Saturday, March 06, 2004

---------------------------------------------------------------------- Boing Boing Blog ---------------------------------------------------------------------- 1.  Akma on The Passion. Akma, my favorite blogging cleric, has been to see Mr Gibson's Vanity Project and has posted a long, thoughtful review of it. At the end of the film, I was shaken and drained. I earnestly hope I will never again see such harrowing scenes of brutality. My appreciation of the physicality of the crucifixion has increased tremendously. My anger at the way that Christians casually emphasize general Judaic responsibility for Jesus? horrible death, while they trivialize or shrug off Rome?s blame, has grown also. My sense of the historic embroideries of the Passion tradition has modulated from detached curiosity to engaged fascination and repulsion. My faith, such as it is, was perhaps least affected by the experience; what I saw this afternoon involves my feelings more than my understanding of who God is. Link ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 2.  CBS News: CBSNews.com Hacked (October, 2003) "A CBS spokeswoman said the network was looking int... 3.  GIAC: Certified Incident Handler (pdf) (November, 2003) "The Tactical Use of Rainbow Crack to Ex... 11:10:15 PM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Banryu, Robot Or Dragon? ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 2.  Safari javascript array overflow 9:09:35 PM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Peter Jackson Says "Hobbit" Movie In The Works ---------------------------------------------------------------------- BBC News | Technology | UK Edition ---------------------------------------------------------------------- 2.  Satellite radio looks to take-off. US consumers are taking a growing interest in the crystal clear sound of satellite radio. ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 3.  WORM_CISSI.B 8:09:15 PM    comment []

---------------------------------------------------------------------- SecurityFocus Vulnerabilities ---------------------------------------------------------------------- 1.  Vulnerabilities: Symantec Gateway Security Error Page Cross-Site Scripting Vulnerability. A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attac... 2.  Vulnerabilities: Niti Telecom Caravan Business Server Remote Directory Traversal Vulnerability. Caravan Business Server is a collection of web site development tools, including a web server, database engine, application server and scripting language. It is designed... 3.  Vulnerabilities: Apache mod_python Module Malformed Query Denial of Service Vulnerability. Apache's mod_python is a module which allows the web server to interpret Python scripts. mod_python supports Apache 1.3.x and 2.x, and is available for Windows, Linux and... 4.  Vulnerabilities: SonicWall Firewall/VPN Appliance Multiple ARP Request Handling Vulnerabilities. SonicWall VPN and Firewall appliances are network devices designed to enhance security through firewall and virtual private network capabilities. Several problems in the... 5.  Vulnerabilities: Symantec Firewall/VPN Appliance Cached Plaintext Password Vulnerability. Symantec Firewall/VPN Appliance is an integrated security and networking device. It has been reported that Symantec Firewall/VPN Appliance is prone to an issue where dep... ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 6.  TROJ_HEKKER.A 7.  TROJ_SMALL.CJ 8.  Beagle Backdoor Port, Wakeup Call from NetSky.G and NetSky.H 7:08:55 PM    comment []

---------------------------------------------------------------------- Boing Boing Blog ---------------------------------------------------------------------- 1.  Martian Hidden Mickey. The Spirit rover's stainless steel brushes on its Rock Abrasion Tool left behind a hidden Mickey on one of Mars's rocks. Link (Thanks, JWZ!) ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  The Memory Masters 3.  First CAN-SPAM Lawsuit Filed in California ---------------------------------------------------------------------- SecurityFocus Vulnerabilities ---------------------------------------------------------------------- 4.  Vulnerabilities: Multiple Microsoft Internet Explorer Script Execution Vulnerabilities. Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented diffi... 6:08:35 PM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Domain-Name Protest Is Protected Speech ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 2.  La gestion des droits numériques (DRM) prochainement pour le mp3 5:08:16 PM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Cooking with the Internet? ---------------------------------------------------------------------- Hack the Planet ---------------------------------------------------------------------- 2.  InfoSync: Preview: BenQ P30. 3.  MobileBurn: New Motorola A1000 3G UIQ Phone. Is it EDGE or UMTS? 4.  The MightyPhone sync service supports the P800. I wonder if it actually works with Lotus Notes, unlike the Sony Ericsson software. 4:07:56 PM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  PluggedIn: PC Makers Try Again with TV Computers (Reuters). Reuters - Despite the best marketing efforts of big technology companies, personal computers have never felt much at home in the living room. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  Harlan Ellison vs. AOL Judgment Reversed ---------------------------------------------------------------------- SecurityFocus Vulnerabilities ---------------------------------------------------------------------- 3.  BugTraq: TSLSA-2004-0009 - nfs-utils. Sender: Trustix Security Advisor [tsl at trustix dot org] 4.  BugTraq: TSLSA-2004-0010 - libxml2. Sender: Trustix Security Advisor [tsl at trustix dot org] 5.  Vulnerabilities: SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnerabilities. SandSurfer is a web-based time keeping application. It is available for Unix/Linux variants. It has been reported that a number of undisclosed SandSurfer scripts are pro... ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 6.  Silicon: UK gets first 'hacking' training course [CEH Brochure] "Will teach IT staff how to hack... 7.  Security Focus: Pranksters snow TV weather announcment system "handful of puckish university stu... 8.  CIAC: Sun passwd(1) Command Vulnerability "A local unprivileged user may be able to gain unautho... 9.  CIAC: Remote Detection of the MyDoom.A Worm "As running a scanner on each system can be difficul... 10.  CIO: Best Practices for Wireless Network Security "Wireless technology is dramatically changing ... 11.  SANS: Protecting Your Corporate Network from Your Employee's Home Systems "No system connected t... 12.  PC Magazine: IT staff offered fast-track hacker course "Put yourself in the cyber-criminals' sho... 13.  Tech News World: What's good about computer viruses 14.  Security Focus: News - Firms Look to Limit Liability for Online Security Breaches "If your infor... 15.  Local Area Security: LAS Linux 0.5-210MB "We are proud to announce the release of LAS Linux 0.5-... 16.  Security Focus: Feds - E-mail subpoena ruling hurts law enforcement 17.  Info World: Employee policy - Trust but verify "Cut workers some slack but don't let your guard ... 18.  Computer Weekly: Camera phones could threaten company security "many businesses are trying to ba... 19.  Yahoo: You Can't 'Secure' What You Can't Even Find "Running down the left margin of that page we... 20.  Security Tracker: Symantec's Norton Anti-Virus Fails to Scan Files With Certain Characters in Pa... 21.  January 1st 2004 - Rootsecure.net site v2 official launch - Featuring: Improved loading times, i... 22.  If you have any issues, problems, suggestions please use the contact page. 23.  For those that prefer the old black / white style homepage for viewing news, the old template is... 24.  Problems have been reported with the mailing list, if you are not receiving it as expected (ie H... 25.  Issues with the mailing list since January 1st are now believed to have been rectified. If you a... 26.  Short news section link added to the side menu. Features news items / observations posted by Roo... 27.  Are you receiving the daily mailing list at roughly the same time as you used to? - If not pleas... 3:07:35 PM    comment []

---------------------------------------------------------------------- Ars Technica ---------------------------------------------------------------------- 1.  Windows XP Service Pack 2 may break some insecure applications. News has surfaced that XP SP 2 may in fact break some existing applications, but it's for a good cause. By Ken "Caesar" Fisher. ---------------------------------------------------------------------- Boing Boing Blog ---------------------------------------------------------------------- 2.  RIAA refund check on eBay, proceeds to EFF. Amy sez, "I'm eBaying my RIAA settlement check and donating 100% of proceeds after eBay fees to the EFF." Link (Thanks, Amy!) ---------------------------------------------------------------------- CNET News.com - Front Door ---------------------------------------------------------------------- 3.  Microsoft settles AT&T patent suit ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 4.  British School Offers Elvish Lessons ---------------------------------------------------------------------- SecurityFocus Vulnerabilities ---------------------------------------------------------------------- 5.  BugTraq: Re: Norton Antivirus 2002 fails to scan files with special character(s) properly.. Sender: Marco Marabelli [mm at smrt dot it] 6.  BugTraq: Re: Norton Antivirus 2002 fails to scan files with ... [2'nd... UPDATED]. Sender: Bipin Gautam dot [door_hunt3r at blackcodemail dot com] 7.  BugTraq: [SECURITY] [DSA 456-1] New Linux 2.2.19 packages fix local root exploit (arm). Sender: [joey at infodrom dot org (Martin Schulze)] 2:37:26 PM    comment []

---------------------------------------------------------------------- Ars Technica ---------------------------------------------------------------------- 1.  Et Cetera: the lost tapes. Round up featuring more (yes!) social networking, virtual churches, some XBox 2 news, and more. By Ken "Caesar" Fisher. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  ATI Releases Drivers for XFree 4.3.0 ---------------------------------------------------------------------- SecurityFocus Vulnerabilities ---------------------------------------------------------------------- 3.  Vulnerabilities: SpiderSales Shopping Cart Multiple Vulnerabilities. SpiderSales shopping cart is a web based e-commerce shopping cart solution that is designed for Microsoft Windows operating systems. SpiderSales is written in ASP and ca... 4.  Vulnerabilities: GNU Screen Escape Sequence Integer Overflow Array Indexing Vulnerability. GNU Screen is prone to an integer overflow vulnerability that may be triggered by including 2-gigabytes or more of semi-colons (;) or colons (:) in an escape sequence. .. 5.  Vulnerabilities: BolinTech Dream FTP Server FTP Command Format String Vulnerability. BolinTech Dream FTP Server is a multithreaded FTP server designed for Microsoft Windows platforms. Dream FTP Server has been reported to be prone to a remote format stri... ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 6.  TROJ_LEGMIN.A 1:37:06 PM    comment []

---------------------------------------------------------------------- Boing Boing Blog ---------------------------------------------------------------------- 1.  Cool new use of QTVR: coastal panorama. QTVR enthusiast Hans Nyberg says, "This QTVR of the Brittany Rocky Coast includes an animated moving sea and sound. It is a big one -- 2.5 mb -- but it downloads as a preload while you read the text on the introduction page." Link ---------------------------------------------------------------------- SecurityFocus Vulnerabilities ---------------------------------------------------------------------- 2.  Vulnerabilities: GnuPG ElGamal Signing Key Private Key Compromise Vulnerability. GnuPG includes optional support for use of the ElGamal algorithm to signing and encryption. This will allow users to generate public/private key sets which may be used t... 3.  Vulnerabilities: GWeb HTTP Server Directory Traversal Vulnerability. GWeb HTTP Server is a http web server implemented in Java. It may be implemented on any platform supporting the Java Runtime Environment and is freely available under th... 12:36:46 PM    comment []

---------------------------------------------------------------------- Boing Boing Blog ---------------------------------------------------------------------- 1.  Xerox Art Show. Link (Thanks, Jean-Luc!) 2.  Get your fresh, raw Mars image data right here, folks. BoingBoing reader Avi says, "Raw data from NASA's planetary probes is available for public access. This sequence of images of a receding Earth is spectacular!" Link 3.  Odd Japan military billboards: Peace through booty?. BoingBoing reader sid says, "If you're walking through Shibuya and you see a bunch of hip-swiveling sailors on one of the big electronic billboards, it's not a Village People spinoff. It's an actual ad for Japan's Maritime Self-Defense Force (navy), and the military thinks it will draw kids to military service." Link, and Link to Japan times story. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 4.  Feds Reject Eolas Browser Plug-In Patent ---------------------------------------------------------------------- SecurityFocus Vulnerabilities ---------------------------------------------------------------------- 5.  Vulnerabilities: SANE Strings Memory Allocation Denial Of Service Vulnerability. SANE is a freely available, open source scanner compatibility package. It is available for a number of platforms, including Linux and Unix variants. SANE is prone to a m... 6.  Vulnerabilities: QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability. qmail-qmtpd is a utility included in the QMail SMTP server for processing mail via QMTP (Quick Mail Transfer Protocol). QMail includes support for mail relaying via the... ---------------------------------------------------------------------- The Register ---------------------------------------------------------------------- 7.  Feds: email subpoena ruling hurts law enforcement. Significance 'cannot be overstated' ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 8.  Greg Olson, Sendmail : « Pour lutter contre le spam, le protocole doit évoluer » 9.  Feds: email subpoena ruling hurts law enforcement 11:36:25 AM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Windows XP SP2 Could Break Some Applications 10:36:06 AM    comment []

---------------------------------------------------------------------- CNET News.com - Front Door ---------------------------------------------------------------------- 1.  Will Cingular buy pay off?. With the wireless telephone industry in flux, Knowledge@Wharton examines whether Cingular's offer to acquire AT&T Wireless makes sense. ---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 2.  Programs: 'Capri' Game Offers Lame Adventure, Island Tour (Reuters). Reuters - Don't you hate it when the space-time-dimensional continuum becomes corrupted and you have to fix it? And doesn't it always seem to happen when you're on vacation? ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 3.  Australia-U.S. Trade Agreement Contains DMCA-like Provisions ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 4.  Worms Are for Suckers 5.  Microsoft's Tipping Point 6.  OUR ANALYSIS OF THE CIPA DECISION 7.  2600 SWEATSHIRTS NOW AVAILABLE 9:35:46 AM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Stocks to Ride See-Saw Before Outlooks (Reuters). Reuters - U.S. stocks are expected to chop along next week near current levels, as investors look to a handful of earnings reports, including results from software company Oracle Corp. (ORCL.O), and economic data for some clue to the market's next step. ---------------------------------------------------------------------- BBC News | Technology | UK Edition ---------------------------------------------------------------------- 2.  Riding China's broadband wave. Chinese online retailer Dangdang is hoping to become China's version of Amazon. ---------------------------------------------------------------------- The Register ---------------------------------------------------------------------- 3.  Spam is 10. Many, many unhappy returns 4.  Microsoft wins latest Halloween PR bout - without really trying. Analysis Watch the skies! ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 5.  Smart card handbook updated 8:35:25 AM    comment []

7:35:04 AM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Robotic Bubble Baths for Japan's Elderly ---------------------------------------------------------------------- Wired News ---------------------------------------------------------------------- 2.  Report Slams Senate Snoopers. According to a Senate report, two former Senate Republican staffers are guilty of accessing and distributing Democratic computer memos concerning judicial nominees. However, the report points out, the files were not well-protected. 3.  DNA Spirals Into Artists' Medium. Eduardo Kac's latest fusion of biotech and art was inspired by a computer's chess move. The result is Move 36, featuring a tomato plant toting custom DNA. By Debra Jones. 4.  ISP Files First Can-Spam Lawsuit. The U.S. Can-Spam Act may be too weak to stop spam altogether, but it's all we've got, says a California attorney. That's why he's going to be the first to use it to help an ISP sue an alleged spammer. By Amit Asaravala. 6:34:44 AM    comment []

---------------------------------------------------------------------- BBC News | Technology | UK Edition ---------------------------------------------------------------------- 1.  Take control of your games. A good control system can make or break a game, says Daniel Etherington in his weekly games column ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 2.  Fast track procedure for IPR Enforcement 3.  EU Commission proposal for biometrics in passports 4.  UK government welcomes report about data retention 5.  Major European companies into RFID-development 6.  EU to promote research track & trace technology 7.  Dutch government: Cryptophone protects privacy 8.  Gates predicts death of the password 9.  Reuters Summit-Online Anonymity May Fade 10.  'Biggest data leak ever' hits Japanese ISP 11.  Viruses thwart security measures 12.  Många klagade på inkasso 13.  Losing Control of Your TV 14.  German retail giant withdraws RFID customer tags 15.  The Dangers of Fighting Online Piracy 5:34:25 AM    comment []

---------------------------------------------------------------------- Dilbert ---------------------------------------------------------------------- 1.  Dilbert for 06 Mar 2004. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  Aircraft Maker Will Produce Electric Cars in 2006 4:34:05 AM    comment []

---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 1.  SURECOM Router Configuration Interface Can Be Crashed By Remote Users 3:33:44 AM    comment []

---------------------------------------------------------------------- New York Times: Technology ---------------------------------------------------------------------- 1.  Sun Microsystems Debt Cut to 'Junk'. After a period of small but steady improvement, shares of Sun Microsystems sank Friday after Standard & Poor's said it had cut Sun's corporate credit rating to junk status. By Laurie J. Flynn. 2.  Ask Jeeves Buys Interactive Search Holdings. Ask Jeeves is buying a family of popular Web sites that includes Excite.com and iWon.com, doubling the company's size. By The Associated Press. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 3.  The Universal Card ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 4.  SCO: "...íå â ëîòåðåþ, à â êàðòû, è íå âûèãðàë, à ïðîèãðàë." 5.  Sidebar: CPAs Set an Industry Example 6.  Sidebar: Yoran Grilled at Senate Hearing 7.  Sidebar: Security Grants Up for Grabs 8.  DHS Gets Relegated to the Corporate Security Margin 9.  Survey shows security improvements in private sector 10.  Symantec's Norton Anti-Virus Fails to Scan Files With Certain Characters in Path Names 2:33:25 AM    comment []

---------------------------------------------------------------------- InfoWorld: Top News ---------------------------------------------------------------------- 1.  Eolas patent rejected, but decision not seen as final. Patent may yet be determined as valid 1:33:04 AM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Target Phasing Out 'Smart' Visa Cards (Reuters). Reuters - Retailing giant Target Corp. (TGT.N) is phasing out computer chips on its Target Visa cards due to limited shopper use, dealing a setback to proponents of "smart card" technology. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  Chernobyl...18 Years Later ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 3.  VirtuaNews 'admin.php' Input Validation Holes Permit Remote Cross-Site Scripting Attacks 4.  Latest Viruses, SSL Exploit, Juniper Update, New ISC Features 12:19:05 AM    comment []

© Copyright 2004 Gregg Doherty. Last update: 4/3/2004; 12:16:50 AM.