Friday, November 28, 2003

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Finding the Perfect Family Game
----------------------------------------------------------------------
LinuxSecurity.com
----------------------------------------------------------------------
2.  Routers don't protect by default
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
3.  Elsewhere: Europe now favourite haunt of hackers: Study. Hackers, it appears, are now forsaking North America in favour of European targets.

In November, said a report from British Internet security specialists at mi2g, Europe...
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
4.  BugTraq: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached). Sender: Bugtraq Security Systems [research at bugtraq dot org]
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
5.  BT to upgrade 21 exchanges for ADSL. Let's hear it for Brynmawr
6.  Swen fends off Mimail to top viral charts. Top Ten Bugs
7.  Samsung says it will overtake Nokia. World's largest supplier by 2010
8.  RIM faces fresh lawsuit. IP infringement allegation
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
9.  Elsewhere: Single bug or virus attack could cost your business £66,000

3:32:20 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Interview with Jim Griffin
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
2.  Elsewhere: Single bug or virus attack could cost your business £66,000. The cost to businesses of a single bug or virus attack can be as much as £66,000, research has revealed.

The estimate, contained in a report from analyst firm Datamonito...
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
3.  Vulnerabilities: Microsoft Visual Basic For Applications Document Handling Buffer Overrun Vulnerability. Microsoft Visual Basic for Applications (VBA) is a development platform implemented by various applications. A buffer overrun vulnerability has been discovered in VBA wh...
4.  Vulnerabilities: FreeRADIUS Tag Field Heap Corruption Vulnerability. FreeRADIUS is a freely available, open source implementation of the RADIUS protocol. It is available for the Unix and Linux platforms.

A problem has been identified in ...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
5.  SUSE Security Announcement: bind8 (SuSE-SA:2003:047)
6.  [OpenCA Advisory] Vulnerabilities in signature verification
7.  [OpenPKG-SA-2003.050] OpenPKG Security Advisory (screen)
8.  Trustix: bind Cache poisoning vulnerability
9.  Weak monitoring lets hackers run riot
10.  If Microsoft Built Cars...
11.  News: Microsoft revs its automotive engines
12.  Laptop Thief Caught via AOL Login
13.  California Police Arrest Man in Bank PC Thef
14.  Elsewhere: Police arrest man in bank PC theft
15.  Elsewhere: Security of handhelds far too lax, experts say
16.  Canadian Music Industry Wants Royalties on Net Usage
17.  Music group aims to charge Internet Users
18.  More Info on Debian.org Security Breach
19.  more details on the recent compromise of debian.org machines.
20.  20 Years of Virii
21.  A 20-year plague - Decades after creation, viruses defy cure

2:32:01 PM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Queen Albums Go Online for World AIDS Day (Reuters). Reuters - Music label EMI is making all British rock group Queen's albums available for download over the Internet in the UK and Europe to mark World AIDS Day on Dec. 1, the company said Friday.
2.  Intel Plans Wireless Push Onto Desktops (Reuters). Reuters - Intel Corp. is building into a forthcoming microchip an ability to let desktop computers act as a hub in home and office wireless networks, taking aim at the market for stand-alone wireless access points.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  If Microsoft Built Cars...
----------------------------------------------------------------------
LinuxSecurity.com
----------------------------------------------------------------------
4.  Weak monitoring lets hackers run riot
5.  Trustix: bind Cache poisoning vulnerability
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
6.  Elsewhere: Police arrest man in bank PC theft. Police have arrested a California man in connection with a burglary in which a computer with sensitive information about Wells Fargo customers was stolen, officials said ...
7.  Elsewhere: Security of handhelds far too lax, experts say. Traversing the carpeted walkways of the Las Vegas Convention Center last week, Caleb Sima looked like many other programmers at Comdex: young, lean, laid-back and with a ...
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
8.  BugTraq: MDKSA-2003:109 - Updated gnupg packages fix vulnerability with ElGamal signing keys. Sender: Mandrake Linux Security Team [security at linux-mandrake dot com]
9.  Vulnerabilities: Thomson SpeedTouch DSL Router Port Scan Denial Of Service Vulnerability. SpeedTouch is a line of DSL routers distributed by Thomson.

A problem has been reported in SpeedTouch DSL routers when routing certain types of traffic. Because of this...
10.  Vulnerabilities: Kerio WinRoute Firewall Authentication Credentials Exposure Vulnerability. Kerio WinRoute Firewall is an enterprise level firewall that is also capable of proxying networks. It is available for the Microsoft Windows operating system.

If the Wi...
11.  Vulnerabilities: Microsoft Word Macro Execution Security Model Bypass Vulnerability. Microsoft Word is a word processing software that is part of the Microsoft Office suite. Microsoft Word allows a user to create various types of documents. The software...
12.  Vulnerabilities: Microsoft WordPerfect Converter Buffer Overrun Vulnerability. Microsoft WordPerfect Converter is a component shipped with Office and a number of other Microsoft products for handling documents in WordPerfect formats. The WordPerfec...
13.  Vulnerabilities: Symantec PCAnywhere Privilege Escalation Vulnerability. Symantec pcAnywhere is a remote host control solution. pcAnywhere provides for remote management and file transfer. pcAnywhere can be installed as a service that listens...
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
14.  MS takes $1.1bn 'hostage' to freeze Lindows out of California case. Monopoly means never having to pay you're sorry...
----------------------------------------------------------------------
Help Net Security
----------------------------------------------------------------------
15.  Norwegian hacker rebuts music piracy criticism
16.  Single bug or virus attack could cost your business £66,000
17.  Reseller touts home WLAN pack with easy to use security
18.  Police arrest man in bank PC theft
19.  Wireless world gets a new worry: viruses
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
20.  [impact-usr][ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg
21.  [impact-usr][ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg
22.  Rapport hebdomadaire sur les virus
23.  Infosecurity 2003, notre reportage sur le salon de la sécurité informatique au CNIT Paris La Défense
24.  Norwegian hacker rebuts music piracy criticism
25.  Single bug or virus attack could cost your business £66,000
26.  Reseller touts home WLAN pack with easy to use security
27.  Police arrest man in bank PC theft
28.  Wireless world gets a new worry: viruses

1:31:41 PM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  Holidays push online shopping toward mainstream. As e-commerce heavyweights improve their systems and traditional businesses offer Web-shopping perks, more people are embracing the convenience and potential savings of virtual storefronts.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Human Pac Man
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
3.  PlayStation braves Chinese waters. Sony is launching its PlayStation 2 in China next month, despite concerns about widespread piracy.
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
4.  BugTraq: [OpenCA Advisory] Vulnerabilities in signature verification. Sender: Michael Bell [michael dot bell at cms dot hu-berlin dot de]
5.  BugTraq: [OpenPKG-SA-2003.050] OpenPKG Security Advisory (screen). Sender: OpenPKG [openpkg at openpkg dot org]
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
6.  Xbox makes gains as Japanese price cut bites. Japanese charts show big consumer uptake
7.  UK.gov plans satellite tracking of asylum seekers. There he goes
8.  'Yoof' spurns new mobile technology. Especially sceptical about 3G
9.  Sony Ericsson GC79 WLAN + GPRS card. Reg Review Wireless, anywhere
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
10.  Immunix: bind Cache poisoning vulnerability
11.  Turbolinux: Multiple package updates
12.  Secure Web Sites and Servers
13.  Ballmer Says Commercial Software is Better Because Someone's Rear End is on the Line
14.  Elsewhere: SMEs to be offered IT security guidelines
15.  Elsewhere: Debian attacker may have used new exploit
16.  News: Reseller touts home WLAN pack with easy to use security

12:31:20 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Around the World in a Solar Plane
----------------------------------------------------------------------
LinuxSecurity.com
----------------------------------------------------------------------
2.  Secure Web Sites and Servers
3.  Ballmer Says Commercial Software is Better Because Someone's Rear End is on the Line
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
4.  Elsewhere: SMEs to be offered IT security guidelines. The police and leading businesses have asked IT professionals for their feedback on new IT security guidelines for small and medium-sized companies.

The guidelines, put ...
5.  Elsewhere: Debian attacker may have used new exploit. An as-yet-unknown security hole allowed the recent hack attack on the Debian GNU/Linux operating system project

An as-yet-unknown security exploit in Linux may have bee...
6.  News: Reseller touts home WLAN pack with easy to use security. The Register By Tony Smith [tony dot smith at theregister dot co dot uk]
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
7.  BugTraq: SUSE Security Announcement: bind8 (SuSE-SA:2003:047). Sender: Thomas Biege [thomas at suse dot de]
8.  Vulnerabilities: Qualcomm Eudora Attachment LaunchProtect Warning Bypass Weakness. Eudora is the freely available mail user agent (MUA) maintained and distributed by Qualcomm. It is available for the Microsoft Windows platform.

A problem has been iden...
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
9.  Wanadoo UK in AnyTime promo. 'Tis the season to be jolly, etc
10.  Go-ahead US companies fail to prioritise security. Fast expanding firms exposed to rising risks
11.  BT tp upgrade 21 exchanges for ADSL. Let's hear it for Brynmawr
----------------------------------------------------------------------
Help Net Security
----------------------------------------------------------------------
12.  Current antivirus software is not enough
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
13.  Linux Advisory Watch - November 28th 2003
14.  detecttr.c Trace Route Detection Format String Vulnerability
15.  My_eGallery Remote Command Execution Vulnerability
16.  GNU screen Buffer Overflow Vulnerability
17.  phpBB 2.06 search.php SQL Injection Vulnerability
18.  Top-down security
19.  DoS attack blamed for Internet outage
20.  Windows 95, 98 get system restore
21.  Spanish police arrest Raleka worm suspect
22.  Phoenix adds security at the hardware level
23.  Norwegian hacker cracks iTunes code
24.  HP completes deal to do Bank of Ireland outsourcing
25.  How to make your XP Professional machine an MP3 server
26.  Current antivirus software is not enough

11:30:00 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Perks to Be Slow for Japanese Digital TV (AP). AP - "Digital is coming!" signs hang in stores packed with new TVs promising dazzling imagery, but any buzz about Monday's start of digital television broadcasting in Japan has yet to catch on in much of the country.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Color Ascii Art Library
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
3.  Live global webcast for Aids gig. The Nelson Mandela Aids Day concert is expected to be the largest charity event ever webcast on the net.
----------------------------------------------------------------------
LinuxSecurity.com
----------------------------------------------------------------------
4.  Linux Advisory Watch - November 28th 2003
5.  Immunix: bind Cache poisoning vulnerability
6.  Turbolinux: Multiple package updates
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
7.  So when will Linux vendors charge for security fixes?

10:29:41 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  New DVD Format Approved (AP). AP - Toshiba Corp. and NEC Corp. said Friday that the DVD Forum, an international association of electronics makers and movie studios, has approved the two Japanese companies' standard for next-generation DVDs.
----------------------------------------------------------------------
LinuxSecurity.com
----------------------------------------------------------------------
2.  So when will Linux vendors charge for security fixes?
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Sober A beherrscht die Virenszene
4.  phpBB Input Validation Flaw in 'search_id' Permits SQL Injection and Yields Administrative Access

9:29:30 AM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Big Mouth Billy Bass runs Linux, does impressions. Now that the antimated talking fish doll Big Mouth Billy Bass is out of fashion and can be had at pennies on the dollar, why not try your hand at installing Linux on it and getting it to lipsynch funny Simpsons quotes or act as the phyical avatar for someone at the other end of a teleconference line?

We will make the following improvements to Big Mouth Billy Bass.

* User defined audio clips
* Lip syncing
* Video recording
* Audio recording

By adding this functionality to the bass, in addition to networking protocols, the bass will be transformed into an H.323 compliant video teleconferencing host. It will be possible to use Microsoft NetMeeting or CUSeeMe to connect to your bass at home and talk with your loved one ones!

Link

(via Smartpatrol)
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Laptop Thief Caught via AOL Login

8:29:11 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Is That Microsoft Calling? (PC World). PC World - Software giant could change the way we communicate by telephone.
2.  Twelve easy pieces: Gifts to suit the whole list (USATODAY.com). USATODAY.com - Skull wha-wha-wha?! This $30 device has a silly name that, once you see it, seems absolutely apt: It simultaneously plugs into your MP3 player and your mobile phone, so if the latter rings while the former's blaring you won't miss the call.
3.  Big companies get on board with Net calls (USATODAY.com). USATODAY.com - Big companies are putting their might behind Internet phone service, which could drive prices down and quality up in the emerging industry.
----------------------------------------------------------------------
SecurityFocus
----------------------------------------------------------------------
4.  Vulnerabilities: XFree86 Multiple Unspecified Integer Overflow Vulnerabilities. Multiple integer overflow vulnerabilities have been discovered in XFree86 4.3.0. The problem specifically occurs due to insufficient sanity checks within font libraries. ...
5.  Vulnerabilities: KDE KDM PAM Module PAM_SetCred Privilege Escalation Vulnerability. KDM is the KDE Display Manager, a component of the KDE Desktop Environment. It is available for Linux/Unix operating systems. KDM provides a graphical login interface f...
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
6.  Reseller touts home WLAN pack with easy to use security. Web-based WLAN setup, admin
7.  NTL dangles content as sweetener for punters. Need faster broadband though
8.  Tspeak buys Another.com. Nuff said
9.  Gigabyte combines Wi-FI, USB Flash drive. Is that a WLAN in your pocket?
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
10.  28 Nov W32/Sdbot-I

7:28:52 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Leading Chinese Internet dissident jailed for four years (AFP). AFP - Prominent Internet activist Jiang Lijun was jailed for four years after being convicted of subverting state power by planning to set up a pro-democracy party, his lawyer said.
2.  Sony Takes PlayStation 2 to China Despite Pirates (Reuters). Reuters - Sony Corp will launch its popular PlayStation 2 game console in China next month, saying on Friday it must be "courageous" in the face of rampant piracy that has plagued the vast potential market.
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
3.  Plastic promises dense data store. Researchers have found a way to turn a cheap plastic material into a dense digital memory store.
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
4.  ATI commits to desktop, mobile Athlon 64 chipsets. Waiting for PCI Express?
5.  Insurer taps voice analysis tech to detect fraud. Stress detector 'flags' dodgy claims for Esure
----------------------------------------------------------------------
Wired News
----------------------------------------------------------------------
6.  The Golden Age of Gadgets. The PC industry understands common standards and commoditized parts -- and it's using that expertise to bring better, more efficient devices and toys into our homes. An essay by Sonia Zjawinski from Wired magazine.
7.  Holiday Season a Feast for Gamers. Looking for a good time? Here are the new games that are creating a buzz this holiday season. By Suneel Ratan.
8.  Gizmo Puts Cards on the Table. A new technology eases the pain of separation by making everyday objects appear on remotely connected kitchen tables. No more out of sight, out of mind. By Mark Baard.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
9.  Solaris BIND Negative Cache Poisoning

6:28:30 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Digital Gear: Deals Aplenty This Season (PC World). PC World - Watch for wearable gadgets, solar batteries, and a device to put MP3s in your car.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Canadian Music Industry Wants Royalties on Net Usage
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Immunix update for bind
4.  OpenBSD Local Denial of Service Vulnerabilities
5.  RNN Guestbook Authentication Flaw in 'gbadmin.cgi' Yields Administrative Access to Remote Users

5:28:11 AM    

----------------------------------------------------------------------
Dilbert
----------------------------------------------------------------------
1.  Dilbert for 28 Nov 2003.
----------------------------------------------------------------------
Non Sequitur
----------------------------------------------------------------------
2.  Non Sequitur for 28 Nov 2003.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  GnuPG ElGamal Signature Flaw May Disclose Type 20 ElGamal Private Keys to Remote Users
4.  GNU Screen Integer Overflow in 'ansi.c' May Let Local Users Gain Elevated Privileges

4:27:51 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  Yves Thouvenin (Groupe BP) : « une seule interface web pour accéder aux grandes applications du groupe »

3:27:40 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Apple Set to Open First Store in Japan (AP). AP - Apple Computer Inc.'s first retail store outside the United States will open its doors Sunday in Tokyo, the company said.

2:27:21 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  More Info on Debian.org Security Breach

1:27:01 AM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Wayne Correia's Magic Bus. The satellite-equipped rockstar tour bus of Critical Path founder and geek's geek Wayne Correia is the subject of this San Francisco Chronicle article. He (and his bus) saved my ass once in Black Rock City. I rode around with 30 pounds of gear on a young girl's banana-seat Huffy bike, all day long in burning heat and whiteout dust storms, all over the desert, looking for a functional satellite connection to file an audio report on Burning Man for NPR. My skin was sunburned, my butt was aching, and I was as dehydrated as an overdone tofurkey. And then, when I'd all but given up -- I stumbled on Mr. Correia. He said "Hey, I know your face from Friendster!" -- and opened the door to a bus filled with nerd hotties and unwired bandwidth.
The bus cannot be described as "regular." It's a luxury cruiser of an ungainly vintage -- 1992, to be exact -- and is rumored to have belonged to Don Mattingly of the New York Yankees. The carpet is teal, with an ivory dolphin carved into the weave. (To be fair, Wayne swears he's about to tear out the carpet because, he says, it's "silly.") The wall lights are a peculiar construction of brass and graduated glass rods that would fit on a set for "The Sopranos." Gilt-edged cocktail glasses nest in the glass cupboards. In the front of the bus are gray leather captain's chairs on swivels. In the back is a bedroom lined with mirrored cabinets.

Wayne, who intends to install solar panels on the roof, somewhere near the satellite uplink for his computer, bought the bus on eBay for the bargain price of $200,000 in cash. He says that as he drove it from Chicago, where he purchased it, to the Bay Area, he had a revelation: "I realized, 'Oh, my God, I'm a bus driver! My grandfather was a bus driver in L.A.for 40 years. He got up at 5 am every day. And now I'm a bus driver, too!'"

Link
----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
2.  Beware the Worm in Your Handset. As more consumers begin surfing the Web and sending e-mail messages on cellphone and hand-held devices, along comes a new worry: worms and viruses spread via Internet-enabled handsets. By Ken Belson.
3.  The Microwave Graduates From Sous-Chef to Star. A new kind of microwave oven is closer to a full-fledged cooking appliance rather than just a glorified coffee warmer or popcorn popper. By Ian Austen.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
4.  KVS conseille les entreprises sur la meilleure maniere de conserver leurs e-mails
5.  Fortinet poursuit son expansion sur le marche français
6.  Resume de l’activite virale du mois de novembre 2003

12:24:40 AM    

© Copyright 2004 Gregg Doherty .
Last update: 2/10/2004; 8:51:56 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Gregg's Security News Aggregator" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.