ARRESTATO LADRO DI CODICE INFORMATICO
L'uomo preso dai cybercop britannici avrebbe illegalmente ottenuto codice sorgente di alcuni prodotti Cisco. 800 mega di segreti industriali
URL: http://punto-informatico.it/pi.asp?i=49649

E ANCHE L'IMMAGINE DIVENNE PERICOLOSA
Quante volte abbiamo letto e sentito dire di non aprire i file eseguibili
ricevuti più o meno casualmente via e-mail da fonti non ben definite?
Ebbene, pare che sarà necessario estendere il concetto di pericolosità: un
buffer overrun nella visualizzazione di immagini JPEG consente infatti a un
malintenzionato di eseguire codice arbitrario in ambiente Windows, da
remoto, con i privilegi dell'utente. Il bollettino con le patch è all'url
http://www.microsoft.com/technet/security/Bulletin/MS04-028.msp e l'elenco
dei prodotti affetti include Windows XP (anche SP1 e 64bit), Server 2003,
Office XP (anche con SP2 e SP3), prodotti della linea .Net e vari prodotti
di imaging di Microsoft.

APACHE TAPPA QUALCHE BUCO
La versione 2.0.51 di Apache, appena rilasciata dalla Apache Foundation,
chiude cinque bachi di sicurezza scoperti nel noto server Web open source.
Si tratta di un problema di validazione negli indirizzi IPv6
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786), di un
possibile buffer overflow nel parsing dei file .htaccess che consente a un
utente locale di guadagnare i privilegi di un processo httpd
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747), di un
problema di mod_ssl nel caso il proxying dei server ssl sia attivo
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751), e di un
altro problema con un loop infinito sempre in mod_ssl
(http://wwwcve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748). Infine, è
presente un problema con mod_dav
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809). Nessuna
delle vulnerabilità è critica o può condurre a compromissioni da remoto, ma
gli utenti di Apache sono caldamente invitati all'upgrade.

Google Toolbar
Vendor: Google
Viper reported an input validation vulnerability in the Google Toolbar. A
remote user can execute arbitrary scripting code in the Local Computer
security zone.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011351.html

Windows Authentication
Vendor: IBM
A vulnerability was reported in the IBM OEM version of Windows XP. A
default, hidden account lets physically local users access the system.
Impact: Root access via local system
Alert: http://securitytracker.com/alerts/2004/Sep/1011344.html

Sudo
Vendor: sudo.ws
A vulnerability was reported in sudo. A local user can view files with
elevated privileges.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2004/Sep/1011342.html

Apache
Vendor: Apache Software Foundation
A vulnerability was reported in Apache in the processing of SSL connections.
A remote user can cause a child process to enter an infinite loop.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011340.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerabiltiy was reported in Microsoft Internet Explorer (IE). A remote
user may be able to set cookies on certain domains as part of a session
fixation attack.
Impact: Modification of user information
Alert: http://securitytracker.com/alerts/2004/Sep/1011332.html

Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Firefox. A remote user may be able
to set cookies on certain domains as part of a session fixation attack.
Impact: Modification of authentication information
Alert: http://securitytracker.com/alerts/2004/Sep/1011331.html

KDE Konqueror
Vendor: KDE.org
A vulnerability was reported in KDE Konqueror. A remote user may be able to
set cookies on via a non-secure server to be sent to a secure server as part
of a session fixation attack.
Impact: Modification of user information
Alert: http://securitytracker.com/alerts/2004/Sep/1011330.html

Mozilla Firefox
Vendor: Mozilla.org
Several vulnerabilities were reported in Mozilla, Thunderbird, and Firefox.
In some of the vulnerabilities, a remote user may be able to execute
arbitrary code on the target user's system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2004/Sep/1011318.html

Php
Vendor: PHP Group
A vulnerability was reported in PHP in the processing of MIME data. A
remote user may be able to cause memory to be overwritten.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2004/Sep/1011307.html

Apache
Vendor: Apache Software Foundation
A vulnerability was reported in Apache in the processing of configuration
and access control files. A local user may be able to execute arbitrary
code.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2004/Sep/1011303.html

Apache
Vendor: Apache Software Foundation
A vulnerability was reported in the Apache web server in the processing of
IPv6 addresses. A remote user may be able to cause denial of service
conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011299.html

CUPS (Common UNIX Printing System)
Vendor: Easy Software Products
A vulnerability was reported in the Common UNIX Printing System (CUPS). A
remote user can disable browsing.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011283.html

Microsoft Office
Vendor: Microsoft
A vulnerability was reported in Microsoft Office in the WordPerfect
converter. A remote user can execute arbitrary code on the target system.
Microsoft FrontPage, Microsoft Publisher, and Microsoft Works Suite are also
affected.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011249.html

Apache
Vendor: Apache Software Foundation
A vulnerability was reported in the Apache mod_dav module. A remote user
with certain privileges may be able to cause denial of service conditions on
the target web server.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011248.html

Linux Kernel
Vendor: kernel.org
A vulnerability was reported in the Linux kernel in the processing of TCP
sockets. A local user can cause denial of service conditions.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2004/Sep/1011245.html

"Understanding The Stricter Type Checks"
La nuova funzionalità apparsa dalla versione 2.6.9-rc2 del kernel Linux.
Dedicata all'HW PCI.
http://www.ziobudda.net/Admin/redir_news.php?id=19052

SI PUO' VEDERE IL SORGENTE DI MS OFFICE
La pressione dei prodotti alternativi spinge Microsoft ad aprire ai governi
e far loro prendere visione del codice della sua suite Office, la piu'
utilizzata negli uffici, pubblici e non, di tutto il Mondo
URL: http://punto-informatico.it/pi.asp?i=49668

PROBLEMI DI COOKIES PER IE E MOZILLA
Tre diffusi browser condividono uno stesso problema di sicurezza legato alla
gestione dei cookies. Un aggressore potrebbe sfruttare la falla per rubare
l'identita' di un utente sul Web. Ma e' un'eventualita' remota
URL: http://punto-informatico.it/pi.asp?i=49663

CON SP2 SI CONDIVIDE TROPPO?
Diverse fonti sostengono la possibilita' che in certe condizioni, dopo
l'installazione del Service Pack 2 di XP, le risorse condivise in locale
divengano visibili anche su Internet. Ecco come risolvere
URL: http://punto-informatico.it/pi.asp?i=49661

NMAP EXAMINATION OF VARIOUS OPERATING SYSTEMS
"The purpose of this short comparison is to perform some sort of evaluation
of the quality of the TCP/IP stack which is implemented differently in
various Operating Systems..."
http://nl.internet.com/ct.html?rtr=on&s=1,14nk,1,ablw,3ppk,85jl,7pty

Technology
Title: Microsoft trials piracy lock on Download Center
Source: InfoWorld
Date Written: September 17, 2004
Date Collected: September 20, 2004
Microsoft is testing Windows Genuine Advantage, a feature on its Download
Center that would detect whether a user runs a legitimate copy of Windows
before providing updates. During the testing period, users can choose to
have their copies of Windows verified. If the system detects a pirated copy,
it will give users information about software piracy before they can access
their downloads. The Download Center provides access to security updates,
but is not the same as the Windows Update or Automatic Update services.
Windows Client group director David Lazar describes the feature as part of
an effort to raise general anti-piracy awareness and provide greater value
and preference to legitimate copies of Windows while restricting access for
pirated versions. Microsoft hopes that 22,000 users will participate in the
test; the Download Center handles up to 30 million unique users each month.
Microsoft will not decide whether to deploy similar legitimacy checks across
its other download services until it gauges customer response to the
program.
http://www.infoworld.com/article/04/09/17/HNmstrialspiracylock_1.html

Vulnerabilities & Exploits
Title: Apple's latest security hole affects iChat
Source: Techworld
Date Written: September 20, 2004
Date Collected: September 20, 2004
Apple has released a security patch for a critical vulnerability in its
iChat instant messaging software. The patch fixes a bug in iChat 1 and 2,
reported by Danish security firm Secunia, which can allow an attacker to run
malicious code on a victim's machine because the program does not
sufficiently validate links before opening them. The patch's release comes
only a few days after an update fixing 15 Mac OS X security flaws affecting
Apache 2, IPSec, rsync and other open-source components, as well as Apple
applications such as the Safari browser.
http://www.techworld.com/security/news/index.cfm?NewsID=2263

MANAGING BACKGROUND COMMANDS IN SHELL SCRIPTS
Rainer Raab discusses how to manage multiple background jobs in Korn shell
scripts. After a short job control tutorial, he presents his
job_monitor_status shell function that alerts the calling script when all
background jobs have completed successfully or failed.
http://www.net-security.org/news.php?id=6042

SP2 FIGHTS WORMS, HAS BUGS
Software conflicts are not the only issue causing some users heartburn. Many
people have downloaded or installed the update without a hitch, but others
have not been so lucky.
http://www.net-security.org/news.php?id=6057

BUG DETECTED IN UNIX AND LINUX ADMIN CONSOLE
A bug in Usermin, a widely used administration console for Unix and Linux,
could allow a hacker to run malicious code through a specially crafted
email, reported security researchers.
http://www.net-security.org/news.php?id=6086

"Installare Linux su una penna USB"
Un articolo in italiano che analizza dettagliatamente l'installazione di un
sistema Linux completo su una penna USB.
http://www.ziobudda.net/Admin/redir_news.php?id=19067

"Antivirus open-source!"
Conosciete tutti ClamAV? E' un antivirus GPL attivissimamente sviluppato...
e' relativamente giovane, ma vale sicuramente la pena dargli un occhio...
nato per Linux (http://www.clamav.net), c'e' anche l'edizione per Windows
(http://www.clamwin.com).
http://www.ziobudda.net/Admin/redir_news.php?id=19064

The Phishing Guide
Phishing is the new 21st century crime. The global media runs stories on an
almost daily basis covering the latest organisation to have their customers
targeted and how many victims succumbed to the attack. While the Phishers
develop evermore sophisticated attack vectors, businesses flounder to
protect their customers' personal data and look to external experts for
improving email security. Customers too have become wary of "official"
email, and organisations struggle to install confidence in their
communications. While various governments and industry groups battle their
way in preventing Spam, organisations can in the meantime take a proactive
approach in combating the phishing threat. By understanding the tools and
techniques used by professional criminals, and analysing flaws in their own
perimeter security or applications, organisations can prevent many of the
most popular and successful phishing attack vectors. This paper covers the
technologies and security flaws Phishers exploit to conduct their attacks,
and provides detailed vendor-neutral advice on what organisations can do to
prevent future attacks. Security professionals and customers can use this
comprehensive analysis to arm themselves against the next phishing scam to
reach their in-tray.
http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf

Windows Host Security: Network Security Hacks
This chapter shows you some ways to keep your Windows system up-to-date and
secure. Although many may scoff at the mention of Windows and security in
the same sentence, you actually can make a Windows system fairly secure
without too much effort.
http://www.aspfree.com/c/a/Windows-Security/Windows-Host-Security-Network-Security-Hacks/

Dynamic Link Libraries Inside-Out
This article covers the advantages and disadvantages of Dynamic Link
Libraries, how to write them, a discussion of the Entry point function,
types of DLL linkage and more.
http://www.aspfree.com/c/a/Code-Examples/Dynamic-Link-Libraries-Inside-Out/

Sawing Linux Logs with Simple Tools
So there you are with all of your Linux servers humming along happily. You
have tested, tweaked, and configured until they are performing at their peak
of perfection. Users are hardly whining at all. Life is good. You may relax
and indulge in some nice, relaxing rounds of TuxKart. After all, you earned
it.
http://newsvac.newsforge.com/article.pl?sid=04/09/21/1927220

DEBIAN GNU/LINUX ADVISORY: WV
"iDEFENSE discovered a buffer overflow in the wv library, used to convert
and preview Microsoft Word documents..."
http://nl.internet.com/ct.html?rtr=on&s=1,14qt,1,1xyf,51k1,85jl,7pty

GENTOO LINUX ADVISORIES: MOZILLA, CUPS, FOOMATIC
Three security advisories from Gentoo Foundation, Inc.
http://nl.internet.com/ct.html?rtr=on&s=1,14qt,1,6zm9,8lqd,85jl,7pty

LINUX C AND C++ COMPILERS
"This benchmarking article marks the beginning of an ongoing project to
track the quality of programming tools for the Linux environment..."
http://nl.internet.com/ct.html?rtr=on&s=1,14qw,1,5egh,4lak,85jl,7pty

BACKING UP YOUR LINUX DESKTOP WITH RSYNC
"Rsync is a command line utility traditionally used in synchronizing files
between two computers, but rsync can also be used as an effective backup
tool..."
http://nl.internet.com/ct.html?rtr=on&s=1,14uj,1,hpu8,3cbh,85jl,7pty

MOVING FROM NT TO SAMBA
"Want a cheap, fast alternative to moving to Server 2003 from NT? Try
open-source Samba..."
http://nl.internet.com/ct.html?rtr=on&s=1,14uj,1,hf96,m75i,85jl,7pty

Malware
Title: Viruses aimed at Microsoft up sharply
Source: Yahoo! News UK
Date Written: September 20, 2004
Date Collected: September 21, 2004
The number of viruses directed at users of Microsoft's Windows operating
system increased by 400% between January and June 2004, as compared to the
same time period in 2003. Symantec, the worlds largest security firm by
revenue, documented 5,000 new Windows viruses and worms during that period,
up from 1,000 the year-earlier period, and said virus writers and spammers
are joining forces to profit from vulnerabilities in Microsoft's widely-used
software. Symantec said it expected more viruses targeting the Linux
operating system and hand-held devices as they become more widely used. The
US remained the top source of attacks, despite falling from 58% to 37% of
attacks.
http://uk.news.yahoo.com/040920/80/f2xic.html

Vulnerabilities & Exploits
Title: Click here to become infected
Source: The Register
Date Written: September 22, 2004
Date Collected: September 22, 2004
E-mail filtering firm MessageLabs is blocking spam that links to the
xcelent-dot-biz domain to download malicious code. Many users do not click
on links in spam messages that offer to remove their names from spammers'
mailing lists, since such links only confirm for spammers that the e-mail
address is real. However, the xcelent-dot-biz 'click to remove' link
triggers a DragDrop JavaScript exploit to download and run a malicious .exe
file. MessageLabs has not yet finished its analysis of what the .exe file
does, but notes that the attacker can change the malware download at any
time. The United States' CAN-SPAM (Controlling the Assault of Non-Solicited
Pornography and Advertising) Act requires mass marketers to provide removal
links in e-mails.
http://www.theregister.co.uk/2004/09/22/opt-out_exploit

Vulnerabilities & Exploits
Title: Exploit posted for Microsoft JPEG flaw
Source: InfoWorld
Date Written: September 21, 2004
Date Collected: September 22, 2004
Proof-of-concept exploit code for the critical JPEG (Joint Photographic
Experts Group) image vulnerability in Microsoft products has been published
on the Internet, only days after Microsoft released patches for the flaw.
The flaw affects any application that processes the JPEG format. The concept
code would only allow an attacker to crash a computer, but fully developed
code could allow a complete takeover of the computer. Microsoft says it is
investigating the code and advises users to update their computers
immediately. Johannes Ullrich, chief technology officer at the SANS Internet
Storm Center, expects a worm or mass-mailer by the end of the month, but
believes it may not pose a major threat; a number of image format
vulnerabilities have been found in the past, but rarely exploited.
http://www.infoworld.com/article/04/09/21/HNjpegexploit_1.html

JPEG AL VELENO, ECCO IL TEMUTO EXPLOIT
Su Internet circola un codice capace di sfruttare la falla di sicurezza di
diversi software relativa alla gestione dei file JPEG. Gli esperti temono
l'arrivo di un nuovo e pericoloso worm
URL: http://punto-informatico.it/pi.asp?i=49724

SPAMASSASSIN VARA LA 3.0
Il celebre software antispam non solo vara la nuova versione ma decide anche
di cambiare licenza, adottando la licenza Apache
URL: http://punto-informatico.it/pi.asp?i=49734

MANDRAKESOFT TO PARTICIPATE IN DEVELOPMENT OF HIGHLY SECURE OPEN OPERATING SYSTEM SOLUTION
Multi-million euro project will create a new flavor of trusted Linux.
http://nl.internet.com/ct.html?rtr=on&s=1,14xq,1,hd5y,dvbn,85jl,7pty

DEBIAN GNU/LINUX ADVISORY: IMLIB2
"Marcus Meissner discovered a heap overflow error in imlib2, an imaging
library for X and X11 and the successor of imlib, that may be utilised by an
attacker to execute arbitrary code on the victims machine..."
http://nl.internet.com/ct.html?rtr=on&s=1,14xq,1,hw88,l8t6,85jl,7pty

SLACKWARE LINUX ADVISORIES: MOZILLA, GTK+, CUPS, XINE-LIB
Four security advisories from Slackware.
http://nl.internet.com/ct.html?rtr=on&s=1,14xq,1,58be,cqmp,85jl,7pty

MANDRAKELINUX ADVISORIES: MPG123, WEBMIN, IMAGEMAGICK
Three security advisories from Mandrakesoft.
http://nl.internet.com/ct.html?rtr=on&s=1,14xq,1,gh5l,2xsm,85jl,7pty

SYSADMIN TO SYSADMIN: GETTING STARTED WITH SYBASE EXPRESS
"Maybe I'm a complete loner here, but I was tickled pink to learn that
Sybase, my former employer, had released a free version of their flagship
product, Adaptive Server Enterprise (ASE), for Linux..."
http://nl.internet.com/ct.html?rtr=on&s=1,14xo,1,2vbt,foae,85jl,7pty

"5.000 virus per Windows nei primi sei mesi dell'anno"
Secondo un'analisi presentata in questi giorni da Symantec, da gennaio a
giugno il numero di virus per Windows è cresciuto del 400% rispetto allo
stesso periodo del 2003. La società sostiene che nei sei mesi in esame sono
stati documentati circa 5.000 nuovi virus, in incremento esponenziale
rispetto ai 1.000 dell'anno prima.
http://www.ziobudda.net/Admin/redir_news.php?id=19123

GENTOO LINUX ADVISORIES: FREERADIUS, XINE-LIB, GLFTPD, GTK+ 2
Four security advisories from the Gentoo Foundation.
http://nl.internet.com/ct.html?rtr=on&s=1,150m,1,jdow,bs2m,85jl,7pty

HARDENING LINUX AUTHENTICATION AND USER IDENTITY
"The Linux PAM implementation allows a system administrator to choose how
users authenticate to various services..."
http://nl.internet.com/ct.html?rtr=on&s=1,150m,1,3v6t,738p,85jl,7pty

STATISTICAL PROGRAMMING WITH R, PART 1
"In the first of a three-part series, David and Brad introduce you to R, a
rich statistical environment, released as free software..."
http://nl.internet.com/ct.html?rtr=on&s=1,150o,1,hke4,ezqk,85jl,7pty

Detecting Worms and Abnormal Activities with NetFlow, Part 2
This paper discusses the use of NetFlow, a traffic profile monitoring
technology available on many routers, for use in the early detection of
worms, spammers, and other abnormal network activity in large enterprise
networks and service providers. Part 2 of 2.
http://www.securityfocus.com/infocus/1802

Vulnerabilities & Exploits
Title: Microsoft: To secure IE, upgrade to XP
Source: C-Net News
Date Written: September 23, 2004
Date Collected: September 24, 2004
Microsoft has reiterated that users of older versions of Windows will have
to upgrade to Windows XP with Service Pack 2 to get the fully updated
Internet Explorer web browser. An upgrade costs $99 for current Windows
users, while a new purchase of the operating system costs $199. Michael
Cherry, analyst for Directions on Microsoft, says "It's a problem that
people should have to pay for a whole OS upgrade to get a safe browser." A
Microsoft spokesman denied that the company was trying to use security
threats to spark demand for Windows XP. Microsoft has said it would provide
"ongoing security updates" for all supported versions of Windows and
Explorer, but this does not include such features as the pop-up blocker and
improved ActiveX controls found in Service Pack 2, which security
specialists consider the pack's strongest security improvements. Older
versions of Windows account for 49.2% of Windows users, or about 200
million. Many users have started to use alternative browsers, such as
Mozilla's Firefox, as Microsoft delays its next big browser update for the
release of its 'Longhorn' version of Windows, due in 2006.
http://news.com.com/Microsoft+To+secure+IE,+upgrade+to+XP/2100-1032_3-5378366.html

Vulnerabilities & Exploits
Title: Jpeg exploit virus appears
Source: Techworld
Date Written: September 24, 2004
Date Collected: September 24, 2004
Two new proof-of-concept exploits have been posted to the Full-Disclosure
newsgroup and French security site k-otik.com for the Microsoft JPEG
vulnerability. Unlike exploit code released just a few days earlier, this
code enables an attacker to run malicious code on a machine, rather than
just crash the operating system, according to Johannes Ullrich of the SANS
Institute's Internet Storm Center. Microsoft disclosed the JPEG buffer
overflow in its Gdiplus.dll component with it patch release of September 14,
2004. A user could run malicious code simply by viewing an infected .jpg
file through such a program as Internet Explorer. One of the exploits merely
opens a command shell, but it can be modified to run commands. The second
exploit adds an administrator account to Windows machines. However, both
exploits only run with the permissions of the user that executes them.
Antivirus companies have released signatures that can detect malicious
JPEGs, and Microsoft advises users to apply the latest patch.
http://www.techworld.com/security/news/index.cfm?NewsID=2294&Page=1&pagePos=9

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Member) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Security News MainTainer)
(Socio fondatore e Presidente del CapitanLUG.iT)