"Kde o Gnome? dipende..."
Una recente statistica dice che i due rivali Desktops Grafici per Linux, hanno entrambi la stessa importanza a seconda dell'utilizzo; ma vediamo come posso essere entrambi utili...
http://www.ziobudda.net/Admin/redir_news.php?id=24427

FIREFOX 1.5, ULTIMA BETA?
Mozilla Foundation l'ha ora messa a disposizione dei tester. Il nuovo sistema di aggiornamento incrementale permette di scaricare un update di poche centinaia di kappa
URL: http://punto-informatico.it/pi.asp?i=55450

LE TRE ANIME DI MANDRIVA 2006
La nuova major release del celebre sistema operativo raccoglie l'eredita' delle distribuzioni Linux di Conectiva e Lycoris e, con il suo nuovo bagaglio di funzionalita', rinnova la sfida a Windows
URL: http://punto-informatico.it/pi.asp?i=55447

HBO: SABOTARE SUBITO BITTORRENT
Il colosso americano della televisione via cavo ammorba il peer-to-peer con un torrente di file fasulli. Scaricare illegalmente i suoi telefilm diventa sempre piu' difficile
URL: http://punto-informatico.it/pi.asp?i=55444

Tcpxtract released
tcpxtract is a tool for carving files out of network traffic. You can think of it as the lovechild of Foremost and Tcpdump. It also has some advantages over driftnet and EtherPEG which I talk about briefly on the webpage. It is based on libpcap and can work against a live device or a tcpdump formatted capture file. This tool relates more towards the field of network forensics, security, information assurance and network monitoring than traditional disk and filesystem forensics.
http://tcpxtract.sf.net

Smack the Stack. Advanced Buffer Overflow Methods
>From time to time, a new patch or security feature is integrated to raise the bar on buffer overflow exploiting. This paper includes five creative methods to overcome various stack protection patches, but in practical focus on the VA (Virtual Address) space randomization patch that have been integrated to Linux 2.6 kernel. These methods are not limited to this patch or another, but rather provide a different approach to the buffer overflow exploiting scheme.
http://www.tty64.org/doc/smackthestack.txt

Web Application Firewall Evaluation Criteria Web application firewalls (WAF) are a new breed of information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code. As today's web application attacks expand and their relative level of sophistication increases, it is vitally important to develop a standardized criteria for product evaluation. How else can we accurately compare or measure the performance of a particular solution? The goal of this project is to develop a detailed web application firewall evaluation criteria; a testing methodology that can be used by any reasonably skilled technician to independently assess the quality of a WAF solution.
http://www.webappsec.org/projects/waf_evaluation/v1/wafec-draft-1-20051007.html

Bluetraq mailing list
Bluetraq - discussions related to Bluetooth security.
http://trifinite.org/trifinite_lists.html

Analysis of the WinZip Encryption Method WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having "easy-to-use AES encryption to protect your sensitive data." We exhibit several attacks against WinZip's new encryption method, dubbed "AE-2" or "Advanced Encryption, version two." We then discuss secure alternatives. Since at a high level the underlying WinZip encryption method appears secure (the core is exactly Encrypt-then-Authenticate using AES-CTR and HMAC-SHA1), and since one of our attacks was made possible because of the way that WinZip Computing, Inc.~decided to fix a different security problem with its previous encryption method AE-1, our attacks further underscore the subtlety of designing cryptographically secure software.
http://www.astalavista.com/index.php?section=directory&linkid=5259

Exploiting Open Functionality in SMS-Capable Cellular Networks Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the expansion of this new service, telecommunications companies offer connections between their networks and the Internet. The ramifications of such connections, however, have not been fully recognized. This research evaluates the security impact of the Short Messaging Service (SMS) interface on the availability of the cellular phone network. Specifically, we demonstrate the ability to deny voice service to large metropolitan areas with little more than a cable modem. Moreover, attacks targeting the entire United States are feasible with resources available to medium-sized zombie networks.
http://www.astalavista.com/index.php?section=directory&linkid=5260

Hacking the WRT54G
Or… Creative Ways to Void the Warranty on your Wireless Access Point.
http://www.astalavista.com/index.php?section=directory&linkid=5262

The P3P Implementation Guide
This is a guide to help organizations incorporate the Platform for Privacy Preferences (P3P) into their Web site(s). It provides information on the tasks required, the resources required, and gives guidance on how to best manage and execute the implementation.
http://p3ptoolbox.org/guide/

The Promise of 64-bit Computing
That something fundamental is to be gained from the 64-bit processor in the server is not as simple a concept as the 6-cylinder engine generally having more horsepower than the 4-cylinder. Many engineers believe in "Moore's Law" as a kind of force that drives hardware engineering, rather than an observation about how the utility of enabling more transistors can drive the innovation necessary to include those transistors on a die.
http://www.informit.com/guides/content.asp?g=windowsserver&seqNum=14

Webroot Desktop Firewall
Vendor: Webroot Software, Inc.
A vulnerability was reported in Webroot Desktop Firewall. A local user can gain elevated privileges on the target system. A local user can also disable the firewall.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Oct/1015012.html

Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Firefox. A remote user may be able to cause arbitrary code to be executed on the target user's system.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Oct/1015011.html

Symantec Anti Virus
Vendor: Symantec
iDEFENSE reported a vulnerability in the Symantec Anti Virus Scan Engine. A remote user can cause arbitrary code to be executed on the target system.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Oct/1015001.html

Kaspersky Anti-Virus
Vendor: Kaspersky Lab
A vulnerability was reported in Kaspersky Anti-Virus. A remote user can cause arbitrary code to be executed on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Oct/1014998.html

An introduction to OpenOffice.org Basic
http://software.newsforge.com/article.pl?sid=05/09/20/1840248&from=rss
One of the features some users overlook in OpenOffice.org is its built-in programming language, OpenOffice.org Basic. Why would you want a programming language built into your word processor? It's there to help you to automate tasks. It won't make the tea for you, but it will help you to carry out many repetitive jobs with a minimum of effort.

Creative Commons appeals for cash
http://newsvac.newsforge.com/article.pl?sid=05/10/07/188241&from=rss
The organisation set up to help authors freely distribute their work while retaining control is appealing for money - a lot of money.

Monitoring network traffic with Ruby and Pcap http://newsvac.newsforge.com/article.pl?sid=05/10/07/1735207&from=rss
Linux.Ars returns with yet another fun-filled edition. It seems like many of our readers are interested in learning how to take advantage of specific Linux technologies. Based on reader input, we have decided to place a stronger emphasis on technical tutorials and code examples. This week, we have some nifty stuff for you. I wrote an introductory tutorial to network filtering with libpcap and Ruby in which you will learn how to make a script that intercepts AIM instant messages sent from or received by any computer on your local network. Ian wrote an excellent tutorial that describes how to use Perl to automate image processing with the GIMP. I also wrote an introduction to Conglomerate, a unique XML editor that runs on Linux.

THE STATE OF E-MAIL (IN)SECURITY
Avinti's CEO discusses the successful and unscrupulous of the online underworld.
http://www.net-security.org/news.php?id=9000

HACKERS TURN MICROSOFT OFFICE FLAW INTO FULL-BLOWN EXPLOIT Microsoft is contending with a new Trojan exploit in its Office collaborative software suite that could allow remote attackers to take over vulnerable computers.
http://www.net-security.org/news.php?id=9005

2005 SEMI-ANNUAL WEB SECURITY TRENDS REPORT Websense released the 2005 Semi-Annual Web Security Trends Report. The new report summarizes findings for the first half of 2005 and presents projections for the upcoming year.
http://www.net-security.org/news.php?id=9010

BACKDOOR TROJAN TARGETS MICROSOFT ACCESS Zero day vuln gives hackers open access.
http://www.net-security.org/news.php?id=9011

KASPERSKY ANTI-VIRUS HAS A SECURITY FLAW?
An attacker could use malformed files in the Microsoft .cab format to take over target systems.
http://www.net-security.org/news.php?id=9015

SUN JAVA DESKTOP SYSTEM XFREE86 SERVER VULNERABLE Sun has reported a vulnerability in the XFree86 server, which could allow an unprivileged local user to run arbitrary code with the privileges of the server.
http://www.net-security.org/news.php?id=9024

OVERVIEW OF XML ENCRYPTION
XML encryption classifies a course of action for encrypting plain text data, generating ciphertext, and decrypting the ciphertext to retrieve the plaintext data.
http://www.net-security.org/news.php?id=9025

WINDOWS XP SP3 PREVIEW SURFACES ON WEB
An "unofficial" preview pack of Windows XP service pack 3 (SP3) is available.
http://www.net-security.org/news.php?id=9052

INTERNET EXPLORER 7 SECURITY
Internet Explorer has certainly had its share of flaws and vulnerabilities.
http://www.net-security.org/news.php?id=9075

"Dos-box, Howto per emulare i vecchi giochi"
Una interessante guida su DosBox, un software per GNU/Linux in grado di far rivivere i vecchi giochi per DOS.
http://www.ziobudda.net/Admin/redir_news.php?id=24444

"Vulnerabilità critica per i forum Phpbb"
La piattaforma di forum open source phpbb è risultata affetta, nelle versione precedenti la 2.0.17, da diverse vulnerbilità,una delle quali è stata classificata ''Altamente critica'' dagli esperti di sicurezza di Secunia.
http://www.ziobudda.net/Admin/redir_news.php?id=24484

"La comunità italiana di Ubuntu si rinnova"
La comunità italiana di ubuntu annuncia l'apertura dei nuovi siti di supporto! Inserite il nuovo indirizzo nei vostri bookmarks: http://www.ubuntu-it.org http://www.ziobudda.net/Admin/redir_news.php?id=24480

"Corsi Online Gratuiti"
DA novembre su Freelabs.it, si svolgeranno dei CORSI GRATUTITI ONLINE aperti a tutti, dai più niubbi ai più esperti! I corsi tratteranno programmazione, utilizzo dei sistemi operativi OpenSource e molto altro ancora! Se vuoi insegnare, o imparare anche tu, vieni a trovarci, all'indirizzo www.freelabs.it
http://www.ziobudda.net/Admin/redir_news.php?id=24476

"Portable FireFox 1.06"
Portable Firefox, una versione "light" studiata appositamente per le pen drive USB. L'autore, John Haller, ha sostanzialmente reso Firefox ancora più leggero, togliendo alcune caratteristiche che sulle pen drive avrebbero potuto creare problemi.
http://www.ziobudda.net/Admin/redir_news.php?id=24469

LIMEWIRE, FILE SHARING IN CREATIVE COMMONS Gli sviluppatori del celebre software di scambio danno appuntamento online ad utenti ed autori, per testare a fondo le capacita' del software di gestire le licenze aperte
URL: http://punto-informatico.it/pi.asp?i=55472

CARTA DI IDENTITA' ELETTRONICA PIU' VICINA di V. Frediani (Consulentelegaleinformatico.it) - Al via le procedure per la gestione delle Carte di Identita' Elettroniche: entro il 31 ottobre i Comuni devono presentare il piano di sicurezza, essenziale per la tutela dei cittadini
URL: http://punto-informatico.it/pi.asp?i=55469

WI-FI LIBERO OPPURE NO?
Guido Villa di Lidis.it risponde a Marco A. Calamari che su queste pagine aveva criticato l'assenza di una vera politica di apertura nel wireless all'italiana. Un botta e risposta che fa luce su una questione centrale
URL: http://punto-informatico.it/pi.asp?i=55502

SICUREZZA E ANONIMATO, COESISTENZA POSSIBILE?
Quella che e' sempre apparsa come una contrapposizione insanabile potrebbe invece trovare una composizione, con conseguenze dirette sulle liberta' dell'individuo. PI intervista gli autori di un volume sull'argomento
URL: http://punto-informatico.it/pi.asp?i=55512

NESSUS GIRA LE SPALLE ALLA GPL
Uno dei piu' noti software open source per la sicurezza, lo scanner di vulnerabilita' Nessus, abbandonera' presto la licenza GPL per adottarne una commerciale. Una notizia che sta suscitando polemiche e dibattiti nella comunita' open
URL: http://punto-informatico.it/pi.asp?i=55524

** L'ULTIMA BEFFA DELLA LEGGE URBANI **
La legge Urbani, che criminalizza il P2P, era stata approvata anche dall'opposizione perché conteneva aiuti e provvidenze per il cinema: aiuti che la legge Finanziaria 2006 vuole abolire.
>> di Pier Luigi Tolardo
http://www.zeusnews.it/news.php?cod=4373

First Look at Windows Vista: Secure at Last?
Author: Deb Shinder
Summary: In the early days of Windows operating systems, security was not at the forefront of computer users’ priorities as it is today – especially for home computer users. Now that the vast majority of systems are connected to the Internet, wireless networks have popped up everywhere, and we’re much more vulnerable to viruses and attacks, security is a necessity. With the release of each new version, Microsoft has focused more and more on protecting the system from inadvertent and deliberate security breaches, and the culmination of those efforts is Windows Vista (formerly known as Longhorn), the next generation of their client operating system that’s expected to be released sometime in 2006.
Link: http://www.WindowSecurity.com/articles/First-Look-Windows-Vista-Secure-Last.html

Understanding the SMTP Protocol
Author: Don Parker
Summary: Who amongst us doesn’t like getting email? We all do of course! It is just like looking in the mailbox every morning after the postman comes by. How does email work though, and just what makes it arrive to our inbox? This will all be explained in this article giving you a far better understanding of how email works.
Link: http://www.WindowsNetworking.com/articles_tutorials/Understanding-SMTP-Protocol.html

Active Directory Solutions for Linux
Need your Windows and UNIX computer systems to talk together? Sure you do. Fortunately, as Jason Perlow explains, a number of solutions let you link Linux systems with Active Directory. His opinionated overview will save you time and trouble.
http://www.informit.com/articles/article.asp?p=413095

The Dark Art of Social Engineering
If hacking were black magic, social engineering would be one of the darkest arts of all. Sit back, relax, and let Cyberspace Samurai Duane LaFlotte tell you a tale of social control and manipulation.
http://www.informit.com/articles/article.asp?p=417272

Two-Factor Authentication in Windows
Simple passwords aren't good enough any more, as the flood of stories about phishing, fraud, and compromised accounts by the millions demonstrate. The Next Big Thing in computer security is two-factor authentication and, like it or not, you're probably going to be dealing with it in the next year or so. But two-factor authentication is a concept, not a product, and how it's implemented is critical to its success.
http://www.informit.com/articles/article.asp?p=377071

Choosing the Best Anti-Spyware Program
There are specific programs that you can install to protect yourself from spyware. Laura Hunter discusses the most popular programs and shows what each of them does — or doesn't — do.
http://www.informit.com/articles/article.asp?p=419257

IS OPEN SOURCE NESSUS CLOSING ITS SOURCE?
"The way that the open source software development process is supposed to work is that users contribute to the greater whole, thus benefiting everyone..."
http://nl.internet.com/ct.html?rtr=on&s=1,1y46,1,79ty,5nl2,85jl,7pty

ADVISORIES: OCTOBER 10, 2005
Today's security advisories: cpio, dia, masqmail, shorewall, tcpdump (2), openvpn, up-imapproxy, ethereal, weex, py2play, graphviz, xloadimage, and xli (Debian GNU/Linux); w3c-libwww and xloadimage (Fedora Core); RealPlayer, Helix Player, xine-lib, and Weex (Gentoo Linux); hylafax (Mandriva Linux); xine-lib (Slackware Linux); and ruby1.8, xine-lib, shorewall, cfengine, linux-source-2.6.10, and linux-source-2.6.8.1 (Ubuntu Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1y8m,1,4tnr,5eec,85jl,7pty

OPEN SOURCE LICENSING, PART 1: THE INTENT "The phrase 'open source license' refers to a large number of agreements that license the copyrights inherent in software widely, fairly, and with the fewest restrictions possible..."
http://nl.internet.com/ct.html?rtr=on&s=1,1y44,1,2o48,gyfg,85jl,7pty

KERNELTRAP: KERNEL CRASH DUMPS
"A kernel crash dump is a snapshot of system state taken at the time that the kernel crashed, useful for finding and debugging the problem that caused the crash in the first place..."
http://nl.internet.com/ct.html?rtr=on&s=1,1y44,1,fsi4,n7c,85jl,7pty

KERNELTRAP: STATE TRACING, VISUALIZING FRAGMENTATION "Yumiko Sugita announced the 2.3.1 release of LKST, the Linux Kernel State Tracer..."
http://nl.internet.com/ct.html?rtr=on&s=1,1y8k,1,gzu1,b4ac,85jl,7pty

CLI MAGIC: CHECKINSTALL
"Think that just removing the executable does the trick? Think again, oh rodent lover. Now you're ready to learn about CheckInstall..."
http://nl.internet.com/ct.html?rtr=on&s=1,1y8k,1,gxwa,c1q8,85jl,7pty

Microsoft Patch Tuesday Brings Nine Patches http://newsvac.newsforge.com/article.pl?sid=05/10/11/2057209&from=rss
LogError writes "As expected, Microsoft released several patches today. Eight of this month's Security Bulletins affect Microsoft Windows while one affects Exchange 2000 Server."

"SmartTrust e F-Secure contro i virus su cellulari"
I virus che colpiscono i cellulari di ultima generazione continuano a moltiplicarsi, provocando diversi danni, dalla disabilitazione di alcune funzioni fino al blocco totale dell’apparecchio...
http://www.ziobudda.net/Admin/redir_news.php?id=24505

"[OT]l’Associazione Italiana della Sicurezza Informatica"
Creata l’Associazione Italiana di Professionisti della Sicurezza Informatica. L'Associazione nasce in qualità di rappresentanza di Issa (Information Systems Security Association) in Italia.
http://www.ziobudda.net/Admin/redir_news.php?id=24494

ROMA, P2P ANCORA NEL MIRINO
Il Governo avrebbe bloccato la commissione che stava ridisegnando alcune norme del diritto d'autore intese ad impedire che gli utenti che condividono file possano essere perseguiti in automatico. La denuncia di ALCEI
URL: http://punto-informatico.it/pi.asp?i=55560

SUSE 10, DALLA COMUNITA' AL MERCATO
La nuova release Novell prende la via del mercato portandosi facendo tesoro dei preziosi contributi della comunita' openSUSE.org. Parte anche un progetto per migliorare Linux desktop
URL: http://punto-informatico.it/pi.asp?i=55555

MICROSOFT RILASCIA UNA DOZZINA DI PATCH
BigM ha pubblicato nove bollettini di sicurezza che raccolgono le patch sviluppate negli ultimi due mesi per Windows e Internet Explorer. Tra le falle piu' serie almeno un paio potrebbero essere utilizzate dai creatori di worm
URL: http://punto-informatico.it/pi.asp?i=55535
Also - http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4561

KOFFICE SI AGGIORNA, CORREGGE UNA FALLA
La famosa suite per l'ufficio open source integrata in KDE arriva in una nuova versione, la 1.4.2, che tra le altre cose corregge anche un serio bug di sicurezza
URL: http://punto-informatico.it/pi.asp?i=55537
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1yc5,1,cpdv,g45g,85jl,7pty

MS E YAHOO ALLEATE NELL'INSTANT MESSAGING Clamoroso accordo fra i due giganti statunitensi: dal prossimo anno le due piattaforme proprietarie di messaging saranno pienamente compatibili. I dettagli
URL: http://punto-informatico.it/pi.asp?i=55550

OpenBSD's network stack
SecurityFocus interviews three OpenBSD developers about their network stack protection against ICMP attacks, a short comparison with Linux' stack, and some thoughts on OpenBGPD.
http://www.securityfocus.com/columnists/361

Changing Passwords for Key User Accounts
Author: Derek Melber
Summary: I must warn all readers that this article is direct and aimed to make you feel a bit uncomfortable. The goal is to expose a few vulnerabilities in your network, so that they can be fixed. However, my experience and research has proven that most companies fall into the same bucket when it comes to these vulnerabilities.
Link: http://www.WindowSecurity.com/articles/Changing-Passwords-Key-User-Accounts.html

Outlining Components Needed for Creating a VPN Server
Author: Brien M. Posey
Summary: Over the last few years, VPNs have gone from relative obscurity to great popularity. Even so, you don’t want to throw together a VPN haphazardly. After all, a VPN is a direct portal into your private network, and it is essential that it be secure. If your VPN isn’t secure, then nothing else on your network will be secure either. In this article, I will help you to plan your corporate VPN. In doing so, I will discuss the various components that make up a VPN and some of the decisions that you will have to make regarding those components.
Link: http://www.WindowsNetworking.com/articles_tutorials/Outlining-Components-Needed-Creating-VPN-Server.html

ADVISORIES: OCTOBER 11, 2005
Today's advisories: ruby, uw-imap, and ruby1.8 (Debian GNU/Linux); and binutils, libuser, util-linux, mount, ruby, and openssl (Red Hat Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1yc7,1,k0cs,kztb,85jl,7pty

GRISOFT PREDICTS LINUX VIRUS PLAGUE
"Grisoft, makers of the popular AVG Anti-Virus offering, has warned that it is 'only a matter of time' before Linux becomes widely targeted by virus and malware writers..."
http://nl.internet.com/ct.html?rtr=on&s=1,1yc7,1,2on5,aebx,85jl,7pty

HOT-PLUGGING USB ON LINUX
"When Linux was created, it supported the common hardware of the day, including ATA hard disks, parallel ports, and RS-232 serial ports..."
http://nl.internet.com/ct.html?rtr=on&s=1,1yc5,1,uex,90th,85jl,7pty

CYBERCRIME-HACKING
Title: Phishing attack targets one-time passwords
Source: Outlaw.com
Date Written: 2005-10-12
Date Collected: 2005-10-12
A “new type of phishing”, targeting a one-time password security system, forced Swedish internet bank Nordea to close down its website for 12 hours. Individuals receiving the phishing emails were sent to a website that requested account details and the next password on their scratch sheet, issued by the bank and containing a list of hidden passwords. This is the first phishing incident that requested such one-time use passwords, and also the first phishing scams using Swedish.
http://www.theregister.co.uk/2005/10/12/outlaw_phishing/

TECHNOLOGY
Title: Microsoft Details Antivirus And Anti-Spyware Timetable
Source: Information Week
Date Written: 2005-10-10
Date Collected: 2005-10-12
Microsoft will make a test version of its “Client Protection technology”, a new anti-spyware product, available to businesses by late 2005. This product, aimed at businesses, will offer “management features for IT departments and integration with Windows Active Directory”. In addition, “Antigen”, an anti-spam program for servers, will be offered. John Pescatore of security firm Gartner comments that, to compete with established security companies such as McAfee, Microsoft must repair its reputation regarding security.
http://www.informationweek.com/story/showArticle.jhtml?articleID=171204119

"KDE 3.4.3 Released"
Dalla press: "KDE 3.4.3 has been released. This release includes many bugfixes and increased translation coverage compared to previous versions. The 3.4.3 info page has the links to download the source and packages are available for Arch Linux, Kubuntu, Slackware and SuSE. Konstruct is the easy way to build from source."
http://www.ziobudda.net/Admin/redir_news.php?id=24520
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1yg0,1,e3lz,9c69,85jl,7pty

"Rilasciata Kubuntu 5.10!!!"
Puntuali anche questa volta come ad aprile scorso è stata rilasciata la versione 5.10 di kubuntu. Tantissime le novità ben spiegate dal diretto coordinatore del progetto nella email del comunicato stampa.
http://www.ziobudda.net/Admin/redir_news.php?id=24517

"Ubuntu 5.10"
E' uscita la versione finale di Ubuntu 5.10
http://www.ziobudda.net/Admin/redir_news.php?id=24512
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1yg0,1,fnai,l6df,85jl,7pty

OPENOFFICE 2.0, CHI GLI HA FATTO LO SGAMBETTO?
L'attesa versione 2.0 della celebre suite per l'ufficio open source e' inciampata sull'ultimo gradino. Ieri si attendeva infatti il rilascio della versione finale, ma al suo posto e' arrivata una nuova release candidate
URL: http://punto-informatico.it/pi.asp?i=55590
Also - http://nl.internet.com/ct.html?rtr=on&s=1,1yg0,1,b4wo,ey8b,85jl,7pty
Also - http://newsvac.newsforge.com/article.pl?sid=05/10/14/0319210&from=rss

VIRUS, LINUX IL PROSSIMO BERSAGLIO?
Il produttore di AVG avverte: Linux cadra' vittima dei virus writer se il Pinguino continuera' a diffondersi su client aziendali e workstation
URL: http://punto-informatico.it/pi.asp?i=55589

SCHMIDT ALL'ASSALTO DEGLI SVILUPPATORI
Secondo il guru della sicurezza informatica l’attribuzione di responsabilita' e' lo strumento che permettera' di rendere le applicazioni piu' sicure: gli sviluppatori sono avvertiti, chi sbaglia.. paga
URL: http://punto-informatico.it/pi.asp?i=55592

CASSANDRA CROSSING/ MA CHI LA VUOLE LA PRIVACY?
di Marco A. Calamari - Basta una piccola indagine sugli strumenti di difesa della privacy che gli utenti mantengono in rete per rendersi conto della realta': se ne parla ma non si mette in atto. E Clarke sbarca a Milano
URL: http://punto-informatico.it/pi.asp?i=55569

La conservazione del traffico telematico secondo le nuove disposizioni della Legge Pisanu Il decreto Pisanu trasformato nella legge n. 155/2005 è intervenuto modificando i termini di conservazione dei dati inerenti il traffico telematico previsti nell’art. 132 del Codice privacy.
http://www.diritto.it/art.php?file=/archivio/20771.html

ADVISORIES: OCTOBER 12, 2005
Today's security advisories: xine-lib (Debian GNU/Linux); squirrelmail, openssl, xine-lib, and squid (Mandriva Linux); and koffice (Ubuntu Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1yg2,1,im1b,ez9g,85jl,7pty

AN OVERVIEW OF PING
"Trying to figure out if your laptop is connected to your home or office network? ping it..."
http://nl.internet.com/ct.html?rtr=on&s=1,1yg0,1,adm0,aiur,85jl,7pty

KERNELTRAP: ERROR DETECTION AND CORRECTION "Alan Cox submitted a pair of patches to add error detection and correction (EDAC) logic to the 2.6 kernel..."
http://nl.internet.com/ct.html?rtr=on&s=1,1yg0,1,6ao2,ath1,85jl,7pty

MANDRIVA RELEASES 2006 CONVERGENCE PRODUCTS, EXTENDS INNOVATION Market-speak to English translation: Mandriva 2006 is now available for all.
http://nl.internet.com/ct.html?rtr=on&s=1,1yg0,1,7rcu,18gf,85jl,7pty

MALWARE
Title: Virus writers create Nintendo DS Trojan
Source: The Register
Date Written: 2005-10-12
Date Collected: 2005-10-13
The first malware to target the Nintendo DS handheld gaming console has emerged. DSBrick, a simple Trojan, overwrites critical memory areas, preventing the console from booting up normally. Infection is not much of a threat, however, since it can be run only on modified DS units http://www.theregister.co.uk/2005/10/12/nintendo_trojan/

VULNERABILITIES & EXPLOITS
Title: Secure servers compromised by SSL bug
Source: Techworld
Date Written: 2005-10-12
Date Collected: 2005-10-13
A flaw has been discovered in OpenSSL, an open-source implementation of the SSL and TLS cryptographic protocols, that would allow "man in the middle" attacks. Hackers could force a client and a server to negotiate the less secure SSL 2.0 protocol even if both parties support the later SSL 3.0 and TSL 1.0 protocols. The bug affects all versions of OpenSSL up to 0.9.7h and 0.9.8a, which have been released to fix the problem; users may also disable SSL 2.0 completely or apply a patch.
http://www.techworld.com/security/news/index.cfm?NewsID=4565

VULNERABILITIES & EXPLOITS
Title: Security hole in multiple AV products evades notice
Source: SearchSecurity
Date Written: 2005-10-12
Date Collected: 2005-10-13
Attackers could exploit a flaw in multiple antivirus products to create archives with malicious files without being detected, Security Tracker and a researcher from SecuBox Labs have announced in advisories. Affected vendors include Kaspersky Lab, BitDefender, McAfee, Sophos, Symantec, eTrust Iris and Vet, ClamAV, and Panda Software. The malicious code is undetected until it is extracted from a rar archive file. Winzip or BitZipper do not these sorts of malicious files, but Winrar and PowerZip will open and extract them. The SecuLabs advisory states that several antivirus companies have already fixed the problem.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1133328,00.html

VULNERABILITIES & EXPLOITS
Title: Windows exploit already doing the rounds
Source: Techworld
Date Written: 2005-10-13
Date Collected: 2005-10-13
An exploit for the Windows 2000 patch issued by Microsoft on October 11, 2005 has already been published by security firm Immunity Security. The exploit release has raised fears of an attack like that of the Zotob worm in August 2005. The vulnerabilities are in Microsoft Distributed Transaction Coordinator (MSDTC) and COM+, which were reported in Microsoft's bulletin MS05-051. Also affected are later versions of Windows, but only relatively minor attacks can result with them. Symantec has sent an alert to customers of its DeepSight Threat Management System in response, warning that a worm outbreak could be immanent.
http://www.techworld.com/security/news/index.cfm?NewsID=4576

Troubleshooting Firefox
http://software.newsforge.com/article.pl?sid=05/09/15/2043254&from=rss
So, you became excited and made a raft of changes to Firefox in one fell swoop? You can't remember what all those tweaks involved, but you've already noticed some feature or function that's not working the way it should. The fault probably does lie with something you did, but occasionally that's not true. Let's discuss a couple of very common, not-your-fault problems you might stumble across, and what you can do about them.

How to keep instant messaging off the record http://internet.newsforge.com/article.pl?sid=05/10/07/1521221&from=rss
Sometimes encryption isn't enough to keep your conversations private. With standard encryption, it's theoretically possible for someone to steal your secret encryption keys and decipher the conversation. For conversations that need to be kept confidential, the Off-the-Record (OTR) plugin for Gaim saves the day. It leaves no trace of a conversation ever having taken place.

"Broadcom Wireless chip (Airport Extreme) Linux Driver"
Sembra che abbiano scritto con successo un driver linux per l’Airport Extreme, la scheda wireless dei portatili iBook di nuova generazione, che si basa sul chip Broadcom, per il quale non sono mai state rilasciate le specifiche.
http://www.ziobudda.net/Admin/redir_news.php?id=24540

"Intervista a Pier Luigi Fiorini"
Pier Luigi Fiorini e' il responsabile dello sviluppo di Mockup. Mockup e' un progetto Open Source che cerca di creare un moderno sistema operativo adatto ai desktop. E' basato su linux kernel 2.6, supporta POSIX threading e molto altro.
http://www.ziobudda.net/Admin/redir_news.php?id=24534

"Microsoft si 'adegua' all'Open Source?"
Alcuni sintomi del movimento Open Source si stanno già sentendo in casa Microsoft, ecco come si adegua la Software House di Redmond...
http://www.ziobudda.net/Admin/redir_news.php?id=24550

"Easy Ubuntu 2.3"
Easy Ubuntu è una piccola utility che permette di installare semplicemente alcune applicazioni che mancano nella distribuzione umana come driver ATI e Nvidia, aMule, aMSN, java, flash ed altro ancora.
http://www.ziobudda.net/Admin/redir_news.php?id=24548

ICANN on center stage
ICANN and the U.S. government reach center stage next month in Tunisia, as the future of IP address assignments and U.S. control of the root DNS on the Internet turns into a hotbed of debate.
http://www.securityfocus.com/columnists/362

ADVISORIES: OCTOBER 13, 2005
Today's security advisories: ruby1.8 and hylafax (Debian GNU/Linux); and abiword (Ubuntu Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,1yk7,1,7ben,btjr,85jl,7pty

THE LINUX KILLER APPLICATION (BETA 2?)
"The basic proposition: if there's a proven GUI tool, it's silly not to use it..."
http://nl.internet.com/ct.html?rtr=on&s=1,1ykb,1,mexb,fi5u,85jl,7pty

Hacking Your Car: How to Get Clean Audio and Video Signals into Your Car In the living room, red, white, and yellow RCA jacks are the universal standard for input. Wouldn't it be nice if car manufacturers did the same and put these jacks in your car? Damien Stolarz thinks so, and shows you how to hack your ride to get a clean audio and video signal into your car.
http://digitalmedia.oreilly.com/2005/10/05/audio-video-hack-for-your-car.html

VULNERABILITIES & EXPLOITS
Title: More Microsoft holes pending
Source: Sydney Morning Herald
Date Written: 2005-10-14
Date Collected: 2005-10-14
While Microsoft has released nine patches for October 2005, eEye Digital Security has released an advisory noting the large number of critical holes it has found in Microsoft products that have not yet been addressed. eEye informed Microsoft March 29, 2005 (197 days old) of flaws affecting default installations of Internet Explorer and Outlook that could let an attacker execute malicious code. eEye also informed Microsoft of another flaw in Explorer and Outlook that has gone unpatched for 160 days, and a third for 107. eEye says RealNetworks and Macromedia also have "serious" flaws that have gone unpatched for nearly 107 days. eEye has a policy of informing companies of flaws and waiting for a patch before releasing details to the public. Public disclosure of flaws has been a hotly debated issue in the software industry, leading major developers to create the Organization for Internet Safety to promote rational disclosure standards.
http://www.smh.com.au/news/breaking/more-microsoft-holes-pending/2005/10/14/1128796681908.html

VULNERABILITIES & EXPLOITS
Title: Symantec fixes 'critical' Veritas flaw
Source: SearchSecurity
Date Written: 2005-10-13
Date Collected: 2005-10-14
Symantec has released a patch for a flaw in its Veritas NetBackup software that could allow an attack to execute malicious code. The flaw is a format string error in the bpjava-msvc Java authentication service and would give an attacker root privileges. The French Security Incident Response Team (FrSIRT) rates the vulnerability as 'critical'. Symantec recommends that all users apply the upgrade immediately and block access on TCP port 13722. TippingPoint, a division of 3Com, discovered the flaw.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1133737,00.html

RSA to test new Web authentication service http://newsvac.newsforge.com/article.pl?sid=05/10/14/1624224&from=rss
Looking for a way to get its security gadgets into the hands of average consumers, RSA Security plans to test a new Web authentication service.

WifiScanner 1.0.0 Linux Wireless Tool Released http://newsvac.newsforge.com/article.pl?sid=05/10/14/1526228&from=rss
LogError writes "After a couple of years of development, Linux based wireless tool WifiScanner got its 1.0.0 release."

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Inside) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT) (Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)