ct.html?rtr=on&s=1,otj,1,8ty8,31o5,l6kx,c929
Malware
Title: Worm mutants spoof Internet Explorer
Source: vnunet.com
Date Written: January 28, 2004
Date Collected: January 28, 2004
Several variants of the Dumaru worm--J, K, and L--have made an outbreak, despite using the same propagation tactics as previous variants. Users receive an e-mail claiming to be from Microsoft offering virus protection updates. The e-mail directs users to a spoofed version of the Microsoft website, which uses a flaw in the Internet Explorer address bar to display 'www.microsoft.com', while the user is really looking at another site. The virus downloads a Trojan from this website, and the virus forwards itself to a new batch of users. Virus writers are increasingly using spam techniques while spammers are using viruses to expand their networks, suggesting a link between the two groups, according to Eugene Kapersky, head of Kapersky Labs.
http://www.vnunet.com/News/1152347
Vulnerabilities & Exploits
Title: The FBI's top 10 online security threats
Source: ZDNet UK
Date Written: January 28, 2004
Date Collected: January 28, 2004
The Federal Bureau of Investigation (FBI) and the SANS (SysAdmin, Audit, Network, Security) Institute have released their fourth annual list of the top twenty Internet security vulnerabilities. The SANS/FBI list focuses on vulnerabilities that attackers actively exploit, rather than theoretical or potential harm. In many cases, systems administrators have failed to to protect their systems from these threats. The list comes in two parts:
Windows threats and Linux/Unix threats. This article covers such Windows threats as Microsoft SQL Server attacks, Internet Explorer flaws, and peer-to-peer softwares. Some of the flaws have straightforward solutions while others take some work to guard against. Linux/Unix threats will be covered in a future article.
http://news.zdnet.co.uk/business/0,39020645,39143773,00.htm
Vulnerabilities & Exploits
Title: Secunia: Beware IE Download Spoofing Flaw
Source: Internet News
Date Written: January 28, 2004
Date Collected: January 28, 2004
Secunia is advising users of a 'moderately critical' flaw in Microsoft Internet Explorer version 6 which would allow a malicious website to spoof the file extension of downloadable files. An attacker could use the flaw to embed a CLSID (class identifier) in a file name to trick users into thinking a malicious file is of a trusted filetype. Users can work around the vulnerability by avoiding the 'open file' option when downloading, and saving files directly, since this reveals the file's real name. Microsoft is developing patches for several Internet Explorer flaws, but release has been delayed by a complicated testing process.
http://www.internetnews.com/dev-news/article.php/3304951
Vulnerabilities & Exploits
Title: Hackers scanning for ports opened by Mydoom
Source: SearchSecurity
Date Written: January 28, 2004
Date Collected: January 28, 2004
Malicious hackers have begun scanning ports 3128 to 3197 on computers looking for backdoors opened up by the MyDoom worm. As reports focus on the breadth of MyDoom's spread, some have neglected the danger posed by the worm, which opens the ports so an attacker can later access and control the machine. An attacker only needs to send the correct data and syntax to the TCP (transfer control protocol) ports. It is difficult to estimate from the volume of infected e-mails how many have been infected by the virus; MessageLabs reports receiving 1.2 million copies in the first 24 hours of the outbreak and 2.2 million overall.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci946423,00.html
IE SCAMBIA LUCCIOLE PER LANTERNE
Una vulnerabilita' di rischio moderato nel browser Internet Explorer potrebbe essere usata per mascherare la vera identita' di un file e indurre gli utenti a scaricare programmi o script malevoli
URL: http://punto-informatico.it/pi.asp?i=46739
UN NUOVO ANONYMOUS REMAILER ITALIANO
George vuole essere anche qualcosa di piu', un nodo di creazione di atti e idee per la difesa della privacy e dell'anonimato in rete. Dietro, lo zampino del Progetto Winston Smith
URL: http://punto-informatico.it/pi.asp?i=46747
VIRUS, TOGLIETE L'AVVISO AUTOMATICO!
Un lettore non ne puo' piu' di ricevere decine di copie di mydoom o sober.c e altre numerose email automatiche, generate da software antivirus per avvertirlo della presenza di worm in email che lui non ha spedito
URL: http://punto-informatico.it/pi.asp?i=46749
Il pericolo arriva....dall'FBI??
Sta mietendo vittime in tutta Italia un fantomatico messaggio proveniente niente meno che dall'FBI, che informa l'utente che è stato colto in flagrante durante il download illegale...
http://www.raulken.it/modules.php?name=News&file=article&sid=1156&mode=&order=0&thold=0
SLACKWARE LINUX ADVISORY: GAIM
"12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise..."
http://nl.internet.com/ct.html?rtr=on&s=1,ox8,1,l6il,35jh,l6kx,c929
MANDRAKE LINUX ADVISORIES: TCPDUMP, MC, GAIM Three security advisories from MandrakeSoft.
http://nl.internet.com/ct.html?rtr=on&s=1,ox8,1,7ar2,hc0o,l6kx,c929
DEBIAN GNU/LINUX ADVISORIES: GNUPG, TRR19 Two security advisories from the Debian Project.
http://nl.internet.com/ct.html?rtr=on&s=1,ox8,1,h55o,f9gs,l6kx,c929
"Rilasciato SystemRescueCD 0.2.10"
Rilasciata la nuova versione di SystemRescueCD.
http://www.ziobudda.net/Admin/redir_news.php?id=15873
"Linux Netwosix 1.0 is released"
Linux Netwosix è una distribuzione dedicata al networking, alla sicurezza e al servering. Oggi è stata rilasciata la versione 1.0. con kernel 2.6.1.
http://www.ziobudda.net/Admin/redir_news.php?id=15880
SUSE LINUX ADVISORY: GAIM
"Stefan Esser found 12 vulnerabilities in gaim that can lead to a remote system compromise with the privileges of the user running GAIM..."
http://nl.internet.com/ct.html?rtr=on&s=1,ozq,1,elwu,6k7w,l6kx,c929
g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)
