"Articolo dell'IEEE contro i brevetti"
Nientepopodimeno che dall'IEEE si leva una voce contro il sistema dei brevetti USA che i nostri ministri stanno bellamente ricalcando in Europa.
http://www.ziobudda.net/Admin/redir_news.php?id=20873
***Guide - Salvare il contenuto di una cartella in un file di testo***
Capita spesso per vari motivi (catalogare i file contenuti nei propri CD,
stampare i titoli degli MP3 della propria collezione ecc.) di trovarsi ne
lla
situazione di voler salvare in un file di testo il contenuto di una carte
lla
e non sapere come fare. Era un'operazione piuttosto semplice ai tempi del
DOS eppure questa comodità è andata persa e dei tanti strumenti messi
a
disposizione da Windows non c'è nulla che faccia al caso nostro... Ma a
tutto c'è rimedio!
http://www.pc-facile.com/salvare_contenuto_cartella_file_testo_t163856/
EUDORA METTE UN CEROTTONE
L'ultima versione del celebre client di posta elettronica corregge alcune
serie vulnerabilita' di sicurezza sfruttabili da un cracker per eseguire
programmi malevoli e diffondere virus
URL: http://punto-informatico.it/pi.asp?i=51445
EMAIL CERTIFICATA O INTERNET IMBRIGLIATA?
di A. Lisi (www.scint.it) - Lo schema della PEC e il modo in cui e'
presentata lasciano aperte molte questioni e sembrano tentare di imporre
alla rete novita' non riflettute abbastanza
URL: http://punto-informatico.it/pi.asp?i=51439
PIRATA ENTRA NELLA POSTA FBI
E' riuscito a violare il sistema di e-mail usato dagli agenti dell'Fbi
costringendo l'agenzia a chiudere il sito
http://www.studiocelentano.it/newsflash_dett.asp?id=12765
Authentication and Session Management on the Web
You may be interested in this paper I've written. The first ten pages or
so
are probably less interesting to readers of this list, but the latter par
t
covers in detail all the attacks such as session fixation, CSRF, etc. Any
constructive discussion is welcomed!
http://www.westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf
Analysis finds MySQL low on bugs
http://newsvac.newsforge.com/article.pl?sid=05/02/05/1437202&from=rss
Just in time to counter security taints from last week's MySpooler worm,
which spread via weak MySQL passwords on Windows installations, MySQL on
Friday got a clean bill of health from code analysis firm Coverity Inc. T
he
five Stanford University researchers at Coverity, who analyzed the securi
ty
of the Linux kernel over a period of four years, this month are planning
to
release an analysis of the security and quality of MySQL code that found
the
database to have an "excellent" bug density.
Linux 2.6 Kernel to Include Xen; Infiniband, NFS 4
http://newsvac.newsforge.com/article.pl?sid=05/02/06/0349219&from=rss
A forthcoming update to the Linux 2.6 kernel will incorporate the Xen ope
n
source virtualization technology, said Andrew Morton, the man who maintai
ns
the Linux kernel.
Python
Vendor: Python.org
A vulnerability was reported in Python in the SimpleXMLRPCServer library
module. A remote user can access internal module data, potentially
executing arbitrary code.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2005/Feb/1013083.html
Mambo Site Server
Vendor: Mamboserver.com
A vulnerability was reported in Mambo. A remote user can gain
administrative access to the application and the underlying database.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2005/Feb/1013081.html
RealOne (RealPlayer)
Vendor: RealNetworks
A vulnerability was reported in RealPlayer. A remote user can cause the
player to run scripting code in the Local Computer zone.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Feb/1013054.html
"SuSE ha rilasciato alcune critical patches"
Le patches rilasciate chiuduno alcuni buchi di sicurezza per delle
vulnerabilità riguardo cross-site scripting attacks, remote system acce
ss,
exposure of sensitive information, spoofing e denial-of-service attacks.
http://www.ziobudda.net/Admin/redir_news.php?id=20898
Also - http://news.com.com/SuSE+releases+critical+patches/2100-1002_3-556
5997.html
Maggiore tutela legale per il software libero e open source
Nasce il Software Freedom Law Center diretto da Moglen, mentre si
ristruttura la Open Source Initiative (e Raymond lascia)
http://www.apogeonline.com/webzine/2005/02/08/05/200502080501
Rilasciata Slackware 10.1
"The first Slackware release of 2005, Slackware Linux 10.1 continues the
long Slackware tradition of simplicity, stability, and security."
http://www.wintricks.it/news1/article.php?ID=3553
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1do1,1,gwbe,g5zp,85j
l,7pty
Spyware Kazaa!
Un terremoto si è abbattuto oggi su Kazaa e le società che con questo
modello hanno impostato il loro business: Sharman e Altnet. Secondo i
documenti prodotti oggi nel processo che vede i responsabili della Rete P
2P
imputati di violazione delle leggi sul copyright, il Kazaagate, sembra ch
e
Sharman e Altnet abbiano da sempre monitorato e registrato ogni singolo
download e ricerca. Alla base del funzionamento di Kazaa infatti è esis
tito
un complicato meccanismo per fornire c.d. "sponsored files". Secondo le
preoccupate confidenze dello sviluppatore estone, non si va lontano a
definire questo sistema "al pari di uno spyware".
http://www.wintricks.it/news1/article.php?ID=3559
AdvancedRemoteInfo 0.6.3.9a
Un ottimo tool freeware che permette di ottenere molte informazioni sulle
macchine connesse ad una LAN; permette di ottenere informazioni riguardan
ti
hardware, software installato, configurazione di rete, cartelle e stampan
ti
condivise; permette una completa interazione da remoto, permettendo
l'installazione/disinstallazione di software, gestione dei servizi, invio
messaggi, spegnimento e riavvio; tutte le informazioni possono essere
salvate in un file EXCEL o HTML.
http://www.wintricks.it/news2/article.php?ID=7475
SEMPRE PIU' BUG SULLE AUTO HI-TECH
Studi e testimonianze dimostrano come nelle auto sempre piu' guasti siano
ascrivibili all'elettronica e al software. E si fanno avanti i primi viru
s
per auto
URL: http://punto-informatico.it/pi.asp?i=51449
DEFACER COLPISCONO DURO PHPBB.COM
Il sito del celebre forum open source al momento lavora a scartamento
ridotto dopoche' dei cracker forse brasiliani hanno effettuato una
incursione sulle sue pagine
URL: http://punto-informatico.it/pi.asp?i=51460
Nmap 3.81 Released
I'm pleased to release Nmap 3.81, which contains dozens of feature
enhancements and bug fixes over 3.75. These include an XSL stylesheet by
Benjamin Erb that allows you to render Nmap's XML output as HTML in a
browser. Fragmentation scanning was fixed and enhanced (thanks to Martin
MaÃsk) so that you can now specify fragment size. I finally got around
to
adding packet/byte counters so that you know how much traffic Nmap
generated. Improvements were made to several scan types, a new
"closed|filtered"state was added, the service detection database grew, an
d
some important bugs were fixed. As always, you can download Nmap from:
http://www.insecure.org/nmap/nmap_download.html
SAMBA 3.0.11 AVAILABLE FOR DOWNLOAD
"This is the version that production Samba servers should run for all
current bug-fixes..." Announcement within.
http://nl.internet.com/ct.html?rtr=on&s=1,1do1,1,9ou9,lp5f,85jl,7pty
INSTALLING & SECURING VOIP WITH LINUX
"Today with the plethora of open source solutions, a small business can
present a high tech image and still keep a lid on the expenses..."
http://nl.internet.com/ct.html?rtr=on&s=1,1do1,1,clgd,5gy9,85jl,7pty
Understanding User Profiles
Understanding just what user profiles are, and how they interact with the
Windows registry system is key to keeping a secure system. Making sure th
at
your programs store settings in the user-specific settings trees, rather
than the program directory, will help keep passwords and other vital
information secure.
http://www.informit.com/articles/article.asp?p=350384
How to secure your Windows Mobile (Pocket PC) wireless traffic using SSH
tunneling
In the previous section, we discussed some of the threats a PDA user must
consider when using a public hotspot. Simply put, there is little to no
security being offered by most public wireless networks. As a result, all
emails and webpages are readable by anyone with a sniffer. Fortunately,
there are a few means of protection, one of which is accomplished via an
SSH
tunnel. In this section, we will look at the optional requirements and
provides a step by step outline for setting up your own SSH tunnel.
http://www.informit.com/guides/content.asp?g=security&seqNum=84
SOME RFID CHIPS VULNERABLE TO HACKING
Tiny radio-transmitter chips that make possible high-security car keys an
d
swipe-by petrol passes can be cracked using cheap technology.
http://www.net-security.org/news.php?id=7036
ROOT KIT SURFACES AFTER JABBER ATTACK
The Jabber Software Foundation (JSF) - the open source instant messaging
organisation - has advised developers to check their code, after discover
ing
that a hack attack against its website was more serious than first
suspected.
http://www.net-security.org/news.php?id=7071
TESTIFYING IN A COMPUTER CRIMES CASE
In this article, we examine the basics of testifying in either capacity i
n a
case involving computer crimes, and how you can move into the lucrative
field of computer forensics, on either a full- or part-time basis.
http://www.net-security.org/news.php?id=7073
A SIMPLE GUIDE TO SECURING USB MEMORY STICKS
USB memory sticks can be used safely and securely if the risks are
understood and proper measures are taken to mitigate them. First the prim
ary
risks associated with USB memory sticks were discussed and the most
important of these are loss of media and loss of confidentiality of data.
Next, Cryptainer LE, a free software program, was shown to mitigate the l
oss
of confidentiality through the use of encryption.
http://www.net-security.org/article.php?id=764
HOME USER SECURITY GUIDE
I know many of you have received some nice to tech toys recently, so its
time to talk about making them secure and keeping them that way.
http://www.net-security.org/article.php?id=763
** L'ANTISPYWARE DI MICROSOFT SUBISCE IL PRIMO ATTACCO **
In circolazione un pericoloso trojan in grado di disattivare l'antispywar
e
di Microsoft e carpire password bancarie.
>> di Matteo Campofiorito
http://www.zeusnews.it/news.php?cod=3826
** MICROSOFT E IL RITO DELLA PATCH DEL MESE **
Massiccia dose mensile di toppe di sicurezza per gli utenti Windows. Tocc
ati
anche Windows 98 e ME.
>> di Paolo Attivissimo
http://www.zeusnews.it/news.php?cod=3823
Also - http://punto-informatico.it/pi.asp?i=51490
SVELATO CELL, IL CHIP DELLA PS3
IBM e partner hanno ufficialmente presentato Cell, un chippone che romber
a'
sotto il cofano della PlayStation 3 e di molti altri dispositivi consumer
e
aziendali. Rivelati nuovi e succosi dettagli tecnici
URL: http://punto-informatico.it/pi.asp?i=51467
OCCHIO AGLI URL CONTRAFFATTI
Tutti gli utenti che utilizzano browser alternativi a Internet Explorer
potrebbero rischiare di imbattersi in link che, sebbene apparentemente
identici a indirizzi noti, portano su siti malevoli. Una vera manna per i
truffatori
URL: http://punto-informatico.it/pi.asp?i=51478
POSTA CERTIFICATA, FACCIAMO CHIAREZZA
di Manlio Cammarata - Le procedure e le infrastrutture della PEC producon
o
una serie di implicazioni sul piano del diritto. Ecco il quadro alla luce
delle piu' recenti novita' normative. Cos'e', come funziona, che effetti
ha
URL: http://punto-informatico.it/pi.asp?i=51472
TAPPATA LA FALLA DI TRENITALIA
La segnalazione di Altalex porta alla chiusura di un buco che consentiva
agli utenti del sito delle ferrovie di visionare i dati personali di altr
i.
I dettagli
URL: http://punto-informatico.it/pi.asp?i=51493
SYMANTEC TAPPA UN MEGABUCO
L'azienda ha corretto una seria vulnerabilita' di un componente che si tr
ova
alla base di molti suoi software, inclusi quelli della famiglia Norton
URL: http://punto-informatico.it/pi.asp?i=51494
Also - http://searchsecurity.techtarget.com/originalContent/0,289142,sid1
4_gci1052473,00.html
Of Dog Sniffs and Packet Sniffs
Why a Supreme Court decision on canine-assisted roadside searches opens t
he
door to a new regime of Internet surveillance.
http://www.securityfocus.com/columnists/297
Unexpected Attack Vectors
A new round of attacks and phishing attempts use some unexpected attack
vectors that we should have been paying attention to, but weren't.
http://www.securityfocus.com/columnists/298
Penetration Testing IPsec VPNs
This article discusses a methodology to assess the security posture of a
n
organization's IPsec based VPN architecture.
http://www.securityfocus.com/infocus/1821
SECURITY DIGEST: FEBRUARY 7, 2005
Today's security advisories: php3 (Debian GNU/Linux); OpenMotif (Gentoo
Linux); and emacs21 and squid (Ubuntu Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1dse,1,m14r,975r,85jl,7pty
BIND-CHROOT-HOWTO (DEBIAN)
"This document describes how to install the DNS server Bind on Debian so
that it runs out of a chroot jail for security reasons..."
http://nl.internet.com/ct.html?rtr=on&s=1,1dse,1,7wow,k37,85jl,7pty
SUSE FIXES BUGS, DEFENDS NEW UPDATE POLICY
"Novell Inc. released to its SuSE Linux line on Friday numerous fixes to
bugs that could enable a number of types of attacks, including DoS..."
http://nl.internet.com/ct.html?rtr=on&s=1,1dse,1,36zb,lvun,85jl,7pty
SECURITY DIGEST: FEBRUARY 8, 2005
Today's security advisories: emacs20 (Debian GNU/Linux); postgresql and c
ups
(Fedora Core); and PostgreSQL and LessTif (Gentoo Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1dvy,1,8wfo,k5r4,85jl,7pty
CONNECTING TO A WIRELESS LAN WITH LINUX, PART 2
"This week we'll cover configurations on Red Hat- and Debian-type systems
,
basic security, and hardware discovery..."
http://nl.internet.com/ct.html?rtr=on&s=1,1dsg,1,9k5d,4xl7,85jl,7pty
Review of Ubuntu "Warty"
http://newsvac.newsforge.ner:
The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >
(AreaSessantuno Member) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Security News MainTainer)
(Socio fondatore e Presidente del CapitanLUG.iT)
