Sunday, February 22, 2004

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Subversion 1.0 Released
----------------------------------------------------------------------
LinuxSecurity.com
----------------------------------------------------------------------
2.  Crypto Chip Choices Confound PC Makers
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Security Alerts and Bulletins

11:21:23 PM    

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  Hey, Gang, Let's Make Our Own Supercomputer. The California university will experiment with 'Flash-mob computing' - inviting as many people as possible to hook into a network, trying to make one of the world's fastest computers. By John Markoff.
2.  Palm's Marriage of Convenience to Handspring Shows Promise. PalmOne may have bought Handspring last year, but it looks like the team behind the Handspring Treo may drive the combined company's innovation. By Laurie J. Flynn.
3.  Trial Against I.B.M. Over Worker Safety Practices Is Nearing a Finish. Robert C. Weber is the lawyer defending I.B.M. against a class-action suit alleging that workers at its chip plants were exposed to toxic chemicals. By Laurie J. Flynn.
4.  Cashing In on ring Tones. The ring tone business looks good to record companies - but a do-it-yourself program may cut the profits short. By Bob Tedeschi.
5.  A Handset for Two Worlds. The advent of voice-over-Internet telephone technology is giving inventors a rich vein to mine. By Sabra Chartrand.
6.  In Politics, the Web Is a Parallel World With Its Own Rules. A new bare-knuckled political use of the World Wide Web has showed its head: the Internet attack ad. By Jim Rutenberg.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
7.  Total Information Awareness, Disguised And Alive

10:21:03 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  FCC to push relaxing of low-power FM restrictions. FCC finds Low-power FM to not interfere with larger radio stations. Recommendations to congress: Relax restrictions By Matt Woodward.
2.  Deep inside the K Desktop Environment 3.2. The KDE developers have been hard at work for some time, and the fruit of their labor, KDE 3.2 was released earlier this month. Ars Technica takes a detailed look at what's new with 3.2 By Eric Bangeman.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  WORM_DOOMRAN.A
4.  HKTL_VIR32LAB.A
5.  TROJ_VB.AL
6.  TROJ_VB.AA
7.  RIAA to face MyDoom's music?
8.  Program shields anonymous flaw sleuths
9.  Judge: DVD-copying software is illegal
----------------------------------------------------------------------
About Internet/Network Security
----------------------------------------------------------------------
10.  Security Alerts and Bulletins. I created a new Subject area this week under the General Security area called Security Alerts and Bulletins. This Subject area will house security news and advisories from sources such as Secunia, Microsoft and the newly formed Department of Homeland...

9:20:44 PM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Nokia and IBM Battle for Corporates with New Brick (Reuters). Reuters - Nokia and IBM on Monday unveiled the first product in their year-old alliance -- a new Communicator phone, aimed at mobile professionals such as sales and support staff.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  SCO Licenses Now Available
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: SANE SANE_NET_INIT Unauthorized Access Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

A vulnerability has ...
4.  Vulnerabilities: SANE Internal Wire Memory Disclosure Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

SANE is prone to a v...
5.  Vulnerabilities: SANE Strings Memory Allocation Denial Of Service Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

SANE is prone to a m...
6.  Vulnerabilities: SANE Remote Dubug Enabled Connection Dropping Denial of Service Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

It has been reported...
7.  Vulnerabilities: SANE Daemon Connected User Memory Consumption Denial Of Service Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants.

A problem has been d...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
8.  Zone Alarm : Buffer Overflow dans le traitement du protocole SMTP

8:20:22 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Venus: The Forgotten Planet
----------------------------------------------------------------------
Help Net Security
----------------------------------------------------------------------
2.  Customize this feed. Add more items, descriptions, time stamps, select your version of RSS, aggregate several feeds... Check out NewsIsFree's premium syndication services! (09)

7:20:02 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  New Draganflyer Predator Unmanned Aerial Vehicle
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: Zone Labs ZoneAlarm SMTP Remote Buffer Overflow Vulnerability. ZoneAlarm is a firewall software package designed for Microsoft Windows operating systems. It is distributed and maintained by Zone Labs.

A vulnerability has been ident...
3.  Vulnerabilities: ISC BIND Negative Cache Poison Denial Of Service Vulnerability. ISC BIND is a server program that implements the domain name service protocol. It is widely used on the Internet.

BIND has been reported prone to a DNS cache poisoning ...

6:19:44 PM    

----------------------------------------------------------------------
Boing Boing Blog
----------------------------------------------------------------------
1.  Infrequent updates this week. Some people have written in asking about blog updates:

I'm really busy preparing for my move (see the FAQ if you have any questions -- particularily about getting together in Toronto or London) and will likely only be blogging a few announcements as I get ready for my departure over the next week or so. Xeni's trekking in latinamerica, and so she's off the grid. Mark and Pesco are still blogging, but with half the team away this week, it might get a little slow around here.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  New Cast Information For 'Hitchhiker's' Movie
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
3.  Suicide Bomber Terrorist Group Whines About Hacked Web Site

5:19:24 PM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  New Asian digital music stores attempt to capture online market (AFP). AFP - Sales of music CDs are on the slide in Asia as illegal downloading continues unabated but industry players say popular, legal alternatives such as those found in the United States will soon be available across the region.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Remember The Heathkit HERO? Check Out '912'
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: PunkBuster Database Remote SQL Injection Vulnerability. PunkBuster is a screenshot management system implementing a web based front end that allows users to capture and access screenshot images remotely. It is freely availabl...
4.  Vulnerabilities: LiveJournal HTML Injection Vulnerability. LiveJournal is freely available web based personal journal application distributed under the GNU Public License. It is implemented using Perl scripts and requires a MySQ...

4:19:04 PM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Song Trading Still Popular Despite Suits (AP). AP - Greg Kullberg first started downloading free music off the Internet as a college freshman in 1996. He stopped — mostly — after the recording industry started filing lawsuits against file-sharers last year.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Virus Writers - The Enemy Within
3.  Open Source Group Victoria v. SCO, Part II
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
4.  Man Indicted In Internet Scam

3:18:45 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Photochopping politics: Kerry and Fonda, sitting in a cut 'n paste. A photograph showing Democratic candidate for the US Presidency John Kerry sitting at an anti-Vietnam War rally next to Jane Fonda was apparently a creation of a amateur skilled graphical artist. By Ken "Caesar" Fisher.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Largest Lens Ever Discovered
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: Cisco ONS Platform Vulnerabilities. Cisco has reported multiple vulnerabilities affecting various ONS platforms, allowing for unauthorized access and denial of service attacks. These optical platforms are ...
4.  Vulnerabilities: APC SmartSlot Web/SNMP Management Card Default Password Vulnerability. APC SmartSlot Web/SNMP Management Card provides a remote administration solution for APS SmartSwitch and UPS products. APC SmartSlot Web/SNMP Management Card provides for...
5.  Vulnerabilities: AOL Instant Messenger Buddy Icon Predictable File Location Weakness. AOL Instant Messenger stores imported Buddy Icons in a predictable location on client systems. Specifically, the files will be stored in the following location on the lo...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
6.  Business Partners Sought
7.  Jihad accuses U.S., Israeli groups of hacking its Web site
8.  Study shows Mac OS X Server among most secure in world

2:18:22 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  SCO in a nutshell. David Berlind's editorial is perhaps the most concise and unbiased synopsis of this whole SCO debacle. By Matt Woodward.
2.  Et Cetera: weekend update. The weekend round-up includes the youngest MCSE ever, weapons of mass destruction from Dell, and more. By Ken "Caesar" Fisher.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
3.  Smaller Video Game Publishers Under Pressure (Reuters). Reuters - For the smallest U.S. video game publishers there is bad news and worse: it is getting harder and more expensive to reach game buyers, and harder still to reach potential investors to stay afloat.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
4.  Chicago Police Force Wins CIO Magazine Award

1:18:03 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  China Sending Two People Into Space
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: BSD Kernel SHMAT System Call Privilege Escalation Vulnerability. A vulnerability has been reported to exist in the shmat system call used in the BSD kernel. This may allow a local attacker to inject instructions into the memory of a p...
3.  Vulnerabilities: KAME Racoon "Authentication" SA Deletion Vulnerability. KAME Racoon is an IPSec key management daemon developed for BSD Unix platforms that is used for negotiating and configuring security associations in authenticated or encr...
4.  Vulnerabilities: KAME Racoon "Initial Contact" SA Deletion Vulnerability. KAME Racoon is an IPSec key management daemon developed for BSD Unix platforms that is used for negotiating and configuring security associations in authenticated or encr...
5.  Vulnerabilities: BSD ICMPV6 Handling Routines Remote Denial Of Service Vulnerability. OpenBSD and NetBSD have been reported prone to a remote denial of service attack when configured to process IPV6 traffic. The issue occurs when an affected host handles I...
6.  Vulnerabilities: OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability. OpenSSL is a freely available, open source implementation of Secure Socket Layer tools. It is available for the Unix, Linux, and Microsoft platforms.

A problem has been...
7.  Vulnerabilities: Ipswitch IMail Server Remote LDAP Daemon Buffer Overflow Vulnerability. Ipswitch IMail is an e-mail server that serves clients their mail via a web interface. It runs on Microsoft Windows operating systems. IMail ships with an LDAP daemon.

T...

12:17:44 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Virus Writers - The enemy within.
2.  Electromagnetic Emission Art
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: Metamail Multiple Buffer Overflow/Format String Handling Vulnerabilities. Metamail is a multi-platform utility that was originally developed by Bellcore, but is no longer maintained. Metamail parses and decodes MIME encoded email.

Metamail has...

11:17:24 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Lower-Priced Projection TV Outshines Plasma Hype (Reuters). Reuters - When Paul Bulmash decided to treat his family to a new giant-screen television, he was faced with a dilemma: Is a big, flat TV worth the price of a used car or a luxury vacation?
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
2.  Google to Launch Free Mail Service?
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
3.  Vulnerabilities: Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability. Microsoft Internet Explorer has been reported prone to an unspecified vulnerability when handling CHM files. The issue is reportedly exploitable to provide for automatic ...
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
4.  Are Apples healthier than Pepsi?. Letters We got some mail in our spam!
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
5.  LBreakout2 Buffer Overflow in HOME Environment May Let Local Users Obtain 'Games' Group Privileges
6.  Synaesthesia Creates a Root Owned But Writable Configuration File That Lets Local Users Obtain Root Access

10:17:03 AM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  Week ahead: Security, wireless enter the spotlight. Security and wireless will grab the spotlight in the coming week, with two huge events scheduled. Also to come: Novell earnings.
2.  Behind Steve Jobs' plans for Pixar. Knowledge@Wharton takes stock of Pixar's future, after the suprise breakup of its long-standing partnership with Disney.
----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
3.  US vuln info-sharing plan draws fire. More harm than good?

9:16:42 AM    

----------------------------------------------------------------------
The Register
----------------------------------------------------------------------
1.  Trojans as spam robots: the evidence. Spammers pay virus writers
2.  US vuln info-sharing program draws fire. More harm than good?

8:16:23 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Will Harvey On Virtual Worlds, Technology Curves
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  The_First_Cut_Is_The..>
3.  maxwebportal.txt
4.  realplayer.traversal..>
5.  eEye.ASN1-1.txt
6.  eEye.ASN1-2.txt
7.  mbsa.txt
8.  02.10.04.txt
9.  a021004-1.txt
10.  TA04-041A.txt
11.  ezContents.txt
12.  ZH2004-05SA.txt
13.  X11.fontalias.c
14.  RHSA-2004:051-01.txt
15.  jumper-1.2.tar.gz
16.  monkey081.txt
17.  ratbag.txt
18.  dallascon.txt
19.  02.11.04.txt
20.  002-aimSniff.txt
21.  crobftp.txt
22.  mailmgr.txt

7:16:03 AM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  Virusschrijvers verkopen IP-adressen aan spammers
2.  Gov't Vulnerability-Disclosure Program Draws Heat
3.  U.S. info-sharing program draws fire
4.  FCC Supports Neighborhood Radio
5.  FCC: Congress Should Lift FM Restrictions
6.  Keyless Entries Fail In Las Vegas Friday
7.  Valley has keylessencounters of the weird kind
8.  MPAA Prevails Against 321 Studios' DVD X Copy
9.  Movie Industry Wins DVD Copying Suit
10.  Heise Online Reveals Trojan / Spam Connection
11.  Trojans and Spam
12.  No Law Broken in JetBlue Scandal
13.  Locking Out Drunks Ignites Debate

6:15:42 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Do-It-Yourself Electronic Enigma Machine
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
2.  Vulnerabilities: Linux Kernel IOPERM System Call I/O Port Access Vulnerability. The Linux ioperm system call can be used to restrict access to I/O ports used by a process. The ioperm system call is designed to be called with root privileges only.

A ...
3.  Vulnerabilities: Linux TTY Layer Kernel Panic Denial Of Service Vulnerability. The TTY layer is used to process input and output supplied to and from the console.

A vulnerability has been reported in the TTY layer that may result in a kernel panic....
4.  Vulnerabilities: Linux Kernel FPU/SSE Environment Restoration MXCSR Register Corruption Vulnerability. The Intel MXCSR register contains control and status information for the SSE environment. The register consists of 32-bits, 16 of which are reserved and never meant to be...
5.  Vulnerabilities: Linux Kernel Fragment Reassembly Remote Denial Of Service Vulnerability. The Linux kernel is the core of all Linux operating systems. It is community-maintained.

A problem in the kernel network code could make a remote denial of service possi...
6.  Vulnerabilities: Linux Kernel do_brk Function Boundary Condition Vulnerability. do_brk() is a function called indirectly by a number of kernel procedures, including the brk() system call and the ELF and a.out loading mechanisms. The do_brk() function...
7.  Vulnerabilities: Linux Kernel do_mremap Function Boundary Condition Vulnerability. A vulnerability involving the do_mremap system function has been reported in the Linux kernel, allowing for local privilege escalation.

The mremap(2) system call is used...

5:15:22 AM    

----------------------------------------------------------------------
Dilbert
----------------------------------------------------------------------
1.  Dilbert for 22 Feb 2004.
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
2.  Sonic's latest headache for oldies. Leave repetition and speed to the children, says Daniel Etherington of BBCi Collective in his weekly column.
3.  Digital video frees film-makers. Consumer video cameras are allowing film-makers to create award-winning movies on low budgets.

4:15:02 AM    

----------------------------------------------------------------------
[O.S.S.R]
----------------------------------------------------------------------
1.  Microsoft offers $250,000 reward for arrest of author MyDoom.B virus
2.  Teen "hacker" triggered nuclear terrorism alert
3.  Cable modem hackers conquer the co-ax
4.  Microsoft botched yet another security patch
5.  Intel's Chip Speed Breakthrough!
6.  Microsoft fixes broken Explorer URL handling
7.  Sun Secures Solaris with Kernel Rewrite
8.  Windows 2000 Source Code Leaked!
9.  Trojan Network Could Produce "Superworm"
10.  Attn: Win users

3:14:43 AM    

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  Swedes show hate side of love affair with mobiles (AFP). AFP - Swedes have had a long love affair with mobile phones, but now they are worrying that new 3G mobile technology might be bad for their health and the environment.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  Automating Windows Patch Management: Part II
3.  Linux servers 'attacked more often'
4.  Dell site queries customers over terrorism
5.  OSS Frightens Microsoft
6.  Hackers Help Test Voting Machines
7.  MS Office to Linux: 'None of it is true'
8.  RIAA to face yet another attack
9.  Behind the Asian outsourcing phenomenon
10.  Microsoft Intros 'Tsunami' Tools for XBox Live Gamers

2:14:22 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Debugging The Spirit Rover

1:14:02 AM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  ZDNet Examines SCO Indemnity Options
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  Code source volé de Windows 2000 et NT (suite)

12:13:42 AM    

© Copyright 2004 Gregg Doherty .
Last update: 3/2/2004; 3:36:20 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Gregg's Security News Aggregator" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.