Saturday, February 14, 2004

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  King Kong: Don't Mess With the Monkey
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  Irish Minister for Justice Doubts Usefulness of New Privacy Law
3.  Bluetooth Phones at Risk From 'Snarfing'
4.  Task Force to Examine New Internet Protocol Version
5.  Conference Explores International Impact of Spam
6.  German DP Commissioner Criticizes Draft IPR Enforcement
7.  Italy: Five Years Data Retention
8.  Polish Government Allowed to Send SMS-Spam
9.  Russian Plans to Introduce New Id-System
10.  EU Commission heads for global travel surveillance system
11.  Big Brother Awards presented in Paris
12.  European Court Underlines Public Access Rights
13.  ICA Kort registrerar köpvanor- nu måste alla kunder informeras
14.  Dina rättigheter enligt PuL
15.  Lättnader i PuL föreslås

11:26:29 PM    

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  A Spin on Route 1040: Testing the Software Programs. Which of the popular tax-preparation software programs is best? There is no definitive answer. By Charles Delafuente.
2.  Release of Windows Coding Is a New Worry for Microsoft. The distribution of the secret programmer's instructions for the Windows operating system poses legal and security challenges for Microsoft. By John Markoff.
3.  Cingular Bid Is Said to Be $35 Billion. Cingular Wireless submitted a $35 billion bid to acquire AT&T Wireless, whose board is expected to meet Saturday to consider the bid and possibly others. By Matt Richtel and Andrew Ross Sorkin.
4.  Amazon Glitch Unmasks War of Reviewers. A glitch on Amazon's Canadian site revealed the identities of people who had anonymously posted book reviews on the U.S. site. By Amy Harmon.
----------------------------------------------------------------------
SecurityFocus News
----------------------------------------------------------------------
5.  News: Belgium police arrest female virus-writer. The Associated Press
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
6.  MS04-007 Exploit released
7.  Law Enforcement and Corporate Web Anonymizer

10:26:08 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Metal Gear Solid's Rex & Ray in Lego Blocks

9:25:48 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Backlash as EMI Hunts Down the Grey Album
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  [VIRUS] Robin Hood virüsü? Yeni bir Nachi varyantý yayýlýyor!
3.  [MS] Windows'un program kodlarý internete sýzdý
4.  XFree86 Project XFree86 Font Information File Buffer Overflow Vulnerability

8:25:28 PM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  FBI on case of stolen Microsoft Windows source code (FBI). FBI - An FBI task force hunted for a cyber-criminal who posted on the Internet source code for Windows, the jewels of Microsoft's software empire.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Diamond Age Coming Soon
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities. The phpCodeCabinet scripts are designed to be a reference library for personal and professional use. They are implemented in PHP and are freely distributable under the G...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
4.  MS04-007 Exploit released

7:25:08 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Zaurus SL-C860 Review
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: Linux Kernel Samba Share Local Privilege Elevation Vulnerability. A local privilege escalation vulnerability has been reported to affect the 2.6 Linux kernel.

The issue appears to exist due to a lack of sufficient sanity checks perform...
3.  Vulnerabilities: Ratbag Game Engine Denial of Service Vulnerability. Ratbag develops PC games for Microsoft Windows platforms. Ratbag games include Dirt Track Racing, Dirt Track Racing Australia, Leadfoot, Dirt Track Racing Sprint Cars, D...

6:24:48 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Amazon.com Pierces Reviewer Anonymity
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: BolinTech Dream FTP Server User Name Format String Vulnerability. BolinTech Dream FTP Server is a multithreaded FTP server designed for Microsoft Windows platforms.

Dream FTP Server has been reported to be prone to a remote format stri...
3.  Vulnerabilities: Monkey HTTP Daemon Missing Host Field Denial Of Service Vulnerability. Monkey is an open source Web server written in C, based on the HTTP/1.1 protocol. It is available for Linux platforms.

Monkey HTTP Daemon is prone to a denial of service...
4.  Vulnerabilities: Gallery Remote Global Variable Injection Vulnerability. Gallery is a web application designed to allow users to manage images on their web site, such as creating photo albums. Gallery is written in the PHP script language.

A...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
5.  MS04-007 LSASS.EXE Win2k Pro Remote DoS Exploit
6.  Spammers And Hackers Work Hand-In-Hand
7.  Profanity hidden in Microsoft code leak

5:24:27 PM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Cingular Wireless ups bid for AT&T Wireless as tender deadline passes (AFP). AFP - Cingular Wireless upped its bid to buy AT&T Wireless from 30 billion to an estimated 34 billion dollars as the deadline for bids passed Friday, it was reported.
2.  Academics Turn to Video Games (AP). AP - Ever yearn to study "Tetris" as a metaphor for American consumerism? Or write a paper on narrative structure in the horror action game "Silent Hill"? How about ponder "Grand Theft Auto III," infamous for its violent bent, as an examination of the human condition?
3.  Programs: Nancy Drew Finds Danger in Whale Tale (Reuters). Reuters - (Gene Emery is a columnist who covers science and technology. His Internet address is GEmery(at)Cox.net. Any opinions in the column are his alone.)
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
4.  The Science of Love
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
5.  Vulnerabilities: Microsoft Internet Explorer Unauthorized Clipboard Contents Disclosure Vulnerability. A vulnerability was reported in Microsoft Internet Explorer that could permit a remote site to gain access to contents of the client user's clipboard.

This vulnerabili...

4:24:09 PM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Tech Firm Eyed in Windows Code Leak Probe (AP). AP - The investigation into the illegal disclosure of blueprints for some versions of Microsoft Corp.'s Windows software has turned to a small technology company in Silicon Valley that works closely with Microsoft.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  ESR's Open Letter to McNealy: Set Java Free!
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Privacy in Peril
4.  Privacy: Limits To Electoral Advertising Via SMS, MMS, Mail
5.  Report: People Don't Trust Government To Protect Privacy Feb. 13, 2004
6.  Daily Yomiuri On-Line
7.  Government Data Rules Eliminate Hope of Privacy for US Air Travelers

3:23:52 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Microsoft leaked confirmed, signs of apocalypse still missing. Microsoft has confirmed the leak of portions of the Windows code, which stemmed Mainsoft, who develops portability tools for UNIX. By Ken "Caesar" Fisher.
----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
2.  "I'm the guy that killed that mad cow ... a good walker.". Website by a man who claims to have slaughtered the mad cow. He says the cow was not a downer as claimed by the USDA.

WE WERE ONLY TESTING DOWNERS FOR BSE. NO MORE DOWNERS MEANS NO MORE BSE TESTING. PERIOD. We tested that big white walker because she was mixed in with the downers. Mad cows are not downers they are up and they are crazy. The USDA started testing downers because they didn't think they would find any BSE cows in that mess. They could then say to the consumer we've been testing and we haven't found anything. EAT YOUR MEAT. BUY BEEF. ITS SAFE
Link
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Specialized Knoppixes for Fun and Profit
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
4.  Vulnerabilities: Opera Web Browser CLSID File Extension Misrepresentation Vulnerability. A vulnerability has been reported in Opera Web Browser that may allow files to be misrepresented to client users. This issue could be exploited to deceive users into open...
5.  Vulnerabilities: Gaim Multiple Remote Boundary Condition Error Vulnerabilities. Gaim is an instant messaging client that supports numerous protocols. It is available for the Unix and Linux platforms.

Several vulnerabilities in the handling of YMSG p...
6.  Vulnerabilities: Util-Linux Login Program Information Leakage Vulnerability. Login is a component of the util-linux package. It is available for the Linux platform.

A problem has been identified in the handling of information by the login compon...
7.  Vulnerabilities: Midnight Commander Virtual File System Symlink Buffer Overflow Vulnerability. Midnight Commander is a popular file management tool for Unix systems. Among other features, Midnight Commander is provided with a code layer to access the file system; t...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
8.  JS_SPAWN.B
9.  New Anti-spam Initiative Gaining Traction
10.  Defending Open Source Security

2:23:28 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Et Cetera: Tayto, Tayto, how I love thee. Roundup with news on ATI's R420 and friends, more PPC 970FX news, thoughts on Microsoft and Disney, and more. By Ken "Caesar" Fisher.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Perl Haiku Contest Winners Announced
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: HP-UX NLSPATH Environment Variable Format String Vulnerability. HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen(3C) and may be executed by other local users. HP-UX libc does not properly prevent the pas...
4.  Vulnerabilities: Novell Groupwise Webaccess Cross Site Scripting Vulnerability. GroupWise is the commercial groupware package distributed and maintained by Novell.

A vulnerability has been reported to exist in Novell Groupwise that may allow a remot...
5.  Vulnerabilities: VisualShapers ezContents Multiple Module File Include Vulnerability. VisualShapers ezContents is a website content management system based on PHP and MySQL. It allows multiple users to update and maintain a website.

A vulnerability has be...
6.  Vulnerabilities: BosDev BosDates SQL Injection Vulnerability. BosDates is a commercially available web based event calendar organization system. It is implemented using PHP with a MySQL database backend for Unix and Unix like opera...

1:23:08 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Happy Valentine's Day. Love is all that matters.

(image: a snapshot I took at Burning Man 2003 -- full size here).
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Cingular Said to Boost AT&T Wireless Bid (AP). AP - Cingular Wireless was planning to submit a new bid to buy AT&T Wireless for at least $31.9 billion, a source familiar with the situation said.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  FCC Rules On Pulver Free World Dialup
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
4.  Vulnerabilities: Linux Kernel R128 Device Driver Unspecified Privilege Escalation Vulnerability. The Linux Kernel supports numerous driver modules; one such is the R128 ATI Rage 128 bit video card driver module.

It has been reported that the Linux Kernel is prone to...
5.  Vulnerabilities: Linux Kernel 32 Bit Ptrace Emulation Full Kernel Rights Vulnerability. Unix and Unix-like kernels offer a debugging facility called ptrace. Ptrace allows for one process to 'attach' to another and inspect/modify it's memory. Updating certain...

12:22:47 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Happy Valentine's Day. Love is all that matters.

(image: a snapshot I took at Burning Man 2003 -- full size here).
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Computers Replace Musicians In West End Musical
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: Apache Web Server Multiple Module Local Buffer Overflow Vulnerability. A vulnerability has been reported to exist in Apache that may allow a local attacker to gain unauthorized access by executing arbitrary code on a vulnerable system. The c...

11:22:28 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Paper: Glitch Identifies Amazon Reviewers (AP). AP - Many sign their names. Many don't. They're the book reviewers on Amazon.com who use such words as "masterful," "page-turner" and "tear-jerker." But the ones who sign their critiques only as "a reader from (fill in the city)" lost their anonymity this week when their identities were revealed on Amazon.com's Canadian Web site.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Open Source Spreads Beyond Software
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Íå âñå ýêñïåðòû âïàëè â ïàíèêó
4.  Hackers getting new foe

10:22:09 AM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  The future of intelligent robots. Knowledge@Wharton finds that while people tend to imagine robots in terms of science fiction or human worker replacements, the truth may be more mundane and less sinister.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Hackers get hold of Microsoft's crown jewels (AFP). AFP - Nothing is more sacred to the Microsoft than its crown jewels - the millions of lines of secret computer code that propelled it from garage startup to one of the world's wealthiest corporations.
3.  Away on Business: On-Line Booking Grows (Reuters). Reuters - For many business travelers planning a trip still means reaching for a telephone instead of keyboarding onto the Internet.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
4.  Interplanetary Network (IPN) Tested

9:21:47 AM    

----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
1.  Home study 'is video game leave'. Many pupils who get a fortnight of home study for their GCSEs are using it as "video game leave", a minister says.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  001.txt.asc
3.  ELF_RPATH.txt
4.  webBlog11.txt
5.  cisco-sa-20040129-ms..>
6.  phpGedView_v2.txt
7.  libtool152.txt
8.  lftp.c
9.  sslexp.c
10.  winblast.sh
11.  servu3.c
12.  phototool.txt
13.  PHPportal.txt
14.  serv-ME.c
15.  apache2047.txt
16.  Ñëåäû óòå÷êè èç Microsoft âåäóò â Mainsoft
17.  FreeBSD-SA-04:01.mks..>

8:21:28 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  EBay now a hot spot for fashion (SiliconValley.com). SiliconValley.com - The online auction house once thought of as the fastest way to dump garage sale castoffs is now the place to buy and sell Jimmy Choo shoes, Salvatore Ferragamo alligator handbags and Etro coats. And this season, eBay is taking its fashion credentials further -- it will auction garments straight off the New York runways from hot young design team Proenza Schouler, six months before they hit the stores.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Defending Open Source Security

7:21:08 AM    

----------------------------------------------------------------------
Wired News
----------------------------------------------------------------------
1.  Windows Code for the Taking. A day after Microsoft said that part of the source code for its operating system had been leaked, all kinds of people were downloading pirate versions. Some of them may be up to a bit of no good.
2.  Scientists Advance Hydrogen Tech. University of Minnesota researchers make hydrogen from ethanol in a prototype reactor that is small enough to generate power for homes and cars. It could help bring renewable hydrogen to the mass market.
3.  The Russian Nesting Doll of Games. The object of The Sims, a popular video game, is to keep the characters happy in their daily lives. Now comes a fan-made plug-in that lets the in-game characters amuse themselves by -- what else? -- playing the SimCity video game. By Daniel Terdiman.
4.  Copyright Enters a Gray Area. The Grey Album, which mixes music from the Beatles' White Album with lyrics from rapper Jay-Z's Black Album, is being hailed as a classic. EMI thinks it's a classic, too -- a classic case of copyright violation. By Noah Shachtman.

6:20:47 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  Sophos Anti-Virus Can Be Hung With Specially Crafted MIME Headers
2.  Sami FTP Server Can Be Crashed By Remote Authenticated Users With Various FTP Commands
3.  phpWebSite 'ANN_id' Variable Input Validation Hole Lets Remote Users Inject SQL Commands
4.  XFree86 Additional Font Information File Buffer Overflows Let Local Users Gain Root Privileges
5.  ASP Portal Has Multiple Flaws That Let Remote Users Hijack Accounts, Inject SQL Commands, and Conduct Cross-Site Scripting Attacks
6.  BKDR_OSITDOOR.N

5:20:28 AM    

----------------------------------------------------------------------
Dilbert
----------------------------------------------------------------------
1.  Dilbert for 14 Feb 2004.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Japan's DoCoMo gives up bidding for AT and T Wireless (AFP). AFP - Japan's top cellphone carrier NTT DoCoMo has decided to withdraw from bidding for AT and T Wireless because of its hefty price tag, reports said.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  The Galaxy's Largest Diamond
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
4.  Probing Halo's enduring appeal. What is it that gives some games enduring appeal, asks Daniel Etherington of BBCi Collective in his column.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
5.  Broker FTP Server Can Be Crashed By Remote Users Connecting/Disconnecting
6.  OpenH323 PWLib Contains H.323/H.225 Processing Errors

4:20:09 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  MS: Run, Don't Walk To Fix This Flaw
2.  MyDoom's Last Gasp, Offspring Live On
3.  Big I.T. Guns Team on Security

3:19:47 AM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  There's a club if you'd like to go.

The photo inside The Smiths' The Queen is Dead album depicts the boys in front of the Salford Lads Club in Manchester, England. Ever since the record was released in 1986, the building has become a mecca for Smiths fans--a notoriously, er, dedicated bunch. At first, the Club was less than thrilled at being associated with the kinds of characters who would sing about "stealing lead from a church roof." Now though, the charity is dedicating an entire room to those charming men who made their gateway famous. Link (Thanks, Chris!)
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  Secret Windows code leaked on Internet
3.  Vendors aid convergence of networking, security
4.  Adware spam targets instant messaging users
5.  Chemical, Printable RFIDs
6.  Firewall Protection for Paper Documents
7.  RFID Journal
8.  RFID Journal Live! - March 29 to 31, 2004 Hilton Chicag
9.  Canadian Privacy Act
10.  The Personal Information Protection and Electronic Documents Act
11.  Canadian Recording Industry Goes After P2P Users
12.  Ebay Fraud - Scamming the Scammer AlienWare

2:19:29 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Desktop Linux Share Overtaking Macintosh
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  Windows Source Code; How to Detect ASN.1 Exploits
3.  IBM Simplifies Mainframe Security
4.  Source Code Leak Offers Novel Security Test
5.  RAINBOW.2715
6.  Secret Windows code leaked on Internet
7.  Vendors aid convergence of networking, security
8.  Adware spam targets instant messaging users
9.  Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
10.  RE: [Full-Disclosure] Re: W2K source "leaked"?
11.  Re: Apache Http Server Reveals Script Source Code to Remote Users AndAny Users Can Access The Forbidden Directory ("/WEB-INF/")

1:19:08 AM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Amazon discloses many reviews written by insecure, sniping writers. Amazon accidentally revealed the real names of many anonymous reviewers this week, through a bug in the amazon.ca back-end. It turns out that many of the reviewers are writers saying nice things about their own books or trashing their colleagues.

"That anybody is allowed to come in and anonymously trash a book to me is absurd," said Mr. Rechy, who, having been caught, freely admitted to praising his new book, "The Life and Adventures of Lyle Clemens," on Amazon under the signature "a reader from Chicago." "How to strike back? Just go in and rebut every single one of them...."

One well-known writer admitted privately -- and gleefully -- to anonymously criticizing a more prominent novelist who he felt had unfairly reaped critical praise for years. She regularly posts responses, or at least he thinks it is her, but the elegant rebuttals of his reviews are also written from behind a pseudonym.

Link
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  BugTraq: RE: [Full-Disclosure] Re: W2K source "leaked"?. Sender: Drew Copley [dcopley at eeye dot com]
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  [FLSA-2004:1232] Updated slocate resolves security vulnerabilites

12:18:47 AM    

© Copyright 2004 Gregg Doherty .
Last update: 3/2/2004; 3:36:12 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Gregg's Security News Aggregator" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.