MYDOOM SFERRA IL SUO ATTACCO
SCO buttata fuori dalla rete a poche ore dall'avvio dell'aggressione distribuita. Domani la variante B tentera' l'assalto a Microsoft. Caccia aperta agli autori del worm. C'e' chi teme anche il dopo-worm per la quantita' di backdoor aperte
URL: http://punto-informatico.it/pi.asp?i=46767

L'EMAIL IN GIUDIZIO, APPROFONDIMENTO
Andrea Lisi (scint.it) e Marco Cuniberti intervengono su una questione al centro dell'attenzione degli esperti di diritto e Internet in Italia e che riguarda il ruolo in giudizio della semplice email
URL: http://punto-informatico.it/pi.asp?i=46769

FireWall-1
Vendor: Check Point
A vulnerability was reported in Check Point FireWall-1/VPN-1 in the processing of H.323 messages. The impact was not disclosed.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Jan/1008846.html

Windows Explorer
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows XP in Windows Explorer. A remote user can create a folder that, when viewed by the target user, will execute arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Jan/1008843.html

WIRELESS NETWORK SECURITY BASICS
The default setup for wireless networks is setup to get the network up and running but does nothing to protect your network.
http://www.net-security.org/news.php?id=4483

MAKING FALSE POSITIVES GO AWAY
New network IDS products are appearing that help to tackle the false-positive problem with a smarter detection engine that uses three key
technologies: operating system fingerprinting, alert-flood suppression and meta-alert correlation.
http://www.net-security.org/news.php?id=4502

LINUX SECURITY HOWTO - UPDATED
This document is a general overview of security issues that face the administrator of Linux systems.
http://www.net-security.org/news.php?id=4504

A HOW-TO GUIDE FOR HACKERS
Already bored with all the presents you got for the holidays? Hack them into new-and-improved presents.
http://www.net-security.org/news.php?id=4522

SECURING LINUX SYSTEMS WITH HOST-BASED FIREWALLS IMPLEMENTED WITH LINUX IPTABLES This article aims to provide readers with a template for constructing a host-based firewall that provides a useful layer of protection against the risks of exposing a system to internal and/or external users.
http://www.net-security.org/news.php?id=4525

MICROSOFT POTENZIA IL SUO TOOL
Microsoft ha aggiornato il suo Baseline Security Analyzer (MBSA) che consente di individuare misconfigurazioni e aggiornamenti mancanti nelle varie versioni di Windows (NT4, 2000, XP, 2003) e del software Microsoft (IIS4-5-6, SQL Server 7-2000, IE5.01 e superiori, Office 2000-2-3), oltre alle sole patch di tutti gli altri software.. La nuova versione, 1.2, come la precedente può eseguire controlli locali o remoti, e funziona sia da linea di comando sia con una interfaccia grafica. E' disponibile all'URL:
http://www.microsoft.com/downloads/details.aspx?familyid=8b7a580d-0c91-45b7-91ba-fc47f7c3d6ad&displaylang=en

MICROSOFT, AGGIORNAMENTO ANTI TRUFFA PER IE L'azienda rilascia un update che toglie ad Internet Explorer il supporto a URL che in passato sono state abilmente utilizzate da truffatori per indurre gli utenti a rilasciare dati personali o peggio
URL: http://punto-informatico.it/pi.asp?i=46787

MANDRAKE LINUX ADVISORY: GAIM
"A number of vulnerabilities were discovered in the gaim instant messenger program by Steffan Esser, versions 0.75 and earlier..."
http://nl.internet.com/ct.html?rtr=on&s=1,p3d,1,kvm4,ji9n,l6kx,c929

SUPER WORMS COULD TARGET LINUX
"Long-feared, a new generation of RPC-exploiting super-worms could be about to break..."
http://nl.internet.com/ct.html?rtr=on&s=1,p3d,1,ivwz,kl4f,l6kx,c929

Malware
Title: Virus top 10: MyDoom takes top spot in seven days
Source: Silicon.com
Date Written: February 2, 2004
Date Collected: February 2, 2004
Sophos has released its report of the ten most prolific viruses of January 2004. The MyDoom.A worm appeared late in the game on January 26, but managed to take the lead in seven days, accounting for 25% of virus reports. Bagle started spreading in the middle of January, grabbing 16.3% of virus reports for second place. Bagle is programmed to deactivate January 28. MyDoom.B came too late to make it into the January top ten, but has a good start for February. MiMail variants took fourth through ninth place. The Klez virus, in the wild for nearly two years, is holding strong at tenth place.
http://www.silicon.com/software/security/0,39024655,39118126,00.htm

Vulnerabilities & Exploits
Title: IE Patch Could Disrupt E-Commerce
Source: Internet News
Date Written: February 2, 2004
Date Collected: February 2, 2004
A patch for a Microsoft Internet Explorer flaw that allows phishers and spoof websites to control the address that appears in the address bar may disrupt e-commerce according to Windows lead product manager Greg Sullivan.
The updated browser will discontinue support for handling cleartext user names and passwords in the URL (uniform resource locator) under HTTP (hypertext transfer protocol) and HTTPS (HTTP-Secure), and will return an invalid syntax error message in such cases. Microsoft has published an article in its knowledge base describing workarounds that web and application developers can use, such as the InternetSetOption and cookies.
http://www.internetnews.com/ec-news/article.php/3306451

KDE 3.2 DEBUTTA SUI DESKTOP LINUX
Il KDE Project rinnova la propria sfida a GNOME lanciando una nuova versione del proprio desktop environment, la 1.2, che lima le funzionalita'
preesistenti e aggiunge alcune nuove applicazioni open source
URL: http://punto-informatico.it/pi.asp?i=46801
Also - http://www.ziobudda.net/Admin/redir_news.php?id=15916
Also - http://nl.internet.com/ct.html?rtr=on&s=1,p7d,1,509j,ix1p,l6kx,c929

TRIO DI PATCH PER INTERNET EXPLORER
Microsoft corregge tre nuove vulnerabilita' che un aggressore potrebbe sfruttare per aggirare i sistemi di sicurezza di IE, sottrarre informazioni o eseguire del codice. Integrato anche l'aggiornamento anti-truffa
URL: http://punto-informatico.it/pi.asp?i=46798
Also - http://zdnet.com.com/2100-1104_2-5151957.html

Vulnerabilities & Exploits
Title: Microsoft releases metadata removal tool
Source: The Register
Date Written: February 2, 2004
Date Collected: February 3, 2004
Microsoft has quietly released a Remove Hidden Data Add-in for Word, Excel, and PowerPoint files, available for Office XP and 2003. Hidden data in Microsoft Word documents received international attention after a Cambridge University professor analyzed a nineteen page document released by British Prime Minister Tony Blair outlining intelligence on Iraq. The professor found information on the last ten edits of the document, the names of the people who worked on the file, and three different articles used to put the document together. Such information is hidden when reading a document in Word, but easily read with other tools.
http://www.theregister.co.uk/content/4/35277.html

BLUETOOTH INCIAMPA SULLA SICUREZZA
Alcuni esperti hanno scoperto alcune gravi vulnerabilita' di sicurezza che qualcuno potrebbe sfruttare per accedere a dati confidenziali o scroccare la connessione Internet
URL: http://punto-informatico.it/pi.asp?i=46823

"PHP-Nuke 6.9 SQL Injection Vulnerability"
PHP-Nuke contains an exploitable SQL injection vulnerability that can be used by attackers to cause the system to execute arbitrary SQL statements (puo' riuscire a grabbare la lista degli utenti e i loro hash delle password !!). Moduli affetti Web_Links e Download !!
http://www.ziobudda.net/Admin/redir_news.php?id=15933

LINUS TORVALDS: LINUX 2.6.2 AKA "FEISTY DUNNART"
"The honor of naming it goes to Gernot Heiser, for reasons that are largely alcoholic, I suspect. Good job!" Changelog, links within.
http://nl.internet.com/ct.html?rtr=on&s=1,pb8,1,lk45,b0v3,l6kx,c929

Technology
Title: New security features for Windows
Source: vnunet.com
Date Written: February 4, 2004
Date Collected: February 4, 2004
Microsoft has announced plans to release Service Packs for Windows Server
2003 and Windows XP in the second half of 2004. The Server 2003 pack will provide new shielding measures to block access from other companies' systems if their security procedures do not meet standards. Service Pack 2 for Windows XP will monitor documented vulnerabilities to guard against malware attacks. New measures have been added to better block file attachments in Outlook and instant messaging, while modifications to memory protection will reduce stack overflows. Microsoft is working on a uniform standard to streamline the patching process.
http://www.vnunet.com/News/1152482

Vulnerabilities & Exploits
Title: IE patch shuts users out from password-protected sites
Source: Silicon.com
Date Written: February 4, 2004
Date Collected: February 4, 2004
Users are complaining about a recent patch to Microsoft's Internet Explorer which is preventing them from accessing certain password protected websites.
The fix addresses two flaws, one that would allow a hostile website to run arbitrary code on a user's computer, and another that would allow a website to control the URL (uniform resource locator) in the address bar. The fix prevents passwords from being transmitted through URLs. Richard Excoffier, founder of adult entertainment website Toteme, says the patch has resulted in a "rapidly rising" number of complaints as customers are unable to access their content. In the adult entertainment business, this could lead to a significant loss in customers. The patch also seems to behave inconsistently, as some users have had no difficulty accessing sites with URL passwords.
http://www.silicon.com/software/security/0,39024655,39118176,00.htm

Vulnerabilities & Exploits
Title: Software flaw could leave Cisco gear vulnerable to freezes/shutdowns
Source: Network World Fusion
Date Written: February 4, 2004
Date Collected: February 4, 2004
Cisco has released details of a flaw in Catalyst 6000 and 6500 network switches and Cisco 7600 routers that could cause the devices to freeze or reset, however, the flaw would be difficult to exploit. The flaw would cause a crash if a Layer 3 packet differs in size from the Layer 2 packet enclosing it. To be affected, the machines must have Multilayer Switch Feature Card 2 (MSFC2) with a FlexWAN or Optical Services Module (OSM), or a
MSFC2 card running Cisco IOS Version 12.1(8b)E14; Cisco CatOS is unaffected.
Attack traffic exploiting this flaw would half to originate internally, since attack packets would be corrected by non-vulnerable devices outside the network.
http://www.nwfusion.com/news/2004/0204cisflaw.html

HOWTO: INSTALLING PHPMYADMIN ON LINUX
"phpMyAdmin is a utility written in PHP which is intended to aid in the administration of a MySQL server, either locally, or over the WWW..."
http://nl.internet.com/ct.html?rtr=on&s=1,pet,1,7gdt,4gco,l6kx,c929

Vulnerabilities & Exploits
Title: ISS warns of holes in Check Point firewall, VPN server
Source: Network World Fusion
Date Written: February 5, 2004
Date Collected: February 5, 2004
Internet Security Systems (ISS) has released details of two flaws in Check Point firewalls and VPN-1 (virtual private network - 1) that could allow an attacker to take over the firewall and break into a network. ISS considers the flaw critical, as Check Point firewalls account for more than half of the firewalls in corporate networks. The firewall flaw rests in the HTTP (hypertext transfer protocol) Security Server. Check Point had announced the vulnerability, but described it as "theory only"; ISS says its X-Force Labs have leveraged the flaw into a workable exploit. The VPN flaws would compromise a network and any information flowing over it. While Check Point has released a patch for the firewall vulnerability, it has not released one for VPN-1 since it no longer supports that application.
http://www.nwfusion.com/news/2004/0205isswarns.html
Also - http://zdnet.com.com/2100-1104_2-5153635.html

Vulnerabilities & Exploits
Title: Real Player struck by massive security hole
Source: Techworld
Date Written: February 5, 2004
Date Collected: February 5, 2004
Jouko Pynnonen and Mark Litchfield of NGSSoftware have discovered a vulnerability in the popular Real Player media program that could allow an attacker to run arbitrary code on a machine. Attackers can modify Real Media files (.rp, .rt, .ram, .rpm, and .smil) to exploit a buffer overflow; users would only have to click a link to run such a file to fall victim to the attack. The researchers informed Real Media of the flaw so the company could develop a patch before disclosing the flaw to the public. The flaw affects nearly all of the company's media players. Users can update their players by clicking the "Check for Update" feature under "Tools." Most users turn off automatic updates due to Real Media's aggressive advertising.
http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=986

COUNTERING BUFFER OVERFLOWS
"This article discusses the top vulnerability in Linux/UNIX systems: buffer overflows. This article first explains what buffer overflows are and why they're both so common and so dangerous..."
http://nl.internet.com/ct.html?rtr=on&s=1,pi0,1,1d2b,k0o3,l6kx,c929

AUTOMATING SECURITY WITH GNU CFENGINE
"A sysadmin tool for automating changes across many machines, recording update information and making them all safer..."
http://nl.internet.com/ct.html?rtr=on&s=1,pi0,1,628y,dcl5,l6kx,c929

LINUX 2.6 KERNEL SHOWS MASSIVE SPEED GAINS "Have you gotten on board with the latest Linux 2.6 kernel? If you haven't, you should..."
http://nl.internet.com/ct.html?rtr=on&s=1,pi2,1,6hbr,9hf2,l6kx,c929

TUTORIAL: VNC (VIRTUAL NETWORK COMPUTING) 101 "The two computers don't even have to be the same type, so for example you can use VNC to view an office Linux machine on your Windows PC at home..."
http://nl.internet.com/ct.html?rtr=on&s=1,pi2,1,ajwk,bpk3,l6kx,c929

Malware
Title: Mydoom virus starts to fizzle out
Source: BBC
Date Written: February 4, 2004
Date Collected: February 6, 2004
The spread of the MyDoom virus is gradually slowing this week as users secure their systems. MyDoom was first discovered on January 26, 2004, peaked on January 28 and started slowing down markedly by January 31.
Overall, Internet monitoring firm MessageLabs stopped 21 million copies of the virus, which infected systems in over 200 countries. MyDoom is the fastest spreading virus in history and estimates of its cost to businesses range up to $38 billion, although this figure is probably exaggerated. It appears that a distributed denial of service (DDoS) attack scheduled to be launched by computers infected with a variant of MyDoom (MyDoom.B) on February 3, 2004 against Microsoft's website failed to have a significant impact.
http://news.bbc.co.uk/2/hi/technology/3459363.stm
Also - http://news.bbc.co.uk/2/hi/technology/3454127.stm
Also - http://www.cnn.com/2004/TECH/internet/02/03/tech.microsoft.reut/index.html
Also - http://www.vnunet.com/News/1152514

Vulnerabilities & Exploits
Title: Security Firm Warns Of Holes In Bluetooth Mobiles
Source: Techweb
Date Written: February 4, 2004
Date Collected: February 6, 2004
Security firm AL Digital has discovered several vulnerabilities in the "authentication and data-transfer mechanisms" on some Bluetooth-enabled mobile phones, including phones sold by Nokia and Sony-Ericsson. One flaw, which makes a phone vulnerable to a 'SNARF attack', allows an attacker to access data stored on the phone even when it is not in 'visible' mode. A second vulnerability, a back-door attack, opens up a phone's complete memory contents to a formerly trusted device. AL Digital says that it has developed several proof-of-concept tools to validate its findings. Nonetheless, phone vendors that were notified of the flaws were not responsive and didn't take the matter seriously, according to AL Digital's director and chief security officer Adam Laurie.
http://www.techweb.com/wire/story/TWB20040204S0011

Vulnerabilities & Exploits
Title: IPv6 vulnerable to remote denial-of-service attacks
Source: SearchSecurity
Date Written: February 6, 2004
Date Collected: February 6, 2004
Independent security researcher Georgi Guninski has discovered a security vulnerability in the OpenBSD implementation (OpenBSD 3.4) of Internet Protocol version 6 (IPv6) that could allow an attacker to cause a denial of service. Machines are vulnerable when they are configured to receive ICMPv6 (Internet Control Message Protocol) and are listening on a TCP port. "A remote attacker can take advantage of this by setting a small IPv6 MTU (Maximum Transmission Unit) and then connecting to an open TCP port."
Upgrades are available to resolve the problem. IPv6, the successor to IPv4, is already being implemented by some organizations and promises significant security benefits, particularly in the area of authentication.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci949128,00.html

g00d reading! 'n' bye
Security News MainTainer:
The Jackal a.k.a. jAcKallO < -jackal-@libero.it > (AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Daily DisInfo CreaTor & MainTainer) (Socio fondatore e Membro del CapitanLUG.iT)