"Codice sorgente del virus Cabir pubblicato online"
Gli esperti di Sophos hanno comunicato che il codice sorgente del virus Cabir è stato pubblicato sul Web. Nei giorni scorsi, la società F-Secure aveva lanciato un allarme riguardante le nuove varianti di Cabir, Symb/Cabir-H e Symb/Cabir-I, in grado di replicarsi più velocemente dei predecessori. Secondo Sophos però il pericolo è minimo, poichè comunque l'utente deve accettare il file ricevuto via Bluetooth e poi installarlo manualmente.
http://www.ziobudda.net/Admin/redir_news.php?id=20418

CINESI SCOPRONO DEI BUG DI WINDOWS
Alcuni ricercatori di sicurezza pechinesi parlano in questi giorni di cinque nuove vulnerabilita' di Windows, tre delle quali considerate piuttosto serie. Microsoft al lavoro
URL: http://punto-informatico.it/pi.asp?i=50992

SQL Injection Attacks by Example
I've written what I think is a decent introduction to the topic, mainly intended to "make real" the danger to a web developer who has heard of the subject but not actually really dug in. I talk about a test where I had to penetrate a web application, and it wasn't "just one step" - the steps before compromise were mostly interesting too.
http://www.unixwiz.net/techtips/sql-injection.html

Mozilla Browser
Vendor: Mozilla.org
A heap overflow vulnerability was reported in Mozilla in the processing of NNTP URLs. A remote user can execute arbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Dec/1012726.html

netcat
Vendor: [Multiple Authors/Vendors]
class101 of Hat-Squad reported a buffer overflow vulnerability in netcat for
Windows. A remote user can execute arbitrary code in certain cases.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Dec/1012706.html

Configuring a Transparent Proxy/Webcache in a Bridge using Squid and
ebtables
http://freshmeat.net/articles/view/1433
A proxy/Webcache is a computer which sits between your LAN and your Internet
connection, usually in the gateway. Its job is to capture and save every Web
page that the client machines in your LAN visit, so that the next time
someone requests a page, the proxy/Webcache already has it and sends it to
the client. This saves bandwidth and usually speeds Web navigation.

How Hackers Launch Blind SQL Injection Attacks White Paper
The newest web app vulnerability... Blind SQL Injection! Even if your web
application does not return error messages, it may still be open to a Blind
SQL Injection Attack. Blind SQL Injection can deliver total control of your
server to a hacker giving them the ability to read, write and manipulate all
data stored in your backend systems! Download this *FREE* white paper from
SPI Dynamics for a complete guide to protection!
http://www.net-security.org/v/spidyn3

REMOVE EFS FROM WIN2K/XP CLIENTS TO AVOID SECURITY BREACHES
Learn the steps necessary for removing EFS from Win2K/XP clients.
http://www.net-security.org/news.php?id=6796

SHADOW SOFTWARE ATTACK
In this paper, I'm going to demonstrate the fact that a shadow software
attack is still possible.
http://www.net-security.org/news.php?id=6798

PHEL TROJAN HORSE ATTACKS ON WINDOWS XP
It can affect systems, even if the latest XP service pack has been
installed.
http://www.net-security.org/news.php?id=6820

Falla del portale Tim
Il bug descritto in questa pagina riguarda il servizio di invio di sms
gratuiti dal portale della Tim www.tim.it e' tanto facile da scoprire e
sfruttare, quanto grave per la privacy di tutti gli utenti che lo
utilizzano. Ricordiamo che la Tim offre agli utenti registrati l'invio
gratuito di 10 sms al giorno verso tutti gli operatori di telefonia mobile
italiana...
http://timtemporaneo.altervista.org/

"Agitar Developer Testing Webcast"
Agitar Software ha reso disponibili webcast gratuiti sul software testing.
Nel primo Kent Beck parla di 'Accountability and Developer Testing'. Nel
secondo Sriram Sankar illustra 'Developer Testing at Google' mentre il terzo
è un expert panel intitolato 'Making Developer Testing Work'.
http://www.ziobudda.net/Admin/redir_news.php?id=20431

** VELOCIZZARE FIREFOX PER LA BANDA LARGA **
Alcune semplici modifiche ai parametri del browser libero aumentano
drasticamente le sue prestazioni di visualizzazione delle pagine Web per chi
ha connessioni veloci.
>> di Paolo Attivissimo
http://www.zeusnews.it/news.php?cod=3674

Update release for the hydra password cracker
A happy new year update for hydra :-) Changes: Enhancements and bug fixes
for many modules, so go updating! :-) More at
http://www.thc.org/releases.php

DEBIAN GNU/LINUX 3.0 UPDATED (R4)
"This is the fourth update of Debian GNU/Linux 3.0 (codename 'woody') which
mainly adds security updates to the stable release, along with a few
corrections to serious problems..."
http://nl.internet.com/ct.html?rtr=on&s=1,1bb2,1,agv5,bpqf,85jl,7pty

Malware
Title: Malware Roundup: The fast and furious of 2004
Source: SearchSecurity
Date Written: January 3, 2005
Date Collected: January 3, 2005
While antivirus researchers agree that Sasser, Netsky, and Bagle caused many
problems in 2004, they disagree on which of the malwares caused the most.
Ned Lindberg would give it to Sasser, arguing that test computers get hit
with Sasser packets three times a minute. He was unable to patch a Windows
2000 virtual machine because it got infected by Sasser before he could
download patches. Sasser also opened backdoors for other malwares to
exploit. Sophos' annual virus count found that Netsky variants accounted for
41.6% of virus activity by early December 2004, earning five of the slots on
Sophos' annual Top Ten list. McAfee AVERT (Anti-Virus Emergency Response
Team) rated 46 viruses as at least medium risk in 2004, compared to only
twenty in 2003. McAfee's list of top malwares included some lesser known
examples, mainly such spywares as Adware-180, Adware-Gator,
Exploit-ByteVerify, Exploit-MhtRedir, and JS/Noclose. While virus activity
dropped 5% annually from 2000 to 2003, it jumped in 2004, largely due to
feud between the authors of Bagle and Netsky. Researchers expect virus
activity to increase further in 2005 as cybercriminals leverage malware for
spam and phishing attacks.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1037997,00.html

Malware
Title: Anti-Santy worm on the prowl
Source: C-Net News
Date Written: December 31, 2004
Date Collected: January 3, 2005
F-Secure has found an "anti-Santy" worm in the wild that attempts to infect
sites targeted by the Santy worm and install a patch. The anti-Santy worm
searches Google for sites using the PHP Bulletin Board (phpBB) software
targeted by Santy and defaces their homepages to read "viewtopic.php secured
by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."
Two different versions of the defacement lead to internet addresses in
Argentina, suggesting anti-Santy's origin. F-Secure research director Mikko
Hyppönen notes that though the worm attempts to help administrators fix
their systems, it increases traffic, slowing down site performance and
creating more problems for administrators. The Santy worm infected 40,000
sites by December 21, 2004, before Google blocked access to the query it
used. However, Santy also queried America Online and Yahoo search engines
for vulnerable sites.
http://news.com.com/Anti-Santy+worm+on+the+prowl/2100-7349_3-5508607.html

Malware
Title: New, virulent Cabir mobile phone worms spotted
Source: InfoWorld
Date Written: December 28, 2004
Date Collected: January 3, 2005
F-Secure has announced the discovery of two new viruses based on the Cabir
code, Cabir.H and Cabir.I, that fix flaws that prevented early versions of
the virus from spreading quickly. The Cabir code demonstrated how to spread
a worm disguised as a security utility over mobile phones running the
Symbian operating system. Cabir sends a file, velasco.sis, over a Bluetooth
connection. Though the worm does not destroy any data, it can block
legitimate Bluetooth connections and consume battery power. The new worms
can spread more quickly--one change allows Cabir to search for new targets
if one target wanders out of range. Some clues, including increased Cabir
development and the fact that the new Cabirs seem to be made from recompiled
code, suggest that the Cabir source code has been published, though
researchers have found no copies on the Internet. To be infected, a mobile
phone must run a vulnerable version of Symbian Series 60 software with
Bluetooth in 'discoverable' mode.
http://www.infoworld.com/article/04/12/28/HNcabir_1.html

Vulnerabilities & Exploits
Title: New vulnerability in Mozilla
Source: SearchSecurity
Date Written: December 30, 2004
Date Collected: January 3, 2005
Secunia has advised Mozilla users to update to Mozilla 1.7.5 due to a
"highly critical" heap-based buffer overflow that would allow an attacker to
execute arbitrary code. The flaw is found in the MSG_UnEscapeSearchUrl()
function in nsNNTPProtocol.cpp and can be exploited through a specially
crafted 'news://' URI (uniform resource identifier). The flaw affect Mozilla
versions 1.7.3 and earlier, but is fixed in 1.7.5. The flaw was discovered
by Maurycy Prodeus of iSec Security Research.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1037799,00.html

Building a distro
http://os.newsforge.com/article.pl?sid=04/12/22/1557226&from=rss
You download a CD or maybe a diskette image, transfer it to the appropriate
media, boot your computer with it, and voilÃf , you're running Linux. It
sounds so simple -- but a great deal of work goes into creating that
software. Beginning about two years ago, I spent a year and a half building
a desktop-oriented GNU/Linux distribution named MfxLinux, designed to be
tightly integrated with Crowell Systems' Medformix medical office management
system. Along the way, as with any project, a lot of design and
implementation decisions had to be made -- some of which worked out better
than others.

/etc/net 0.5.2
http://freshmeat.net/releases/183503/
/etc/net is intended to become the replacement for traditional Linux network
configuration scripts. It tries to enable all iproute2 features for network
interfaces while keeping simple-to-extend features and adding new interface
types.

"Multiple Vulnerabilities in FLATNuke"
Un nuovo advisory direttamente dallo staff di CODEBUG sul progetto tutto
italiano di FlatNuke. Gravi vulnerabilità infatti affliggono le ultime
versioni del software, e in vista della relase 2.6 abbiamo ritenuto
opportuno collaborare alla stabilità del CMS. Tramite l'uso di Google si
potrebbe creare un worm come Santy e diffonderlo su tutti i sistemi che
usano flatnuke causando non pochi danni.
http://www.ziobudda.net/Admin/redir_news.php?id=20452

SECURITY DIGEST: JANUARY 3, 2005
Today's security advisories: tetex (Fedora Core) and htmlheadline (Debian
GNU/Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1be5,1,9h1f,8xsg,85jl,7pty

HOW TO SHARE A LOCAL PRINTER ON LINUX WITH WINDOWS USING SAMBA
"So I wonder, is there any way I could share my local printer (Epson Stylus
Photo 820) attached to my Linux Box with Windows using Samba instead? The
answer is Yes...!"
http://nl.internet.com/ct.html?rtr=on&s=1,1be7,1,b4zq,b6nl,85jl,7pty

INTERVIEW: RICHARD STALLMAN
"He was kind enough to speak with me at length, discussing his first contact
with computers, his time in the AI lab, the current state of the GNU Hurd,
his current role in the Free Software Foundation, the problems with non-free
software, and much more..."
http://nl.internet.com/ct.html?rtr=on&s=1,1be7,1,g6mu,bbsz,85jl,7pty

A Quick Look at Cross Site Scripting
Secure your site against this JavaScript-based attack.
http://www.devshed.com/c/a/Security/A-Quick-Look-at-Cross-Site-Scripting/

Into the Itanium, Part 3
With this Intel chip, we've covered the general history of the design, and
the architecture from a programmer's point of view. Now it's time to get
deep into the hardware itself.
http://www.devhardware.com/c/a/Computer-Processors/Into-the-Itanium-Part-3/

Configuring Apache 2.0 -- Beginning
So you're ready to use an HTTP server, and you've chosen Apache 2.0. It's a
great choice, but there are some issues you'll need to keep in mind.
http://www.webhosters.com/c/a/Web-Hosting-HowTos/Configuring-Apache-2-0-Beginning/

Cisco Network Security Fundamentals: Wireless Security
This chapter covers wireless security-what it is, how it works, how it is
configured, what threatens it, and what policies can be designed to secure
it.
http://www.informit.com/articles/article.asp?p=360065

Forensics Server Project
Collecting data from a potentially compromised system is relatively simple,
especially if you know your way around the Forensics Server Project. Find
out how to use this tool to learn where security holes exist to tighten up
your network in this chapter.
http://www.informit.com/articles/article.asp?p=349043&f1=nl;37;2005-01-04

Malware
Title: Windows XP users Phelled by new Trojan
Source: The Register
Date Written: December 30, 2004
Date Collected: January 4, 2005
A new Trojan program targeting the Windows XP operating system, named Phel,
has been discovered is circulation, according to security firm Symantec.
Symatenc warned users that the program is distributed as an .html file and
can attack systems running XP Service Pack 2 (SP2). Symantec said that users
will see two Internet Explorer (IE) windows open when a file with
Trojan.Phel.A is opened, and that the Trojan will execute every time a
user's machine is started. The vulnerability exploited by Phel was
discovered in October 2004, and Microsoft is still trying to fix it.
Microsoft said it is taking the vulnerability very seriously and are
currently developing a patch.
http://www.theregister.co.uk/2004/12/30/ms_phel_vuln

Vulnerabilities & Exploits
Title: Symantec Patches 'High Risk' Flaws
Source: EWeek.com
Date Written: December 31, 2004
Date Collected: January 4, 2005
Network security vendor Symantec has released fixes for three high-risk
security vulnerabilities in its Nexland Firewall appliances. According to an
advisory released by security firm Secunia, who rated the vulnerabilities
highly critical, the flaws could be used to bypass security features,
manipulate data, and cause denial-of-service attacks. Symantec has confirmed
that the vulnerabilities have been identified in the Symantec Firewall/VPN
Appliance 100, 200, and 200R models, while the Symantec Gateway Security
320, 360, and 360R were vulnerable to only two of the issues, which have
been resolved.
http://www.eweek.com/article2/0,1759,1747047,00.asp?kc=EWRSS03129TX1K0000614

Securing your workstation with Firestarter
http://software.newsforge.com/article.pl?sid=04/12/20/1737201&from=rss
Firestarter is a GPL-licensed graphical firewall configuration program for
iptables, the powerful firewall included in Linux kernels 2.4 and 2.6.
Firestarter supports network address translation for sharing an Internet
connection among multiple computers, and port forwarding for redirecting
traffic to an internal workstation. Firestarter's clean and easy to use
graphical user interface takes the time out of setting up a custom firewall.

"Il file system secondo php"
Un ottimo tutorial sulla gestione di upload, download e del file system in
generale con considerazioni sulla sicurezza.
http://www.ziobudda.net/Admin/redir_news.php?id=20466

"Kde o Gnome. Meglio KDE"
A dirlo è un utente di Gnome che da piu' di due anni non ha mai utilizzato
KDE. E le sue considerazioni non sono campate in aria.
http://www.ziobudda.net/Admin/redir_news.php?id=20462

"Un nuovo caso di 'caccia alle streghe': 'il solito Hacker'"
Violava questo, falsificava quest'altro, "si serviva di apparecchiature
sofisticate e software che gli consentivano di realizzare prelevamenti
illeciti di denaro".. sara' tutto vero? mi sembrano molto piu' parolone da
SCOOP, che poco hanno a che vedere. Che cosa vuol dire usava aparecchiature
sofisiticate e quali????? Il fatto che usava software e' una cosa "rara"?
anche chi ha scritto la notizia avra' usato un software.. insomma, la solita
caccia alle streghe?
http://www.ziobudda.net/Admin/redir_news.php?id=20460

SSH Port Forwarding
In this article we look at SSH Port Forwarding in detail, as it is a very
useful but often misunderstood technology. SSH Port Forwarding can be used
for secure communications in a myriad of different ways
http://www.securityfocus.com/infocus/1816

SECURITY DIGEST: JANUARY 4, 2005
Today's security advisories: nasm (Debian GNU/Linux); openssl, libtiff,
imlib, samba, squid, httpd, XFree86, (LBA-Linux); ftp kioslave (KDE); and
kernel (Fedora Core).
http://nl.internet.com/ct.html?rtr=on&s=1,1bhl,1,kfy7,jrev,85jl,7pty

FIREFOX PHISHING VULNERABILITY DISCOVERED
"A newly discovered flaw in Firefox could allow cybercriminals to take
advantage of Web surfers..."
http://nl.internet.com/ct.html?rtr=on&s=1,1bhl,1,h0z4,3s2g,85jl,7pty

Malware
Title: Worms turn as Trojans take over
Source: vnunet.com
Date Written: January 5, 2005
Date Collected: January 5, 2005
According to numbers released by Panda Software, worms are losing popularity
as more malware authors focus on Trojans instead. In 2004, Downloader.GK
accounted for the most infections recorded by Panda, with 14%--the Netsky
worm came in second with 6.92%. Virus writers are turning to Trojans for
spam and phishing attacks, however, Panda's numbers also include the less
malicious adwares used for advertising. Most researchers did not include
adwares in their numbers until recently, since adware does not harm the
computer. Panda's list of the Top Ten malwares for 2004 includes four
Trojans.
http://www.vnunet.com/news/1160286

Vulnerabilities & Exploits
Title: Malicious FTP servers could target IE flaw
Source: SearchSecurity
Date Written: January 4, 2005
Date Collected: January 5, 2005
Secunia has issued an advisory warning users of Internet Explorer to avoid
unfamiliar FTP (File Transfer Protocol) sites. An input validation flaw
could allow a malicious FTP site to install files to an arbitrary location
through a directory traversal attack. The vulnerability affects fully
patched systems running Internet Explorer 6 on Windows 2000 SP4 and XP SP1,
though XP with Service Pack 2 is unaffected. Microsoft has confirmed that
the flaw differs from four others it announced the previous week. Microsoft
is investigating the problem and knows of no exploit for this flaw in the
wild.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1041796,00.html

Vulnerabilities & Exploits
Title: Suspicious probes target WINS servers
Source: SearchSecurity
Date Written: January 4, 2005
Date Collected: January 5, 2005
The SANS Internet Storm Center reports a surge in probes targeting WINS
(Windows Internet Naming Service) servers since December 31, 2004, and
advises users to patch their WINS servers if they have not already done so.
The Research and Educational Networking Information Analysis and Sharing
Center (REN-ISAC) reports similar activity on the Internet2 research
network. The WINS flaw would allow an attacker to install programs, change
data, and create new user accounts with full privileges. Users should block
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) port 42
or download the patch Microsoft released in early December.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1041758,00.html
Also - http://www.techweb.com/wire/security/56900363

Vulnerabilities & Exploits
Title: Thousands of security webcams wide open
Source: vnunet.com
Date Written: January 5, 2005
Date Collected: January 5, 2005
According to search engine expert Duncan Parry, creative director at
Position Driver, a simple Google search can reveal thousands of security
webcams accessible online, many of them private and confidential. Mr. Parry
says that Google is not to blame for providing access to these devices,
since web administrators should keep webcam pages password protected and
direct search engines to stay away from them in the 'robots.txt' file.
http://www.vnunet.com/news/1160289

Understanding NetBSD 2.0's new technology
http://trends.newsforge.com/article.pl?sid=04/12/22/1954233&from=rss
NetBSD is widely known as the most portable operating system in the world.
It currently supports 52 system architectures, all from a single source
tree, and is always being ported to more. NetBSD 2.0 continues the long
tradition with major improvements in file system and memory management
performance, significant security enhancements, and support for many new
platforms and peripherals. To celebrate the release, we've asked several
well-known NetBSD developers to comment on some of NetBSD 2.0's new
features.

"Corretta vulnerabilità in FlatNuke"
Il Main Coder del CMS italiano FlatNuke Simone Vellei ha chiuso in tempi
record la falla che poteva compromettere la sicurezza del sistema. Si
invitano gli utenti che ancora non lo avessero fatto ad upgradare il CMS
alla versione 2.5.2
http://www.ziobudda.net/Admin/redir_news.php?id=20473

** L'ANTISPYWARE DI MICROSOFT **
Prime impressioni sulla versione beta del nuovo tool di sicurezza targato
Microsoft: il tool non si distingue per l'affidabilità dei risultati e
compie errori grossolani nel riconoscimento. Da migliorare.
>> di Matteo Campofiorito
http://www.zeusnews.it/news.php?cod=3692

SECURITY DIGEST: JANUARY 5, 2005
Today's security advisories: mplayer (Conectiva); LinPopUp, a2ps, Mozilla,
Firefox, Thunderbird, Shoutcast Server (Gentoo Linux); and pcal and zip
(Debian GNU/Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1bkq,1,ee04,2ogu,85jl,7pty

EFF THROWS SUPPORT TO 'ANONYMOUS' INTERNET PROJECT
"The Electronic Frontier Foundation (EFF.org) is throwing its support behind
a new version of an open source project designed to protect Internet surfers
from online snoops..."
http://nl.internet.com/ct.html?rtr=on&s=1,1bkq,1,9bmd,ljdq,85jl,7pty

KDE ON WINDOWS? A PLATONIC DIALOGUE
"In the tradition of dialectic, I present the key arguments for and against
this venture in style of a Platonic dialogue..."
http://nl.internet.com/ct.html?rtr=on&s=1,1bks,1,2oxg,getv,85jl,7pty

Better programming through effective list handling
http://newsvac.newsforge.com/article.pl?sid=05/01/06/2214208&from=rss
Anonymous Reader writes "Singly linked lists are a powerful abstraction that
allow programmers to represent numerous types of data; extending those lists
to handle arbitrary data types can offer effective tools for processing
data. This article looks at these processes and examine the Lisp variation
Scheme, an easy-to-use list-oriented language that delivers
list-manipulation capabilities without the complexities of C."

How to Build Better Software: It's Simple
http://programming.newsforge.com/article.pl?sid=05/01/06/1935244&from=rss
Bloatware. It's an ugly term for an ugly phenomenon: the tendency of
software developers to cram in every imaginable feature, including some that
shouldn't have been imagined in the first place. Creeping featuritis rarely
results in better programs. It often makes them harder to use. And it can
leave them sluggish, insecure, and unreliable.

Malware
Title: Mobile Trojan launches Skulls attack
Source: ZDNet UK
Date Written: January 6, 2005
Date Collected: January 6, 2005
Security firm F-Secure reported January 3, 2005 that a new variant of the
Skulls Trojan that affects Symbian mobile phones has been discovered.
Skulls.D attacks system applications in the same manner as previous
variants, and displays a full-screen flashing skull to inform users they
have been infected. Once infected, users cannot run or install programs,
though they can still make calls, so the majority of infected users will
need to reset their phones. Only two users have reported being infected,
both after downloading an application from a web forum, and Mikko Hyppönen,
the director of anti-virus research at F-Secure, said users should be
careful what they download.
http://news.zdnet.co.uk/0,39020330,39183213,00.htm

Vulnerabilities & Exploits
Title: Mozilla vulnerabilities identified
Source: InfoWorld
Date Written: January 6, 2005
Date Collected: January 6, 2005
Flaws have been discovered in the Mozilla and Firefox browsers and the
Thunderbird e-mail client that could compromise PCs, according to iSEC
Security Research. Maurycy Prodeus, who discovered the flaw, said the most
serious vulnerability is the result of boundary error in Mozilla's handling
of news:// addresses, possibly leading to the execution of malicious code,
and affects all versions of Mozilla earlier than 1.7.5. Less serious flaws
affect Firefox and Thunderbird, including a vulnerability in the way they
store temporary files that could allow third parties to read their contents.
The vulnerabilities affecting Firefox and Thunderbird are fixed as of
Firefox 1.0 and Thunderbird 0.9.
http://www.infoworld.com/article/05/01/06/HNmozillabugs_1.html

"Gates presenta due novità, ma i Pc si impallano"
Il leader della Microsoft si è scontrato con le "bizze" di un pc durante una
presentazione.
http://www.ziobudda.net/Admin/redir_news.php?id=20486

"Proteggersi dagli attacchi di worm PHP"
"Non cambiare il tuo codice, cambia la tua tattica" è il "succo" del
discorso di questo articolo in inglese.
http://www.ziobudda.net/Admin/redir_news.php?id=20483

Microsoft Anti-Spyware?
Microsoft has jumped into the anti-spyware market, but is this a new
approach to thwarting bugs, or are they gearing up to profit from a dubious
industry they helped create?
http://www.securityfocus.com/columnists/289

SECURITY DIGEST: JANUARY 6, 2005
Today's security advisories: exim and tetex (Fedora Core); namazu2 and
imlib2 (Debian GNU/Linux); Vilistextum, xzgv, phpGroupWare, xine-lib, tiff,
and mit-krb5 (Gentoo Linux); libtiff, wxGTK2, vim, and nasm (Mandrakelinux);
and samba (Conectiva Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1bnu,1,2q6l,6lnp,85jl,7pty

Cybercrime-Hacking
Title: Phishers migrating to Trojan horse attacks
Source: Computerworld
Date Written: January 6, 2005
Date Collected: January 7, 2005
The Anti-Phishing Working group (APWG) has released a report finding that
phishers are starting to favor keylogging Trojans over social engineering
attacks. November 2004 saw a 28% growth in phishing attacks with 1,518
active spoof sites. The sites lasted an average of 6.2 days and targeted 51
companies. Phishers are starting to use botnets, zombie computers, and
keyloggers for more sophisticated technological attacks, and APWG warns the
trend will only increase in 2005. While 75% of attacks target financial
institutions, any large company with a financial relationship with customers
can be a target, as suggested by attacks against EarthLink and MSN
customers.
http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,98760,00.html

Vulnerabilities & Exploits
Title: Sims 2 hacks spread like viruses
Source: Security Focus
Date Written: January 6, 2005
Date Collected: January 7, 2005
Players of The Sims 2, published by Electronic Arts (EA), are reporting that
the homes they have designed for their characters within the game are
starting to behave strangely--for example, characters in some virtual
neighborhoods have received eternal youth. The odd behavior results from
hackers who have designed modifications for the people simulation to get
around obstacles presented in the game. While the hacks have been available
in web forums for download, some users say they are spreading to players who
have never installed a modification and would rather play the unhacked
version of the game. The problem results from file-sharing. Electronic Arts
allows players to save homes they have built within game to share with other
players. However, if a shared home includes a hacked game element, that
element overrides the original game version. Electronic Arts has since
reprogrammed its "Lot Exchange," where users can share game homes, to
identify houses containing hacked objects. However, Electronic Arts was slow
to respond to user complaints, prompting the game community to create its
own central list of identified hacks with their checksums and to program
scanners, similar to virus scanners, to weed out downloads with hacked
elements.
http://www.securityfocus.com/news/10232

grsecurity 2.1.0 (Stable)
http://freshmeat.net/releases/183986/
grsecurity is a complete security system for Linux 2.4 that implements a
detection/prevention/containment strategy. It prevents most forms of address
space modification, confines programs via its Role-Based Access Control
system, hardens syscalls, provides full-featured auditing, and implements
many of the OpenBSD randomness features. It was written for performance,
ease-of-use, and security. The RBAC system has an intelligent learning mode
that can generate least privilege policies for the entire system with no
configuration. All of grsecurity supports a feature that logs the IP of the
attacker that causes an alert or audit.

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Member) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Security News MainTainer)
(Socio fondatore e Presidente del CapitanLUG.iT)