Gregg's Security News Aggregator

Saturday, November 08, 2003

11:37:39 PM

---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
1.	thc_imap_bruter.c

10:37:19 PM

---------------------------------------------------------------------- New York Times: Technology ----------------------------------------------------------------------
1.	Spammers Can Run but They Can't Hide. Thousands of activists, of whom Steve Linford may be the most visible, have mobilized to make the world safe from junk e-mail. By Saul Hansell.
2.	Machine Politics in the Digital Age. Diebold Inc. has stirred controversy because of security issues with its touch-screen voting machines and the political activities of its executives. By Melanie Warner.
3.	Striking Notes of Progress on the World's Tiniest Guitar. Cornell University physicists reported they had used a laser beam to pluck the strings of a tiny silicon guitar just 10 millionths of a meter long. By George Johnson.
4.	Trends Bode Well for Online Shopping. Anthony Noto, an Internet and entertainment analyst at Goldman Sachs, talked last week about his bullish outlook for the online retailing industry. By Kenneth N. Gilpin.
5.	The Web Isn't Always Up-to-the-Minute. The Web Isn't Always. By Compiled by Vivian Marino.
6.	Despite Jobs Spurt, Executives Remain Cautious. Even though economic growth surged in the third quarter, business executives say they are still cautious about expanding their work forces and building factories. By Edmund L. Andrews.
7.	Skiing the Web, No Mittens Required. A few skiing-related Web sites that are worth a look. By Bob Tedeschi.
8.	Boots, Poles and Cellphone. Technology offers a lot of ways to keep in touch on the slopes. By Susan Stellin.
9.	Digital Art's Year-Round Summer Camp. Rather than create a landmark building, Eyebeam, small nonprofit organization for media arts, wants its new home to be built around its mission. By Elizabeth Bard.

9:36:58 PM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	The Worst Jobs in Science
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
2.	Vulnerabilities: Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability. Apache has reported a potential vulnerability in the mod_cgid module when the threaded MPM (Multi-Processing Module) is used. The problem is said to be due to mishandling...

8:36:38 PM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Security Affecting Microsoft's Bottom Line

7:36:18 PM

---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
1.	Re: sql injection in phpbb

6:28:22 PM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Artistic Freedom Vouchers Proposed
---------------------------------------------------------------------- Hack the Planet ----------------------------------------------------------------------
2.	The MSI K1-1000 Opteron server looks remarkably similar to IBM's x325.
3.	The Register: Penn State students revolt against Napster, DRM invasion. A preview of compulsory licensing.
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
4.	BugTraq: Re: sql injection in phpbb. Sender: Marius Kaase [marius at kaase dot net]
5.	Vulnerabilities: Microsoft Internet Explorer Double Slash Cache Zone Bypass Vulnerability. A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. Normally, cached content should be ...

5:16:55 PM

---------------------------------------------------------------------- Boing Boing Blog ----------------------------------------------------------------------
1.	Art for cockroaches. The Viennese arts/science collective Monochrom has put together an exhibit called "Art for Cockroaches." Every month, a different arts group is invited to design an environment in which Monochrom's tribe of giant South American cockroaches are placed, to act as audience for, and aesthetic judges of the work. There's a 24/7 webcam on the little critters, and the next environment (based on Mars-scapes) goes live next week. "The errant because otherwise constantly resting regiment of comedic Punchiorettes of Zecantros" presents "Freedom Or Liver Loaf" // About the work: What may art for cockroaches mean? Do you really have to confront the roaches with themselves? With their blattopterian sociopathies? We like to conceive of art as a means of social intervention: the roaches are confronted with the radical option of eating or going free. A cockroach-gallery solid as a liver-loaf. You can either eat it and savour the moldy serendipity of the golden cage in which you choose to stay, or you can abdicate and escape into the wild freedom of the Electric Avenue. Link
---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
2.	Microsoft Security Flaws Threaten Business (AP). AP - Microsoft Corp.'s offer this week of cash bounties for informants who help it collar virus-writers reflects more than just an escalation of the war on those who would exploit the dominant power in software.
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
3.	The Psychology of Virus Writers
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
4.	Vulnerabilities: Nokia IPSO Unspecified Denial of Service Vulnerability. IP Security Operating System (IPSO) is the security hardware-based OS maintained and developed by Nokia. An unspecified denial of service vulnerability has been discover...
5.	Vulnerabilities: Bugzilla Multiple Vulnerabilities. Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Windows operating systems. Multiple vulnerabili...
---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
6.	Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
7.	sql injection in phpbb

4:16:36 PM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	The Matrix: Resolutions
2.	Rubik's Cube Comeback
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
3.	BugTraq: sql injection in phpbb. Sender: jocanor jocanor [jocanor2002 at hotmail dot com]
4.	Vulnerabilities: Microsoft Internet Explorer Local Resource Reference Vulnerability. Microsoft Internet Explorer is prone to an issue that may allow for unauthorized access to local resources. Internet Explorer version 6 SP1 imposed restrictions to limit...
5.	Vulnerabilities: Microsoft Internet Explorer JavaScript Local File Enumeration Vulnerability. Microsoft Internet Explorer is prone to a vulnerability which may disclose sensitive information to a malicious webmaster. A problem exists in the way that Internet Expl...
6.	Vulnerabilities: Oracle9iAS Portal Component SQL Injection Vulnerability. A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries through a URL. This issue is ...

3:16:16 PM

---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
1.	BugTraq: Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III. Sender: James C dot Slora Jr dot [Jim dot Slora at phra dot com]
2.	BugTraq: Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III. Sender: teemu schaabl [teemu at lynix dot net]
3.	Vulnerabilities: TelCondex SimpleWebserver HTTP Referer Remote Buffer Overflow Vulnerability. TelCondex SimpleWebServer is a Web server designed for use with the Microsoft Windows operating systems. A vulnerability has been reported to exist in the software that ...
4.	Vulnerabilities: X-CD-Roast Local Insecure File Creation Symlink Vulnerability. X-CD-Roast is a freely available CD burning utility available for Linux and Unix based systems. X-CD-Roast has been reported prone to an insecure file creation vulnerabi...
---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
5.	Total Lunar Eclipse Tonight
6.	Total Lunar Eclipse: Second Moon Show of the Year takes place November 8
7.	Total Lunar Eclipse Saturday Should be Colorful
8.	NightSky Friday: Observer's Kit for the Nov. 8 Total Lunar Eclipse
9.	EarthLink to collect more subscriber information
10.	MS offices in Baghdad swamped by people trying to collect the $250k bounty on virus coders

2:15:05 PM

---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
1.	Va. Tech Creates Third-Fastest Computer (AP). AP - A cluster of 1,100 Macintosh PCs stacked like library books in a squat cement building at the outskirts of Virginia Tech's campus � arranged by students in exchange for football tickets and pizza � is about to rank as the world's third-fastest supercomputer, at 10.3 trillion operations per second.
2.	Programs: Wrestling Games Try to Sell the Pain (Reuters). Reuters - Imagine Busta Rhymes bustin' someone up in the wrestling ring, or Carrot Top doing a dialing-for-death move on an opponent, or hefty Anna Nicole Smith holding a couple of melons and crashing them into someone's head.
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
3.	SCO to Take On Hollywood
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
4.	BugTraq: RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III. Sender: Cowperthwaite, Eric [eric dot cowperthwaite at eds dot com]
5.	BugTraq: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12. Sender: [security at sco dot com]
6.	Vulnerabilities: Net-SNMP snmpnetstat Remote Heap Overflow Vulnerability. Net-SNMP is a package of software tools related to the Simple Network Management Protocol. One of the tools included is snmpnetstat, which can be used to retrieve and di...
7.	Vulnerabilities: OpenBSD Local Malformed Binary Execution Denial of Service Vulnerability. iBCS2 (Intel Binary Compatibility Specification 2) is a binary compatibility format designed commonly used by SCO and ISC binaries. ELF is the executable and linkable for...
8.	Vulnerabilities: Clearswift MAILsweeper for SMTP Zip Archive Filtering Bypass Vulnerability. MAILsweeper for SMTP is a commercial application for filtering e-mail content at the gateway level. A vulnerability has been reported to be present in the software that ...

1:14:46 PM

---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
1.	PeopleSoft shareholders sue over rebates (SiliconValley.com). SiliconValley.com - A group of PeopleSoft shareholders has filed a motion in a Delaware court to block the Pleasanton software company from using an aggressive refund offer to customers that could make Oracle's $7.5 billion hostile takeover bid more costly and difficult.
2.	Countries Divided Ahead of Tech Summit (AP). AP - Who controls the Internet and how richer nations should subsidize its growth in poorer countries are central issues dividing planners a month ahead of the first U.N. summit on information technology.
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
3.	Tangible Interfaces for Computers
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
4.	BugTraq: SRT2003-11-06-0710 - IBM DB2 Multiple local security issues. Sender: KF [dotslash at snosoft dot com]
5.	Vulnerabilities: Multiple Vendor S/MIME ASN.1 Parsing Denial of Service Vulnerabilities. Multiple vulnerabilities have been reported to be present in various implementations of S/MIME protocol. S/MIME is used to send binary data and attachments across e-mail...

12:14:26 PM

---------------------------------------------------------------------- CNET News.com - Front Door ----------------------------------------------------------------------
1.	Offshore and beyond. McKinsey finds that while companies are exporting back-office functions and service jobs, they are mistakenly leaving billions of dollars in savings behind.
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
2.	Total Lunar Eclipse Tonight

11:44:16 AM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Ban on Internet Access Tax Dies in Senate

10:13:56 AM

9:13:37 AM

---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
1.	PluggedIn: Noisier Computers Drive Users to Silence (Reuters). Reuters - Finding it harder to concentrate at your desk? Maybe it's the constant drone of your personal computer.
---------------------------------------------------------------------- InfoWorld: Top News ----------------------------------------------------------------------
2.	Biotech IPO window met with cautious optimism. November 7,1:57 p.m. PST
---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
3.	Military to use Alphatech to stop denial-of-service attack

8:13:16 AM

---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
1.	W32.HLLW.Logpole.C

7:12:57 AM

---------------------------------------------------------------------- Wired News ----------------------------------------------------------------------
1.	Security Flaws Rankle Microsoft. Microsoft's campaign to snare virus writers indicates the software behemoth is finally feeling the heat of its own security woes. Analysts say Windows flaws are hurting Microsoft's ability to book new contracts with corporate customers.
2.	Europe May Swallow GM Foods. Although European opposition to genetically modified foods remains strong, an EU committee is ready to discuss ending a five-year ban on biotech crops.
3.	U.N. Shelves Cloning Treaty. Despite the Bush administration's best efforts, the United Nations votes to postpone a decision on cloning until 2005. While there is extensive support for banning the cloning of human beings, the international body is divided over therapeutic cloning.
4.	Senators Banter Over Net Taxes. Proponents of a permanent ban on Internet access taxes hit a roadblock Friday, because the Senate can't agree on how to define 'Internet access.' They hope to reach a compromise next week.
5.	Will Microsoft Wallop Friendster?. Social-networking sites proliferate, but none so far dominates. Will Microsoft's mishmash of blogging, networking and messenging technologies win over the uninitiated masses -- or is it vaporware? By Kari L. Dean.
6.	Reaping New Meds From Old Cures. Researchers ask traditional African healers and herbalists about their craft in hopes of finding blockbuster drugs. But the healers want a better bargain from the companies profiting from their knowledge. Megan Lindow reports from Johannesburg, South Africa.

6:12:37 AM

---------------------------------------------------------------------- Boing Boing Blog ----------------------------------------------------------------------
1.	McDonald's should get a dictionary and look up "trademark". McDonald's misunderstands the nature of dictionaries: that is, to observe the language as she is spoken and document her. McDonald's is up in arms over Merriam-Webster's inclusion of "McJob" in its current edition. Naturally, McD's has trumped up a completely groundless trademark claim to back this up. Trademarks don't let you control how people speak -- they only allow you to stop other commerical outfits from confusing your customers; certainly, they don't give you the power to stop the reporting of the fact that English speakers use "McJob" to describe a crappy job. Walt Riker, a spokesman for McDonald's, said the Oak Brook, Illinois-based fast-food giant also is concerned that "McJob" closely resembles McJOBS, the company's training program for mentally and physically challenged people. "McJOBS is trademarked and we've notified them that legally that's an issue for us as well," Riker said. (Note: Every time I post here about trademarks, I get a flurry of emails from people patiently "explaining" to me that you need to sue everyone who utters your trademark or risk losing it; without covering ground I've run over before, suffice it to say that this is wrong, and it's a fairy tale that trademark lawyers scare their clients with in order to drum up more business, and I don't care if your in-house counsel or nephew-in-law-school swore it was true, it's not. Really.) Link
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
2.	CD-R Lifespan - Is It The Label?

5:12:17 AM

---------------------------------------------------------------------- Boing Boing Blog ----------------------------------------------------------------------
1.	Shirky on SemWeb. Clay Shirky has published a ringing denouncement of the Semantic Web, pointing out that this is a project that elides the hard bits and solves the easy bits -- it's not far off from the digital identity world, where 70 percent of the use cases are easy problems that could be solved with some new W3C form elements, and the remainder are deep, philosophical problems we've been arguing about since Roman times. First, take some well-known problem. Next, misconstrue it so that the hard part is made to seem trivial and the trivial part hard. Finally, congratulate yourself for solving the trivial part. All the actual complexities of matching readers with books are waved away in the first sentence: "You browse/query until you find a suitable offer to sell the book you want." Who knew it was so simple? Meanwhile, the trivial operation of paying for it gets a lavish description designed to obscure the fact that once you've found a book for sale, using a credit card is a pretty obvious next move... No one who has ever dealt with merging databases would use the word 'simply'. Link
2.	Chimp filmstar turns to painting. JWZ just got the coolest birthday present ever: a painting painted by Cheeta, the chimp who played opposite Johnnie Weismuller in the Tarzan movies. The artist is now 71 years old and living in Palm Springs, Florida, enjoying his new career as a painter. His name is Cheeta, and he's the world's oldest living primate. Link
---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
3.	WPA Security Breach Discussed During Ratification (TechWeb). TechWeb - A security expert says WLAN vendors could easily prevent a new WPA security problem by providing simple tools.
---------------------------------------------------------------------- BBC News \| Technology \| UK Edition ----------------------------------------------------------------------
4.	Hutchison settles row with KPN. Hutchison settles its row with KPN over funding for the 3 UK network by agreeing to buy the Dutch firm's 15% stake in the project.
5.	Voyager 'edges Solar System'. Scientists say the Voyager I space probe is near the edge of the Solar System, 26 years after its launch.
6.	Searching for the new, new thing. Some games are trying hard to break out of tired formats, says Daniel Etherington of BBCi Collective.
7.	Users face malicious web attacks. Virus attacks on computers which do damage through HTML in e-mails and websites are set to increase, says a security expert.
---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
8.	BT ordered to stop 'dirty tricks'
9.	IBM warms to desktop Linux
10.	Oracle Row Level Security: Part 1
11.	Your 99c belong to the RIAA - Steve Jobs
12.	Telewest blames viruses for lost broadband users
13.	Users look to redefine security approach
14.	Employers want security certifications
15.	Cryptography takes a quantum leap
16.	As security concerns ease, businesses warm to Wi-Fi
17.	Thwarted Linux backdoor hints at smarter hacks
18.	Foolish CEOs flunk security test
19.	Microsoft�s $5 mn bounty for hackers
20.	Wireless Intrusion Detection Systems
21.	Poor Wi-Fi passwords 'invite attack'
22.	Business Integration for Games

4:11:57 AM

---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
1.	rpc!exec.c
2.	_SRT2003-11-06-0710...>
3.	outsiders-terminator..>
4.	webscan_0.1.0.tar.gz
5.	mfp_chksrc.c

3:11:37 AM

---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
1.	Virus writers dismiss Microsoft's $5M bounty fund
2.	Linux kernel attack thwarted

2:11:16 AM

---------------------------------------------------------------------- New York Times: Technology ----------------------------------------------------------------------
1.	Senate Postpones Vote on Internet Tax Ban. The Senate postponed a vote on banning Internet access taxes after sponsors agreed to extend the prohibition without making it permanent. By Bloomberg News.
2.	Barnes & Noble Makes Bid for Shares of Online Unit. The company made an offer to buy back the publicly traded shares of its Barnesandnoble.com at a fraction of their original price. By David D. Kirkpatrick.
3.	PalmOne Raises Forecast. PalmOne, a maker of hand-held computers, raised its revenue outlook for the current quarter and predicted a full-year profit for fiscal 2005. By Reuters.
4.	Penn State Will Pay to Allow Students to Download Music. Pennsylvania State University has agreed to cover the cost of providing its students with a legal method to download music from a catalog of half a million songs. By Amy Harmon.
---------------------------------------------------------------------- NewsIsFree: Security ----------------------------------------------------------------------
5.	cf_exp.c
6.	DSR-wmapm.sh
7.	Attempted attack on Linux kernel foiled

1:10:57 AM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	IBM To Run VoIP On Linux
---------------------------------------------------------------------- InfoWorld: Top News ----------------------------------------------------------------------
2.	Siebel services head resigns. Siebel Systems Inc.'s senior vice president of global services, Karen Riley, handed in her resignation Thursday, a spokesman said Friday.
3.	Upgrade glitch downs AT&T Wireless' CRM system. AT&T Wireless Services Inc. this week faced the software nightmare every IT administrator fears: An application upgrade last weekend went awry, taking down one of the company's key account management systems.
4.	IBM adds midrange server to Itanium line. IBM Corp. on Monday will add a second Itanium 2 server to its xSeries product line, a system it is billing as the first Itanium server from a major vendor to scale from 4 to 16 processors. ADVERTISEMENT: HelpSTAR - Help Desk Technology - Download HelpSTAR Quick Evaluation Edition. Experience first hand how HelpSTAR help desk software can provide tangible improvements in response time, end user self help, first call resolution, and cost-justification of staff and equipment.
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
5.	Vulnerabilities: Apple MacOS X Terminal Unspecified Unauthorized Access Vulnerability. Apple's MacOS X operating system includes the Terminal application, which is a GUI-based Unix command shell. Apple has reported that a vulnerability has recently been fi...

12:10:37 AM