Saturday, February 28, 2004

----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
1.  For Windows Users, 'Browser Hijacking' Is Only the Latest Threat (washingtonpost.com). washingtonpost.com - The ongoing Internet-security freakout for anybody using Windows keeps getting worse. Every other week yet another part of the online world gets a warning label slapped on it -- downloads, e-mail attachments, instant-messaging file transfers and now Web pages themselves.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
2.  WFTPD LIST, NLST, and STAT Command Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
3.  Technology of counteraction to falsification of credit cards

11:20:48 PM    

----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
1.  The Eerily Lovely Children of the Photoshop Generation. Loretta Lux, a 34-year-old German artist, has realized that a light touch is sometimes the most effective technique for digital enhancement. By Richard B. Woodward.
2.  Is Biotechnology Losing Its Nerve?. Biotechnology companies appear to be taking fewer chances lately - to the point that the industry seems to have lost its nerve. By Andrew Pollack.
3.  After I.B.M.'s Options Overhaul. I.B.M. is to be congratulated for recognizing that options are a transfer of wealth from shareholders to management with not enough risks attached. By Gretchen Morgenson.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
4.  China Plans Domestic Software Quotas

10:20:27 PM    

----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
1.  Court: DeCSS ban violated free speech
2.  Invision Power Board Input Validation Flaw in 'search.php' Permits SQL Injection
3.  Multiple WFTPD Denial of Service vulnerabilities
4.  Critical WFTPD buffer overflow vulnerability

9:20:07 PM    

----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
1.  Anatomy of Game Development
----------------------------------------------------------------------
Hack the Planet
----------------------------------------------------------------------
2.  NTK: "No self-respecting Thinker Of Hard Thoughts these days is without their own Deep Theory Of How To Do Version Control."
----------------------------------------------------------------------
LinuxSecurity.com
----------------------------------------------------------------------
3.  Court: DeCSS ban violated free speech
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
4.  Vulnerabilities: Mozilla Browser Zombie Document Cross-Site Scripting Vulnerability. Mozilla is a freely available web browser designed for a number of platforms, including Microsoft Windows and Linux.

Mozilla has been reported to be prone to a cross-sit...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
5.  Norton AntiVirus Virus Definitions February 26, 2004
6.  Ad-aware referencefile 01R262 25.02.2004
7.  McAfee SuperDAT 4329
8.  Trend Micro Pattern File February 27, 2004
9.  McAfee DAT 4329
10.  AntiVir Personal Edition 6.24.00.03 (Updated)
11.  The Cleaner Database v3500
12.  602Pro LAN SUITE Discloses Directory Listings and Installation Path to Remote Users
13.  phpBB Input Validation Flaw in 'viewtopic.php' 'postorder' Variable Lets Remote Users Conduct Cross-Site Scripting Attacks

8:19:48 PM    

----------------------------------------------------------------------
Ars Technica
----------------------------------------------------------------------
1.  Microsoft... coming to a DVD near you. The steering committee of the DVD Forum met this past week in Tokyo and gave Microsoft's first foray into the world of video codec standards a preliminary go-ahead. By Ken "Caesar" Fisher.
2.  Appeals court rules DeCSS is no longer a trade secret. The Andrew Bunner case may finally be over after an appeals court rules a preliminary injunction against Bunner violated his free speech rights. By Fred "zAmboni" Locklear.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
3.  Jobs opens San Francisco Apple Store (MacCentral). MacCentral - Apple CEO Steve Jobs was joined by San Francisco Mayor Gavin Newsom and former mayor Willie Brown to open the San Francisco Apple Store earlier today. Both Newsom and Brown praised Apple for its choice to locate the newest retail store in the revitalized Union Square district of San Francisco, while thousands waited outside for their chance to get in.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
4.  Fired Via Instant Message
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
5.  BugTraq: Multiple WFTPD Denial of Service vulnerabilities. Sender: axl rose [rdxaxl at hotmail dot com]
6.  BugTraq: Critical WFTPD buffer overflow vulnerability. Sender: axl rose [rdxaxl at hotmail dot com]
7.  Vulnerabilities: FreeChat Remote Denial Of Service Vulnerability. FreeChat is a freely available web server that supports browser based streaming chat. It is implemented using Visual Basic 6 and designed to run on Windows.

It has been...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
8.  28 Feb W32/Bagle-D

7:19:28 PM    

----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
1.  Judge accepts expanded SCO lawsuit. A judge OKs the SCO Group's changes to a lawsuit against IBM that now seeks $5 billion in damages for Big Blue's alleged moving of Unix intellectual property into Linux.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
2.  Apple Opens Big San Francisco Store with Pomp (Reuters). Reuters - How do you spend your 40th birthday and a sunny Saturday after a week of rain?
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
3.  Toward a New Kind of Linux Distribution
4.  Second Lawsuit Filed Against ICANN (and VeriSign)
5.  Webmonkey Closes its Doors
6.  Munich Struggling with Linux Transition?
7.  Emulate Nintendo on Your MessagePad
8.  NYC Crosswalk Buttons are Inoperative
9.  Microsoft Code in Every HD-DVD Player
10.  Mars Rovers Update
----------------------------------------------------------------------
Meerkat: An Open Wire Service: O'Reilly Weblogs
----------------------------------------------------------------------
11.  Ten Years at My Other Publishing Company. From my other life as a travel publisher: I'll be reading my story "Walking the Kerry Way" for an event at Book Passage in Corte Madera, CA next week, and talking about the founding of Travelers Tales.
----------------------------------------------------------------------
SecurityFocus Vulnerabilities
----------------------------------------------------------------------
12.  BugTraq: InnoMedia VideoPhone Authorization Bypass. Sender: Rafel Ivgi, The-Insider [theinsider at 012 dot net dot il]
13.  BugTraq: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities. Sender: Rafel Ivgi, The-Insider [theinsider at 012 dot net dot il]
14.  BugTraq: Invision Power Board SQL injection!. Sender: Knight Commander [knight4vn at yahoo dot com]
15.  BugTraq: New phpBB ViewTopic.php Cross Site Scripting Vulnerability. Sender: Cheng Peng Su [apple_soup at msn dot com]
16.  Vulnerabilities: Alcatel OmniSwitch 7000 Series Security Scan Denial Of Service Vulnerability. The Alcatel OmniSwitch 7000 series switches are multi-layer switching appliances.

A vulnerability has been reported in the handling of specific types of network traffic ...
17.  Vulnerabilities: HTTP Commander Directory Traversal Vulnerability. HTTP Commander is a web based file management system used for Microsoft ISS web server. HTTP Commander is written in ASP.

A vulnerability has been reported to exist in ...
18.  Vulnerabilities: .netCART Settings.XML Information Disclosure Vulnerability. .netCART is a web based e-commerce and shopping cart site designed for ASP.NET.

It has been alleged that .netCART fails to adequately protect the contents of a directory...
19.  Vulnerabilities: PSOProxy Remote Buffer Overflow Vulnerability. PSOProxy is a web server designed to work with the Gamecube web browser facilitating copying and formatting Phantasy Star Online snapshot files to a PC on the same networ...
20.  Vulnerabilities: Oracle9i Lite Multiple Unspecified Vulnerabilities. Oracle has reported multiple unspecified vulnerabilities existing in Oracle 9i Lite. Oracle has reported that successful exploitation of these vulnerabilities may result...
21.  Vulnerabilities: XMB Forum Multiple Input Validation Vulnerabilities. XMB Forum is a web-based discussion forum.

XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities.

The iss...
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
22.  WORM_MADDIS.A
23.  Justitie.nl en anti-piracy.nl getroffen door DDoS
24.  WORM_BAGLE.D
25.  WORM_BAGLE.E
26.  Will We Ever See ''Caller ID for Email?''
27.  New phpBB ViewTopic.php Cross Site Scripting Vulnerability
28.  Invision Power Board SQL injection!
29.  LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
30.  InnoMedia VideoPhone Authorization Bypass
31.  Re: Multiple issues with Mac OS X AFP client
32.  laptop security
33.  W97M_PROTECED.B
34.  W32.Beagle.E@mm
35.  Backdoors left behind by worms; DHCP connection
36.  WORM_RANDEX.MN

6:19:08 PM    

----------------------------------------------------------------------
Dilbert
----------------------------------------------------------------------
1.  Dilbert for 28 Feb 2004.
----------------------------------------------------------------------
CNET News.com - Front Door
----------------------------------------------------------------------
2.  Time to talk sense about outsourcing. Knowledge@Wharton says the political firestorm around Gregory Mankiw's comments obscures a new reality in the economy.
----------------------------------------------------------------------
New York Times: Technology
----------------------------------------------------------------------
3.  Electronic Vote Faces Big Test of Its Security. Super Tuesday will be a big test for new touchscreen voting machines. But computer experts are worried about security issues. By John Schwartz.
4.  Barred Ex-Analyst Is Hired By Small Digital Developer. Jack B. Grubman, the former telecommunications analyst at Citigroup, has been barred from the securities industry. But he can still work wonders on a stock price. By Gretchen Morgenson.
----------------------------------------------------------------------
Yahoo! News - Technology
----------------------------------------------------------------------
5.  Oracle fights despite odds (SiliconValley.com). SiliconValley.com - With the Justice Department firmly opposed to Oracle's $9.4 billion hostile bid for PeopleSoft, why is the software giant continuing the eight-month fight?
6.  On guard against hackers (SiliconValley.com). SiliconValley.com - They are hackers, spammers, virus writers and other Internet troublemakers.
7.  PluggedIn: Technology Lets Garage Studios Challenge Hollywood (Reuters). Reuters - Home movie makers, take heart. You may be able to take on Hollywood.
8.  Programs: EMedia Teaches Piano at Student's Own Pace (Reuters). Reuters - I always wanted to play the piano, but never wanted to put in the time and effort to learn.
----------------------------------------------------------------------
Slashdot
----------------------------------------------------------------------
9.  Jail Time for Misleading Domain Names
10.  Stolen Laptop Alarms
11.  Astronauts Attach Mannequin to Outside of ISS
12.  MMO Gaming - Virtually Too Real?
13.  Radar/Wireless Transmitter on a Chip
----------------------------------------------------------------------
Hack the Planet
----------------------------------------------------------------------
14.  ESR can't print, calls it a usability disaster. I wonder if this is a failure in CUPS or in the protocol; if the protocol doesn't support some kind of discovery then there's no way for the client to avoid forcing you to enter stuff. I'd hate to see ESR's review of an FTP client...
15.  x264 is an open source H.264 encoder.
----------------------------------------------------------------------
BBC News | Technology | UK Edition
----------------------------------------------------------------------
16.  Vampire games go for the jugular. Why aren't there more virtual vampires to slay, wonders Daniel Etherington of BBCi Collective.
----------------------------------------------------------------------
Wired News
----------------------------------------------------------------------
17.  IT Protesters Outside Looking In. Pickets march in front of a downtown hotel to protest the shipping of IT jobs overseas. Although there is sympathy for their plight, those inside say economic realities make it likely that the practice will continue. Manny Frishberg reports from Seattle.
18.  The Party Won't Stop at Google. The rapidly expanding search-engine wonder seems to have an insatiable appetite for hiring. With more than 1,000 employees worldwide and major centers in California, New York and Zurich, Google eyes Tokyo and China for further expansion.
19.  Invasion of the Web Film Critics. These days, many people get their movie info from the Web and rely on the advice of online film critics. But Hollywood, for the most part, continues to ignore the clout of the online scribes. It can't for much longer. By Jason Silverman.
20.  Germans Protest Radio-ID Plans. Activists protesting in Germany manage to force a giant retailer to backtrack this week on some of its plans to collect consumer data. But activists say the company didn't go far enough. By Kim Zetter.
----------------------------------------------------------------------
NewsIsFree: Security
----------------------------------------------------------------------
21.  Kritieke buffer overflow in Winzip ontdekt
22.  Sidebar: Instant Messaging: Spammers' Next Target
23.  Winning Ways to Stop Spam
24.  Sidebar: Antispam Service Uses People Power
25.  Sidebar: Seven Steps to Take Now
26.  VeriSign bolsters security services with Guardent buy
27.  US Moves To Quash WAPI
28.  Jabber Gadu-Gadu Transport May Let Remote Users Deny Service
29.  iG Shop Input Validation Flaw in 'type_id' Permits SQL Injection and Cross-Site Scripting Attacks
30.  Fyodor terminates SCO rights to use Nmap
31.  MyDoom and Netsky cause chaos
32.  Can I.T. Balance Security, Privacy?
33.  More work needed for biometrics
34.  VBS_INOR.N
35.  WORM_AGOBOT.RF

5:18:43 PM    

© Copyright 2004 Gregg Doherty .
Last update: 3/2/2004; 3:39:29 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Gregg's Security News Aggregator" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.