LinuxDay2005 al CapitanLUG: un resoconto di The Jackal - CapitanLUG Scrivo queste poche righe di chiusura della nostra terza giornata di prom ozione del Software Libero mentre rimbomba ancora nella Rete la notizia, pubblicata oggi finanche sul prestigioso quotidiano elettronico NewsForge , dello strepitoso successo che anche quest'anno il LinuxDay ha avuto in tutta Italia. Noi del CapitanLUG (Capitanata Linux User Group) non possia mo che essere felici e fieri dei risultati ottenuti non soltanto a livell o nazionale, quanto e soprattutto nel nostro “piccolo” ambito territo riale...
http://www.tuxjournal.net/capitanlug.html

"X server per windows"
Per l'amministrazione o per eseguire programmi remoti su macchine Linux X può risultare molto utile, a patto che si abbia un server e un client con sistema operativo Linux. Che bisogna fare se si vuole ottenere lo ste sso risultato su un client Windows?
http://www.ziobudda.net/Admin/redir_news.php?id=25300

"RebelCode"
Si è da poco formato un gruppo di programmatori in python, i RebelCoder
s. Stiamo già cominciando a progettare e creare software rigorosamente
in python, rilasciandolo poi sotto licenza GPL, quindi OpenSource.
http://www.ziobudda.net/Admin/redir_news.php?id=25298

"Mandriva presenta il desktop portatile!"
Mandriva e LaCie hanno realizzato una versione di USB hard drive con prei
nstallata una versione modificata di Mandriva Linux, in modo da funzionar
e come unità di boot da USB, o da Cd nel caso che non sia possibile far
e il boot direttamente da USB.
http://www.ziobudda.net/Admin/redir_news.php?id=25292

"Galeon 2.0 finalmente disponibile!"
Dopo oltre 3 anni dalla release 1.3.x ecco la versione 2.0. Tra le varie
novità, la sua compatibilità con Firefox 1.0.x/1.5 (oltre al "solito"
Mozilla ovviamente).
http://www.ziobudda.net/Admin/redir_news.php?id=25290

"Italian Linux Day 2005: un successo schiacciante"
Un riassunto dei "risultati" di questo Italian Linux Day 2005..
http://www.ziobudda.net/Admin/redir_news.php?id=25286

P2P E TERRORISMO? UGUALI SONO
Le major alle grandi manovre per strappare al Parlamento Europeo due voti
essenziali, che daranno loro la possibilita' (anche finanziaria) di denu
nciare gli utenti ravanando nei dati raccolti per finalita' anti-terroris
tiche
URL: http://punto-informatico.it/pi.asp?i=56495

DVD DECRYPTER RIP
Macrovision acquisisce tutti i diritti del popolarissimo software per cop
iare DVD protetti e mette al bando la sua diffusione sul web. Scaricarlo
e' un illecito
URL: http://punto-informatico.it/pi.asp?i=56502

IBM FORGIA NUOVI FORMATI ELETTRONICI
Pronti i Workplace Forms, formati elettronici basati su XML che consenton
o alle imprese di personalizzare le modalita' di salvataggio, elaborazion
e e condivisione dei dati
URL: http://punto-informatico.it/pi.asp?i=56478

E' MITGLIEDER IL TROJAN PIU' DIFFUSO
Il cavallo di Troia si sta diffondendo a macchia d'olio, specie in Europa
, tanto che secondo Panda Software sarebbe attualmente il trojan piu' dif
fuso al mondo. Ecco come agisce
URL: http://punto-informatico.it/pi.asp?i=56501

ASSOCIAZIONE A DELINQUERE VIRTUALE?
Questa possibilita' e' in astratto ammessa, in particolare con riferiment
o alla diffusione di immagini pedo-pornografiche. Ma una recente sentenza
del Tribunale di Roma fa discutere. Il commento di G. Costabile
URL: http://punto-informatico.it/pi.asp?i=56483

LINUX GIRERA' SULLA NUOVA XBOX
Questa la promessa degli sviluppatori open source che hanno iniziato a la
vorare sull'ambizioso progetto. Si scontrano con un reticolo di sistemi a
ntimodifica sviluppati da Microsoft che assicura: no pasaran
URL: http://punto-informatico.it/pi.asp?i=56520

UNO TSUNAMI CHIAMATO SOBER.X
L'ultima variante del famoso worm, avvistata per la prima volta circa una
decina di giorni fa, sta rapidamente scalando la classifica dei worm piu
' prolifici dell'anno. E la sua corsa non sembra rallentare
URL: http://punto-informatico.it/pi.asp?i=56523
Also - http://www.networkworld.com/news/2005/112805-sober-worm.html?fsrc=
netflash-rss

SONY BMG, ROOTKIT DI VECCHIA DATA
Saltano fuori i post pubblicati da sviluppatori legati al DRM usato da So
ny e risalenti a diversi anni fa: erano a caccia di sistemi per limitare
le funzionalita' dei CD
URL: http://punto-informatico.it/pi.asp?i=56525

Gestionale Studio Legale: rilasciato eLawOffice.it Beta 0.9.5.2
E' un programma client-server con una alpha in versione Jsp/Servlet, e' f
ree software documentato e supportato, per la gestione di uno studio lega
le privato o statale. Permette di gestire l'anagrafe delle pratiche, clie
nti/controparti, contatti, udiente, creazione atti e lettere da modelli c
on OpenOffice o altri editor, documenti digitalizzati, scadenze in agenda
etc etc.
http://www.eLawOffice.it
http://www.sourceforge.net/projects/elawmanager
http://www.naarani.org

PEDOFILIA: NUOVE STRATEGIE VIA WEB
Enti pubblici usati per veicolare post-mail che pubblicizzano portali a s
fondo pornografico e pedofilo
http://www.studiocelentano.it/newsflash_dett.asp?id=17743

Strong Input Validation
http://www.itvc.net/educational/index.asp?id=46

Setting Up a DHCP Server for your Organization
Author: Brien M. Posey
Summary: One of the most basic processes on a network is that of assignin
g IP addresses to network clients. Although there are many different type
s of DHCP servers that can do the job, you can configure Windows Server 2
003 to act as a DHCP server. In this article, I will show you how.
Link: http://www.WindowsNetworking.com/articles_tutorials/Setting-Up-DHCP
-Server-Organization.html

Protect your Web Servers with SSL
Author: Deb Shinder
Summary: HTTP communications are fine for the average Web server, which j
ust contains informational pages. But if you’re thinking about running
an e-commerce site or other Web services that require secure transactions
, you need to be able to encrypt communications between your Web server a
nd its clients. The most common means is by the use of Secure Sockets Lay
er (SSL), which uses public key cryptography to protect confidential user
information (such as credit card or bank account numbers) that is transm
itted across the Web. In this article, we’ll discuss how SSL works and
show you how to enable it on your Internet Information Services (IIS) Web
servers.
Link: http://www.WindowSecurity.com/articles/Protect-Web-Servers-SSL.html

ITALIAN LINUX DAY 2005: A SMASHING SUCCESS
"Linux and the Free Software movement are slowly but constantly getting c
loser to the general public in Italy..."
http://nl.internet.com/ct.html?rtr=on&s=1,2245,1,knk5,azzc,85jl,7pty

FIRST IMPRESSIONS--FEDORA CORE 5
"The first test release of Fedora Core 5 provides an intriguing glimpse o
f what's coming down the pipe next February..."
http://nl.internet.com/ct.html?rtr=on&s=1,2245,1,idrs,3mrn,85jl,7pty

TCP Tuning and Network Troubleshooting
Information doesn't travel across networks in one big chunk--it goes in l
ittle packets wrapped in packets wrapped in packets. Sure, you know that,
but did you know that a bit of measuriing and a bit of tweaking can impr
ove your networking performance by two orders of magnitude? Brian Tierney
shows how.
http://www.onlamp.com/pub/a/onlamp/2005/11/17/tcp_tuning.html

iptables: The Linux Firewall Administration Program
This chapter covers the iptables firewall administration program used to
build a Netfilter firewall. For those of you who are familiar with or acc
ustomed to the older ipfwadm and ipchains programs used with the IPFW tec
hnology, iptables will look very similar to those programs. However, it i
s much more feature-rich and flexible, and it is very different on subtle
levels.
http://www.informit.com/articles/article.asp?p=421057

Configuring Your Windows XP Mobile Computer To Go On The Road
This chapter explains how to use Windows XP to set your notebook computer
based on the Intel Centrino mobile technology to work with wireless netw
orks. You'll learn about working with the Control Panel; the New Connecti
on Wizard and Network Setup Wizard; the Network Connections window; Netwo
rk Wireless Connections Properties; and Wireless Network Security Setting
s. You'll also find out how to enable a personal firewall and choose an S
SID. In other words: if you need to get your Windows computer ready to go
on the road, this is the place to begin!
http://www.informit.com/articles/article.asp?p=423921

Securing Databases with Cryptography
This chapter discusses how cryptography can fit into your security profil
e. After explaining what cryptography is and providing a general idea of
how it works, we dig into the various types of cryptographic algorithms a
nd see where the strengths and weaknesses of each lie.
http://www.informit.com/articles/article.asp?p=423771

E.T. Print Home: Remote Printing with Windows XP
You'd like to print a document to your remote printer but you can't, beca
use, well, you aren't there! You don't need an expensive machine running
Windows 2003 Server to print documents away from home. Let Kulvir Bhogal
show you how to set up Windows XP as a VPN server and you'll be printing
remotely in no time!
http://www.informit.com/articles/article.asp?p=428701

traceroute
Vendor: Sun
A vulnerability was reported in traceroute on Sun Solaris. A local user m
ay be able to gain elevated privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2005/Nov/1015261.html

Mambo Site Server
Vendor: Mamboserver.com
A vulnerability was reported in Mambo Server. A remote user can execute a
rbitrary code on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015258.html

Cisco PIX Firewall
Vendor: Cisco
A vulnerability was reported in Cisco PIX Firewall. A remote user can cau
se TCP connections to be blocked.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015256.html

IPsec-Tools
Vendor: ipsec-tools.sourceforge.net
A vulnerability was reported in IPsec-Tools. A remote user can cause deni
al of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015254.html

Opera
Vendor: Opera Software
A vulnerability was reported in Opera. A remote user can cause arbitrary
code to be executed on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015253.html

Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer. A remote use
r may be able to cause arbitrary code to be executed on the target user's
system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015251.html

Symantec Firewall/VPN Appliance
Vendor: Symantec
A vulnerability was reported in Symantec Firewall/VPN Appliance. A remote
user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015249.html

Symantec Gateway Security
Vendor: Symantec
A vulnerability was reported in Symantec Gateway Security. A remote user
can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015248.html

Symantec Enterprise Firewall (Raptor)
Vendor: Symantec
A vulnerability was reported in Symantec Enterprise Firewall. A remote us
er can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Nov/1015247.html

Firstlook al nuovo Debian Installer
E' stato ufficialmente annunciato qualche giorno fa, anche se la prima ve
rsione risale ad ottobre, e già se ne parla molto. Stiamo parlando dell
a nuova GUI dell'installer Debian.
http://www.tuxjournal.net/news/00359.html

La Free Software Foundation fissa le date per la nuova GPL
La Free Software Foundation (FSF) e la Software Freedom Law Center hanno
fissato le linee guida e le date per il primo incontro che ha come obiett
ivo quello di discutere una eventuale revisione della General Public Lice
nse (GPL).
http://www.tuxjournal.net/news/00358.html
Also - http://nl.internet.com/ct.html?rtr=on&s=1,22d0,1,37qt,5c9,85jl
,7pty

"Rilasciato php 5.1.1"
Rilasciata la nuova ver di php che corregge alcuni problemi di compatibil
ità introdotti dalla versione 5.1 [il link va al sito php.net]
http://www.ziobudda.net/Admin/redir_news.php?id=25323

"Email più sicure con GnuPG e Thunderbird"
Con le nuove tecnologie spesso ci capita di spedire messaggi di posta ele
ttronica, ovvero e-mail, in questo articolo cercherò di introdurvi alla
criptazione e alla firma delle mail tramite il sistema gnupg, in modo da
poter comunicare con chi vogliamo in un modo più sicuro.
http://www.ziobudda.net/Admin/redir_news.php?id=25320

"g2g, filesharing con gmail"
g2g è un'applicazione che permette di condividere file (opportunamente
etichettati) direttamente dal proprio account di gmail.
http://www.ziobudda.net/Admin/redir_news.php?id=25317

"Applicazioni windows scritte in php"
Winbinder è un applicativo che permette di ricompilare le proprie appli
cazioni php affinchè (opportunamente modificate) funzionino come progra
mmi nativi per windows!
http://www.ziobudda.net/Admin/redir_news.php?id=25316

"ECN. Comunicazione Urgente. Mancano i fondi!"
Isole nella rete ha chiuso per mancanza di fondi. Ecco quello che succede
quando gli utenti vogliono tutto senza dare nulla.
http://www.ziobudda.net/Admin/redir_news.php?id=25305

"Anche Java a rischio sicurezza"
La Java Runtime Environment (JRE) della Sun contiene una serie di pericol
ose falle di sicurezza che potrebbero permettere ad un attacker di esegui
re delle applicazioni sul sistema della vittima.
http://www.ziobudda.net/Admin/redir_news.php?id=25338
Also - http://punto-informatico.it/pi.asp?i=56588
Also - http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4882

"Configurazione di Ubuntu per il desktop parte 3"
Terza parte della guida in italiano per l'installazione e la configurazio
ne di un sistema desktop con Ubuntu Breezy Badger 5.10. In questa puntata
si parla di configurazione della rete, connessione a Internet, configura
zione di Samba, SSH, stampanti e ambienti di sviluppo.
http://www.ziobudda.net/Admin/redir_news.php?id=25332

UN ALTRO DRM DI SONY BMG SI INSTALLA DA SE'
Mentre il procuratore generale di New York accerta che i CD con il rootki
t auto-installante sono ancora sul mercato, un nuovo scandalo travolge un
'altra tecnologia DRM diffusa dall'azienda. Si attiva ad insaputa dell'ut
ente
URL: http://punto-informatico.it/pi.asp?i=56546

FIREFOX 1.5 TUTTO DA SCARICARE
A poco piu' di un anno dal rilascio della versione 1.0, gli utenti di Fir
efox possono finalmente mettere le mani sul primo grande aggiornamento al
famoso browser open source
URL: http://punto-informatico.it/pi.asp?i=56569
Also - http://nl.internet.com/ct.html?rtr=on&s=1,22d0,1,2gl8,l9g3,85j
l,7pty

KDE 3.5, LINUX DESKTOP C'EST MOI
Con il rilascio della nuova major release, il famoso desktop environment
per Linux si proclama il piu' grande, il piu' bello e il piu' maturo. Ecc
o alcune delle novita' piu' succose
URL: http://punto-informatico.it/pi.asp?i=56548
Also - http://nl.internet.com/ct.html?rtr=on&s=1,22d0,1,kbyz,fuge,85j
l,7pty

MUORE UN ALTRO FIREWALL GRATUITO
Symantec compra anche il software di Sygate togliendo di mezzo un altro p
opolare software free che diminuiva lo spazio di mercato dei propri prodo
tti commerciali. Sempre piu' rare le alternative gratuite
URL: http://punto-informatico.it/pi.asp?i=56545

CYBERCRIME PIU' FRUTTUOSO DELLA DROGA
Valerie McNiven, uno dei massimi esperti statunitensi di sicurezza, lanci
a l'allarme sull'e-criminalita': il fatturato del 2004 sarebbe superiore
a quello del narcotraffico. In mezzo, tutto: pedoporno, pirateria, terror
ismo
URL: http://punto-informatico.it/pi.asp?i=56562

NUOVO MEDIKIT PER MAC OS X
Apple ha rilasciato una collezione di fix per il proprio sistema operativ
o che correggono una dozzina di vulnerabilita', alcune piuttosto pericolo
se. Tempo di updating
URL: http://punto-informatico.it/pi.asp?i=56575

Also - http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4891

DUE EXPLOIT MINACCIANO WINDOWS
Negli scorsi giorni e' stato divulgato il codice di due exploit che prend
ono di mira due vulnerabilita' di Windows corrette da Microsoft negli ult
imi due mesi
URL: http://punto-informatico.it/pi.asp?i=56583
Also - http://news.com.com/Attack+code+out+for+critical+Windows+flaw/2100
-7349_3-5974290.html
Also - http://www.security.ithub.com/article/Unpatched+IE+Flaw+Is+Worse+T
han+Expected/166164_1.aspx

BLOCCARE LE INTERCETTAZIONI E' FACILE
Una ricerca pubblicata da un esperto di sicurezza statunitense mette in l
uce alcune falle critiche nei sistemi utilizzati comunemente per intercet
tare le chiamate telefoniche. E ottiene grande risalto sui media
URL: http://punto-informatico.it/pi.asp?i=56577

Regaining control
Securing endpoint systems by locking them down using complex software bri
ngs back memories of another era, where business computers were once used
for business applications only - and businesses retained control over th
eir assets and data.
http://www.securityfocus.com/columnists/372

ADVISORIES: NOVEMBER 29, 2005
Today's security advisories: gtk+2.0 (Debian GNU/Linux); kernel (Fedora C
ore); php (Fedora Legacy); and Inkscape, chmlib, and KchmViewer (Gentoo L
inux).
http://nl.internet.com/ct.html?rtr=on&s=1,22c7,1,el6z,6884,85jl,7pty

DANGER LEVEL RISES FOR PERL APP FLAWS
"A type of security flaw in Perl applications that experts thought could
lead only to a denial-of-service attack is now believed to be much more s
erious..."
http://nl.internet.com/ct.html?rtr=on&s=1,22c7,1,cjup,bz2k,85jl,7pty
Also - http://news.com.com/Danger+level+rises+for+Perl+flaws/2100-1002_3-
5975954.html?part=rss&tag=5975954&subj=news

HOW TO REPAIR A CORRUPT MBR AND BOOT INTO LINUX
"There are times when you inadvertently overwrite your Master Boot Record
. The end result being that you are unable to boot into Linux..."
http://nl.internet.com/ct.html?rtr=on&s=1,228x,1,bu2x,jl34,85jl,7pty

LINUX-VSERVER ON DEBIAN SARGE
"Linux-VServer allows you to create virtual private servers and security
contexts which operate like a normal Linux server, but allow many indepen
dent servers to be run simultaneously in one box at full speed..."
http://nl.internet.com/ct.html?rtr=on&s=1,228x,1,huxh,ma3x,85jl,7pty

OS VIRTUALIZATION: AN INTRODUCTION
"One of the hottest topics in all of IT today is the subject of virtualiz
ation. While it has been around for some time, it has just recently start
ed to garner the attention of the biggest names in tech..."
http://nl.internet.com/ct.html?rtr=on&s=1,228x,1,3o1r,lk0a,85jl,7pty

THE DAEMON, THE GNU AND THE PENGUIN--CH. 22
"Debian Linux, as I stated in Chapter 20, was created by Ian Murdock. He
officially founded the 'Project' on August 16, 1993..."
http://nl.internet.com/ct.html?rtr=on&s=1,228x,1,d3px,9r4l,85jl,7pty

QMAIL TOASTER MAKES MAIL SERVER SETUP EASY
"A mail server is an essential part of any organization's IT infrastructu
re, but installing and maintaining a mail server is not always easy..."
http://nl.internet.com/ct.html?rtr=on&s=1,22d0,1,8gcc,jwf7,85jl,7pty

KDE 3.5: A VISUAL GUIDE TO NEW FEATURES
"A full list can be found in the developer changelog, but for humans here
is a visual guide to some of the best improvements..."
http://nl.internet.com/ct.html?rtr=on&s=1,22d0,1,5j1r,5wgk,85jl,7pty

Studying Network Activity Using the Chaosreader Tool
Author: Don Parker
Summary: I have written quite a bit about investigating network activity
at the packet level. This practice can yield some key information about y
our network. Another tool that can help you discern network activity is a
program called Chaosreader. Read on to find out more about this outstand
ing tool, and its ability to help you.
Link: http://www.WindowSecurity.com/articles/Studying-Network-Activity-Us
ing-Chaosreader-Tool.html

Understanding the SNMP Protocol
Author: Don Parker
Summary: With the advent of computer networks has come the logical need t
o manage them. It is simply not practical to be continually running from
workstation to server back to workstation to verify all is well. Well tha
t is where the Simple Network Management Protocol comes into play.
Link: http://www.WindowsNetworking.com/articles_tutorials/Understanding-S
NMP-Protocol.html

Identifying Essential Windows Services, Part 1
An important part of hardening Windows servers against attack is disablin
g any unnecessary services on your machines. Mitch Tulloch, author of "Wi
ndows Server Hacks," shows you how to identify which services are essenti
al, and which can be turned off.
http://www.windowsdevcenter.com/pub/a/windows/2005/11/29/identifying-esse
ntial-windows-services-1.html

ASP.NET File Uploading
File upload and download are much simpler tasks in ASP.NET than in classi
c ASP, thanks to the extensive .NET Framework class library. While file u
pload in ASP.NET is as easy as retrieving an HTML form value, file downlo
ad is still a bit tricky.
http://www.ondotnet.com/pub/a/dotnet/2002/04/01/asp.html

Sockets in Python: Into the World of Python Network Programming
Learn to take advantage of Python's flexibility by using raw sockets to c
reate network oriented applications.
http://www.devshed.com/c/a/Python/Sockets-in-Python-Into-the-World-of-Pyt
hon-Network-Programming/

First Steps in (C) Programming, continued
If you're a beginning programmer and want to get deeper into programming
with variables, you've come to the right place.
http://www.devarticles.com/c/a/Cplusplus/First-Steps-in-C-Programming-con
tinued/

Don’t Fall Victim to Typosquatting
Learn what typosquatting is, and, more importantly, how to protect yourse
lf from it.
http://webhosting.devshed.com/c/a/Web-Hosting-Articles/Dont-Fall-Victim-t
o-Typosquatting/

Advanced Use of Robots.txt
See information on the importance of the robots.txt in your SEO efforts,
and some of the consequences of not having one.
http://www.seochat.com/c/a/Search-Engine-Optimization-Help/Advanced-Use-o
f-Robotstxt/

SECURE REMOTE FILE MANAGEMENT WITH SSHFS
It's a dangerous Internet out there, kids. If you are going to work on re
motely connected machines, do it safely.
http://www.net-security.org/news.php?id=9533

HOW DOES SPYWARE WORK?
Spyware has multiple vectors to infecting a computer and a network: direc
t downloads, attachments, foistware, adware and Web pages, and more.
http://www.net-security.org/news.php?id=9544

INSTANT MESSAGING THE NEXT SECURITY RISK VECTOR
"Drive-by downloads" still a threat.
http://www.net-security.org/news.php?id=9561

HOW TO LOCK DOWN ENTERPRISE DATA WITH INFRASTRUCTURE SERVICES
This paper outlines the different strategies for encrypting stored data s
o you can make the decision that is best to use in each different situati
on, for each individual field in your data store to be able to practicall
y handle different security and operating requirements.
http://www.net-security.org/article.php?id=873

"Javascript 1.6 su Firefox 1.5"
La nuovissima versione di Javascript ospitata sul browser di casa Mozilla
: ecco le novità.
http://www.ziobudda.net/Admin/redir_news.php?id=25372

"Easy Kubuntu"
Dopo il rilascio della comodissima utility Easy Ubuntu, non poteva mancar
e l’uscita della variante dedicata a chi preferisce affidare il proprio
desktop a KDE [...]
http://www.ziobudda.net/Admin/redir_news.php?id=25364

"eXist Introduzione al database XML nativo OpenSource"
eXist e' un database xml nativo, rilasciato sotto licenza LGPL, e' oggi l
'unico database xml nativo opensource che possa vantare un buon grado di
stabilita' e completezza. Certamente non e' ancora adatto ad ambienti di
produzione, ma l'interesse specialmente oltre oceano comincia a farsi sen
tire.
http://www.ziobudda.net/Admin/redir_news.php?id=25400

"Recensione: Firefox 1.5 e Thunderbird 1.5"
Un articolo che mostra le novità dei due prodotti della Mozilla Foundat
ion.
http://www.ziobudda.net/Admin/redir_news.php?id=25393

"Autopackage: verso un universale package manger per desktop"
Un articolo riguardante i "pregi" di Autopackage.
http://www.ziobudda.net/Admin/redir_news.php?id=25392

"COPYZERO X: MULTIPLE CHOICE LICENCE"
Con Copyzero X, le prime ed uniche licenze modulari concepite appositamen
te per l'ordinamento giuridico italiano, ma valide anche all'estero, si r
inuncia all'esercizio esclusivo di determinati diritti sulle opere digita
li. Nel nuovo numero di DIGIMAG, un magazine elettronico con pubblicazion
e mensile sui temi della cultura elettronica e delle arti digitali, si ce
rca di capire come funzionano queste nuove licenze e in cosa effettivamen
te differiscono dalle Creative Commons.
http://www.ziobudda.net/Admin/redir_news.php?id=25388

"Rilasciati GNOME 2.12.2 e KDE 3.5"
Ieri è stata rilasciata al grande pubblico la nuova versione di GNOME.
Tante sono le novità presenti in questa nuova versione del Window Manag
er per Linux. Non vi resta altro che scaricarlo e installarlo sulla vostr
a Linux box.
http://www.ziobudda.net/Admin/redir_news.php?id=25379
Also - http://nl.internet.com/ct.html?rtr=on&s=1,22fr,1,8s1o,fn9q,85j
l,7pty

"Nuovo algoritmo per la sicurezza del P2P"
Tre giovani ricercatori hanno sviluppato un nuovo algoritmo sicuro per ai
utare tutti content provider, o a chiunque abbia la propria attività su
Internet, a guadagnare soldi attraverso la distribuzione dei loro conten
uti grazie all'uso del P2P (Peer-to-Peer), con il grande vantaggio di evi
tare colli di bottiglia.
http://www.ziobudda.net/Admin/redir_news.php?id=25378

"Apache 2.2 disponibile"
Nuova Major Release ed inizio di un nuovo "ramo stabile". Le nuove caratt
eristiche sono: Smart Filtering, Improved Caching, AJP Proxy, Proxy Load
Balancing, Graceful Shutdown support, Large File Support, the Event MPM,
and refactored Authentication/Authorization. Il link rimanda al Changelog.
http://www.ziobudda.net/Admin/redir_news.php?id=25376

ENUM, PROVE TECNICHE DI SERVIZIO UNIVERSALE
Incontri tra le alte sfere del Ministero delle Comunicazioni e dell'Agcom
per decidere come sperimentare Enum. Ecco come funziona il supernumero.
Gli Isp gia' ci lavorano da mesi. A Punto Informatico ne raccontano prese
nte e futuro
URL: http://punto-informatico.it/pi.asp?i=56631

SI ACCENDONO LE LUCI SULLA NUOVA GPL
Free Software Foundation ha stilato le linee guida e la roadmap dell'immi
nente processo di revisione e aggiornamento della licenza GPL. Aperte le
iscrizioni per chi desidera partecipare attivamente
URL: http://punto-informatico.it/pi.asp?i=56604

IBM, DA SOLARIS A LINUX CON UN KIT
Pronto un kit gratuito di migrazione con cui Big Blue spera di incentivar
e i propri clienti ad abbandonare Solaris ed abbracciare Linux. Sun colpi
ta sotto la cintola?
URL: http://punto-informatico.it/pi.asp?i=56602

SUN FORGIA UNA PIATTAFORMA OPEN SOURCE
Ormai lanciata nel settore, Sun sta tentando di riguadagnare rapidamente
il terreno perduto dando vita ad una completa piattaforma open source imp
erniata su Solaris 10
URL: http://punto-informatico.it/pi.asp?i=56623

Firefox 1.5: ecco i primi problemi
Mozilla Foundation, come tutti sanno, ha rilasciato qualche giorno fa l'a
ttesissima versione di Firefox, la 1.5. Ma subito si sono presentati i pr
imi problemi e gli utenti stanno veramente perdendo la pazienza.
http://www.tuxjournal.net/news/00367.html

Videochiamate gratuite tra PC con Skype
E' stata rilasciata oggi la nuova versione del software Skype con il qual
e diventa ora possibile effettuare videochiamate gratuite tra computer. I
l rilascio era atteso da giorni, soprattutto da quando anche Sony si è
mostrata interessata al VoiP lanciando un paio di settimane fa il suo sof
tware gratuito per videochiamate denominato IVE (Instant Video Everywhere
).
http://www.alground.com/news/news.php?page=428

Windows OneCare Live: la sicurezza targata Microsoft
"Sei stanco di perdere tempo tentando di proteggere e mantenere il tuo co
mputer?...Se la risposta è sì allora Windows OneCare è quello che t
i serve". Questa è la frase di presentazione di OneCare Live, l'ultima
iniziativa pensata da Microsoft per la protezione dei computer dotati di
Microsoft Windows e rilasciata in versione Beta.
http://www.alground.com/news/news.php?page=429

Evading NIDS, revisited
This article looks at some of the most popular IDS evasion attack techniq
ues, based on fragmentation or using the TTL field. Snort's configuration
and response to these attacks will also be discussed.
http://www.securityfocus.com/infocus/1852

ADVISORIES: NOVEMBER 30, 2005
Today's security advisories: centericq (Debian GNU/Linux); and netpbm and
kernel (Mandriva Linux).
http://nl.internet.com/ct.html?rtr=on&s=1,22fo,1,ft1z,az2e,85jl,7pty

ADVISORIES: DECEMBER 1, 2005
Today's security advisories: gdk-pixbuf and horde2 (Debian GNU/Linux); an
d perl (Fedora Core).
http://nl.internet.com/ct.html?rtr=on&s=1,22jq,1,6cjk,lqgr,85jl,7pty

BUILD A HOME TERABYTE BACKUP SYSTEM USING LINUX
"Build a low-cost, terabyte-sized backup server using Linux and back up y
our digital audio files, digital images and digital movie recordings..."
http://nl.internet.com/ct.html?rtr=on&s=1,22fr,1,jwdi,4zle,85jl,7pty

ANNOUNCING FEDORA DIRECTORY SERVER 1.0
"This release marks a significant milestone for the open source community
, who now have access to the code for the console and administration engi
ne as well as the previously open sourced LDAP engine..."
http://nl.internet.com/ct.html?rtr=on&s=1,22fr,1,dxjj,16cn,85jl,7pty

IGNALS AS A LINUX DEBUGGING TOOL
"By focusing on the analysis of data captured using signal handlers, you
can speed up the most time-consuming part of debugging: finding the bug..
."
http://nl.internet.com/ct.html?rtr=on&s=1,22js,1,m9k3,7oon,85jl,7pty

VULNERABILITIES & EXPLOITS
Title: Flaw in Cisco web server code
Source: Techworld
Date Written: 2005-12-01
Date Collected: 2005-12-01
Secunia is warning users of a vulnerability in Cisco's Internetwork Opera
ting System (IOS) that could allow an attacker to gain administrator acce
ss privileges on a Cisco device. The flaw would allow attackers to inject
malicious code into IOS routers through an HTTP server and to view a mem
ory dump from a router. The vulnerability only affects IOS versions 11.0
and up, which ship with an HTTP server as an alternative interface to the
command line. The server is deactivated by default. Cisco is investigati
ng the flaw.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4904

VULNERABILITIES & EXPLOITS
Title: Hackers post code to attack Microsoft
Source: Techworld
Date Written: 2005-11-30
Date Collected: 2005-12-01
French Security Incident Response Team (FrSIRT) has posted a proof-of-con
cept exploit for flaws in Microsoft's Windows Metafile graphics format, u
sed in CAD software. A specially crafted image file can deny service to a
machine by consuming all processor cycles. FrSIRT did not reveal which v
ersions of Windows are vulnerable, except to say that the exploit was tes
ted on Windows 2000 SP4. Microsoft released a patch for the flaw November
8, 2005, but some users might not have applied the patch yet. This is th
e second exploit code released for a Windows flaw within a week, the firs
t being an exploit for the Microsoft Distributed Transaction Coordinator
(MSDTC). Microsoft says it has no reports of these attacks being used in
the wild.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4888

VULNERABILITIES & EXPLOITS
Title: Yet more Microsoft attacks
Source: Techworld
Date Written: 2005-12-02
Date Collected: 2005-12-02
The French Security Incident Response Team (FrSIRT) has found two more ex
ploits for Microsoft flaws, the third and fourth discovered within a week
. The two new exploits target the same flaws as the first two: a problem
in the Windows Metafile graphic format that could crash a computer and an
other in the Microsoft Distributed Transaction Coordinator (MSDTC). The M
SDTC code appears to be an update to earlier exploit code that only worke
d on a specific Russian build of Windows. However, experts at McAfee are
more concerned about the threat posed by a Javascript flaw in Internet Ex
plorer that could allow an attacker to take control of a computer, a flaw
potentially serious enough to push Microsoft to issue a patch outside it
s normal patching schedule.
http://www.techworld.com/security/news/index.cfm?NewsID=4913&Page=1&p
agePos=2

VULNERABILITIES & EXPLOITS
Title: Firefox flaw highlighted
Source: Techworld
Date Written: 2005-12-01
Date Collected: 2005-12-02
Users of Firefox are becoming dissatisfied with its performance as the Mo
zilla Foundation releases version 1.5 of the open source browser. Firefox
gained ground as a popular alternative to Microsoft's Internet Explorer
and its security issues, but has since suffered from a number of bugs. On
e bug causes Mac OS X to use 100% of processor resource when using such a
pplications as Google Maps, or even just holding down the mouse button; t
his causes laptops to overheat and drains the battery. Firefox also fails
the Web Standards Project's Acid2 test for compliance with W3C (World Wi
de Web Consortium) standards, while Apple's Safari and KDE's Konqueror ha
ve recently passed Acid2. Firefox 1.5 introduces some new glitches, such
as a disappearing reload button. Firefox users have also had to deal with
twice as many security flaws as Internet Explorer in the first half of 2
005, according to Symantec.
http://www.techworld.com/security/news/index.cfm?NewsID=4906&Page=1&p
agePos=5

VULNERABILITIES & EXPLOITS
Title: Critical RealPlayer Flaw Flagged
Source: EWeek.com
Date Written: 2005-12-02
Date Collected: 2005-12-02
eEye Digital Security has discovered a 'high risk' flaw in RealNetworks'
RealPlayer that would allow an attacker to execute malicious code with us
er privileges. This is the seconds bug eEye found in RealPlayer in Novemb
er 2005. eEye reported both flaws to RealNetworks, but so far no patches
have been released. Both flaws require attackers to trick users into laun
ching a malicious file.
http://www.eweek.com/article2/0,1895,1895607,00.asp

VULNERABILITIES & EXPLOITS
Title: IE Design Flaw Lets Hacker Crack Google Desktop
Source: EWeek.com
Date Written: 2005-12-02
Date Collected: 2005-12-02
Israeli hacker Matan Gillon has a proof-of-concept exploit for Internet E
xplorer's cross-domain security model using Google Desktop. The hack expl
oits Explorer's improper parsing of cascading stylesheets (CSS) to insert
HTML or a script. If a user visits a malicious site, this exploit would
access another site on a user's behalf. Such attacks allowed Gillon to ac
cess personal information from Google Desktop, but the exploit would work
with any application that depends on the cross-domain security model. Fi
refox is not vulnerable to the exploit, and Opera does not support the CS
S collection. Gillon recommends that users disable Javascript or switch t
o another browser.
http://www.eweek.com/article2/0,1895,1895579,00.asp

VULNERABILITIES & EXPLOITS
Title: Blog Away. RSS Worms Are A Phony Threat
Source: EWeek.com
Date Written: 2005-12-01
Date Collected: 2005-12-02
Commentary by Larry Seltzer. Trend Micro's David Sancho has written a pap
er discussing possible new direction for malware, suggesting the worms wi
ll begin using RSS (Really Simple Syndication) feeds to spread and update
themselves. Currently, RSS readers are unstandardized, making them poor
targets for a worm, but this may change with the release of Internet Expl
orer 7, which will include RSS support. However, Seltzer points out that
RSS is not an infection vector, but at tool for worms to use after they h
ave already infected a machine. While he supports Sancho's suggestion tha
t antivirus should scan HTTP, other antivirus would still spot malware on
ce it hits the file system. Users can also take the simple step of unsubs
cribing from a malicious RSS feed.
http://www.eweek.com/article2/0,1895,1895140,00.asp

MALWARE
Title: Google adds virus scanning to Gmail
Source: Techworld
Date Written: 2005-12-02
Date Collected: 2005-12-02
Google has upgraded its web-based Gmail service to automatically scan all
incoming and outgoing file attachments for viruses. The scanner will als
o attempt to remove malware from attachments so users can access the data
, but will prevent access if removal is unsuccessful. Previously, Google
only protected users by blocking file attachments of formats known to com
monly carry viruses.
http://www.techworld.com/security/news/index.cfm?NewsID=4911&Page=1&p
agePos=4

Wireless Hacks: Long Distance Links
Radio range isn't something "built into" a product, but is in fact the sa
me for all wireless devices: potentially infinite. The hacks in Chapter 6
of Wireless Hacks expose some of the important details you need to keep
in mind, as well as techniques you can use, to make your long distance pr
ojects possible.
http://safari.oreilly.com/0596005598/wirelesshks-CHP-6

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Inside) / (SpiPPolatori Collaborator)
(HackerAlliance Member) / (Socio fondatore del CapitanLUG.iT)
(Daily DisInfo CreaTor & MainTainer) / (Security News MainTainer)