Saturday, October 25, 2003

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  The Lowdown on Downloads (washingtonpost.com). washingtonpost.com - More than five years after people got their first easy way to download music off the Internet, they're finally getting a reasonable opportunity to pay for it.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Linux 2.6.0-test9 Released
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
3.  Vulnerabilities: SCO OpenServer Insecure Temporary File Vulnerabilities. SCO has released an advisory for OpenServer 5.0.5 which addresses multiple instances of scripts creating temporary files insecurely.

The following files are updated by...

11:29:57 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  C# 2.0 Spec Released

10:29:38 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  New car smell, in a bottle. That sexy "new car smell"? In Cadillacs, it's enhanced by a distilled industrial perfume called "Nuance." The auto maker uses it to liberally coat the insides of fresh-off-the-assembly-line cars, as sensory stimulant for prospective buyers. From the New York Times:
"You pay the extra money for leather, you don't want it to smell like lighter fluid," said James T. Embach, G.M.'s manager for advanced features. "You want it to smell like a Gucci bag." ... The new-car smell need not stop at leather, however. "We believe there is growth potential in people wanting to be in this big burly S.U.V. with rich walnut and they want it to smell like wood," said Jeff Rose, senior vice president at Collins & Aikman.
Anyone want to place odds on how long before we see Nuance (or an eau de car knockoff -- perhaps Chanel No. 92 Unleaded) hits retail shelves? No telling what trouble a dab behind the ear might get you into. Link (thanks, Clive)
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Panther Released into the Wild

9:29:17 PM    

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  As Silicon Valley Reboots, the Geeks Take Charge. Most of the companies that survived the crash, and the start-ups that have risen since, are run by people with deep technical skills. By Steve Lohr.
2.  How to Make Your Telecommute Work. Working from home is the future, and I am among its staunchest advocates. I not only report on this trend, I live it. By Lisa Belkin.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Amazon's Book Search Hits a Snag
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
4.  Amazon moves back into profit. Online retailer Amazon reports a quarterly profit for the first time outside of the key Christmas sales period.
5.  E-mail scam targets online bank. Halifax has become the latest target for an e-mail scam tricking customers into giving away confidential bank details.
----------------------------------------------------------------------
InfoWorld: Top News
----------------------------------------------------------------------
6.  U.S. Senate approves antispam bill. WASHINGTON -- The U.S. Senate Wednesday passed a bill regulating unsolicited commercial e-mail and allowing fines as large as $3 million for some types of illegal spam.
7.  Office 2003 power comes at a cost. Office 2003's advances will come at what could be a steep cost, as increased reliance on other Microsoft products threatens to hike licensing costs.

ADVERTISEMENT:

Never Lose Email! Storactive LiveServ for Exchange - Storactive LiveServýs continuous, zero-loss backup eliminates Exchange data vulnerabilities and ensures rapid recovery of individual emails on up to entire data stores. Enables full recovery of data up to the moment a loss occurred. Get free info!

8:28:59 PM    

----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
1.  Vulnerabilities: HP Management Software Web Agents Unspecified Unauthorized Access Vulnerability. Various HP Management Software released for the Microsoft Windows operating system include web agents that allow users to manage their systems.

HP has announced that a ...
2.  Vulnerabilities: Oracle Database Server OracleO Binary Local Buffer Overflow Vulnerability. Oracle is a commercial database product, which is available for a number of platforms including Microsoft Windows and Unix and Linux variants.

Oracle Database Server 'or...
3.  Vulnerabilities: Oracle Database Server Oracle Binary Local Buffer Overflow Vulnerability. Oracle is a commercial database product, which is available for a number of platforms including Microsoft Windows and Unix and Linux variants.

Oracle Database Server 'or...

7:28:38 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  LG CD-ROMs Destroyed by Mandrake 9.2
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
2.  Vulnerabilities: SANE Insecure Temporary File Creation Vulnerability. SANE (Scanner Access Now Easy) is a scanner application programming interface. It will run on most Unix and Linux variants and is often front-ended by the xSANE graphical...

6:28:19 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Zaurus SL-6000 Prototype Revealed
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
2.  Vulnerabilities: Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities. Web Wiz Forums has been reported prone to cross-site scripting attacks when processing requests to various .asp files.

The problem occurs due to insufficient sanitizatio...
3.  Vulnerabilities: SANE SANE_NET_INIT Unauthorized Access Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

A vulnerability has ...
4.  Vulnerabilities: SANE Internal Wire Memory Disclosure Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

SANE is prone to a v...
5.  Vulnerabilities: SANE Strings Memory Allocation Denial Of Service Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

SANE is prone to a m...
6.  Vulnerabilities: SANE Remote Dubug Enabled Connection Dropping Denial of Service Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

It has been reported...
7.  Vulnerabilities: SANE Daemon Connected User Memory Consumption Denial Of Service Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

A problem has been d...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
8.  Microsoft Internet Explorer Lets Remote Users Execute Arbitrary Files in the Local Zone Using a Specially Crafted IFRAME/Location Header

5:27:58 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  'Black Box' Readings Help Convict Montreal Driver

4:27:38 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Citi's CEO's SSN sky-written over NYC. The Foundation for Taxpayer & Consumer Rights paid a skywriter to etch part of the social security number of Citigroups CEO in the sky over Manhattan, to protest Citi's lobbying against new consumer privacy legislation.

"Citigroup has gotten off pretty easy for advertising that it protects peoples' privacy, when in fact it has been not only sharing information among its many affiliates, but also spending $4.6 million lobbying in the first half of this year on this bill," Court said. "Their customers have to know that all those ATM fees they're paying are going to work against them. Citigroup has to face the fact that if they keep this up ... there's a good chance that one day they may face a boycott."

Link
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  fMRI + Marketing = Consumer Control?
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
3.  Vulnerabilities: DansGuardian Denied URL Cross-Site Scripting Vulnerability. DansGuardian is a content filtering software package. It is available for Unix, Linux, and Microsoft operating systems.

A problem has been reported in the handling of s...

3:27:30 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Microsoft Virtual PC 2004 Removes Linux Support
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
2.  Vulnerabilities: Mah-Jong Client/Server Remote sscanf() Buffer Overflow Vulnerability. mah-jong is a network enabled computer game available for multiple Unix platforms.

A remote buffer overflow vulnerability has been reported to affect the mah-jong game s...

2:27:11 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Progress for French street portrait shooters.

This fellow uses a digital camera, and carries a color printer around his neck. He'll take your souvenir portrait digitally, and print the results within five minutes. What, no Photoshop?

Link ( thanks, Jean-Luc)

2.  Web Zen double-header: Celebrity.

(1) defacer
(2) stacey as britney
(3) fishyspoon
(4) impersonators
(5) b list
(6) celine dreams
(7) more than hucknall

web zen home, web zen store, (Thanks, Frank).
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  The 'Perfect Space Storm' Of 1859
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
4.  Vulnerabilities: My Photo Gallery Unspecified Vulnerability. My Photo Gallery is a web-based image gallery application written in Perl.

An unspecified security vulnerability has been reported by the My Photo Gallery vendor; implic...
5.  Vulnerabilities: My Photo Gallery Unspecified Vulnerability. My Photo Gallery is a web-based image gallery application written in Perl.

An unspecified security vulnerability has been reported by the My Photo Gallery vendor. Due to...
6.  Vulnerabilities: Multiple Microsoft Internet Explorer Script Execution Vulnerabilities. Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented diffi...
7.  Vulnerabilities: PGPDisk Switched User Unauthorized Access Weakness. PGPDisk is a PGP integrated application that allows users to create encrypted disk partitions. PGPDisk is available for Microsoft Windows and MacOS.

PGPDisk has been re...
8.  Vulnerabilities: Microsoft Internet Explorer Scrollbar-Base-Color Partial Denial Of Service Vulnerability. A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow an attacker to cause a partial denial of service condition in the software. The ...
9.  Vulnerabilities: Sun Management Center Error Message Information Disclosure Vulnerability. Sun Management Center is a web-based system management interface for Sun Solaris. It is maintained and distributed by Sun.

A problem in the handling of error messages h...

1:26:49 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  American Idol for Russian prisoners. Prize: freedom. In a grotesque, totally po-mo spin on reality talent shows like "American Idol," Russian prison officials organized a contest in which prisoners sing their way out of jail. Six convicts pleased judges enough to win pardons. Link
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  South Korean Internet firm submits restructuring plan (AFP). AFP - South Korea's embattled broadband operator Thrunet Co. said it has submitted a restructuring plan aimed at selling off a controlling stake.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Californian Court Fines Spammers $2 Million
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
4.  Microsoft Q1 profits up. Corporate revenues under pressure
5.  Carphone Warehouse warned over SMS spam. No consent

12:26:28 PM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  Supply chain's growing pains. Both the term "supply chain management" and the discipline it describes have evolved considerably over the past two decades.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Gadget Aims to Protect Knees on Airplanes (AP). AP - Every cramped air traveler may have the right to lean his seat back, but Ira Goldman sees airplane justice from another perspective — that of the person behind — and he's found a way to even the score.
3.  Amazon Launches Powerful Digital Database (AP). AP - Giving people a powerful new tool for locating books on its Web site, Amazon.com has built a digital database that lets users search for words and phrases in a text, not just the title or author.
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
4.  Vulnerabilities: Sendmail Prescan() Variant Remote Buffer Overrun Vulnerability. Sendmail is prone to a buffer overrun vulnerability in the prescan() function. This issue is different than the vulnerability described in BID 7230. The issue exists in...
5.  Vulnerabilities: PSCS VPOP3 Email Server WebAdmin Cross-Site Scripting Vulnerability. PSCS VPOP3 Email Server is an e-mail server and gateway.

A cross-site scripting vulnerability has been reported to exist in PSCS VPOP3.

The problem has been reported to...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
6.  Secure Linux company acquired
7.  Satellites help slash Karachi car thefts, kidnaps
8.  Apple's 'Panther' set to prowl
9.  Intel motherboard locked in secrecy
10.  Law proposed for security audits
11.  DDoS Attacks Victimize Popular Weblogs
12.  Son of MSBlast on the way?
13.  Code Thieves Strike Again
14.  Solar burst could scramble phones, power lines
15.  Jumping Flea worm lifted to high risk alert
16.  December brings hackers to Malaysia
17.  Techfocus: Ask 'Helpful Hacker' Adrian Lamo a Question!

11:26:08 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Progeny Ports Red Hat's Anaconda To Debian
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
2.  Vulnerabilities: Microsoft Exchange Server Buffer Overflow Vulnerability. Microsoft has announced that Exchange Server is affected by a remotely exploitable buffer overflow condition. The overflow can be triggered remotely by unauthenticated ...

10:25:49 AM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  GPS-tagged jpegs: location-indexed phonecam pics. Boingboing reader Modesty writes:
So you take a moblogged photo, upload it to your MobileType blog, a bit of script finds the GPS Lat/Long/Alt co-ords in it and then links it to a mapping system, so you can see where the photo was taken. I think this is really great. I've already given up sorting all my photos, I just use a timeline system to find them. Now you could search them by location as well (get me all the photos I took downtown last month). On the other hand, when this starts to become standard on all GPS phones (and there's really no reason why it shouldn't), it better be a feature you get to opt-in to. Otherwise, there'll be an awful lot of people walking around taking photos with out realising each one has such detail tagged in the headers.
Link (via Oblomovka)
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Hardware Makers Unhappy With Tablet Sales

9:25:28 AM    


8:25:09 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Internet address corporation ICANN to hold meeting in Tunisia next week (AFP). AFP - ICANN, the Internet address authority, is to hold a major congress in the Tunisian capital next week to discuss issues such as online confidentiality and assigning Internet addresses.
2.  EU Works to Avoid U.S. Pitfalls in Microsoft Case (Reuters). Reuters - The European Commission is trying to avoid the same pitfalls that tripped up the United States in its Microsoft case where business practices judged illegal three years ago linger.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Germany Publishes Windows to Linux Migration Guide
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
4.  Apple unleashes its Panther OS X. Apple launches the latest version of its operating system, offering what it says is improved navigation.
5.  California wins anti-spam case. A California court fines a marketing firm $2m for sending out unsolicited e-mails telling people how to spam.

7:24:49 AM    

----------------------------------------------------------------------
Wired News
----------------------------------------------------------------------
1.  The Last Day of the Concorde. A technological marvel it may have been, but at $9,000 for a trans-Atlantic flight, the Concorde was too expensive for all but the most extravagant traveler. On Friday, the distinctive delta-winged jet made its final commercial flight.
2.  California Chalks Up a Spam Win. The Golden State wins its first antispam judgment, against marketing firm PW Marketing. The company is fined $2 million under a 1998 statute; the state expects spammers will be easier to prosecute under its tougher new law.
3.  ID Cards Aim to Speed Security. Writer and publisher Steven Brill launches a company that will issue identity cards to speed people through security checkpoints at airports, office buildings and sports arenas. The cards, although voluntary, raise privacy concerns.
4.  Google Raring to Go Public. Google is auditioning dozens of banks for an initial public offering, possibly in the first half of 2004. Some say the company is aiming for a market value of $16 billion, putting the search engine in league with Yahoo and Amazon.com.
5.  DirecTV Takes No Prisoners. DirecTV has been waging a war on piracy that makes the record labels look nonchalant. Lucas Graves interviews the company's enforcement chief, Larry Rissler. From Wired magazine.
6.  Tech Addicts Need Textual Healing. Can't stay off your cell phone, even on a date? Inordinately fond of text messaging? You might have an addiction. Then again, you might not. By Elizabeth Biddlecombe.
7.  Yo, Mr. CEO, Get Our Point Now?. A privacy group wants banks to know that they shouldn't be allowed to pass customer information around so easily. So they made their point above New York City by having a skywriter paint a bank CEO's Social Security number in the sky. By Kim Zetter.

6:24:28 AM    

----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
1.  Platform video games evolve. At what point do platform games become an entirely different game, asks Daniel Etherington of BBCi Collective.

5:24:09 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Personal Submarine for 845k

4:23:48 AM    

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  New Luxury-Car Specifications: Styling. Performance. Aroma.. Automakers are recasting cars so that the things that potential buyers smell, hear and touch are a result of engineering rather than chance. By Danny Hakim.

3:23:38 AM    

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  Leaping Forward Online, With Amazon as Her Guide. Peggy Yu is the co-founder of Dangdang.com, China's biggest online bookseller. She is also obsessed with the successes and failures of Amazon.com. By David W. Chen.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Linux Gets a Reality Check (PC World). PC World - Open-source OS isn't a miracle cure, conference attendees told.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Paterson's Worms Solved by Number-Crunching
4.  Judge Examines Microsoft Settlement Progress
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
5.  Scam targets NatWest customers. NatWest customers become the latest target for an e-mail scam which tricks customers into revealing their bank details.
6.  California wins anti-spam case. A California court fines a marketing firm $2m for sending out unsolicited e-mails telling people how to spam.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
7.  Law proposed for security audits - Infoworld Staff

2:23:08 AM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  PHP insult gen. This handy app generates polysyllabic slurs, so you don't have to:
* May 98 flaming SWBell technical support snuggle with a sharp stick while standing on your unusually small bottle of maple syrup.
* May one million homeless late night talk show hosts puke up Count Chocula after smelling milkshakes using only vaseline and your decaying popcorn.
* May 50 billion quadriplegic door to door salesmen implode Planter's Cheeseballs using only your Swedish fonics monkey.
* May a crowd of nuclear people named "dr. delicious" discover the secret of lard over your Swedish platypus.
* May a gross of fleshy jaywalkers ask "What chu talking about, Willis?!" to testicles, tinkering with your unusually small pontoon boat.
* May 32 Swahilli unix system administrators whip killer bees while performing a drive-by-shooting on your tv dinner.
* May three trillion free-balling members of Menudo swallow flaming crayons after genetically cloning your nose hair.

link (Thanks, Sean!)
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Panther Server: 'Open source made easy' (MacCentral). MacCentral - When Apple Computer Inc. ships Panther Server on Friday, IT professionals can expect to see over 150 new features and enhancements made to the server software -- and those are not the same new features found in the client edition of Panther. The overwhelming theme to this major operating system update is integration using open source and open standards.
3.  Google Plans IPO in Bid to Keep Market Standing (washingtonpost.com). washingtonpost.com - Google, the Internet search service so popular that its name has become a verb, is planning an initial public stock offering that would raise billions of dollars as it seeks to retain its dominant market position, according to investors and others familiar with its plans.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
4.  W32.Wintoo.B.Worm

1:22:48 AM    

----------------------------------------------------------------------
InfoWorld: Top News
----------------------------------------------------------------------
1.  Law proposed for security audits - Infoworld Staff. WASHINGTON -- New legislation being drafted in the U.S. House of Representatives, which could be introduced as early as next week, would require all publicly traded companies to conduct independent computer security assessments and report the results yearly in their annual reports.

ADVERTISEMENT:

See Enterprise Business Intelligence in Action - See how business intelligence can be used to solve real business problems with this live demo from Information Builders
----------------------------------------------------------------------
InfoWorld: Security
----------------------------------------------------------------------
2.  Security in CEO spotlight - Infoworld Staff. Execs extol improvements despite Web services challenge

ADVERTISEMENT:

Get strong 128-bit SSL security for your online business - To secure your servers with 128-bit SSL encryption, download a copy of the free VeriSign Guide, "Securing Your Web site for Business." You'll learn everything you need to know about encrypting e-commerce transactions, securing corporate intranets, and authenticating your Web site.
3.  Law proposed for security audits - Infoworld Staff. Public companies would report results yearly
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
4.  BKDR_BARVIN1.A
5.  Amazon Launches Book Search Feature

12:20:49 AM    

© Copyright 2004 Gregg Doherty .
Last update: 2/10/2004; 8:45:34 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Gregg's Security News Aggregator" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.