Sunday, February 01, 2004

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  Intel Hopes Its Latest Chip Drives a New PC Generation. Intel's new generation Pentium 4 microprocessor, code-named Prescott, may put the world's largest chip company closer to its future PC version. By Laurie J. Flynn.
2.  Memory Evolution: Survival of the Smallest. Flash memory chips made digital photography possible. Now they are expanding to other uses, including music players and camcorders. By Eric A. Taub.
3.  Speech by Gates Lends Visibility to E-Mail Stamp in War on Spam. With Bill Gates suggesting that it may be necessary to charge a small fee for e-mail as a way to help control spam, analysts are wondering if such a plan could work. By Saul Hansell.
4.  Hollywood Mogul Plays by Technology's Rules. Steve Jobs, chief executive of Pixar Animation Studios, is becoming the personification of the digital media mogul. By John Markoff.
5.  Technology and Worker Efficiency. Researchers seem confident that technology has made American workers more efficient. Now some think they even know why. By Steve Lohr.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
6.  Second Hypersonic X43 Scramjet Ready for Testing

11:34:27 PM    


10:34:06 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Prescott reviews hit the 'net. Most (but not all) of the time, a 2.8GHz Northwood Pentium 4 out performs the 2.8GHz Prescott (aka, 2.80E), but we begin to see the tide change as speed increases on both sides of things. By Ken "Caesar" Fisher.
----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
2.  Sock-puppets in oil.

Wonderful gallery of oil-paintings of sock-puppets.

Link

(Thanks, Lisa!)


9:33:46 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  DARPA-Funded Linux Security Hub Withers
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  Åñòü ëè ìåòîäû ïðîòèâ ðîññèéñêèõ ñïàìåðîâ?
3.  Ñàéò SCO òàêè çàâàëèëè
4.  AntiVir Personal Edition 6.22.09.09 (Updated)
5.  Microsoft to issue security patch for IE
6.  Norton AntiVirus Virus Definitions January 29, 2004
7.  McAfee DAT 4321
8.  McAfee SuperDAT 4321
9.  McAfee AVERT Stinger 2.0.0
10.  AVG Free Edition 6.0 Build 574
11.  Trend Micro Pattern File January 29, 2004
12.  Avast! 4 Professional Edition 4.1.342
13.  Avast! Home Edition 4.1.342
14.  The Cleaner 4.0 Professional BUILD 4207
15.  The Cleaner Database v3472
16.  Kaspersky Anti-Virus Update January 30, 2004
17.  Kaspersky Anti-Virus Lite v4.5
18.  Kaspersky Anti-Virus Personal v4.5
19.  Vexira Antivirus for NT/2K/XP 2.10.00.05
20.  W32.Novarg.A@mm Removal Tool 1.05
21.  Ad-aware referencefile 01R253 31.01.2004
22.  Solo Antivirus 2.5
23.  Ad-aware referencefile 01R254 01.02.2004

8:33:28 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Engineer calls his namesake son "2.0" instead of "Jr.". An engineer from Michigan named Jon Blake Cusack has named his son, also called Jon, "Jon Blake Cusack 2.0."

Link

(Thanks, edmz)
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Red Hat Shares Seen Overvalued -Barron's (Reuters). Reuters - Shares in Red Hat Inc. (RHAT.O) are seen as overvalued by some investors, as the leading distributor of free Linux software faces a deep-pocketed rival, according to an article in the latest edition of Barron's.
3.  SCO Group's Web Site Unavailable, Cites Computer Virus (Dow Jones). Dow Jones - LINDON, Utah -- SCO Group Inc. (NasdaqSC:SCOX - News) confirmed that a large, scale attack caused by the Mydoom computer virus has made the company's Web site, www.sco.com, completely unavailable.
4.  Nanotechnology the Science of Small Things (Reuters). Reuters - Nanotechnology, according to its fans, will jumpstart a new industrial revolution with molecular-sized structures as complex as the human cell and 100 times stronger than steel.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
5.  A Review of Nanotech's Future
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
6.  Free legal downloads for $6 a month. DRM free. The artists get paid. We explain how.... AnalysisCosting the alternatives to Apple Pepsi DRM
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
7.  DARPA-funded Linux security hub withers

7:33:07 PM    

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  'Mydoom' Virus Brings Down SCO Web Site. The SCO Group's Web site was hit two days before a similar virus was programmed to attack Microsoft Corp. By The Associated Press.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Digital music revolution changing the tune (AFP). AFP - 2004 will be the year of a new generation of mobile jukeboxes and telephones that will revolutionise how the world listens to music.
3.  Spam, scam, spoof and spyware: beware epidemic in Internet empire (AFP). AFP - Spam, the circulation of unwanted electronic messages, is dangerous and expensive for businesses and individuals and is growing uncontrollably on an epidemic scale.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
4.  Linux Going Mainstream
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
5.  IT firms top UK software piracy roll of shame. Putting skills to bad use
6.  Small firms fighting Microsoft addiction. Going cold turkey with Windows
7.  DARPA-funded Linux security hub withers. Nobody showed up
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
8.  IT Losing Ground in Virus Battle
9.  Early Worm Gets SCO Bird

6:32:46 PM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  MyDoom Knocks Down SCO Web Site (Reuters). Reuters - The MyDoom Internet worm on Sunday knocked down the Web site of a small software company by bombarding it with a flood of data as Microsoft Corp. (MSFT.O) prepared for a similar, planned attack by the virus-like program this week.

5:32:26 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Apple and Pixar, sitting in a tree?. Apple buying Pixar? It could happen, but is it a good idea? By Erik "kennedye" Kennedy.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Mydoom worm zaps US software maker's website, over one million PCs infected (AFP). AFP - The Internet's most voracious worm ever struck again, bringing down a website operated by US software maker SCO Group after infecting over one million computers worldwide.
3.  'Mydoom' Virus Brings Down SCO Web Site (AP). AP - A computer virus that targeted a small Utah software company performed as its perpetrators promised on Sunday, bringing down The SCO Group's Web site two days before a similar virus was programmed to attack Microsoft Corp.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
4.  Google v. Microsoft
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
5.  Vulnerabilities: GZip ZNew Insecure Temporary File Creation Symbolic Link Vulnerability. gzip is a freely available, open source file compression utility. It is maintained by public domain, and available for the Unix, Linux, and Microsoft operating systems. ..
6.  Vulnerabilities: Microsoft Windows Workstation Service Remote Buffer Overflow Vulnerability. A vulnerability in Microsoft Windows Workstation service has been reported. Because of this issue, it may be possible for a remote attacker to gain unauthorized access t...
7.  Vulnerabilities: GNU gzexe Temporary File Vulnerability. GNU gzexe is a component of the gzip set of file compression utilities. gzexe is a shell script that allows for executable files to be compressed in their existing files...
8.  Vulnerabilities: IRIX gr_osview Buffer Overflow Vulnerability. Under certain versions of IRIX the gr_osview command contains a buffer overflow which can be exploited by local users to gain root privileges. The gr_osview command produ...
9.  Vulnerabilities: CPAN WWW::Form HTML Injection Vulnerability. CPAN WWW::Form is an extendable Perl module that allows developers to handle HTML form validation.

A vulnerability has been reported in the software that may allow a rem...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
10.  Brazilian script kiddie arrested in Japan
11.  Security fears over UK 'snooper's charter'
12.  WorldPay floored by malicious attack
13.  WorldPay fights 'massive, orchestrated' attack
14.  Shoppers warned of £110m card not present fraud
15.  Eudora users warned over 'reply to all' trick
16.  East European gangs in online protection racket
17.  Al Jazeera hacker gets community service
18.  England Rugby team hunt electronic bugs
19.  The economics of spam
20.  EU sets up Euro-security agency
21.  US cybercrime push 'imperils personal security' of Americans
22.  US agencies arrest 125 in Operation Cyber Sweep
23.  UK ID theft gang jailed for £350K fraud
24.  US anti-spam bill edges towards law
25.  So when will Linux vendors charge for security fixes?
26.  Go-ahead US companies fail to prioritise security
27.  The Wells Fargo example
28.  Altiris makes Wise move in patch management
29.  The growing problem of identity theft
30.  NatWest warns of dodgy email
31.  Federal agencies flunk IT security audit. Again
32.  Phishmongers target Lloyds TSB customers
33.  Spooks seek right to snoop on Internet phone calls
34.  Windows-style security hell stalks Mac OS X? Yeah, you wish...
35.  US Secret Service airbrushes aerial photos
36.  Chats led to Acxiom hacker bust
37.  All the stupid people. Where do they all come from?
38.  Israeli man charged with hacking Mossad
39.  VeriSign unveils flash new site seal
40.  Canadian '419er' arrested
41.  Cybercrime - it's the outsiders wot's to blame
42.  WorldPay recovers from massive attack
43.  Microsoft's New Security Mojo
44.  Electronic Voting Debacle
45.  'Police abduction warning' email is a hoax
46.  ISS launches first hardware appliance
47.  Check Point looks beyond the perimeter
48.  Sentencing postponed in nuclear lab hack case
49.  Dutch blogsites fight cyberwar against spammer
50.  Nachi worm infected Diebold ATMs
51.  Police arrest ID thief in Wells Fargo case
52.  .name registry site hacked
53.  Rogue diallers now use satellite
54.  Security rivals settle patent dispute
55.  eBay 'hacker' challenges PC ban
56.  Congress passes anti-spam bill
57.  IE phishing scam exploit unearthed
58.  My sysadmin is a special constable
59.  'Gouging' memo leaves Diebold red-faced
60.  Credit cards: a contactless future
61.  Microsoft unleashes legal attack dogs on spammers
62.  Symantec cans another counterfeiter
63.  AOL's Sunshine State spam attack thwarted
64.  El Reg's fave security/hacking links
65.  Draft ID card bill slips into Queen's speech
66.  Sex and the City worms promise illicit thrills
67.  MS puts $250k bounty on virus authors' heads
68.  Linux kernel backdoor blocked
69.  FBI on look-out for foreign government hackers
70.  One, two, three, four MS patches at our door
71.  Don't put app protection on your firewall, Mr Jones
72.  Microsoft aims to 'shift the tide' in war on spam
73.  Proposed: a Bounty for Bugs
74.  MI5 takes charge of online terror tips
75.  Court limits in-car FBI spying
76.  Moratorium on RFID chips urged
77.  European Cyber security agency is go
78.  Check your sums, Debian advises developers after breach
79.  Scripting flaws pose severe risk for IE users
80.  Vuln exposes soft underbelly of Mac OS X
81.  Hackers used unpatched server to breach Debian
82.  A plague on all our networks
83.  Spam epidemic gets worse
84.  FTC probes PetCo.com security hole
85.  Mafia recruiting spammers, crackers, AV chief warns
86.  Yahoo! fixes Web mail vuln
87.  DVD Jon appeal ends: verdict before Xmas
88.  Check Point buys Zone Labs
89.  Check Point strengthens perimeter with Zone Labs
90.  'Open source' IE patch withdrawn for further patching
91.  Online crime up in 2003
92.  Mitnick to exploit hackers for $500 a pop
93.  Mydoom a réussi à paralyser SCO
94.  W32.Protoride.Worm

4:32:08 PM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  Intel cranks out new Pentium 4. The company on Monday will serve up a large helping of megahertz with five new Pentium 4 processors, which will spawn a number of new desktop PC models.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Intel Gives Power Boost to Desktop Computer Chips (Reuters). Reuters - Intel Corp. (INTC.O) on Sunday said it had refreshed its line of microchips for desktop computers with a new version of the Pentium 4 processor, designed to run increasingly power-hungry office and home entertainment software faster.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Columbia Disaster Anniversary
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
4.  Mydoom cripples US firm's website. The Mydoom virus overwhelms the website of US software firm SCO, which owns the Unix operating system.
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
5.  Vulnerabilities: LPRNG html2ps Remote Command Execution Vulnerability. A vulnerability has been discovered in the html2ps filter which is included in the lprng print system.

It has been reported that it is possible for a remote attacker to ...
6.  Vulnerabilities: Safe.PM Unsafe Code Execution Vulnerability. Perl code can implement an extension module called Safe. This allows code to be executed within "safe compartments". Code executed within a Safe compartment cannot acce...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
7.  Internet Explorer URL Spoofing Vulnerability
8.  CERT Summary CS-2003-01
9.  CA-2003-11 : Multiple Vulnerabilities in Lotus Notes and Domino
10.  CA-2003-12 : Buffer Overflow in Sendmail
11.  What is my Role in Information Survivability? Why Should I Care?
12.  CA-2003-13 : Multiple Vulnerabilities in Snort Preprocessors
13.  Making a Compelling Business Case for Investing in Information Security
14.  Updated CSIRT Handbook
15.  CERT Summary CS-2003-02
16.  OCTAVE Implementation Guide
17.  Congressional Testimony
18.  IN-2003-01: Malicious Code Propagation and Antivirus Software Updates
19.  New CERT. Certification for Computer Security Incident Handlers
20.  CA-2003-14 : Buffer Overflow in Microsoft Windows HTML Conversion Library
21.  CA-2003-15 : Cisco IOS Interface Blocked by IPv4 Packet
22.  CA-2003-16 : Buffer Overflow in Microsoft RPC
23.  CA-2003-17 : Exploit Available for the Cisco IOS Interface Blocked Vulnerabilities
24.  CA-2003-18 : Integer Overflows in Microsoft Windows DirectX MIDI Library
25.  CA-2003-19 : Exploitation of Vulnerabilities in Microsoft RPC Interface
26.  IN-2003-02: W32/Mimail Virus
27.  CA-2003-20 : W32/Blaster worm
28.  W32/Blaster Recovery Tips
29.  CA-2003-21 : GNU Project FTP Server Compromise
30.  IN-2003-03: W32/Sobig.F Worm
31.  CA-2003-22 : Multiple Vulnerabilities in Microsoft Internet Explorer
32.  Use Care When Reading Email with Attachments
33.  OCTAVE-S Implementation Guide
34.  CERT Summary CS-2003-03
35.  Congressional Testimony
36.  CA-2003-23 : RPCSS Vulnerabilities in Microsoft Windows
37.  CA-2003-24 : Buffer Management Vulnerability in OpenSSH
38.  CA-2003-25: Buffer Overflow in Sendmail
39.  Press Release: Creation of US-CERT
40.  Digital Millenium Copyright Act (DMCA) Comments and Testimony
41.  IN-2003-04: Exploitation of Internet Explorer Vulnerability
42.  CA-2003-26 : Multiple Vulnerabilities in SSL/TLS Implementations
43.  State of the Practice of Computer Security Incident Response Teams
44.  Staffing Your Computer Security Incident Response Team  What Basic Skills Are Needed?
45.  New PGP Key
46.  CA-2003-27 : Multiple Vulnerabilities in Microsoft Windows and Exchange
47.  CA-2003-28 : Buffer Overflow in Windows Workstation Service
48.  New Tech Tip: Before You Connect a New Computer to the Internet
49.  Updated CERT/CC Statistics
50.  CERT/CC Current Activity
51.  Ex-movie exec slams iTunes/Pepsi ad

3:31:47 PM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  MyDoom downs SCO site. The computer virus knocks out SCO Group's Web site, and the company expects the massive denial-of-service attack to continue until Feb. 12.
2.  MyDoom virus spells double trouble. roundup As expected, SCO Group gets hit with a massive denial-of-service attack Sunday from MyDoom. Also: Microsoft and SCO post rewards.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  It's All About the Ununpentium
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
4.  Mydoom worm cripples SCO website. The Mydoom virus overwhelms the website of US software firm SCO in a massive denial of service attack.
----------------------------------------------------------------------
Meerkat: An Open Wire Service: O'Reilly Weblogs
----------------------------------------------------------------------
5.  Some Nice Editorials on Dean and Blogs. A couple of links to thoughtful editorials on blogging and its limits as a tool in politics.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
6.  The MyDoom Internet worm claimed its first scalp Sunday, paralyzing the Web site of software firm The SCO Group Inc. with a massive data blitz. In ...
7.  Immigrant Database Draws Fire
8.  Profiling System Takeoff Delayed
9.  EU Travel Privacy Battle Heats Up
10.  Electronic Voting Firm Site Hack
11.  Bush Grabs New Power for FBI
12.  Copy No-No: Adobe and Uncle Sam
13.  Errant E-Mail Shames RFID Backer
14.  CAPPS II Stands Alone, Feds Say
15.  Secrecy Suddenly a Campaign Issue
16.  NASA's New Antiterrorism Mission
17.  Northwest Lands in Hot Water
18.  Legal Battle Over Chat-Room STDs
19.  Biometrics Enters Third Dimension
20.  Court Rules Against Patriot Act
21.  Mood Ring Measured in Megahertz
22.  Computer Caught Cheating At Chess
23.  China Internet Dissidents Freed
24.  Bank Of England Hit By Hoax e-mail
25.  Cyber Blackmail Targets Office Workers

2:31:26 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  How to get spyware-free RealPlayer through the BBC. An anonymous reader sez, "The BBC made a unique deal with Real Networks which disposes of their spyware tactics. Basically, if a user clicks on a link to download Real Player from a BBC website, the referrer script sends them to a page where they can download an expiry-free, spyware-free and nuicance-free version of the player. It's because the BBC have such a stringent public service remit, that it was offensive to charge people a license fee for BBC content, then make them pay all over again for the facility to view/listen to it."

Link

(Thanks, Anonymous Reader!)
2.  Satan as file-sharer. Satan, in Paradise Lost, on "Apple Sharing"

'O fruit divine, Sweet of thyself, but much more sweet thus cropt,
Forbidd'n here, it seems, as onely fit
For Gods, yet able to make Gods of Men:
And why not Gods of Men, since good, the more
Communicated, more abundant growes,
The author not impair'd, but honourd more?

Link

(via Oblomovka)
3.  MSFT outfits Chinese MiniTrue's Room 101. Amnesty International has fingered MSFT for violating the UN's Human Rights code in supplying the Chinese government with the network tools necessary to entrap and bust political dissidents.
Amnesty believes Microsoft is in violation of a new United Nations Human Rights code for multinationals which says businesses should 'seek to ensure that the goods and services they provide will not be used to abuse human rights'...

Microsoft told The Observer: 'We are focused on delivering the best technology to people throughout the world. However, how that technology is used is with the individual and ultimately not in the company's control.'

This is a curious rationale from a company that is shoving DRM down its customers' throats, effectively telling the entertainment industry that it believes that it can and should control how its users use its products.

Link

(via /.)
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
4.  Mapping Software Jolts City Governments (AP). AP - The bureaucratic, pothole-plagued world of big-city government is making creative use of sleek, innovative technology.
5.  'Mydoom' Virus Will Spread Until Feb. 12 (AP). AP - The Internet computer virus known as "Mydoom" will continue to hit e-mails on computers worldwide until Feb. 12, when it is programmed to stop, a leading computer security company said.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
6.  Recycle some of your 100 million Pepsi Songs
----------------------------------------------------------------------
Meerkat: An Open Wire Service: O'Reilly Weblogs
----------------------------------------------------------------------
7.  An Editorial on Terrorism from Bruce Schneier. Bruce Schneier has written an elegant argument against our country's slide towards a police state. Agree or disagree with his politics, you should read this piece.
8.  Humorous DNS Education from Netcraft. In a very clever and very funny article about how SCO could respond to the DDOS attack in the MyDoom worm, Mike Prettejohn of Netcraft also does a wonderful job of education about the possibilities in a single DNS command. This is the hack mindset at its best, seeing a world of implications where an ordinary user can only follow the directions.
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
9.  Vulnerabilities: OpenSSL ASN.1 Parsing Vulnerabilities. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. OpenSSL does not directly implement ASN.1 but does use ASN.1 objects in X.509 certificates a...
10.  Vulnerabilities: PJ CGI Neo Review Directory Traversal Vulnerability. PJ CGI Neo Review is a web based software.

A vulnerability has been reported to exist in PJ CGI Neo Review that may allow a remote attacker to access information outside...
11.  Vulnerabilities: Kerio Personal Firewall Local Privilege Escalation Vulnerability. Kerio Personal Firewall (KPF) is a desktop firewall solution that performs stateful packet inspection. It is available for the Microsoft Windows platform.

A vulnerabili...

1:30:07 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  How to get spyware-free RealPlayer through the BBC. Martin sez, "The BBC made a unique deal with Real Networks which disposes of their spyware tactics. Basically, if a user clicks on a link to download Real Player from a BBC website, the referrer script sends them to a page where they can download an expiry-free, spyware-free and nuicance-free version of the player. It's because the BBC have such a stringent public service remit, that it was offensive to charge people a license fee for BBC content, then make them pay all over again for the facility to view/listen to it."

Link

(Thanks, Martin!)
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Microsoft faces record EU fine in anti-trust probe (AFP). AFP - The European Union is considering imposing a record fine of 100 million euros (123 million dollars) on computer giant Microsoft on anti-trust charges, Germany's weekly Focus magazine revealed.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Microsoft Violates Human Rights in China
4.  UserLinux Will Support KDE
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
5.  Vulnerabilities: Legato NetWorker NSR_Shutdown Script Temporary File Symlink Attack Vulnerability. Legato NetWorker is a server package designed to help share data, media and backup processes across a heterogeneous network. The Legato NetWorker server will run on a num...

12:29:47 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Marvel and DC claim they own "superhero". Zed sez, "It seems Marvel and DC co-own a trademark on the word 'superhero.'"

GeekPunk is announcing that their flagship comic book title featuring superheroes patronizing their favorite bar & grill during their off-hours will now be entitled Hero Happy Hour beginning with the fifth issue of the ongoing series.

According to creator Dan Taylor, "The decision to change the title was brought upon by the fact that we received a letter from the trademark counsel to 'the two big comic book companies' claiming that they are the joint owners of the trademark 'SUPER HEROES' and variations thereof."

Link

(Thanks, Zed!)
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: CVS Malformed Request System Root File Creation Vulnerability. CVS is the Concurrent Versions System, which is a freely available open-source version management package. It is available for the Unix and Linux operating systems.

A v...
3.  Vulnerabilities: OracleAS TopLink Mapping Workbench Weak Encryption Algorithm Vulnerability. OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of va...
4.  Vulnerabilities: Third-party CVSup Binary Insecure ELF RPATH Library Replacement Vulnerability. CVSup is a network file distribution utility that is intended to be used with CVS repositories. It is available for various Unix/Linux derivatives.

It has been reported...
5.  Vulnerabilities: IBM Informix Dynamic Server/Informix Extended Parallel Server Multiple Vulnerabilities. IBM Informix Dynamic Server and IBM Informix Extended Parallel Server have been reported prone to multiple vulnerabilities.

The first issue exists in the onedcu binary. ...

11:29:27 AM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  Week ahead: Cisco, Quantum wrap up earnings season. The season may be winding down, but a few industry titans have yet to deliver their quarterly results, among them the networking giant and the storage vendor. This week they will.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Camera phones are hot despite concerns over privacy, spying (AFP). AFP - They are one of the hottest new technology items, but mobile phones with integrated cameras are also raising a host of concerns about privacy, industrial espionage and even pornography.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  SCO Offline
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
4.  Here are the links to the respective patches and summaries issued by Microsoft today
5.  Straddling the line between public service and marketing, Microsoft and a handful of security companies are sponsoring a campaign to heighten consu...
6.  Federal officials on Thursday announced they had cracked an international child pornography ring with arrests in New Jersey, France, Spain and Bela...
7.  A marked increase has been noticed in the number of copies of a Windows worm, landing in inboxes in Australia. The worm has been named W32.Beagle.A...
8.  An Ohio woman who used forged e-mails from "AOL security" to swindle America Online subscribers out of their credit card numbers was sentenced to 4...
9.  Kaspersky Labs has detected a new version of the notorious Internet worm Mimail. Mimail.q which has a built in encrypted key against anti-virus pro...
10.  A mass-mailing virus that quickly spread around the Internet on Monday is compromising computers so they attack the SCO Group's Web server with a f...
11.  The SCO Group Inc. said today it is experiencing a distributed denial-of-service (DDOS) attack apparently related to the Mydoom worm that first app...
12.  The U.S. Department of Homeland Security plans to announce details of a cyber alert system on Wednesday, two days after a virus called MyDoom sprea...
13.  Aiming to increase Internet security, the government is now offering Americans free cyber alerts and computer advice from the Homeland Security Dep...
14.  Kaspersky Labs has already received several reports of infections by this malicious program. Our analysts believe that Mydoom.b is probably using m...
15.  Microsoft Corp. promised Thursday to pay $250,000 to anyone who helps authorities find and prosecute the author of a fast-spreading computer virus....
16.  The leaders of the security-information-sharing organizations within some of the nation's critical-infrastructure sectors are criticizing the Depar...

10:29:06 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Mydoom spreads, US-based software vendor SCO braces for onslaught (AFP). AFP - A fast-spreading e-mail worm targetting US software manufacturer SCO is gaining ground as more and more computer users switch on infected machines, while experts say a major Mydoom attack on SCO is timed to hit at 1609 GMT.
2.  A Look at the MyDoom Internet Worm (Reuters). Reuters - The MyDoom Internet worm claimed its first scalp Sunday, paralyzing the Web site of American software firm SCO Group with a massive data blitz.
3.  MyDoom Net Worm Scores Hit, Knocks Out SCO Site (Reuters). Reuters - The MyDoom Internet worm claimed its first scalp Sunday, paralyzing the Web site of American software firm SCO Group with a massive data blitz.

9:28:46 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Introducing Linux to Joe Average
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
2.  Free legal downloads for $6 a month. DRM free. The artists get paid. We explain how.... Costing the alternatives to Apple Pepsi DRM
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Worm hits 15 per cent of global email traffic in first 24 hours
4.  Antivirus software is not enough to cope with the frequent flaws in corporate software
5.  Alarm bells ring again as Dumaru worm launches bogus Microsoft website
6.  National High Tech Crime Unit warns firms to leave computer forensics to the experts
7.  First variant more dangerous than the original, warns antivirus firm
8.  Microsoft puts up another $250,000
9.  Double whammy as Mimail.S variant adds to worldwide devastation
10.   German student Fritz Reul and his computer, called List have been booted out of world chess championships for cheating. Fritz Reul was accused of ...
11.   A Chinese student arrested for criticising the Communist Party on the internet has been released from prison. Liu Di had been held without charge ...
12.   The Bank of England is mounting an urgent investigation after falling victim to a hoax e-mail that asked business and the public to download softw...
13.   Cyber blackmail artists are shaking down office workers, threatening to delete computer files or install pornographic images on their work PCs unl...
14.   Adrian Lamo, the so-called "homeless hacker," pleaded guilty this week to charges that he broke into the internal computer network. The 22-year-ol...
15.   American consumers filed more that half-a-million fraud reports last year adding up to over $437 million in losses, with Internet fraud for the fi...
16.   Fraud and identity theft complaints rose last year in Maryland, leaving more than 10,000 victims around the state who were hit up for millions of ...
17.   A federal judge sentenced a former Microsoft Corp. employee to nearly two years in prison and ordered him to pay more than $4 million in restituti...
18.   A Bay Shore man has been arrested by federal agents on charges of selling $80,000 worth of counterfeit copies of popular bookkeeping software over...

8:08:43 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Rigged election called possible (SiliconValley.com). SiliconValley.com - Yes, according to a report presented to the Maryland Legislature Thursday by Raba Technologies, a consulting firm. Maryland hired Raba's computer scientists to hack into its Diebold electronic voting system. The researchers found that software vulnerabilities could allow a saboteur to vote multiple times or tamper with computer code to steal an election.
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
2.  Virgin Mobile on road to market. German group T-Mobile is selling its 50% stake in UK mobile phone firm Virgin Mobile, paving the way for a stock market flotation.
3.  Song-swappers in download ad. Teenagers sued for downloading music illegally from the internet appear in a US TV advert.
4.  Rude copycat upsets Google. The net's biggest search engine issues a legal warning to a pornography site called Booble.
5.  Office workers want to break free. Staff who can telecommute from their back garden could be more productive, says a survey.
6.  Linux steps into the limelight. Linux is going mainstream, with global computer firms embracing the open source operating system.
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
7.  Double Jeopardy for kids caught in Pepsi Apple promo. Superbowl Shame
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
8.  December's top twenty most wide-spread malicious programs shows the return of the macro-viruses Saver and Thus, and the Windows file virus FunLove....
9.  A new modification of Mimail sent in mass spam distribution
10.  Kaspersky Labs, a leading information security software developer is warning users about I-Worm.Bagle, a new Internet worm detected in the wild. Th...
11.  E-mail worm pretending to be a letter from Microsoft once again
12.  A new version of the notorious Internet worm Mimail.
13.  A new Internet worm causes a new global outbreak
14.  A new version of Mydoom has been detected in the wild
15.  Kaspersky Labs provides a free removal tool for the latest Internet worm.
16.  http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.
17.  http-equiv has reported a vulnerability in Windows XP, which can be exploited by malicious people to compromise a user's system or gain escalated p...
18.  A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and statu...
19.  March 21, 2003 Topics in this regularly scheduled CERT Summary include vulnerabilities in Core Windows DLL, Sendmail, MS-SQL Server, the Session ...
20.  March 26, 2003 Multiple vulnerabilities have been reported to affect Lotus Notes clients and Domino servers. Multiple reporters, the close tim...
21.  March 29, 2003 There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root.
22.  April 14, 2003 This presentation discusses the relationship between software engineering process improvement and information survivability.
23.  April 17, 2003 There are two vulnerabilities in the Snort Intrusion Detection System, each in a separate preprocessor module. Both vulnerabilitie...
24.  April 28, 2003 Funding for information security is a sound investment in the success of a business. Here are a few tips for making a compelling b...
25.  May 8, 2003 The 2nd edition of the Handbook for Computer Security Incident Response Teams (CSIRTs) provides updated guidance on generic issues ...
26.  June 3, 2003 Topics in this regularly scheduled
27.  June 23, 2003 The OCTAVE Implementation Guide is
28.  June 25, 2003 On June 25, 2003, the director of the CERT. Centers presented testimony entitled "Cyber Security - Growing Risk from Growing Vulner...
29.  July 2, 2003 Recent reports to the CERT/CC have highlighted that the speed at which viruses are spreading is increasing and that users who were c...
30.  July 10, 2003 The CERT/CC has created a program to certify individuals in computer security incident handling. This new certification program com...
31.  July 14, 2003 A buffer overflow vulnerability exists in a shared HTML conversion library included in Microsoft Windows. An attacker could exploi...
32.  July 16, 2003 A vulnerability in many versions of Cisco IOS could allow an intruder to execute a denial-of-service attack against a vulnerable de...
33.  July 17, 2003 A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit ...
34.  July 18, 2003 An exploit has been posted publicly for the vulnerability described in VU#411332 , which was announced in http://www.cisco.com/wa...
35.  July 25, 2003 A set of integer overflows exists in a DirectX library included in Microsoft Windows. An attacker could exploit this vulnerability...
36.  July 31, 2003 The CERT/CC is receiving reports of widespread scanning and exploitation of two recently discovered vulnerabilities in Microsoft Re...
37.  August 2, 2003 On Friday, August 1st 2003 the CERT Coordination Center began to receive an increased number of reports of a new mass mailing viru...
38.  August 11, 2003 The CERT/CC is receiving reports of widespread activity related to a new piece of malicious code known as W32/Blaster. This worm ...
39.  August 12, 2003 This document contains tips for recovering from the W32/Blaster worm.
40.  August 13, 2003 The CERT/CC has received a report that the system housing the primary FTP servers for the GNU software project was compromised.
41.  August 22, 2003 The CERT/CC has been receiving a large volume of reports of a mass mailing worm, referred to as W32/Sobig.F, spreading on the Int...
42.  August 26, 2003 Microsoft Internet Explorer (IE) contains multiple vulnerabilities, the most serious of which could allow a remote attacker to e...
43.  August 28, 2003 This article provides steps you can use to help decide what to do with email messages that contain attachments.
44.  September 5, 2003 The OCTAVE-S Implementation Guide , designed for small organizations, is available for download .
45.  September 8, 2003 Topics in this regularly scheduled CERT Summary include the W32/Sobig.F worm, exploitation of vulnerabilities in Microsoft's RP...
46.  September 10, 2003 The director of the CERT Coordination Center presented testimony entitled "Viruses and Worms: What Can We Do About Them?"
47.  September 10, 2003 Microsoft has published a bulletin describing three vulnerabilities that affect numerous versions of Microsoft Windows. Two of...
48.  September 16, 2003 There is a remotely exploitable vulnerability in a general buffer management function in versions of OpenSSH prior to 3.7. Th...
49.  September 18, 2003 A vulnerability in sendmail could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon...
50.  September 19, 2003 The Department of Homeland Security has partnered with the CERT Coordination Center to create US-CERT, a coordination point fo...
51.  September 30, 2003 A senior member of the technical staff at the CERT Coordination Center submitted comments to the Library of Congress Copyright...
52.  October 1, 2003 The CERT/CC has received reports indicating that attackers are actively exploiting the Microsoft Internet Explorer vulnerability ...
53.  October 2, 2003 There are multiple vulnerabilities in different implementations of the Secure Sockets Layer (SSL) and Transport Layer Security (...
54.  October 2, 2003 This report summarizes research results from a pilot survey and other sources.
55.  October 13, 2003 This document describes a minimum set of basic skills CSIRT staff members should have.
56.  October 15, 2003 The CERT/CC has issued a new PGP Key. It is valid until November 1, 2004.
57.  October 16, 2003 There are multiple vulnerabilities in Microsoft Windows and Microsoft Exchange, the most serious of which could allow remote at...
58.  November 11, 2003 A buffer overflow vulnerability exists in
59.  December 15, 2003 This Tech Tip provides guidance for users connecting a new (or newly upgraded) computer to the Internet for the first time.
60.  January 13, 2004 SiLK is a collection of netflow tools that facilitates security analysis in large networks.
61.  January 13, 2004 A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice o...
62.  January 22,
63.  January 27, 2004 The CERT/CC has been receiving reports of a new
64.  January 27, 2004 In recent weeks there have been several mass-mailing viruses released on the Internet. It is important for users to understand t...
65.  January 27, 2004: ; 1 topic updated The CERT/CC Current Activity web page is a regularly updated summary of the most frequent, high-impact types...
66.  January 29, 2004 CERT advisories have become a core component of US-CERT's Technical Cyber Security Alerts.
67.  W32.Torun.dr, Worm.W32.Torun [Kaspersky], PE_TORUN.A [Trend]
68.  W32/Jitux.worm [McAfee], WORM_JITUX.A [Trend]
69.  Downloader-DI.dam [McAfee], Troj/Antikl-Dam [Sophos]
70.  Win32.Randon.AC [Kaspersky]
71.  W32/Legemer.worm [McAfee]
72.  Backdoor.Agobot.3.gen [Kaspersky]
73.  Trojan.Win32.Bizten [Kaspersky]
74.  W32/Mimail.p@MM [McAfee], Win32.Mimail.P [Computer Associates], WORM_MIMAIL.P [Trend], W32/Mimail-N [Sophos], I-Worm.Mimail.p [Kaspersky]
75.  Backdoor.SdBot.gen [Kaspersky]
76.  Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos]
77.  W32/Gaobot.worm.gw [McAfee]
78.  Backdoor.NetTrash, Backdoor/NetTrash.10.a [Kaspersky]
79.  Downloader-GN [McAfee], Troj/Mmdload-A [Sophos]
80.  Worm.Win32.Randon.o [Kaspersky]
81.  Macro.Word97.Racaga [Kaspersky]
82.  I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates]
83.  I-Worm.Zsyang [Kaspersky]
84.  Mitglieder [F-Secure]
85.  Backdoor.Snart.j[Kaspersky]
86.  Backdoor.Optix.Pro.13 [Kaspersky]
87.  W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend]
88.  W32/Dumaru.z@MM [McAfee]
89.  W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos]
90.  W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]
91.  Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom...
92.  Backdoor.IRCBot.gen [Kaspersky]
93.  Backdoor.Aphexdoor.10 [Kaspersky]
94.  W32/Mimail-S [Sophos], WORM_MIMAIL.S [Trend], Win32.Mimail.S [Computer Associates], W32/Mimail.s@MM [McAfee]
95.  W32/Dfcsvc.worm [McAfee]
96.  Backdoor.IRCBot.gen [KAV]
97.  Keylog-Stawin [McAfee], Troj/Stawin-A [Sophos]
98.  Attack target offers $250,000 reward for arrest of Mydoom's author.
99.  New system will warn public about virus outbreaks, scams, and software flaws.
100.  Mydoom-B worm blocks access to antivirus sites, plans DOS attack on Microsoft.
101.  Homeland Security service offers tips, e-mail alerts about hazards online.
102.  Experts warn that Mydoom-infected PCs leave back doors open to further attack.
103.  Standard antivirus efforts--updated definitions and filtering--are stemming the worm's travel.
104.  Author of worm targeting Windows PCs could join company's most-wanted list.
105.  Software giant will pay $250,000 for information about the virus author.
106.  Victims clean up, brace for attack as worm continues to crawl across Net.
107.  Mydoom readies its weekend attack, but you can make sure your PC doesn't participate.

7:08:24 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  OECD to Sound International Alarm Bell on Spam (Reuters). Reuters - Governments around the world should pool resources to fight spam as the problem knows no national boundaries, the Organization for Economic Cooperation and Development will tell an anti-spam summit this week.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  SUSE Linux Enterprise Server 8 on IBM eServers now has Common Criteria's Controlled Access Protection Profile.
3.  Scientists who analyzed the system believe it could be vulnerable to hacking, DOD officials do not intend to change their plans.
4.  Simple safeguards can help, the institute says.
5.  Space agency could issue more than 100K One NASA cards
6.  Building a classified network
7.  The MyDoom worm's author may have avoided .gov and .mil sites to delay the creation of antivirus definitions, a Symantec official says.
8.  The Federal Information Security Management Act of 2002 has the right ideas, but the difficulty is carrying them out, Rep. Tom Davis says.
9.  The Homeland Security Department today unveiled a National Cyber Alert System to warn computer users of viruses and other Internet-borne attacks.
10.  The signup site for the National Cyber Security Alert System has captured public attention.
11.  The document advises agencies on procedures to authenticate users before giving them access to a computer information system.

6:08:04 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  James Cameron's Illustrated Mars Reference Design

5:07:42 AM    

----------------------------------------------------------------------
Dilbert
----------------------------------------------------------------------
1.  Dilbert for 01 Feb 2004.

4:37:32 AM    


3:37:13 AM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Car Talk dumps Real for WMP. The guys who run Car Talk on NPR have dumped RealMedia in favor of Windows Media Player, having gotten fed up with Real's deceptive practices that try to force you into downloading the payware version of their player.

Here's the problem. In order to hear our audio, you have to go to Real.com and download their "free" RealPlayer. But when you get to the web site, the free player is harder to find than Osama Bin Laden at night. And the site seems to do everything it possibly can to get you to "buy" a player instead. You have to work very hard to get the free player. And we think that stinks. And get this. It stinks so much that it even makes Microsoft look good by comparison. That's something, huh?

Link

(via /.)
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  NPR's Car Talk Dumping RealMedia

2:36:53 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  Holding the Night In Its Arms

1:36:33 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  www.sco.com unreachable

12:36:12 AM    

© Copyright 2004 Gregg Doherty .
Last update: 3/2/2004; 3:35:58 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Gregg's Security News Aggregator" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.