Gregg's Security News Aggregator

Sunday, November 16, 2003

---------------------------------------------------------------------- CNET News.com - Front Door ----------------------------------------------------------------------
1.	Gates addresses security in Comdex keynote. In recent years, Comdex has served as a showcase for consumer items. This year, however, it will focus on technology for the working world, such as mobile computing and utility computing.
---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
2.	Gates to Unveil New Junk E-Mail Software (AP). AP - Microsoft Corp. Bill Gates was expected to announce new junk e-mail filtering technology called SmartScreen at his keynote address Sunday at the annual Comdex trade show in Las Vegas.
3.	Gates Unveils New Windows Security Tools at Comdex (Reuters). Reuters - Microsoft Corp. (MSFT.O) Chairman Bill Gates on Sunday unveiled a new feature expected to be built into the next major release of the software maker's Windows operating system, a search tool that aims to make it easier to find information stored on personal computers.

11:16:43 PM

10:16:24 PM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Brazil Moves Away From Microsoft
---------------------------------------------------------------------- LinuxSecurity.com ----------------------------------------------------------------------
2.	Security considerations when migrating from Unix to Linux

9:16:04 PM

---------------------------------------------------------------------- Boing Boing Blog ----------------------------------------------------------------------
1.	Island Chronicles: Hiking up the Volcano. Here's our latest Island Chronicles dispatch. Link
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
2.	Kasparov Wins Game 3 Against X3D Fritz
---------------------------------------------------------------------- LinuxSecurity.com ----------------------------------------------------------------------
3.	Crypto-Gram November 15th 2003

8:15:45 PM

---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
1.	Youth loses some luster among VC start-ups (SiliconValley.com). SiliconValley.com - During the Internet boom, venture capitalists brushed aside older and more experienced technology entrepreneurs.
2.	Programs: 'Tron' Upgrade Worth the Wait (Reuters). Reuters - (Gene Emery is a columnist who covers science and technology. His Internet address is GEmeryCox.net. Any opinions in the column are his alone).
3.	Kasparov Wins in Computer Chess Match (Reuters). Reuters - Chess great Garry Kasparov on Sunday virtually shut down computer program "X3D Fritz" to score a vital win in the third game of his latest man vs. machine match.
---------------------------------------------------------------------- Help Net Security ----------------------------------------------------------------------
4.	Customize this feed. Add more items, descriptions, time stamps, select your version of RSS, aggregate several feeds... Check out NewsIsFree's premium syndication services! (47)

7:15:24 PM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Stopping Malware Before It Hits
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
2.	Vulnerabilities: Symantec PCAnywhere Privilege Escalation Vulnerability. Symantec pcAnywhere is a remote host control solution. pcAnywhere provides for remote management and file transfer. pcAnywhere can be installed as a service that listens...
3.	Vulnerabilities: Spoofed Kernel Netlink Interface Message Denial of Service Vulnerability. The Linux kernel includes the use of an optional netlink driver, which when used creates the netlink device. This device can be used to allow a channel between the kernel...
4.	Vulnerabilities: Glibc Getgrouplist Function Buffer Overrun Vulnerability. The GNU C library, glibc, contains standard C libraries called by various applications. The getgrouplist function in glibc does not perform adequate bounds checking on d...

6:15:04 PM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	DMCA Doesn't Protect Garage Door Remotes
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
2.	Vulnerabilities: HP-UX Partition Manager Unspecified Remote Vulnerability. HP-UX is the UNIX Operating System distributed and maintained by HP. A problem has been identified in the HP-UX partition manager (parmgr). Due to a problem in the soft...

5:14:44 PM

---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
1.	Programs: 'Tron' Upgrade Worth the Wait (Reuters). Reuters - (Gene Emery is a columnist who covers science and technology. His Internet address is GEmeryCox.net. Any opinions in the column are his alone).
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
2.	Sweet Revenge On Nigerian Scammers
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
3.	Vulnerabilities: phpBB Profile.PHP SQL Injection Vulnerability. phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well ...

4:14:24 PM

---------------------------------------------------------------------- CNET News.com - Front Door ----------------------------------------------------------------------
1.	Intel moves deeper into supercomputing. The chipmaker earmarks $36 million for research into improving supercomputers made from off-the-shelf parts as it continues to expand its reach in the very high end of the computer market.
---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
2.	Experts Dub Va. Tech Computer 3rd-Fastest (AP). AP - Supercomputing is moving into the commercial realm as nearly half the machines on this year's list of the fastest computers were built from clusters of cheaper, off-the-shelf processors, including the new No. 3, a supercomputer assembled with 1,100 Apple PCs.
3.	Garage Gadget Wins Digital Copyright Case (AP). AP - In a closely watched technology lawsuit, a federal judge has ruled that a garage-door opener designed as a replacement for a model made by a rival manufacturer does not violate the nation's digital copyright law.
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
4.	Best Buy Uses DMCA To Quash Black Friday Prices

3:14:04 PM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Review: Oritron NPD3117 Networked DVD Player
---------------------------------------------------------------------- LinuxSecurity.com ----------------------------------------------------------------------
2.	Desktop security: A contrarian view
3.	Security: More than just technology
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
4.	Vulnerabilities: Microsoft ListBox/ComboBox Control User32.dll Function Buffer Overrun Vulnerability. A ComboBox control is a class used to display a drop-down list of predefined values, as well as a field that takes user-supplied input. A ListBox control is a similar cla...
5.	Vulnerabilities: myServer HTTP GET Argument Buffer Overflow Vulnerability. myServer is an application and web server for Microsoft Windows and Linux operating systems. myServer has been reported prone to a remote buffer overflow vulnerability. ...
6.	Vulnerabilities: Qualcomm Eudora File Attachment Spoofing Vulnerability. Eudora is a graphical e-mail client for Windows computers offered for free by Qualcomm. Eudora is reported to be prone to an issue which may allow attackers to spoof th...
7.	Vulnerabilities: Microsoft FrontPage Server Extensions Remote Debug Buffer Overrun Vulnerability. FrontPage Server Extensions are a component for FrontPage that allows authorized users to edit and maintain content. FrontPage Server Extensions includes remote debuggin...
8.	Vulnerabilities: PostgreSQL To_Ascii() Buffer Overflow Vulnerability. PostgreSQL is a freely distributed Object-Relational DBMS. It is available for a number of platforms including Unix and Linux variants and Microsoft Windows operating sys...

2:13:43 PM

---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
1.	Brazil Leans Away From Microsoft (AP). AP - If he is to make good on his promise to improve life for the tens of millions of Brazilians who live in dire poverty, President Luiz Inacio Lula da Silva knows that one key challenge is to bridge a massive technology gap. And if that means shunning Microsoft Corp. software in South America's largest country, then so be it.
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
2.	802.11b Memory Stick for CLIE
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
3.	Vulnerabilities: WebWasher Classic Error Message Cross-Site Scripting Vulnerability. WebWasher Classic is a free Internet filtering software. A vulnerability has been reported to present in the software that may allow a remote attacker to execute HTML or...
4.	Vulnerabilities: OpenSSH PAM Conversation Memory Scrubbing Weakness. OpenSSH is a freely available, open source implementation of the Secure Shell protocol. It is available for the Unix, Linux, and Microsoft platforms. An issue has been ...
5.	Vulnerabilities: IWConfig Local ARGV Command Line Buffer Overflow Vulnerability. iwconfig is a freely available, open source wireless connection management tool for Linux. A problem has been identified in the iwconfig program when handling strings on...
6.	Vulnerabilities: TerminatorX Multiple Command-Line and Environment Buffer Overrun Vulnerabilities. terminatorX is a freely available, open source music manipulation program. It is available for the Linux platform. It has been reported that TerminatorX may be prone to ...
7.	Vulnerabilities: PeopleSoft PeopleTools IClient Servlet Arbitrary Code Execution Vulnerability. PeopleSoft PeopleTools is a runtime architecture and integrated development environment for PeopleSoft financial management software. PeopleTools ships with an IClient s...
8.	Vulnerabilities: OpenSSL ASN.1 Parsing Vulnerabilities. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. OpenSSL does not directly implement ASN.1 but does use ASN.1 objects in X.509 certificates a...
---------------------------------------------------------------------- The Register ----------------------------------------------------------------------
9.	DARPA chisels little guy out of $1 million race. Tethered to Pentagon pork

1:13:24 PM

---------------------------------------------------------------------- Boing Boing Blog ----------------------------------------------------------------------
1.	French porn director John Root now has a blog. Famous French adult film director John B. Root, nee John Guillore, has launched a self-described "sexblog" about his life and the porn biz: Inkorrekt, the Diary of a Pornographer. Not long ago, Root was the author of an open letter protesting a French ban on TV porn organized by right-wing and "family values"groups. "Porn's subject matter is physical love, a theme that has produced countless masterpieces in painting, in sculpture and in literature," wrote Root. "If celluloid sex has never succeeded in hoisting itself to the rank of a cinematographic or televisual genre, it is because we have denied it the right to be economically viable. We wouldn't be having this debate if porn was what it should be: joyous, well-made, aphrodisiac art, respectful of its actors and its audience, portraying real people and making sense of its subject matter." Link to John B. Root's blog (written in French, and not worksafe), Link to Guardian interview with Root (snip: "There's no earthly reason why a porn film shouldn't also be a good film. I want the product to respect me." )
---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
2.	T-Mobile Says in Talks with Virgin, May Sell Stake (Reuters). Reuters - Germany's T-Mobile said on Sunday it was in talks with partner Virgin Mobile which could result in it selling its 50 percent stake in the mobile phone company back to Richard Branson's Virgin Group.
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
3.	Why Microsoft Wants to Buy Google
4.	802.11b Memory Stick from Sony

12:13:04 PM

---------------------------------------------------------------------- Boing Boing Blog ----------------------------------------------------------------------
1.	French porn director John Root now has a blog. Famous French adult film director John B. Root, nee John Guillore, now has a weblog about his life and the porn biz. Not long ago, Root was the author of an open letter protesting a French ban on TV porn organized by right-wing and "family values"groups. "Porn's subject matter is physical love, a theme that has produced countless masterpieces in painting, in sculpture and in literature," wrote Root. "If celluloid sex has never succeeded in hoisting itself to the rank of a cinematographic or televisual genre, it is because we have denied it the right to be economically viable. We wouldn't be having this debate if porn was what it should be: joyous, well-made, aphrodisiac art, respectful of its actors and its audience, portraying real people and making sense of its subject matter." Link to John B. Root's blog (written in French, and not worksafe), Link to Guardian interview with Root (snip: "There's no earthly reason why a porn film shouldn't also be a good film. I want the product to respect me." )
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
2.	The Ultimate Desk... Sort Of
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
3.	Vulnerabilities: Coreutils LS Width Argument Integer Overflow Vulnerability. Coreutils 'ls' utility is a binary application that is used to list directory contents. Coreutils 'ls' has been reported prone to an integer overflow vulnerability. The ...
4.	Vulnerabilities: HP-UX NLSPATH Environment Variable Format String Vulnerability. HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen(3C) and may be executed by other local users. HP-UX libc does not properly prevent the pas...

11:12:44 AM

---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
1.	Youth loses some luster among VC start-ups (SiliconValley.com). SiliconValley.com - During the Internet boom, venture capitalists brushed aside older and more experienced technology entrepreneurs.
---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
2.	Big Mac Officially Ranks 3rd
---------------------------------------------------------------------- SecurityFocus ----------------------------------------------------------------------
3.	Vulnerabilities: HP-UX Software Distributor Lang Environment Variable Local Buffer Overrun Vulnerability. HP has reported that some Software Distributor (SD) utilities are prone to locally exploitable buffer overrun vulnerability. Affected utilities include swinstall(1M) and...

10:12:25 AM

---------------------------------------------------------------------- CNET News.com - Front Door ----------------------------------------------------------------------
1.	Week ahead: Here comes Comdex. Comdex rolls into town this week, with a splashy lineup of keynote speakers ranging from Microsoft's Bill Gates to Sun Microsystems' Scott McNealy. Also, Novell and Intuit report earnings.
2.	Biosciences: High risk, high reward. Knowledge@Wharton examines how researchers and venture capitalists are applying lessons learned from the history of earlier technologies to biotechnology.
---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
3.	Apple cluster third in new supercomputer ranking (MacCentral). MacCentral - A computer cluster consisting of 1,100 Apple Computer Inc. Power Mac G5 desktops that were purchased online and connected together in a matter of weeks by Virginia Polytechnic Institute and State University is currently the third fastest computer in the world, according to the latest edition of the closely followed Top 500 ranking, which was published Sunday.

9:12:04 AM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Great Computer Science Papers?

8:11:43 AM

7:11:25 AM

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------

Privacy-consciousness-raising stickers.

The Austrian cyber-activists Quintessenz put on the local Big Brother Award ceremony. To promote it, they distributed these stickers that look like hidden cameras, encouraging people to put them up in toilets and other places where privacy matters. The caption means "The Most Shameless Surveilleur."

116k PDF Link

6:11:04 AM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Smart Badges For Better Meetings

5:10:44 AM

---------------------------------------------------------------------- Boing Boing Blog ----------------------------------------------------------------------
1.	Secret Epcot VIP lounges revealed. Epcot Center had the distincition of being the first Disney park in which every single ride and pavillion was sponsored -- in the case of the World Showcase, the sponsors were the countries represented; but in the case of the Future Showcase, the sponsors were tech companies, and they built VIP lounges and conference spaces into their ride-pavillions for their bigwigs and guests. Hidden Mickeys has a ride-by-ride description of Future Showcase's VIP lounges (I found out about this through an eBay listing for a Living Seas VIP Lounge uniform jacket) Around the right side of The Living Seas, past the Coral Reef restaurant, there is a door marked>Link
2.	Good-Turing method finally improved-upon. Sixty-or-so years since Alan Turing and IJ Good invented the Good-Turing method for modeling of probability distributions behind data streams as part of the Allied code-breaking effort, researches have discovered the limit of its usefulness, and produced a replacement method that transcends them: The German Enigma encryption machine used a huge number of decryption keys, making it almost impossible to crack the code. British intelligence had gained possession of Enigma machines, had determined how they worked and had even obtained a copy of the full book of keys. Some messages had been decrypted and the keys used recorded, so that the code breakers had a small sample from a very large set of keys. But it was unlikely the Germans would continue to use the same keys, so some method of assigning a probability distribution to the keys not yet used was needed... Orlitsky was able to discover this limit by quantifying the problem in terms of the positive integers. The nature of the sample set is actually irrelevant to the probabilistic algorithm. What matters is the order in which outcomes appear and how often they appear. So a sample sequence such as giraffe, giraffe, elephant, giraffe, zebra would be encoded in numbers as 1,1,2,1,3. Every time a new item appears, it is assigned the next-highest number, so that this mathematical model, according to its creators, can capture the worst possible problem-one in which there is an infinite number of hidden data items. Link (via Smart Patrol)
---------------------------------------------------------------------- BBC News \| Technology \| UK Edition ----------------------------------------------------------------------
3.	Census website 'overwhelmed'. Details of how a 1901 census site was "overwhelmed" by demand have emerged in a National Audit Office report.
4.	Broadband user numbers boom. High-speed broadband internet access is winning more and more converts around the world, research suggests.
5.	Parents 'confident' in net safety. Many parents are confident they know how to ensure their children surf safely says a survey, but complacency needs to be avoided.

4:10:25 AM

---------------------------------------------------------------------- Yahoo! News - Technology ----------------------------------------------------------------------
1.	Nokia's N-Gage suffers blow as hackers crack games security code (AFP). AFP - Nokia's foray onto the mobile entertainment market, the N-Gage gaming deck, was dealt a blow this week when hackers were able to crack the security codes protecting its games from being pirated, with illegal copies being posted on the Internet.

3:10:05 AM

---------------------------------------------------------------------- Slashdot ----------------------------------------------------------------------
1.	Analyzing AT&T's Anti-Anti-Spam Patent

2:09:44 AM

1:09:24 AM

---------------------------------------------------------------------- CNET News.com - Front Door ----------------------------------------------------------------------
1.	New blood joins supercomputer ranking. Of the top 10 systems on a list of the 500 most powerful supercomputers, three machines are new, one is upgraded, and two are based on processors that have never before appeared on the list.

12:09:05 AM