BETA 2, RITARDI IN VISTA
Indiscrezioni affermano che la prossima beta di Windows Vista, attesa fra meno di un mese, slittera' all'inizio del prossimo anno. Intanto si avvi cina il debutto della prima beta di Office 12, di cui Microsoft fornisce i requisiti minimi
URL: http://punto-informatico.it/pi.asp?i=56180

TRE CEROTTONI PER I PLAYER REAL
Le vulnerabilita' minacciano la sicurezza di chi usa i player software de
ll'azienda. Real invita ad applicare subito le patch. Microsoft avvisa in
vece gli utenti dei buchi di Flash Player 7
URL: http://punto-informatico.it/pi.asp?i=56185

PRIMO TROJAN BUCA-GDI?
Trend Micro indaga su un trojan che sembra sfruttare una recente vulnerab
ilita' di Windows per mandare in crash Explorer e altre applicazioni che
utilizzano i metafile grafici di Microsoft. Patch gia' distribuita
URL: http://punto-informatico.it/pi.asp?i=56177

VOIP LIBERO PER DAVVERO?
Il protocollo ENUM permette a rete e telefono di integrarsi, facendo si'
che un pc connesso ad internet sia raggiungibile anche tramite un numero
telefonico. La sperimentazione e' vicina ma con quali garanzie per gli ut
enti?
URL: http://punto-informatico.it/pi.asp?i=56176

CCNP Self-Study: Understanding and Configuring Multilayer Switching
This chapter provides you with details, architecture, and methods of mult
ilayer switching on Catalyst switches. An understanding of multilayer swi
tching is necessary for network designers, administrators, and operators
for deployment and troubleshooting purposes.
http://www.informit.com/articles/article.asp?p=425816

Linux Scheduling and Kernel Synchronization
The Linux kernel is a multitasking kernel, which means that many processe
s can run as if they were the only process on the system. The way in whic
h an operating system chooses which process at a given time has access to
a system’s CPU(s) is controlled by a scheduler. This chapter covers th
e Linux scheduler, preemption in Linux, and the Linux system clock and ti
mers.
http://www.informit.com/articles/article.asp?p=414983

Windows Live Response for Collecting and Analyzing Forensically Sound Evi
dence
Sometimes your victim cannot afford to remove the system or the only evid
ence of the incident may currently be in memory. Either way, a standard f
orensic duplication is impossible. This chapter will address a technique
for collecting and analyzing forensically sound evidence from what is kno
wn as the Live Incident Response Process.
http://www.informit.com/articles/article.asp?p=417509

Sudo
Vendor: sudo.ws
A vulnerability was reported in Sudo. A local user with permission to ru
n a perl script can execute arbitrary perl code.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Nov/1015192.html

in.named
Vendor: Sun
A vulnerability was reported in Sun Solaris in the name service daemon.
A remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015191.html

RealOne (RealPlayer)
Vendor: RealNetworks
Several vulnerabilities were reported in RealPlayer/RealOne Player. A re
mote user can cause arbitrary code to be executed on the target user's sy
stem.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015185.html

Mambo Site Server
Vendor: Mamboserver.com
A vulnerability was reported in Mambo. A remote user can download files
in certain cases.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Nov/1015176.html

Windows Kernel
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows in the Graphics Renderi
ng Engine. A remote user can execute arbitrary code on the target system
. A remote user can also cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015168.html

Asterisk
Vendor: Linux Support Services, Inc.
A vulnerability was reported in Asterisk in the Web-Voicemail feature. A
remote authenticated user can access voicemail messages of other users.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Nov/1015164.html

F-Secure Internet Gatekeeper
Vendor: F-Secure
A vulnerability was reported in F-Secure Internet Gatekeeper. A local use
r can obtain root privileges.
Impact: Root access via local system
Alert: http://securitytracker.com/alerts/2005/Nov/1015160.html

F-Secure Anti-Virus
Vendor: F-Secure
A vulnerability was reported in F-Secure Anti-Virus Linux Gateway. A loc
al user can obtain root privileges.
Impact: Root access via local system
Alert: http://securitytracker.com/alerts/2005/Nov/1015159.html

ICMP Interceptor 2 2.0
ICMP Interceptor 2 is a 32 bit software tool designed for the Windows 95/
98 and NT platforms that intercepts and monitors inbound ICMP packets, al
lowing potential problems to be identified and averted before they impact
operations.
http://www.astalavista.com/index.php?section=directory&linkid=5503

SwitchSniffer v0.8.1
SwitchSniffer is a program that can scan computers alive and can pull, co
llect all packets and can route them without other users' recognition on
the LAN. It can also detect arpspoofer program running on the network and
block sessions like firewall. If you run this program and any sniffer pr
ogram, you can even get and see all user ids/passwords on the switch netw
ork.
http://www.astalavista.com/index.php?section=directory&linkid=5518

CAMELOID
CAMELOID is a composite suite of P2P communication applications used to t
alk with a high level of security to other people. It consists of secure
video, voice, and instant messenger applications.
http://www.astalavista.com/index.php?section=directory&linkid=5522

Steganalysis Using Higher-Order Image Statistics
Techniques for information hiding (steganography) are becoming increasing
ly more sophisticated and widespread. With high-resolution digital images
as carriers, detecting hidden messages is also becoming considerably mor
e difficult. We describe a universal approach to steganalysis for detecti
ng the presence of hidden messages embedded within digital images. We sho
w that, within multi-scale, multi-orientation image decompositions (e.g.,
wavelets), first- and higher-order magnitude and phase statistics are re
latively consistent across a broad range of images, but are disturbed by
the presence of embedded hidden messages. We show the efficacy of our app
roach on a large collection of images, and on eight different steganograp
hic embedding algorithms.
http://www.astalavista.com/index.php?section=directory&linkid=5529

TrueCrypt: Open-Source Disk Encryption Software
TrueCrypt is on-the-fly disk encryption software that can create a virtua
l encrypted disk within a file and mount it as a real disk. It can also e
ncrypt an entire hard disk partition, or a storage device such as USB mem
ory stick. The product also supports plausible deniability.
http://www.truecrypt.org/

Are You Infected by Sony-BMG's Rootkit?
As we've mentioned before, Sony-BMG has been using copy-protection techno
logy called XCP in its recent CDs. You insert your CD into your Windows P
C, click "agree" in the pop up window, and the CD automatically installs
software that uses rootkit techniques to cloak itself from you. Sony-BMG
has released a "patch" that supposedly "uncloaks" the XCP software, but i
t creates new problems. But how do you know whether you've been infected?
It turns out Sony-BMG has deployed XCP on a number of titles, in variety
of musical genres, on several of its wholly-owned labels.
http://www.eff.org/deeplinks/archives/004144.php

RSA-640 Factored
RSA numbers are composite numbers having exactly two prime factors (i.e.,
so-called semiprimes) that have been listed in the Factoring Challenge o
f RSA Security®.
http://mathworld.wolfram.com/news/2005-11-08/rsa-640/

Eyeballing Spy Satellites
Satellites are the most pervasive espionage technology worldwide -- runni
ng neck and neck now with the Internet -- and every satellite spies despi
te claims for commercial, scientific and otheer benign use. None are free
of intelligence monitoring and exploitation, in the long tradition of sp
ies exploiting communications technology, from mail to telephones to the
Web. All the satellite image production firms are closely tied to and reg
ulated by their host governments. And none are used purely for non-govern
mental purposes. As a recent example, Google's foray into the field of sa
tellite entertainment offers opportunity to track usage as effectively as
does its search engine. Google's Internet siphons, data-mining and searc
h-server farms are military grade, comparable to those at the National Se
curity Agency. Links among the two and the global Internet infrastructure
deserves suspicion and critical examination exemplified by Daniel Brandt
's Google Watch.
http://cryptome.org/satspy/satspy-eyeball.htm

Installing a Linux-2.6.14+initrd on Sarge
http://newsvac.newsforge.com/article.pl?sid=05/11/12/041259&from=rss
Until recently I used the default 2.6.8 kernel included into Sarge. When
I tryed to install a vanilla 2.6.14 kernel I faced the "no devfs" problem
. It's not that I forgot to turn on "devfs": "devfs" in not part of the L
inux kernel anymore. The "udev" subsystem replace "devfs" and it's easy t
o install it into Sarge.

"Disponibile Mandriva 2006 per tutti"
Dopo il rilascio ai soli "membri del club" di qualche settimana fa, ora M
andriva 2006 è disponibile liberamente per tutti.
http://www.ziobudda.net/Admin/redir_news.php?id=24997

L'ESPERANTO PUO' CAMBIARE L'INFORMATICA?
Punto Informatico ne parla con il presidente dell'Accademia della Crusca,
portatore di una proposta che provoca sia gli informatici che gli espera
ntisti. Optare per una lingua comune significa capirsi meglio e accelerar
e lo sviluppo
URL: http://punto-informatico.it/pi.asp?i=56207

IL DRM SONY BMG VIOLA L'OPEN SOURCE?
Sebbene sia appena stato ritirato dall'azienda, il software finito nel tu
rbine delle polemiche continua ad essere analizzato: utilizzerebbe in mod
o illegale porzioni di un celebre encoder open source
URL: http://punto-informatico.it/pi.asp?i=5620

VOIP? CONVENIENTE MA MOLTO INSICURO
Uno studio di settore sul panorama VoIP in Europa mette in luce le opinio
ni dei grandi operatori telefonici continentali: la telefonia via Interne
t conviene, ma e' troppo insicura a causa di virus e cracker
URL: http://punto-informatico.it/pi.asp?i=56220

Sony's legal issues
Sony is in the spotlight over the rootkit they distribute on some of thei
r music CDs, and it bring up interesting legal issues relating to EULAs a
nd enforcement by the FTC.
http://www.securityfocus.com/columnists/369

Using Software RAID-1 with FreeBSD
Disk space is cheap, and putting multiple disks in a computer is relative
ly cheap. Taking advantage of redundant disks to protect against hardware
failure is invaluable. Though some RAID solutions require special hardwa
re, FreeBSD 5.0 and later support software RAID. Dru Lavigne shows how to
configure and enable disk mirroring.
http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html

Sysinternals RootkitRevealer 1.56
RootkitRevealer is an advanced patent-pending root kit detection utility.
It runs on Windows NT 4 and higher and its output lists Registry and fil
e system API discrepancies that may indicate the presence of a user-mode
or kernel-mode rootkit. RootkitRevealer successfully detects all persiste
nt rootkits published at www.rootkit.com, including AFX, Vanquish and Hac
kerDefender (note: RootkitRevealer is not intended to detect rootkits lik
e Fu that don't attempt to hide their files or registry keys). If you use
it to identify the presence of a rootkit please let us know! The reason
that there is no longer a command-line version is that malware authors ha
ve started targetting RootkitRevealer's scan by using its executable name
. We've therefore updated RootkitRevealer to execute its scan from a rand
omly named copy of itself that runs as a Windows service. This type of ex
ecution is not conducive to a command-line interface. Note that you can u
se command-line options to execute an aut
omatic scan with results logged to a file, which is the equivalent of the
command-line version's behavior.
http://www.astalavista.com/index.php?section=directory&linkid=5532

ADVISORIES: NOVEMBER 13, 2005
This weekend's security advisories: acidlab (Debian GNU/Linux) and lynx (
Mandriva Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,212e,1,aw7y,a5l8,85jl,7pty

ANNOUNCING KDE 3.5 RELEASE CANDIDATE
"KDE 3.5 is about to be finished, so we prepared a first release candidat
e..."
http://nl.internet.com/ct.html?rtr=on&s=1,212g,1,luv5,jgqd,85jl,7pty

WHY EVERY WINDOWS USER NEEDS A LINUX LIVE CD
"You could probably fix the Windows problem if you had an hour or two, bu
t right now you just need to get what you want off of the computer. What
do you do? Linux to the rescue..."
http://nl.internet.com/ct.html?rtr=on&s=1,212g,1,j2he,iwjy,85jl,7pty

THIN CLIENT SERVER REVITALIZES OLD PCS
"Frankfurt-based 2X Software Ltd. has released a new thin-client software
suite that aims to simplify thin-client deployment and give new life to
old PCs..."
http://nl.internet.com/ct.html?rtr=on&s=1,212g,1,crpl,8fcy,85jl,7pty

LINUS TORVALDS: LINUX 2.6.15-RC1
"It's hard to go through in any great detail, because even the shortlog i
s actually almost five thousand lines and about 200kB in size..."
http://nl.internet.com/ct.html?rtr=on&s=1,212g,1,6z3d,1564,85jl,7pty

DEBIAN-INSTALLER ETCH BETA 1
The Debian Installer team is proud to announce the first beta release of
the installer for Debian GNU/Linux Etch.
http://nl.internet.com/ct.html?rtr=on&s=1,212g,1,4i2p,3dxy,85jl,7pty

-STABLE: LINUX 2.6.14.2
"We (the -stable team) are announcing the release of the 2.6.14.2 kernel.
.."
http://nl.internet.com/ct.html?rtr=on&s=1,212g,1,k6mu,9rbr,85jl,7pty

REPLACING FTP AND TELNET IN CROSS-PLATFORM NETWORKS
This document is intended for IT professionals who need to secure FTP, Te
lnet and other system administration connections in heterogeneous environ
ments.
http://www.net-security.org/news.php?id=9390

CREATING AND USING A SELF SIGNED SSL CERTIFICATES IN DEBIAN
This document covers a very specific, limited purpose, but one that meets
a common need: preventing browser, mail, and other clients from complain
ing about the certificates installed on your server.
http://www.net-security.org/news.php?id=9391

MICROSOFT'S FREE WEB-BASED VIRUS SCANNER SENDS DATA BACK TO MICROSOFT
By default the virus scanner transmits information about the PC and its a
pplications to Microsoft.
http://www.net-security.org/news.php?id=9400

SYMBIAN ANTI-VIRUS BUNDLED WITH SYMBIAN TROJAN
SymbOS/Doomboot.G is a new variant of Doomboot family.
http://www.net-security.org/news.php?id=9418

LINUX WORM OVERRATED
The latest and greatest Linux worm isn't the most elegant or fastest spre
ading worm, or even one that's difficult to stop, but it still offers a w
arning for Web developers and administrators everywhere.
http://www.net-security.org/news.php?id=9433

CRAM SESSION 5: WINDOWS FIREWALL
This session get all of the details you need about Windows Firewall, star
ting with the basics of turning it on, to creating profiles for inside an
d outside the office to setting up remote administration.
http://www.net-security.org/news.php?id=9443

CYBERCRIME-HACKING
Title: Hackers use Sony anti-copy software to hide in PCs
Source: C-Net (Reuters)
Date Written: 2005-11-11
Date Collected: 2005-11-14
The first virus to use Sony's CD copy-protection software to invade PCs h
as been identified by anti-virus firm Sophos. An attachment in an email c
ontains the Stinx-E trojan virus, which, when clicked on, installs malwar
e, which could give hackers access to the machine. The malware hides itse
lf using the Sony hidden software installed when a Sony copy-protected mu
sic CD is played on the machine. In addition, Symantec discovered a troja
n that uses a security flaw in the Sony software.
http://www.ciol.com/content/news/2005/105111104.asp

MALWARE
Title: Trend backs down on MS Trojan claim
Source: Techworld
Date Written: 2005-11-14
Date Collected: 2005-11-14
Trend Micro's claim that it discovered a Trojan, called Troj_emfsploit.A
that had the ability to cause Microsoft Explorer to crash, has been retra
cted. Microsoft had patched the critically-rated flaws just before Trend
Micro came out with its initial findings, and the announcement sparked fe
ars of a zero day exploit. The trojan actually can only cause a GUI crash
in Windows XP systems prior to the Service Pack 1 (SP1) update of 2002".
No instances have been reported.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4781

TECHNOLOGY
Title: New mobile Linux group launches
Source: IDGnet
Date Written: 2005-11-14
Date Collected: 2005-11-14
The Linux Phone Standards Forum (LiPS) convened November 14, 2005 in an e
ffort to create standards aimed at fostering the use of Linux on mobile d
evices. The LiPS Forum plans to create application programming interfaces
that will allow developers to build applications that will interoperate
across Linux handsets made by all manufacturers, as well as working with
the Open Mobile Terminal Platform group to ensure that applications desig
ned for Linux handsets will also work with those used on phones that run
other operating systems. The first LiPS devices are projected to be avail
able in 2007.
http://www.infoworld.com/article/05/11/14/HNmobilelinuxgroup_1.html

CLI Magic: netcat
http://software.newsforge.com/article.pl?sid=05/11/07/182253&from=rss
The response to my recent sysadmin toolbox article has been overwhelming.
By far, readers' number one suggestion was to replace Telnet with netcat
. Here then is an introduction to netcat for Linux
users who may not be familiar with the "TCP/IP Swiss Army knife."

"La virtualizzazione nelle nuove cpu di Intel"
L'integrazione della Virtualization Technology forniranno alle aziende un
miglioramento della gestione e della sicurezza.
http://www.ziobudda.net/Admin/redir_news.php?id=25019

"LINUXDAY 2005: intervista a Stefano Canepa, organizzatore ILS"
Stefano Canepa messo "sotto torchio" sul prossimo Linux Day e su ILS, lo
storico gruppo italiano.
http://www.ziobudda.net/Admin/redir_news.php?id=25013

"[OT] Spyware su CD Sony-BMG tutta la storia"
Ecco tutta la storia e come si è arrivati alla scoperta dei rootkit che
vengono installati da alcuni CD della Sony-BMG
http://www.ziobudda.net/Admin/redir_news.php?id=25059

"Wireless LAN: La guida definitiva alla Normativa"
Nel mare delle normative italiane e dei decreti, controdecreti e delibere
, una guida agile e veloce alla normativa per la realizzazione e l'autori
zzazione delle reti WiFi.
http://www.ziobudda.net/Admin/redir_news.php?id=25058

"Rootkit,la nuova ondata di malware invisibile è arrivata!"
In seguito alla comparsa della famiglia di backdoor-Trojan horse BREPLIBO
T, il cui codice sfrutta il rootkit Sony Digital Rights Management, è s
orta una grande discussione in merito ai rootkit e al tipo di minaccia ch
e essi rappresentano. Pubblichiamo a questo proposito un interessante Whi
te Paper.
http://www.ziobudda.net/Admin/redir_news.php?id=25055

"La prima console di gioco Open Source"
GP2x rappresenta il massimo per un utente Linux, appassionato al gioco, u
n vero gioiellino marchiato dal Pinguino...
http://www.ziobudda.net/Admin/redir_news.php?id=25050

"MD5 compromesso"
E' stato reso pubblico l'algoritmo per creare delle collisioni nella funz
ione di hashing di md5.
http://www.ziobudda.net/Admin/redir_news.php?id=25047

P2P, INDUSTRIA SCATENATA IN TUTTO IL MONDO
IFPI annuncia una nuova raffica di denunce in Europa, Asia e, per la prim
a volta, anche America Latina. Con migliaia di processi i fonografici spe
rano di fermare l'onda travolgente del peer-to-peer. Colpiti anche utenti
italiani
URL: http://punto-informatico.it/pi.asp?i=56240

DA OSDL UN DATABASE PER I BREVETTI OPEN
Pronte le info su centinaia di brevetti liberamente utilizzabili dagli sv
iluppatori open source. Una mossa con cui OSDL intende ridurre i rischi c
onnessi a brevetti e licenze
URL: http://punto-informatico.it/pi.asp?i=56260

SICUREZZA A RISCHIO PER LE RETI IPSEC
Alcuni ricercatori finlandesi hanno scoperto alcune serie debolezze in un
o dei protocolli di sicurezza utilizzati nelle virtual private network e
in altri tipi di rete aziendali. Numerosi i prodotti a rischio
URL: http://punto-informatico.it/pi.asp?i=56239

DRM, IL CALVARIO SONY BMG NON E' FINITO
Gli informatici accusano: nuovi passi falsi per l'azienda. Si parla di me
zzo milione di reti infettate. Chi utilizza la patch che Sony BMG consigl
ia per togliere il rootkit - accusano - consegna il suo sistema ai cracke
r
URL: http://punto-informatico.it/pi.asp?i=56290

WINDOWS SARA' DISTRIBUITO GRATIS?
Questa una delle tante ipotesi dei ricercatori Microsoft che lavorano su
un modello di distribuzione adware dei software dell'azienda. Un business
che potrebbe fare da complemento al software live
URL: http://punto-informatico.it/pi.asp?i=56282

Forte aumento dei virus per cellulari
Sono passati ormai 18 mesi dalla prima infezione di virus su un cellulare
, e in così poco tempo i virus conosciuti sono diventati più di 100(1
02 secondo i dati della F-Secure). Dalla fatidica data in cui fu segnalat
o il Cabir, primo virus in grado di infettare gli smartphone, l'evoluzion
e è stata molto veloce il numero di virus, malware, e trojan per smartp
hone è in costante aumento.
http://www.alground.com/news/news.php?page=421

ADVISORIES: NOVEMBER 14, 2005
Today's security advisories: abiword and uim (Debian GNU/Linux); and lynx
(Fedora Core).
http://nl.internet.com/ct.html?rtr=on&s=1,2193,1,99mi,78gt,85jl,7pty

ADVISORIES: NOVEMBER 15, 2005
Today's secuirty advisories: linux-ftpd-ss and phpsysinfo (Debian GNU/Lin
ux); gdk-pixbuf and gtk2 (Fedora Core); xchat, rp-pppoe, and bzip2 (Fedor
a Legacy); Scorched 3D (Gentoo Linux); and gdk-pixbuf and gtk2 (Red Hat L
inux).
http://nl.internet.com/ct.html?rtr=on&s=1,21dk,1,l4s1,39j0,85jl,7pty

IS SONY IN VIOLATION OF THE LGPL?
"I'm sure you've already heard about the Sony rootkit that was first reve
aled by Mark Russinovich of Sysinternals..."
http://nl.internet.com/ct.html?rtr=on&s=1,2193,1,2vmm,hp5f,85jl,7pty

ENHANCING KERNEL SECURITY WITH GRSECURITY
"The sleepless folks with the grsecurity project have developed an easy-t
o-use set of security enhancements to help put your fears to rest..."
http://nl.internet.com/ct.html?rtr=on&s=1,21dk,1,jr8,ikx5,85jl,7pty

THE DAEMON, THE GNU AND THE PENGUIN--CH. 21
"The daemon image, what Kirk McKusick calls the 'beastie,' dates from 197
6..."
http://nl.internet.com/ct.html?rtr=on&s=1,2195,1,amyz,97xd,85jl,7pty

FREE SOFTWARE MAGAZINE: PRAISE FOR PYTHON
"As I was preparing my fourth article in the 'Towards a free matter econo
my' series... I realized I'm continuing to flog the Python language.
http://nl.internet.com/ct.html?rtr=on&s=1,2195,1,e2pa,bx5i,85jl,7pty

MAKE YOUR FILES IMMUTABLE WHICH EVEN ROOT CAN'T DELETE
"Here is a cool tip on how you can make files on your system immutable...
"
http://nl.internet.com/ct.html?rtr=on&s=1,2195,1,1xxa,j18b,85jl,7pty

An Introduction to Tiger Terminal, Part 5
In Part 5, Mary Norbury-Glaser looks at how Tiger Mac OS X runs regularly
scheduled commands and scripts to execute recurring jobs, like system ma
intenance and backups. She compares the "old" way, using the Unix tool ca
lled cron (for chronological), with the new Tiger method of using the lau
nchd daemon.
http://www.macdevcenter.com/pub/a/mac/2005/11/15/terminal5.html

What Is Prefactoring
You've probably heard of Refactoring (the process of restructuring code w
ithout changing its external behavior), but what is Prefactoring? Ken Pug
h provides the answer, then covers some of the guidelines to prefactoring
in the areas of Extreme Abstraction, Extreme Separation, and Extreme Rea
dability. Ken is the author of Prefactoring.
http://www.oreillynet.com/pub/a/network/2005/11/15/what-is-prefactoring.h
tml

MALWARE
Title: Vendors warn of new Sober variants
Source: NetworkWorld
Date Written: 2005-11-15
Date Collected: 2005-11-16
Kaspersky Lab and Symantec have announced they have identified variants o
f the mass-mailing Sober worm. The worm is spreading through spam contain
ing messages with infected attachments. The attachment names identified s
o far are: Exceltab-packed_list.exe; Liste.zip; Reg-List-Dat_Packer2.exe;
reg_text.zip; Word-Text.zip; Word-Text_packedList.exe; and Word-Text_pac
kedList.zip, and can be activated only when clicked on by the user.
http://www.networkworld.com/news/2005/111505-sober-worm.html?fsrc=netfl
ash-rss

VULNERABILITIES & EXPLOITS
Title: Hole found in widely used VPN gear
Source: NetworkWorld
Date Written: 2005-11-15
Date Collected: 2005-11-16
VPN products from several vendors, including Cisco and Juniper, are vulne
rable to denial-of-service attacks due to a flaw recently published by th
e SANS Institute. The bug “affects a component of the IPSec proto
col used by VPN software and hardware to securely exchange data over the
Internet".
http://www.networkworld.com/news/2005/111505-vpn-hole.html?fsrc=netflas
h-rss

Building a Simple Affiliate System in PHP/MySQL
This article walks you through the steps of creating and setting up a bas
ic affiliate system.
http://www.devshed.com/c/a/MySQL/Building-a-Simple-Affiliate-System-in-PH
PMySQL/

Secure File Deletion in Delphi
Simply deleting a file doesn't truly make the file impossible to recover,
but this code will.
http://www.devarticles.com/c/a/Delphi-Kylix/Secure-File-Deletion-in-Delph
i/

"Sony rootkit: non c'è fine al peggio"
Di male in peggio: prima Sony ha distribuito i cd audio dotati del contes
tato rootkit, quindi si è scoperto che era a rischio la sicurezza degli
utenti, poi si è distribuito un tool di disinstallazione, ora si scopr
e che il tool crea un ulteriore rischio.
http://www.ziobudda.net/Admin/redir_news.php?id=25082

"Aggiornati i link sul TCPA"
Sono stati aggiornati alcuni link sull'argomento TCPA: dopo il volantino
distribuito in italiano, è comparso un'editoriale su "peacelink" e nuov
i forum di discussione dedicati all'argomento.
http://www.ziobudda.net/Admin/redir_news.php?id=25068

"Come funziona il PageRank, pt1"
La formula del PageRank, come viene calcolato, su cosa incide, quanto è
importante.
http://www.ziobudda.net/Admin/redir_news.php?id=25112

"Freerock GNOME 2.12.1"
Rilasciata la nuova versione di Freerock Gnome (FRG), pacchettizzazione d
el desktop environment per Slackware.
http://www.ziobudda.net/Admin/redir_news.php?id=25106

"Rilasciato Firefox 1.5 RC 3"
Questa mattina mi sono imbattuto in un paio di blog quando ho scoperto ch
e è stato rilasciato Firefox 1.5 RC 3. Buon download a tutti!
http://www.ziobudda.net/Admin/redir_news.php?id=25092

OFFICE 12, VIA AL BETA TESTING
Microsoft ha distribuito a migliaia di tester la prima versione beta dell
a suite che promette di rivoluzionare il modo in cui gli utenti utilizzan
o le applicazioni per l'ufficio. Sul mercato tra circa un anno
URL: http://punto-informatico.it/pi.asp?i=56301

SUN REGALA UN TOOL DI SVILUPPO
A disposizione dei developer un ambiente per la realizzazione di applicaz
ioni per Solaris e Linux che supporta sia i processori UltraSPARC che que
lli x86
URL: http://punto-informatico.it/pi.asp?i=56321

IBM SFOGGIA UN DATABASE ALLE VITAMINE
Preparandosi al rilascio della prima versione beta del suo nuovo dabatase
, Big Blue snocciola alcune delle nuove caratteristiche di DB2: tra quest
e, il supporto ai dati XML
URL: http://punto-informatico.it/pi.asp?i=56326

DRM SU TUTTI I CELLULARI, CI SIAMO
Sempre piu' vicino il DRM universale di Open Mobile Alliance per smartpho
ne e lettori portatili. Entro il 2006 gli operatori telefonici rivenderan
no contenuti digitali blindati di ogni genere
URL: http://punto-informatico.it/pi.asp?i=56304

ROOTKIT, UN'ONDATA DI MALWARE INVISIBILE?
Ne parla David Sancho, uno degli esperti dei laboratori di Trend Micro ch
e ha lavorato sul caso del DRM diffuso da Sony BMG e finito agli onori de
lle cronache. Breve excursus sui rootkit, sulla loro origine e sul loro u
tilizzo
URL: http://punto-informatico.it/pi.asp?i=56299

Yahoo fissa le nuove regole per gli adware
Insieme ad un gruppo di big company di Internet, Yahoo ha deciso di cance
llare la crisi di identità che fino ad oggi ha contrassegnato la pubbli
cità online. Tutti sappiamo che la pubblicità è l'anima del commerc
io, ma l'esigenza di fornire ai naviganti contenuti pubblicitari mirati,
ha finito per generare negli anni una proliferazione incontrollata di tec
niche adware che sempre più si avvicinano a quelle degli spyware.
http://www.alground.com/news/news.php?page=422

** ROOTKIT, LA NUOVA ONDATA DI MALWARE INVISIBILE **
Recentemente è sorta una grande discussione in merito ai rootkit e al t
ipo di minaccia che essi rappresentano. Questo articolo intende fornire u
na spiegazione di base sui rootkit e sulle modalità con cui questa tecn
ologia può essere sfruttata dagli autori di malware per infiltrarsi all
'interno dei computer in maniera estremamente difficile da rilevare e neu
tralizzare.
http://www.zeusnews.it/news.php?cod=4438

** UN "RICETTARIO" PER LINUX **
Il prontuario dedicato a chi vuole imparare Linux senza stress.
>> di Matteo Campofiorito
http://www.zeusnews.it/news.php?cod=4410

Configuring Windows Server 2003 to act as a NAT router
Author: Brien M. Posey
Summary: More years ago than I care to think about, IP addresses were han
ded out to companies on an indiscriminant basis. As the popularity of the
Internet increased, IP addresses soon grew to be a scarce commodity. Int
ernet service providers began to strictly limit the number of IP addresse
s that they would lease to companies. This presented an interesting chall
enge. A PC has to have an IP address in order to communicate with the Int
ernet, but there weren’t enough IP addresses left for every PC to be gi
ven one. The solution to this problem was a technology called Network Add
ress Translation (NAT). Today, NAT is alive and well, and more popular th
an ever. In this article, I will explain what NAT is and how you can conf
igure Windows Server 2003 to act as a NAT router.
Link: http://www.WindowsNetworking.com/articles_tutorials/Configuring-Win
dows-Server-2003-act-NAT-router.html

Use Free Microsoft Tools to Protect your Computers
Author: Deb Shinder
Summary: As part of their trusted computing initiative, Microsoft has tak
en a lead in offering free security tools that you can download and use t
o help assess the security of your computers and protect your systems aga
inst viruses, spyware, and attacks. In this article, we’ll take a look
at some of the utilities they’ve made available.
Link: http://www.WindowSecurity.com/articles/Use-Free-Microsoft-Tools-Pro
tect-your-Computers.html

Windows rootkits in 2005, part two
This three-part article series looks at Windows rootkits indepth. Part tw
o focuses on the latest cutting edge rootkit technologies that are used t
o hide malicious code from security scanners.
http://www.securityfocus.com/infocus/1851

ADVISORIES, NOVEMBER 16, 2005
Today's security advisories: Sylpheed, Sylpheed-Claws, GTK+2, and GdkPixb
uf (Gentoo Linux); egroupware (Mandriva Linux); gtk2 and gdk-pixbuf (SUSE
Linux); and gtk+2.0 and gdk-pixbuf (Ubuntu Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,21hv,1,3fm2,8j9d,85jl,7pty

ADVISORIES: NOVEMBER 17, 2005
Today's security advisories: phpgroupware and egroupware (Debian GNU/Linu
x); and php (Mandriva Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,21m2,1,4c20,aqtj,85jl,7pty

OPEN SOURCE RENDERS PATCHING A PROBLEM
"The spread of open source Web sites makes it incredibly difficult to mon
itor security..."
http://nl.internet.com/ct.html?rtr=on&s=1,21m2,1,4usi,28rs,85jl,7pty

LINUX VIRTUAL ADDRESS RANDOMIZATION AND IMPACTING BUFFER OVERFLOWS
"Buffer overflows have been a bane for nearly every operating system and
for all programming languages not explicitly designated as 'type-safe' (s
uch as C)..."
http://nl.internet.com/ct.html?rtr=on&s=1,21m2,1,50r8,l620,85jl,7pty

OPEN SOURCE DEVELOPERS BAG BUGS FASTER, SURVEY SAYS
"Open source software (OSS) developers find and fix software bugs quickly
, according to new analyst research released this week..."
http://nl.internet.com/ct.html?rtr=on&s=1,21m2,1,hvko,krbk,85jl,7pty

SONY'S CD ROOTKIT INFRINGES DVD JON'S COPYRIGHT
"Sony's rootkit-style DRM software, XCP, designed to prevent copyright in
fringement, looks like it's breaching the terms of a copyright agreement
itself...
http://nl.internet.com/ct.html?rtr=on&s=1,21m2,1,jmrx,2ys8,85jl,7pty

WHY AND WHEN OPEN SOURCE PRODUCTS BEST MICROSOFT [PARTS 1 & 2]
"There are good reasons for using open source software, and I've learned
those reasons through 15 years of experience with more traditional, comme
rcial or closed source applications..."
http://nl.internet.com/ct.html?rtr=on&s=1,21ht,1,j349,1xo5,85jl,7pty

HOWTO DO LINUX KERNEL DEVELOPMENT--TAKE 2
"Here's an updated version of the 'HOTO do Linux kernel development' docu
ment that I've been working on..."
http://nl.internet.com/ct.html?rtr=on&s=1,21ht,1,4no3,h5pk,85jl,7pty

VULNERABILITIES & EXPLOITS
Title: Macromedia Patch Trifecta Plugs Security Holes
Source: EWeek.com
Date Written: 2005-11-16
Date Collected: 2005-11-17
On November 16, 2005, Macromedia Inc. released patches for Macromedia Fla
sh Media Server, the Macromedia Breeze Communication Server/Live Server a
nd the Macromedia Contribute Publishing Server. The Macromedia Flash Medi
a Server bug, which affects versions 1.0 through 1.5, causes crashes or i
nstability because the server does not sufficiently validate some RTMP da
ta. The Macromedia Breeze Communication Server/Live Server, part of Macro
media's Web conferencing and communications suite, has a denial-of-servic
e hole in versions 4.x through 5.x. The vulnerability in the Macromedia C
ontribute Publishing Server, affecting versions prior to 1.11, can allow
hackers to access sensitive information due to a "weak encryption algorit
hm being used to encrypt user password in connection keys that use shared
FTP login credentials." The flaws are rated "moderately critical" by sec
urity alerts aggregator Secunia Inc.
http://www.eweek.com/article2/0,1759,1888189,00.asp?kc=EWRSS03119TX1K00
00594

VULNERABILITIES & EXPLOITS
Title: Microsoft Confirms Windows Flaw, Exploit
Source: EWeek.com
Date Written: 2005-11-17
Date Collected: 2005-11-17
Microsoft has confirmed a denial-of-service flaw in its RPC (Remote Proce
dure Call) protocol implementation and warned that a working exploit is p
ublicly available. The bug affects Windows 2000 Service Pack 4 and Window
s XP Service Pack 1 operating systems; Windows XP Service Pack 2 and Wind
ows Server 2003 (with SP1) are unaffected. On Windows XP Service Pack 1,
exploitation requires valid logon credentials. Microsoft claims the vulne
rability cannot be exploited remotely by anonymous users but says an affe
cted component is available remotely to users. Some security experts clai
m that the bug is of a wider scope than Microsoft acknowledges. Any flaw
in Microsoft's implementation of RPC is bound to "raise eyebrows." The RP
C protocol was exploited in the widespread Blaster worm in 2003.
http://www.eweek.com/article2/0,1759,1888551,00.asp?kc=EWRSS03119TX1K00
00594

MALWARE
Title: AIM attack the work of Middle East hackers
Source: Techworld
Date Written: 2005-11-18
Date Collected: 2005-11-18
Facetime Security Labs has raised its threat assessment of the W32/Sdbot-
ADD worm, after discovering that it installs a rootkit linked to hackers
in the Middle East. The lockx.exe rootkit allows the attackers to install
additional malware to steal personal information and to assemble compute
rs into a botnet for distributed denial of service attacks. Sdbot spreads
over AIM (America Online Instant Messenger), attempts to shut down virus
scanners, opens a backdoor on IRC, and carries an SMTP (simple mail tran
sfer protocol) engine.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4823

CIVIL & CONSUMER ISSUES
Title: Real Story of the Rogue Rootkit
Source: Wired News
Date Written: 2005-11-17
Date Collected: 2005-11-18
Commentary by Bruce Schneier. Independent security researcher Mark Russin
ovich discovered that some Sony BMG CDs contain a rootkit that will damag
e Windows if a user discovers and tries to remove it. Sony, however, has
not apologized for installing a rootkit without users' knowledge, nor for
using it to collect information from computers, but released a patch tha
t would decloak the rootkit without removing it. The rootkit also uses op
en source code in violation of copyright. Sony is facing a number of clas
s action lawsuits. However, the major importance of the story is the coll
usion between big media companies and security companies. Anti-spyware sc
anners failed to detect the rootkit even as it sent information to a Sony
website. Further, once the rootkit became news, most security companies
only slowly releases a signature to detect it, but not necessarily code t
o remove it. Symantec has only slowly issued a signature, calling to Sony
rootkit a legitimate software. The autho
r contends that if the major security companies failed to notice a rootki
t that has been in the wild since 2004, it is a sign of incompetence or a
lack of ethics. Security companies must work for computer users, which t
hey cannot do if they protect big media companies when they release malic
ious code.
http://www.wired.com/news/privacy/0,1848,69601,00.html

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Inside) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT)
(Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)