Saturday, March 27, 2004

---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 1.  Exploit for Cisco Vulnerabilities Released 2.  Red Hat Linux Looming Security Threat 11:14:07 PM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  PIRATE Act Introduced in Congress 10:13:48 PM    comment []

---------------------------------------------------------------------- Ars Technica ---------------------------------------------------------------------- 1.  X-43A breaks the atmospheric engine speed record. Mach 7 is reached in a successful test of the X-43A's scramjet engine. By Fred "zAmboni" Locklear. ---------------------------------------------------------------------- New York Times: Technology ---------------------------------------------------------------------- 2.  On the Web, Vengeance Is Mine (and Mine). The presence of vigilantism on the Internet might suggest that individuals are simply rising up where institutions fall short. By John Schwartz. ---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 3.  Wireless Deals Focus on Tunes (Reuters). Reuters - As the wireless music market evolves in the United States, deal-making abounds among labels, handset makers, cell phone companies and entertainment companies targeting the space. ---------------------------------------------------------------------- Hack the Planet ---------------------------------------------------------------------- 4.  Mercury News: Small chip firm MicroUnity sues Intel, Dell. US patent 5,742,840 appears to cover SIMD instruction sets, but three years after Sun's VIS: "a multi-precision arithmetic unit coupled to the data path, the multi-precision arithmetic unit capable of dynamic partitioning based on the elemental width of data received from the data path, the elemental width of the data being equal to or narrower than the data path". SMT was invented by Nemirovsky in 1994. ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 5.  Verisign suing ICANN over domain redirection issue 9:13:27 PM    comment []

---------------------------------------------------------------------- Ars Technica ---------------------------------------------------------------------- 1.  Community Project: ArsMap 2004. ArsMap 2004 is a community effort spearheaded by thrilll[h]o aimed at giving people the option of placing themselves on a geographical map in relation to other Arsians. By Ken "Caesar" Fisher. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  Microsoft FUD Machine Aims at OpenOffice.org ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 3.  systrace vulnerable according to researcher 8:13:07 PM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Review: Software Offers Burning Answers (AP). AP - It might seem like overkill to spend $100 on software to burn compact discs and DVDs. After all, Windows XP can handle basic CD authoring, while free programs like iTunes and Napster create audio CDs in a snap, and most DVD writers ship with a hodgepodge of video and audio programs anyway. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  A High-tech Wheel of Fortune ---------------------------------------------------------------------- SecurityFocus Vulns ---------------------------------------------------------------------- 3.  Vulns: HP Web Jetadmin Remote Arbitrary Command Execution Vulnerability. HP Web Jetadmin is a web-based interface for remote management of network peripheral devices. It is available for Microsoft Windows and Linux-based platforms. Reportedl... 7:12:47 PM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Univision Content Goes Wireless (Reuters). Reuters - Univision Communications is adding a mobile brand to its portfolio of multimedia offerings. ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 2.  Security Focus: Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability "could ... 3.  The Tech Lounge: Enermax Security Screws & Tool Kit "uniquely cut screw heads as well as an effe... 4.  Strange traffic - Outgoing TCP 3127/3198 (Not mydoom) New worm? 5.  Another ISS BlackIce & RealSecure Update ? 6.  Another ISS BlackIce & RealSecure Update ? 7.  New worm? 6:12:28 PM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Internet Group Defends Its Stewardship (AP). AP - The U.S. government-sanctioned organization that oversees the Internet's all-important "telephone book" defended its work Friday as diplomats and computer companies considered a greater role for the United Nations. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  NASA Tests X-43A ---------------------------------------------------------------------- SecurityFocus Vulns ---------------------------------------------------------------------- 3.  Vulns: HP Web Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness. HP Web Jetadmin is a web-based interface for remote management of network peripheral devices. It is available for Microsoft Windows and Linux-based platforms. HP Web Je... 4.  Vulns: HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability. HP Web Jetadmin is a web-based interface for remote management of network peripheral devices. It is available for Microsoft Windows and Linux-based platforms. A vulnera... 5.  Vulns: NexGen FTP Server Remote Directory Traversal Vulnerability. Nexgen FTP server is a commercially available FTP server designed to run under the Microsoft Windows platform. It is developed using the Nexgen Server Software Developme... ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 6.  Organizational Models for Computer Security Incident Response Teams 7.  IN-2004-02: W32/Netsky.B Virus 8.  Security Architecture: Detecting and Responding to Intrusions 5:12:07 PM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Flat-Screen TVs Brighten Economies in Rural Japan (Reuters). Reuters - In the 17th century, a samurai could walk 300 miles from Kyoto, Japan's ancient capital, to Tokyo on a route called the "Tokaido Road." ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  Boolean Logic : George Boole's The Laws of Thought ---------------------------------------------------------------------- Hack the Planet ---------------------------------------------------------------------- 3.  Prototypes are back in the form of Prothon and Slate (with Python and Smalltalk syntax, respectively). I'll be interested to see whether they can refute the speculation that the Self JIT was irreproducible. ---------------------------------------------------------------------- SecurityFocus Vulns ---------------------------------------------------------------------- 4.  BugTraq: Another ISS BlackIce & RealSecure Update ?. Sender: Jeff [secfocus at bedrox dot com] 5.  BugTraq: New worm?. Sender: Karousel [no dot email at isp dot com] 6.  Vulns: PicoPhone Internet Phone Remote Buffer Overflow Vulnerability. Picophone is an internet phone application that supports chat. It is freely available for the Microsoft Windows platform. It has been reported that Picophone is prone t... 4:11:47 PM    comment []

---------------------------------------------------------------------- CNET News.com ---------------------------------------------------------------------- 1.  A new era in corporate governance?. McKinsey notes that while directors and investors are demanding reforms, some companies still are not getting the message. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  Simputer Available? ---------------------------------------------------------------------- SecurityFocus Vulns ---------------------------------------------------------------------- 3.  Vulns: GNU SPIP Unspecified PHP Code Execution Vulnerability. SPIP is a web based content management system. It is written in PHP. An unspecified PHP code execution vulnerability has been identified in the application that may all... 3:11:28 PM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  The Web Won't Topple Tyranny ---------------------------------------------------------------------- SecurityFocus Vulns ---------------------------------------------------------------------- 2.  Vulns: Virtual Programming VP-ASP Shopping Cart CatalogID SQL Injection Vulnerability. VP-ASP is a web based shopping cart system designed for online retailers. It is commercially available for the Microsoft Windows platform. It has been reported that the... 3.  Vulns: IP3 Networks IP3 NetAccess Appliance SQL Injection Vulnerability. IP3 NetAccess is an appliance designed for Internet service providers to allow control of internet access to customers or corporations for their employees. It is commerc... 4.  Vulns: rident.pl Symbolic Link Vulnerability. rident.pl is an application that allows hosts to connect to servers requiring ident without disclosing any local information. A symbolic link vulnerability has been iden... 5.  Vulns: PHP openlog() Buffer Overflow Vulnerability. PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. A buffer overflow has be... 6.  Vulns: JelSoft VBulletin ForumDisplay.PHP Cross-Site Scripting Vulnerability. VBulletin is a commercially available web based bulletin board application. It is implemented in PHP and may be run on Unix and Unix like operating systems as well as Win... 7.  Vulns: JelSoft VBulletin ShowThread.PHP Cross-Site Scripting Vulnerability. VBulletin is a commercially available web based bulletin board application. It is implemented in PHP and may be run on Unix and Unix like operating systems as well as Win... 2:11:08 PM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Merchants Find Problems With Google (AP). AP - Once among the top results when using common search terms like "Seattle hotels," the hotel reservation site GotHotel.com has all but disappeared from the Internet. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  The Slate Programming Language ---------------------------------------------------------------------- SecurityFocus Vulns ---------------------------------------------------------------------- 3.  BugTraq: Strange traffic - Outgoing TCP 3127/3198 (Not mydoom) New worm?. Sender: Steve Browning [browningsteve at hotmail dot com] 4.  BugTraq: Another ISS BlackIce & RealSecure Update ?. Sender: K-OTiK Security [Special-Alerts at k-otik dot com] 5.  Vulns: Trend Micro Interscan Viruswall localweb Directory Traversal Vulnerability. Trend Micro InterScan VirusWall (ISVW) is an internet gateway virus scanning package. It is capable of scanning incoming content over HTTP, SMTP and FTP for viruses and o... ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 6.  Sustaining Your Security Architecture 1:10:48 PM    comment []

---------------------------------------------------------------------- Boing Boing ---------------------------------------------------------------------- 1.  Hyenas and baboons for pets. These pets make pitbulls look like tweety bird. According to the headline of this page of three pictures, these guys are money collectors in Nigeria. Link (Via Sensible Erection) ---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 2.  Pixar releases RenderMan Pro Server for Mac (MacCentral). MacCentral - RenderMan is back on the Mac, at long last. Pixar Animation Studios late on Friday announced the release of RenderMan Pro Server 11.5.3 for Mac OS X v10.3 "Panther." 3.  Don King lends voice to Republicans' anti-Kerry Internet 'game' (AFP). AFP - Colorful US boxing promoter Don King has thrown himself into the political arena by lending his voice to a Republican Internet "game" attacking Democratic presidential candidate John Kerry, the Republican National Committee announced. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 4.  Better Business Bureau Targets Apple's G5 Ads ---------------------------------------------------------------------- SecurityFocus Vulns ---------------------------------------------------------------------- 5.  Vulns: Common Desktop Environment DTLogin Unspecified Remote Double Free Vulnerability. The dtlogin application is implemented with the Common Desktop Environment (CDE) that implements the X-Display Manager Control Protocol (XDMCP). The dtlogin process make... 6.  Vulns: Kerio WinRoute Firewall Unspecified Malformed HTTP Header Denial of Service Vulnerability. Kerio WinRoute Firewall is an enterprise level firewall that is also capable of proxying networks. It is available for the Microsoft Windows operating system. A denial ... 7.  Vulns: CPanel Multiple Cross-Site Scripting Vulnerabilities. cPanel is a multi-platform web hosting control panel that allows a user to manage their hosted account through a web-based interface. It is commercially available and cu... 12:10:27 PM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Earth Acquires a Quasi-Moon ---------------------------------------------------------------------- SecurityFocus Vulns ---------------------------------------------------------------------- 2.  Vulns: Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability. Microsoft Visual C++ is an integrated development environment for Microsoft Windows systems. It is included as a component of Microsoft Visual Studio. It has been repor... 3.  Vulns: Centrinity FirstClass HTTP Server TargetName Parameter Cross-Site Scripting Vulnerability. FirstClass is a commercially available suite of network service utilities available from Centrinity. It is available primarily for the Microsoft Windows platform. Version... ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 4.  Apache (Cygwin) for Windows Flaw Announced 5.  Trillian remote vulnerability 6.  Nessus (Windows and Unix) issue with cleartext credentials 11:10:07 AM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Infinium Labs Countersues HardOCP ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 2.  WORM_SDBOT.CR 10:09:47 AM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Firefox Extension Lets You Pick the Name ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 2.  McAfee SuperDAT 4343 3.  Norton AntiVirus Virus Definitions March 24, 2004 4.  Trend Micro Pattern File March 24, 2004 5.  McAfee DAT 4343 6.  AntiVir Personal Edition 6.24.00.07 7.  Ad-aware referencefile 01R275 25.03.2004 8.  New Worms Stretching Across Web 9.  Norton AntiVirus Virus Definitions March 25, 2004 10.  Witty worm frays patch-based security 11.  New Bagel.U a virus of few words 12.  Outlook 98 Update: E-mail Security 13.  McAfee AVERT Stinger 2.1.7 14.  AntiVir Personal Edition 6.24.00.07 15.  Kaspersky Anti-Virus Update March 26, 2004 16.  McAfee DAT 4344 17.  McAfee SuperDAT 4344 9:09:27 AM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Rival Portals Want Share of Ad Budgets (Reuters). Reuters - The major Internet portals must both compete and cooperate if they are to take advertising revenues away from more established media, including television, Yahoo Inc. (YHOO.O) Chief Executive Terry Semel said on Friday. 2.  PluggedIn: RSS Readers Offer New Ways to Read the Web (Reuters). Reuters - Noticed those little orange boxes on the Web lately with the letters "XML?" 3.  Programs: New 'Pitfall' Game Is a Great Find (Reuters). Reuters - "Pitfall" was one of the great games of the early computer age. ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 4.  Oregon alliance pushes info-sharing standard 8:09:07 AM    comment []

---------------------------------------------------------------------- Boing Boing ---------------------------------------------------------------------- 1.  Producing a blogger-read audio of Lessig's book. Lessig's new book, Free Culture is available online as a gratis, Creative-Commons-licensed file, under terms that allow for the creation of derivative works. AKMA has proposed a hell of a derivative work: he's inviting any blogger who cares to to read a chapter aloud, recording it and posting it, so that a distributed audiobook of the book will be produced. I may take a crack at a chapter myself this week. Heck, we could have duelling chapters; which version of chapter 5 do you like, Accordion Guy’s or Jenny the Shifted Librarian’s? (Disclaimer: I just typed their names in there. They haven’t offered or anything. Yet.) (Another disclaimer: When I went to Jenny’s just now to get her link, I saw that she had the same idea — and we didn’t even talk about it Wednesday night!) Link ---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 2.  Microsoft to create search site for Weblogs (SiliconValley.com). SiliconValley.com - Microsoft became the first big Internet company Friday to say that it would create a special search Web site just for Weblogs. 7:08:47 AM    comment []

---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 1.  Atiyah and Singer to Share the 2004 Abel Prize ---------------------------------------------------------------------- Wired News ---------------------------------------------------------------------- 2.  Quick HIV Test Wins Approval. The FDA approves a new rapid HIV test, the second such test cleared for use. But this one, which gives results in 20 minutes, doesn't involve any needles or blood testing. 3.  Upstarts Vie to Outcrawl Google. The star of search has plenty of company these days, as startups and leading tech companies tinker with new ways of culling and presenting information. It could prompt the next revolution in search. 4.  Spam Gets Its Claws in the U.N.. Delegates from around the globe gather to discuss how to tame the beast of Internet regulation and maintenance. Dealing with spam might be a test case. Michelle Delio reports from New York. 5.  Congress Moves to Criminalize P2P. Two senators introduce legislation that would impose jail time for sharing as little as one file, while the House may consider another that would lower the bar to take people to court. Looks like entertainment lobbyists are winning their war against peer-to-peer networks. By Xeni Jardin. ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 6.  Mac OS X Forensics Paper Available 7.  CryptoHeaven : secure internet communications for Mac OS X 8.  Network Security Degrees Gain Popularity 9.  FolderControl 10.  Script to turn off HTML rendering in mac Mail.app 11.  Build a Secure Multiuser Dual-OS Disk Mac with OF password 12.  VPN Tracker Version 2.1 Enhances IPsec Usage and Security 13.  LockOut 4.5 14.  Trash X Replaces Mac OS X Trash, Adds Secure Delete 15.  Mac OS X Root Access: DHCP 6:08:27 AM    comment []

---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 1.  Americas Network: Keep out of the hot seat with hot spots "Choosing the best wireless LAN soluti... 2.  Majority Of Mobile Devices Lack Security (TechWeb) 3.  New Bagle Variant Bites Back 4.  PC Problems? Fix 'Em Yourself 5:08:07 AM    comment []

---------------------------------------------------------------------- Dilbert ---------------------------------------------------------------------- 1.  Dilbert for 27 Mar 2004. ---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 2.  DreamFactory 6.0 Ends Web App Development Nightmares (TechWeb). TechWeb - Development software lets even nonprogrammers develop useful interfaces for Web services. 3.  Latest Bagle Variant Reaches Medium Risk (TechWeb). TechWeb - Bagle.u comes veiled in an e-mail with no subject line or body, but when clicked on, the attachment is managing to affect PC's anyway. ---------------------------------------------------------------------- BBC News | Technology | UK Edition ---------------------------------------------------------------------- 4.  Gaming prowess in your pocket. What will the games be like on next-gen handheld consoles, wonders Daniel Etherington of BBCi Collective. 5.  Wireless internet for bookworms. A handful of UK libraries are to offer wi-fi laptops to visitors so that they can browse the internet. ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 6.  NW Fusion: Anti-spam appliances are better than software "Appliances provide a more complete, ho... 7.  Gigex: Macrovision's 'Hacker University' "Macrovision will be teaching how games are cracked, an... 8.  NANOG: Security Curriculum 9.  Info World: Security innovation is alive and well "The best innovations in security may be comin... 4:07:49 AM    comment []

---------------------------------------------------------------------- Boing Boing ---------------------------------------------------------------------- 1.  Congress moving to criminalize P2P. Congress appears to be preparing assaults against peer-to-peer technology on multiple fronts. Details in a story I just filed for Wired News. A draft bill obtained by Wired News recently circulated among members of the House judiciary committee would make it much easier for the Justice Department to pursue criminal prosecutions against file sharers by lowering the burden of proof. The bill also would seek penalties of fines and prison time of up to ten years for file sharing. In addition, on Thursday, Sens. Orrin Hatch (R-Utah) and Patrick Leahy (D-Vermont) introduced a bill that would allow the Justice Department to pursue civil cases against file sharers, again making it easier for law enforcement to punish people trading copyright music over peer-to-peer networks. They dubbed the bill "Protecting Intellectual Rights Against Theft and Expropriation Act of 2004," or the Pirate Act. The bills come at a time when the music and movie industries are exerting enormous pressure on all branches of government at the federal and state levels to crack down on P2P content piracy. The industries also are pushing to portray P2P networks as dens of terrorists, child pornographers and criminals -- a strategy that would make it more palatable for politicians to pass laws against products that are very popular with their constituents. In defending the Pirate Act, Hatch said the operators of P2P networks are running a conspiracy in which they lure children and young people with free music, movies and pornography. With these "human shields," the P2P companies are trying to ransom the entertainment industries into accepting their networks as a distribution channel and source of revenue. Link to Wired News story. Read the full text of Senator Hatch's remarks describing children as "human shields against copyright owners and law enforcement agencies," and the "piracy machine designed to tempt them to engage in copyright piracy or pornography distribution," here. ---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 2.  S&P Warns Verizon on Credit Rating (washingtonpost.com). washingtonpost.com - Standard & Poor's warned Verizon Communications Inc. yesterday that it may lower the company's credit rating out of concern the phone giant is losing business to rival long-distance, wireless and cable firms. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 3.  Asus Launching a Wi-Fi Hard Drive 3:37:37 AM    comment []

---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 1.  phpBB2 sql injection flaw 2.  Cisco announces multiple vulnerabilities based on new exploit code release. 2:37:16 AM    comment []

---------------------------------------------------------------------- New York Times: Technology ---------------------------------------------------------------------- 1.  Chip Designer Accuses Intel and Dell of Patent Violations. A chip design company on Friday filed an infringement suit accusing Dell and Intel of copying its technology. By John Markoff. 2.  China to Talk With U.S. on Semiconductor Tax. China has agreed to talks about a tax on imported semiconductors that Washington deems unfair. By The New York Times. ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 3.  The Day In Pictures: Richard Clarke at the 9/11 Commission 4.  New Bagel.U a virus of few words 5.  Postini antispam patent could cause headaches 6.  Security product flaws attract attackers 1:36:58 AM    comment []

---------------------------------------------------------------------- Yahoo! News - Technology ---------------------------------------------------------------------- 1.  Apple Delays IPod Mini Global Launch to July (Reuters). Reuters - Apple Computer Inc. will delay global sales of its new iPod mini digital music player until July due to stronger-than-expected U.S. demand, Apple said on Thursday. ---------------------------------------------------------------------- Slashdot ---------------------------------------------------------------------- 2.  Two-Fisted Computing ---------------------------------------------------------------------- Hack the Planet ---------------------------------------------------------------------- 3.  EE Times: Copy protection plan squeezes home users. ---------------------------------------------------------------------- NewsIsFree: Security ---------------------------------------------------------------------- 4.  Book Review: Innocent Code 5.  WORM_AGOBOT.HV 6.  Tadpole announces 64-bit Linux notebook 12:21:28 AM    comment []

© Copyright 2004 Gregg Doherty. Last update: 4/3/2004; 12:20:45 AM.